4773be03b5794908a31aba98a946f02eec075bb7144411bec6d9fa88bb6d5e8e

Resubmissions

13/10/2022, 06:36

221013-hc4wnsbbg7 9

13/10/2022, 06:20

221013-g3y8faahhj 9

12/10/2022, 15:04

221012-sfnc7sgehq 8

Analysis

max time kernel
131s
max time network
293s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
12/10/2022, 15:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Sample.exe
Size

134.8MB
MD5

b91f99b87d1b4b97de96809626dce0f7
SHA1

6ba6325ffd36a0ee0ce6e3628d91848a9757dd91
SHA256

4773be03b5794908a31aba98a946f02eec075bb7144411bec6d9fa88bb6d5e8e
SHA512

72532f9102d43a78dac3563d881df6d207540544c5702c85f3560a321e32507ea9160eeea29a8e533a52ffe930b7042f80b22a037b1e5d2c10f12f17476f9b14
SSDEEP

3145728:Xmx2gA7SyL7n56rVjfgK+BSQUE19x2gAGN0GYNbVZ5ZNaZWwGA:4/yHSVLgK+BfLzNXEZN/bA

Score

8^/10

discovery persistence

Malware Config

Signatures

Contacts a large (1029) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Scanning
T1046

Executes dropped EXE 10 IoCs

pid	Process
1328	UA Cyber SHIELD.exe
1872	UA Cyber SHIELD.exe
1420	UA Cyber SHIELD.exe
568	UA Cyber SHIELD.exe
1960	UA Cyber SHIELD.exe
768	UA Cyber SHIELD.exe
1580	UA Cyber SHIELD.exe
1760	UA Cyber SHIELD.exe
2256	UA Cyber SHIELD.exe
2240	UA Cyber SHIELD.exe

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Control Panel\International\Geo\Nation	UA Cyber SHIELD.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Control Panel\International\Geo\Nation	UA Cyber SHIELD.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Control Panel\International\Geo\Nation	UA Cyber SHIELD.exe

Loads dropped DLL 33 IoCs

pid	Process
1996	Sample.exe
1996	Sample.exe
1996	Sample.exe
1996	Sample.exe
1996	Sample.exe
1996	Sample.exe
1996	Sample.exe
1996	Sample.exe
1996	Sample.exe
1996	Sample.exe
1996	Sample.exe
1216	Process not Found
1216	Process not Found
1216	Process not Found
1216	Process not Found
1328	UA Cyber SHIELD.exe
1872	UA Cyber SHIELD.exe
1420	UA Cyber SHIELD.exe
1420	UA Cyber SHIELD.exe
568	UA Cyber SHIELD.exe
1960	UA Cyber SHIELD.exe
568	UA Cyber SHIELD.exe
768	UA Cyber SHIELD.exe
568	UA Cyber SHIELD.exe
1420	UA Cyber SHIELD.exe
568	UA Cyber SHIELD.exe
1420	UA Cyber SHIELD.exe
1580	UA Cyber SHIELD.exe
1760	UA Cyber SHIELD.exe
2256	UA Cyber SHIELD.exe
2256	UA Cyber SHIELD.exe
2256	UA Cyber SHIELD.exe
2256	UA Cyber SHIELD.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Windows\CurrentVersion\Run	UA Cyber SHIELD.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Windows\CurrentVersion\Run\electron.app.UA Cyber SHIELD = "C:\\Users\\Admin\\AppData\\Local\\Programs\\shield\\UA Cyber SHIELD.exe"	UA Cyber SHIELD.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Enumerates processes with tasklist 1 TTPs 1 IoCs

Process Discovery

T1057

pid	Process
1764	tasklist.exe

Suspicious behavior: EnumeratesProcesses 11 IoCs

pid	Process
1996	Sample.exe
1764	tasklist.exe
1764	tasklist.exe
1328	UA Cyber SHIELD.exe
1328	UA Cyber SHIELD.exe
1872	UA Cyber SHIELD.exe
1872	UA Cyber SHIELD.exe
1960	UA Cyber SHIELD.exe
768	UA Cyber SHIELD.exe
1760	UA Cyber SHIELD.exe
1580	UA Cyber SHIELD.exe

Suspicious use of AdjustPrivilegeToken 52 IoCs

description	pid	Process
Token: SeDebugPrivilege	1764	tasklist.exe
Token: SeSecurityPrivilege	1996	Sample.exe
Token: SeShutdownPrivilege	1872	UA Cyber SHIELD.exe
Token: SeShutdownPrivilege	1872	UA Cyber SHIELD.exe
Token: SeShutdownPrivilege	1328	UA Cyber SHIELD.exe
Token: SeShutdownPrivilege	1328	UA Cyber SHIELD.exe
Token: SeShutdownPrivilege	1872	UA Cyber SHIELD.exe
Token: SeShutdownPrivilege	1872	UA Cyber SHIELD.exe
Token: SeShutdownPrivilege	1328	UA Cyber SHIELD.exe
Token: SeShutdownPrivilege	1328	UA Cyber SHIELD.exe
Token: SeShutdownPrivilege	1872	UA Cyber SHIELD.exe
Token: SeShutdownPrivilege	1872	UA Cyber SHIELD.exe
Token: SeShutdownPrivilege	1328	UA Cyber SHIELD.exe
Token: SeShutdownPrivilege	1328	UA Cyber SHIELD.exe
Token: SeShutdownPrivilege	1872	UA Cyber SHIELD.exe
Token: SeShutdownPrivilege	1872	UA Cyber SHIELD.exe
Token: SeShutdownPrivilege	1328	UA Cyber SHIELD.exe
Token: SeShutdownPrivilege	1328	UA Cyber SHIELD.exe
Token: SeShutdownPrivilege	1872	UA Cyber SHIELD.exe
Token: SeShutdownPrivilege	1872	UA Cyber SHIELD.exe
Token: SeShutdownPrivilege	1328	UA Cyber SHIELD.exe
Token: SeShutdownPrivilege	1328	UA Cyber SHIELD.exe
Token: SeShutdownPrivilege	1872	UA Cyber SHIELD.exe
Token: SeShutdownPrivilege	1872	UA Cyber SHIELD.exe
Token: SeShutdownPrivilege	1328	UA Cyber SHIELD.exe
Token: SeShutdownPrivilege	1328	UA Cyber SHIELD.exe
Token: SeShutdownPrivilege	1872	UA Cyber SHIELD.exe
Token: SeShutdownPrivilege	1872	UA Cyber SHIELD.exe
Token: SeShutdownPrivilege	1328	UA Cyber SHIELD.exe
Token: SeShutdownPrivilege	1328	UA Cyber SHIELD.exe
Token: SeShutdownPrivilege	1872	UA Cyber SHIELD.exe
Token: SeShutdownPrivilege	1872	UA Cyber SHIELD.exe
Token: SeShutdownPrivilege	1328	UA Cyber SHIELD.exe
Token: SeShutdownPrivilege	1328	UA Cyber SHIELD.exe
Token: SeShutdownPrivilege	1872	UA Cyber SHIELD.exe
Token: SeShutdownPrivilege	1872	UA Cyber SHIELD.exe
Token: SeShutdownPrivilege	1328	UA Cyber SHIELD.exe
Token: SeShutdownPrivilege	1328	UA Cyber SHIELD.exe
Token: SeShutdownPrivilege	1872	UA Cyber SHIELD.exe
Token: SeShutdownPrivilege	1872	UA Cyber SHIELD.exe
Token: SeShutdownPrivilege	1328	UA Cyber SHIELD.exe
Token: SeShutdownPrivilege	1328	UA Cyber SHIELD.exe
Token: SeShutdownPrivilege	1872	UA Cyber SHIELD.exe
Token: SeShutdownPrivilege	1872	UA Cyber SHIELD.exe
Token: SeShutdownPrivilege	1872	UA Cyber SHIELD.exe
Token: SeShutdownPrivilege	1872	UA Cyber SHIELD.exe
Token: SeShutdownPrivilege	1328	UA Cyber SHIELD.exe
Token: SeShutdownPrivilege	1328	UA Cyber SHIELD.exe
Token: SeShutdownPrivilege	1872	UA Cyber SHIELD.exe
Token: SeShutdownPrivilege	1872	UA Cyber SHIELD.exe
Token: SeShutdownPrivilege	1328	UA Cyber SHIELD.exe
Token: SeShutdownPrivilege	1328	UA Cyber SHIELD.exe

Suspicious use of FindShellTrayWindow 9 IoCs

pid	Process
1872	UA Cyber SHIELD.exe
1328	UA Cyber SHIELD.exe
1872	UA Cyber SHIELD.exe
1328	UA Cyber SHIELD.exe
1872	UA Cyber SHIELD.exe
1328	UA Cyber SHIELD.exe
1328	UA Cyber SHIELD.exe
1872	UA Cyber SHIELD.exe
1872	UA Cyber SHIELD.exe

Suspicious use of SendNotifyMessage 9 IoCs

pid	Process
1872	UA Cyber SHIELD.exe
1328	UA Cyber SHIELD.exe
1872	UA Cyber SHIELD.exe
1328	UA Cyber SHIELD.exe
1872	UA Cyber SHIELD.exe
1328	UA Cyber SHIELD.exe
1328	UA Cyber SHIELD.exe
1872	UA Cyber SHIELD.exe
1872	UA Cyber SHIELD.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1996 wrote to memory of 1420	1996	Sample.exe	27
PID 1996 wrote to memory of 1420	1996	Sample.exe	27
PID 1996 wrote to memory of 1420	1996	Sample.exe	27
PID 1996 wrote to memory of 1420	1996	Sample.exe	27
PID 1420 wrote to memory of 1764	1420	cmd.exe	29
PID 1420 wrote to memory of 1764	1420	cmd.exe	29
PID 1420 wrote to memory of 1764	1420	cmd.exe	29
PID 1420 wrote to memory of 1764	1420	cmd.exe	29
PID 1420 wrote to memory of 836	1420	cmd.exe	30
PID 1420 wrote to memory of 836	1420	cmd.exe	30
PID 1420 wrote to memory of 836	1420	cmd.exe	30
PID 1420 wrote to memory of 836	1420	cmd.exe	30
PID 1328 wrote to memory of 840	1328	UA Cyber SHIELD.exe	34
PID 1328 wrote to memory of 840	1328	UA Cyber SHIELD.exe	34
PID 1328 wrote to memory of 840	1328	UA Cyber SHIELD.exe	34
PID 840 wrote to memory of 1752	840	cmd.exe	36
PID 840 wrote to memory of 1752	840	cmd.exe	36
PID 840 wrote to memory of 1752	840	cmd.exe	36
PID 1872 wrote to memory of 1632	1872	UA Cyber SHIELD.exe	38
PID 1872 wrote to memory of 1632	1872	UA Cyber SHIELD.exe	38
PID 1872 wrote to memory of 1632	1872	UA Cyber SHIELD.exe	38
PID 1632 wrote to memory of 1440	1632	cmd.exe	40
PID 1632 wrote to memory of 1440	1632	cmd.exe	40
PID 1632 wrote to memory of 1440	1632	cmd.exe	40
PID 1328 wrote to memory of 1420	1328	UA Cyber SHIELD.exe	41
PID 1328 wrote to memory of 1420	1328	UA Cyber SHIELD.exe	41
PID 1328 wrote to memory of 1420	1328	UA Cyber SHIELD.exe	41
PID 1328 wrote to memory of 1420	1328	UA Cyber SHIELD.exe	41
PID 1328 wrote to memory of 1420	1328	UA Cyber SHIELD.exe	41
PID 1328 wrote to memory of 1420	1328	UA Cyber SHIELD.exe	41
PID 1328 wrote to memory of 1420	1328	UA Cyber SHIELD.exe	41
PID 1328 wrote to memory of 1420	1328	UA Cyber SHIELD.exe	41
PID 1328 wrote to memory of 1420	1328	UA Cyber SHIELD.exe	41
PID 1328 wrote to memory of 1420	1328	UA Cyber SHIELD.exe	41
PID 1328 wrote to memory of 1420	1328	UA Cyber SHIELD.exe	41
PID 1328 wrote to memory of 1420	1328	UA Cyber SHIELD.exe	41
PID 1328 wrote to memory of 1420	1328	UA Cyber SHIELD.exe	41
PID 1328 wrote to memory of 1420	1328	UA Cyber SHIELD.exe	41
PID 1328 wrote to memory of 1420	1328	UA Cyber SHIELD.exe	41
PID 1328 wrote to memory of 1420	1328	UA Cyber SHIELD.exe	41
PID 1328 wrote to memory of 1420	1328	UA Cyber SHIELD.exe	41
PID 1328 wrote to memory of 1420	1328	UA Cyber SHIELD.exe	41
PID 1328 wrote to memory of 1420	1328	UA Cyber SHIELD.exe	41
PID 1328 wrote to memory of 1420	1328	UA Cyber SHIELD.exe	41
PID 1328 wrote to memory of 1420	1328	UA Cyber SHIELD.exe	41
PID 1328 wrote to memory of 1420	1328	UA Cyber SHIELD.exe	41
PID 1328 wrote to memory of 1420	1328	UA Cyber SHIELD.exe	41
PID 1328 wrote to memory of 1420	1328	UA Cyber SHIELD.exe	41
PID 1328 wrote to memory of 1420	1328	UA Cyber SHIELD.exe	41
PID 1328 wrote to memory of 1420	1328	UA Cyber SHIELD.exe	41
PID 1328 wrote to memory of 1420	1328	UA Cyber SHIELD.exe	41
PID 1328 wrote to memory of 1420	1328	UA Cyber SHIELD.exe	41
PID 1328 wrote to memory of 1420	1328	UA Cyber SHIELD.exe	41
PID 1328 wrote to memory of 1420	1328	UA Cyber SHIELD.exe	41
PID 1328 wrote to memory of 1420	1328	UA Cyber SHIELD.exe	41
PID 1328 wrote to memory of 1420	1328	UA Cyber SHIELD.exe	41
PID 1328 wrote to memory of 1420	1328	UA Cyber SHIELD.exe	41
PID 1328 wrote to memory of 1420	1328	UA Cyber SHIELD.exe	41
PID 1328 wrote to memory of 1420	1328	UA Cyber SHIELD.exe	41
PID 1328 wrote to memory of 1420	1328	UA Cyber SHIELD.exe	41
PID 1328 wrote to memory of 1420	1328	UA Cyber SHIELD.exe	41
PID 1328 wrote to memory of 1420	1328	UA Cyber SHIELD.exe	41
PID 1328 wrote to memory of 1420	1328	UA Cyber SHIELD.exe	41
PID 1328 wrote to memory of 1420	1328	UA Cyber SHIELD.exe	41

C:\Users\Admin\AppData\Local\Temp\Sample.exe
"C:\Users\Admin\AppData\Local\Temp\Sample.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1996
- C:\Windows\SysWOW64\cmd.exe
  cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq UA Cyber SHIELD.exe" | find "UA Cyber SHIELD.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1420
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq UA Cyber SHIELD.exe"
    3⤵
    - Enumerates processes with tasklist
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:1764
- - C:\Windows\SysWOW64\find.exe
    find "UA Cyber SHIELD.exe"
    3⤵
    PID:836

C:\Users\Admin\AppData\Local\Programs\shield\UA Cyber SHIELD.exe
"C:\Users\Admin\AppData\Local\Programs\shield\UA Cyber SHIELD.exe"
1⤵
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1328
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "%windir%\System32\REG.exe QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:840
- - C:\Windows\System32\reg.exe
    C:\Windows\System32\REG.exe QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid
    3⤵
    PID:1752
- C:\Users\Admin\AppData\Local\Programs\shield\UA Cyber SHIELD.exe
  "C:\Users\Admin\AppData\Local\Programs\shield\UA Cyber SHIELD.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\UA Cyber SHIELD" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1068 --field-trial-handle=1240,13295201453010516704,9790116414222026966,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1420
- C:\Users\Admin\AppData\Local\Programs\shield\UA Cyber SHIELD.exe
  "C:\Users\Admin\AppData\Local\Programs\shield\UA Cyber SHIELD.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\UA Cyber SHIELD" --mojo-platform-channel-handle=1476 --field-trial-handle=1240,13295201453010516704,9790116414222026966,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:1960
- C:\Users\Admin\AppData\Local\Programs\shield\UA Cyber SHIELD.exe
  "C:\Users\Admin\AppData\Local\Programs\shield\UA Cyber SHIELD.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\UA Cyber SHIELD" --app-user-model-id="electron.app.UA Cyber SHIELD" --app-path="C:\Users\Admin\AppData\Local\Programs\shield\resources\app.asar" --no-sandbox --no-zygote --node-integration-in-worker --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=4 --mojo-platform-channel-handle=1708 --field-trial-handle=1240,13295201453010516704,9790116414222026966,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
  2⤵
  - Executes dropped EXE
  - Checks computer location settings
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:1580
- C:\Users\Admin\AppData\Local\Programs\shield\UA Cyber SHIELD.exe
  "C:\Users\Admin\AppData\Local\Programs\shield\UA Cyber SHIELD.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\UA Cyber SHIELD" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1348 --field-trial-handle=1240,13295201453010516704,9790116414222026966,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2256
- C:\Users\Admin\AppData\Local\Programs\shield\UA Cyber SHIELD.exe
  "C:\Users\Admin\AppData\Local\Programs\shield\UA Cyber SHIELD.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\UA Cyber SHIELD" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1916 --field-trial-handle=1240,13295201453010516704,9790116414222026966,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
  2⤵
  PID:2724

C:\Users\Admin\AppData\Local\Programs\shield\UA Cyber SHIELD.exe
"C:\Users\Admin\AppData\Local\Programs\shield\UA Cyber SHIELD.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1872
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "%windir%\System32\REG.exe QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1632
- - C:\Windows\System32\reg.exe
    C:\Windows\System32\REG.exe QUERY HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid
    3⤵
    PID:1440
- C:\Users\Admin\AppData\Local\Programs\shield\UA Cyber SHIELD.exe
  "C:\Users\Admin\AppData\Local\Programs\shield\UA Cyber SHIELD.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\UA Cyber SHIELD" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1064 --field-trial-handle=1116,7852193312303728546,4139765548658967916,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:568
- C:\Users\Admin\AppData\Local\Programs\shield\UA Cyber SHIELD.exe
  "C:\Users\Admin\AppData\Local\Programs\shield\UA Cyber SHIELD.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\UA Cyber SHIELD" --mojo-platform-channel-handle=1460 --field-trial-handle=1116,7852193312303728546,4139765548658967916,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:768
- C:\Users\Admin\AppData\Local\Programs\shield\UA Cyber SHIELD.exe
  "C:\Users\Admin\AppData\Local\Programs\shield\UA Cyber SHIELD.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\UA Cyber SHIELD" --app-path="C:\Users\Admin\AppData\Local\Programs\shield\resources\app.asar" --no-sandbox --no-zygote --node-integration-in-worker --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=4 --mojo-platform-channel-handle=1696 --field-trial-handle=1116,7852193312303728546,4139765548658967916,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
  2⤵
  - Executes dropped EXE
  - Checks computer location settings
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:1760
- C:\Users\Admin\AppData\Local\Programs\shield\UA Cyber SHIELD.exe
  "C:\Users\Admin\AppData\Local\Programs\shield\UA Cyber SHIELD.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\UA Cyber SHIELD" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1384 --field-trial-handle=1116,7852193312303728546,4139765548658967916,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
  2⤵
  - Executes dropped EXE
  PID:2240

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Web Service

T1102

Credential Access

Discovery

Network Service Scanning

T1046

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Programs\shield\D3DCompiler_47.dll

Filesize
4.3MB

MD5
7641e39b7da4077084d2afe7c31032e0

SHA1
2256644f69435ff2fee76deb04d918083960d1eb

SHA256
44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47

SHA512
8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5

Download Submit
C:\Users\Admin\AppData\Local\Programs\shield\UA Cyber SHIELD.exe

Filesize
102.2MB

MD5
839e525d7d5cf11ebed9329ca686ca27

SHA1
5a74d88d5410e986eafe562babdeb0ac3862baf2

SHA256
cd77a94d6d19a5c7adc737232b690b7c0e23a7b4a5286b2cd85a88139091a8b1

SHA512
7d1c381281a035268fb3d3ada2d0a933af0a94a4c296e117859741a4a12c89608afaba7382fefdbe174f5d1434cfc41a3dd499473fbf8016ddd7d38a1d740350

Download Submit
C:\Users\Admin\AppData\Local\Programs\shield\UA Cyber SHIELD.exe

Filesize
100.4MB

MD5
1cdcdaa27f682e588c5fb647b86a1691

SHA1
79e74dabe0e5fd624ba8b6a99dd9519fa88fd7ce

SHA256
eec050ecfc07bf63c9471793f8b2df5713a2b5073cefafe9e3004702454a545f

SHA512
f9f75048cd7b567e7680f538a2dc78587c970f5f7fe9b20850e60a45044fcef293ae7a954eded7669330fbd02d99642f89ccb4bdef4c5b1faa09c1783299bfce

Download Submit
C:\Users\Admin\AppData\Local\Programs\shield\UA Cyber SHIELD.exe

Filesize
101.8MB

MD5
02a0fe19896723c83fb6960da33673c4

SHA1
7b0d7697c8ee2398b356d241bff2fa59b3a8e2bf

SHA256
2eaa410715f6e85c6ed66cf01c92a87a8ec9dc52cbdd299c526d28c68da2cd75

SHA512
3673b4f1d1746577d9c01542f4f1ecb98aa8fb597eb528b08ead0cc98707371396ac1f0642c07171d9a2c4cccc9d0c9a9b4b6125bff0b17d95710b93aa31ea8c

Download Submit
C:\Users\Admin\AppData\Local\Programs\shield\UA Cyber SHIELD.exe

Filesize
103.6MB

MD5
27d72dd9843eb21f42530c140e4fec2c

SHA1
83f4399061a2f88a80a76370f0aea6196005d2fd

SHA256
e1cee03d2c93dddf07745ab2f06ea17b76b026798155ce54da90cc275b47eb3d

SHA512
901b528527ff5528b480edaf088a11572df2ba06bb01b9ab91ebc7b263577fb2cc29ad2268e770434352da5b7cbfede10e27a1ee0848603730720f3bcb350e1f

Download Submit
C:\Users\Admin\AppData\Local\Programs\shield\UA Cyber SHIELD.exe

Filesize
100.2MB

MD5
80b905cc0a7d298b74f9b47f854d756c

SHA1
d09b9c97c84acd3439dec62a3beaf3da48f09441

SHA256
77c34adf70d17b7f203dd984ddde6ed6a3b3319bc3a30e2daa44ea99526b8100

SHA512
9b5c508c514723bb4557827c0c31855cd60dea5f6b2a046312148e0e12b5831bc48dabb39c66d224c3e7db9fea773460aa2ed24d24d43cf37997a94f660772d0

Download Submit
C:\Users\Admin\AppData\Local\Programs\shield\UA Cyber SHIELD.exe

Filesize
95.1MB

MD5
87a09901167384e435f4c6bfa1d47f95

SHA1
ce816b97beed8deeed8eb1628ceadd05301c7c54

SHA256
02f213a3d815f13f60121bb05420321702f2779d4ec5b29628dde5cb20a5501b

SHA512
b3422f21d36d93d3af26d84a0091c7b862cab78653f4536ea385d08e4ea53db99643665860d55b07a23975a795b1da8bca982b8cabc028932b50bb5bd2aeb5be

Download Submit
C:\Users\Admin\AppData\Local\Programs\shield\UA Cyber SHIELD.exe

Filesize
92.9MB

MD5
7c200e882c78f8646cd570f43c5f3a8c

SHA1
e88e1946811e881b9d463f78d052053b1f76e986

SHA256
b4be9a258f7f3ce65f59fcbdc4a4c729a3f029a39ef55e489a6b85db2d046ca7

SHA512
cf004c14cff07a4f52a109f39bfb49962dddac680f61d4e68902f4115759a1fc5d2764d204c235e3b283421be2f8ed11e653dbc94c44333ef126d44416db5713

Download Submit
C:\Users\Admin\AppData\Local\Programs\shield\UA Cyber SHIELD.exe

Filesize
91.1MB

MD5
6d541dfb22bf9632541d6a7b9e831898

SHA1
06fc22249b8c7642a7a0b748141c790f661f69b8

SHA256
243dc17beaab1bec02e49a7adf2858d15d96349b5e4f3d8d7df3d6cc35693064

SHA512
f5d29327ebb2f94e5239039bbc9b3f179016d270f3c9244246be78a9c08a8d0ad7790db1b8701d755b5bedfe4fe09f43d1fbdd3c1ca766c63f17ee07dfd8056c

Download Submit
C:\Users\Admin\AppData\Local\Programs\shield\UA Cyber SHIELD.exe

Filesize
139.6MB

MD5
9db7e6d2559999d92849097b4105ff8f

SHA1
7daf65dee6c7d035c36689f63158aa632d255aea

SHA256
cf5c32db744e6c11794e0e0f124eb202413084470b5cb3be5c4389cbd28ae2e2

SHA512
b41d3c4367f5d281153959eaab55059d5d9a15a979b79d09a67adf81be35a5ab834f7fa4412e3ed181479cd29e5465cfdb28503a5e429504112dd8d637acf5cf

Download Submit
C:\Users\Admin\AppData\Local\Programs\shield\UA Cyber SHIELD.exe

Filesize
101.5MB

MD5
8c0f71e1455bb5b31af59ae44e1e0fa9

SHA1
56b159c1654e262684ce843d10bc8bb9f83a3702

SHA256
a35c89b5bac2e46d842b9e360f03d1de2c3bffd83db80f7cbc376c98aafe2dd2

SHA512
b52e4e30a25082a1eca385838df40a23e5fd2b8d35ff333d965644539fbeec3d4aeb9dc330f45a8067065061920f842b307d6f21506342d70ddc91b10117aba5

Download Submit
C:\Users\Admin\AppData\Local\Programs\shield\chrome_100_percent.pak

Filesize
138KB

MD5
9c1b859b611600201ccf898f1eff2476

SHA1
87d5d9a5fcc2496b48bb084fdf04331823dd1699

SHA256
53102833760a725241841312de452c45e43edd60a122546105ab4020ccef591b

SHA512
1a8ec288e53b9d7e43d018995abe4e3d9c83d329d0561fbb7d022e8b79ffecf033e995b9bc6af352a71c646a1e8afba4addb54deab7455f24b7a279a3dd7c336

Download Submit
C:\Users\Admin\AppData\Local\Programs\shield\chrome_200_percent.pak

Filesize
202KB

MD5
b51a78961b1dbb156343e6e024093d41

SHA1
51298bfe945a9645311169fc5bb64a2a1f20bc38

SHA256
4a438f0e209ac62ffa2c14036efdd5474b5ecaa7cbf54110f2e6153abdfb8be9

SHA512
23dedde25ad9cb5829d4b6092a815712788698c2a5a0aefb4299675d39f8b5e2844eabd1ea42332a0408bd234548f5af628e7e365ab26f3385ebfa158cdd921d

Download Submit
C:\Users\Admin\AppData\Local\Programs\shield\ffmpeg.dll

Filesize
2.6MB

MD5
08e9070f59ca6ba9edf7a22c33ac79f4

SHA1
34ab94d3c929edec56a1f0b3bf772d07e1082f9a

SHA256
8e3e6d74bcaae9bdef2fc25361f07b542ae311a96c121ce7820d618fab949b1f

SHA512
c8693d56699edcdf44aee62dbbfd43267df844f875ff14b337b568d41dc53aad2ef7891cb9df4f94508cea72965d73ee31afb7c631d14aa06f3f677e0ee3c57c

Download Submit
C:\Users\Admin\AppData\Local\Programs\shield\icudtl.dat

Filesize
9.8MB

MD5
599c39d9adb88686c4585b15fb745c0e

SHA1
2215eb6299aa18e87db21f686b08695a5199f4e2

SHA256
c5f82843420fa9d144e006b48d59ba7ef95f7e6cb1ea95b27fcdd2c97f850859

SHA512
16194186a8407b29f799d4b02f5674e4fbd5d91163fad9f8dce6ceedd865b754a681aa960d0f3f1b62cb21d5443879f1b8e9b691c19c5802d5bdfe4ed645b8bc

Download Submit
C:\Users\Admin\AppData\Local\Programs\shield\libegl.dll

Filesize
437KB

MD5
b729e51875a36553db9afa9500828a64

SHA1
7d0d833fe1ec8b5d3acd0a13c946a9bf156cf89b

SHA256
3096f43775b041718da22d480cb70db2149061967d0a5778ac5bb8e99cb3026f

SHA512
bcb220d63ca3f96d892b7eb488b16989d5a49488875e289adafe031a1b88803e824f76998cf32762d269260cf89e39ff23fd966010e73b1d6614b9c9d7a075d6

Download Submit
C:\Users\Admin\AppData\Local\Programs\shield\libglesv2.dll

Filesize
6.7MB

MD5
8b6b5dfdbb3076baf1079640fcd8d21c

SHA1
1e7a176868b403de782e0405d19b60709d695272

SHA256
987ed1566d557d968b19480146abd09fced7ff50fa0ca3e123dd59c14202fac4

SHA512
bdffeabacf1979fc06816351cee6e121c7bc78d6894ee8a3a015e8fa91a08464fda03e1681c9d69f8edfd64624c672739f8fdf55bbe16f384c7246fb7e22223e

Download Submit
C:\Users\Admin\AppData\Local\Programs\shield\locales\en-US.pak

Filesize
100KB

MD5
0bb857860d8c9ab6d617cea5a5bd4d00

SHA1
351b744d95846bff2ce5f542fec2e87439aa0f8b

SHA256
5c56df9699fc7e8f09ec81421e50a6264cde055e822f5a8cd9bb1edb3066d816

SHA512
33fb73cffbb6781488cedbca4c92a7e4f66923a799beeb7f5cba58dbc23ba8f5130f63a7dac7114e3c3ef6f1df87884fbeb8858bc7604aec9449fdfd16c25078

Download Submit
C:\Users\Admin\AppData\Local\Programs\shield\resources.pak

Filesize
4.8MB

MD5
d1eabfe170135e6a704a9f09a9f04985

SHA1
6c5287378ff373fe27ddb8cf6bf641c1c862af3b

SHA256
91efacf94428e702772779e5ebc122b25a1d12c64a3ed20bc0b5b396503ba308

SHA512
fa3fec856da70a2bdf6a211a4bf1d6d0114f925842d9d185570defe25f8f33216823e2473efefa5982859ffd783fced912b086300b298201abaa12711fe0f782

Download Submit
C:\Users\Admin\AppData\Local\Programs\shield\resources\app-update.yml

Filesize
103B

MD5
4da3d57483025aae83861c78e38219e1

SHA1
93cc2e23f79e23b3906b7542a105457202c31616

SHA256
db5162220111412e3164f5216c3401fa5246cd4ca661f901a57c2b000656eedf

SHA512
35bfccdaa69acf2c5d0ce35ff71e97be7cdeb5568485a412f3409ad4046b52e183afbf26d3dedad1f7913af71201fc634c0e6d2bccc174de6559bec6785ec157

Download Submit
C:\Users\Admin\AppData\Local\Programs\shield\resources\app.asar

Filesize
57.5MB

MD5
311bbe59da929834eb2b5b7c8710761d

SHA1
31d3013ec48fd666394627487882684789db2f9c

SHA256
2c5c446610590ec810d16e229aa2078107bcda0defec8601739cf57aec8af447

SHA512
7547a7bab1eda418e190c670e7d8bd0892af9e1cfac6317f6c71cb679f7c34615a602af5803ae186bba3d055e322d0a21850057ff722957431f75d00f0ac9288

Download Submit
C:\Users\Admin\AppData\Local\Programs\shield\v8_context_snapshot.bin

Filesize
656KB

MD5
38923110390a201fdf5ec4cb7d5c0bbc

SHA1
9194f10cc8b0018af007959059a4ed3bf15f3168

SHA256
d761262b5d774e62cab86eef34f9d2f58c23f36e4d7a9fd49c50dcb573f4a274

SHA512
2dc6d70e663c32d3efc4f297022721d0f24f014fccf2ca4ffb6ff3a7355ec2fdce458bd45989b453501bfd8380d89b558bc1f35ff578dc15dc4b1468cb1a5ac7

Download Submit
C:\Users\Admin\AppData\Roaming\UA Cyber SHIELD\Code Cache\js\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Roaming\UA Cyber SHIELD\Code Cache\wasm\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Roaming\UA Cyber SHIELD\Local State

Filesize
389B

MD5
677b91ad426e6ca7508fe18018b64061

SHA1
42f1656fffbd8aad525de75cabd1b71929853e65

SHA256
f1d0bb7cc3405a9269eacb17c1fbc7f966dd4b9a76c4a77bceeb70acb6998bc7

SHA512
61b19224563fa95f21e970c09e5dc943603097cb4277516889aa123bf3eb0777404184840fd7758cf183cbb4ef779698babc02476c34c4593d6db681d0429f1f

Download Submit
C:\Users\Admin\AppData\Roaming\UA Cyber SHIELD\Preferences

Filesize
57B

MD5
58127c59cb9e1da127904c341d15372b

SHA1
62445484661d8036ce9788baeaba31d204e9a5fc

SHA256
be4b8924ab38e8acf350e6e3b9f1f63a1a94952d8002759acd6946c4d5d0b5de

SHA512
8d1815b277a93ad590ff79b6f52c576cf920c38c4353c24193f707d66884c942f39ff3989530055d2fade540ade243b41b6eb03cd0cc361c3b5d514cca28b50a

Download Submit
C:\Users\Admin\AppData\Roaming\UA Cyber SHIELD\config.json

Filesize
528B

MD5
4ecf16e89166d904ae2f95ababa431cf

SHA1
015f56d95e23740fae7f4c822bc01f38d5ac17fc

SHA256
1edbbac321d841f2ed5cf241dfbdade08a2149a668d6e8ea5b25502dfb5f6aee

SHA512
c1854e41d8e4590061e284b668ec13f33494e8967bd01ca005b916d519e947f41442b0c43f739350bce3d939191deb63f332dfb709b657f3c5a207f81fb4d110

Download Submit
C:\Users\Admin\AppData\Roaming\UA Cyber SHIELD\config.json

Filesize
505B

MD5
6f14ae6a26f34de0e9d65eab9ccd5f1d

SHA1
bb996ffaaf53c647b78e68a11c1f56824be90da0

SHA256
8be530200d520c93ece54f210c08f53b4ab362c9a9e399b8a4ac78b9788d0b4d

SHA512
e18b2d6201cb1d32a51b95d660f1ec70840184973a59f66debb1d3ed25b8629c3e199c031927e8de80a3731e4cc695f5f436c8d252e52027ce012356a6c6b979

Download Submit
\Users\Admin\AppData\Local\Programs\shield\UA Cyber SHIELD.exe

Filesize
139.6MB

MD5
9db7e6d2559999d92849097b4105ff8f

SHA1
7daf65dee6c7d035c36689f63158aa632d255aea

SHA256
cf5c32db744e6c11794e0e0f124eb202413084470b5cb3be5c4389cbd28ae2e2

SHA512
b41d3c4367f5d281153959eaab55059d5d9a15a979b79d09a67adf81be35a5ab834f7fa4412e3ed181479cd29e5465cfdb28503a5e429504112dd8d637acf5cf

Download Submit
\Users\Admin\AppData\Local\Programs\shield\UA Cyber SHIELD.exe

Filesize
139.6MB

MD5
9db7e6d2559999d92849097b4105ff8f

SHA1
7daf65dee6c7d035c36689f63158aa632d255aea

SHA256
cf5c32db744e6c11794e0e0f124eb202413084470b5cb3be5c4389cbd28ae2e2

SHA512
b41d3c4367f5d281153959eaab55059d5d9a15a979b79d09a67adf81be35a5ab834f7fa4412e3ed181479cd29e5465cfdb28503a5e429504112dd8d637acf5cf

Download Submit
\Users\Admin\AppData\Local\Programs\shield\UA Cyber SHIELD.exe

Filesize
139.6MB

MD5
9db7e6d2559999d92849097b4105ff8f

SHA1
7daf65dee6c7d035c36689f63158aa632d255aea

SHA256
cf5c32db744e6c11794e0e0f124eb202413084470b5cb3be5c4389cbd28ae2e2

SHA512
b41d3c4367f5d281153959eaab55059d5d9a15a979b79d09a67adf81be35a5ab834f7fa4412e3ed181479cd29e5465cfdb28503a5e429504112dd8d637acf5cf

Download Submit
\Users\Admin\AppData\Local\Programs\shield\UA Cyber SHIELD.exe

Filesize
139.6MB

MD5
9db7e6d2559999d92849097b4105ff8f

SHA1
7daf65dee6c7d035c36689f63158aa632d255aea

SHA256
cf5c32db744e6c11794e0e0f124eb202413084470b5cb3be5c4389cbd28ae2e2

SHA512
b41d3c4367f5d281153959eaab55059d5d9a15a979b79d09a67adf81be35a5ab834f7fa4412e3ed181479cd29e5465cfdb28503a5e429504112dd8d637acf5cf

Download Submit
\Users\Admin\AppData\Local\Programs\shield\UA Cyber SHIELD.exe

Filesize
139.6MB

MD5
9db7e6d2559999d92849097b4105ff8f

SHA1
7daf65dee6c7d035c36689f63158aa632d255aea

SHA256
cf5c32db744e6c11794e0e0f124eb202413084470b5cb3be5c4389cbd28ae2e2

SHA512
b41d3c4367f5d281153959eaab55059d5d9a15a979b79d09a67adf81be35a5ab834f7fa4412e3ed181479cd29e5465cfdb28503a5e429504112dd8d637acf5cf

Download Submit
\Users\Admin\AppData\Local\Programs\shield\UA Cyber SHIELD.exe

Filesize
139.6MB

MD5
9db7e6d2559999d92849097b4105ff8f

SHA1
7daf65dee6c7d035c36689f63158aa632d255aea

SHA256
cf5c32db744e6c11794e0e0f124eb202413084470b5cb3be5c4389cbd28ae2e2

SHA512
b41d3c4367f5d281153959eaab55059d5d9a15a979b79d09a67adf81be35a5ab834f7fa4412e3ed181479cd29e5465cfdb28503a5e429504112dd8d637acf5cf

Download Submit
\Users\Admin\AppData\Local\Programs\shield\UA Cyber SHIELD.exe

Filesize
139.6MB

MD5
9db7e6d2559999d92849097b4105ff8f

SHA1
7daf65dee6c7d035c36689f63158aa632d255aea

SHA256
cf5c32db744e6c11794e0e0f124eb202413084470b5cb3be5c4389cbd28ae2e2

SHA512
b41d3c4367f5d281153959eaab55059d5d9a15a979b79d09a67adf81be35a5ab834f7fa4412e3ed181479cd29e5465cfdb28503a5e429504112dd8d637acf5cf

Download Submit
\Users\Admin\AppData\Local\Programs\shield\UA Cyber SHIELD.exe

Filesize
139.6MB

MD5
9db7e6d2559999d92849097b4105ff8f

SHA1
7daf65dee6c7d035c36689f63158aa632d255aea

SHA256
cf5c32db744e6c11794e0e0f124eb202413084470b5cb3be5c4389cbd28ae2e2

SHA512
b41d3c4367f5d281153959eaab55059d5d9a15a979b79d09a67adf81be35a5ab834f7fa4412e3ed181479cd29e5465cfdb28503a5e429504112dd8d637acf5cf

Download Submit
\Users\Admin\AppData\Local\Programs\shield\d3dcompiler_47.dll

Filesize
4.3MB

MD5
7641e39b7da4077084d2afe7c31032e0

SHA1
2256644f69435ff2fee76deb04d918083960d1eb

SHA256
44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47

SHA512
8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5

Download Submit
\Users\Admin\AppData\Local\Programs\shield\d3dcompiler_47.dll

Filesize
4.3MB

MD5
7641e39b7da4077084d2afe7c31032e0

SHA1
2256644f69435ff2fee76deb04d918083960d1eb

SHA256
44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47

SHA512
8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5

Download Submit
\Users\Admin\AppData\Local\Programs\shield\d3dcompiler_47.dll

Filesize
4.3MB

MD5
7641e39b7da4077084d2afe7c31032e0

SHA1
2256644f69435ff2fee76deb04d918083960d1eb

SHA256
44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47

SHA512
8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5

Download Submit
\Users\Admin\AppData\Local\Programs\shield\ffmpeg.dll

Filesize
2.6MB

MD5
08e9070f59ca6ba9edf7a22c33ac79f4

SHA1
34ab94d3c929edec56a1f0b3bf772d07e1082f9a

SHA256
8e3e6d74bcaae9bdef2fc25361f07b542ae311a96c121ce7820d618fab949b1f

SHA512
c8693d56699edcdf44aee62dbbfd43267df844f875ff14b337b568d41dc53aad2ef7891cb9df4f94508cea72965d73ee31afb7c631d14aa06f3f677e0ee3c57c

Download Submit
\Users\Admin\AppData\Local\Programs\shield\ffmpeg.dll

Filesize
2.6MB

MD5
08e9070f59ca6ba9edf7a22c33ac79f4

SHA1
34ab94d3c929edec56a1f0b3bf772d07e1082f9a

SHA256
8e3e6d74bcaae9bdef2fc25361f07b542ae311a96c121ce7820d618fab949b1f

SHA512
c8693d56699edcdf44aee62dbbfd43267df844f875ff14b337b568d41dc53aad2ef7891cb9df4f94508cea72965d73ee31afb7c631d14aa06f3f677e0ee3c57c

Download Submit
\Users\Admin\AppData\Local\Programs\shield\ffmpeg.dll

Filesize
2.6MB

MD5
08e9070f59ca6ba9edf7a22c33ac79f4

SHA1
34ab94d3c929edec56a1f0b3bf772d07e1082f9a

SHA256
8e3e6d74bcaae9bdef2fc25361f07b542ae311a96c121ce7820d618fab949b1f

SHA512
c8693d56699edcdf44aee62dbbfd43267df844f875ff14b337b568d41dc53aad2ef7891cb9df4f94508cea72965d73ee31afb7c631d14aa06f3f677e0ee3c57c

Download Submit
\Users\Admin\AppData\Local\Programs\shield\ffmpeg.dll

Filesize
2.6MB

MD5
08e9070f59ca6ba9edf7a22c33ac79f4

SHA1
34ab94d3c929edec56a1f0b3bf772d07e1082f9a

SHA256
8e3e6d74bcaae9bdef2fc25361f07b542ae311a96c121ce7820d618fab949b1f

SHA512
c8693d56699edcdf44aee62dbbfd43267df844f875ff14b337b568d41dc53aad2ef7891cb9df4f94508cea72965d73ee31afb7c631d14aa06f3f677e0ee3c57c

Download Submit
\Users\Admin\AppData\Local\Programs\shield\ffmpeg.dll

Filesize
2.6MB

MD5
08e9070f59ca6ba9edf7a22c33ac79f4

SHA1
34ab94d3c929edec56a1f0b3bf772d07e1082f9a

SHA256
8e3e6d74bcaae9bdef2fc25361f07b542ae311a96c121ce7820d618fab949b1f

SHA512
c8693d56699edcdf44aee62dbbfd43267df844f875ff14b337b568d41dc53aad2ef7891cb9df4f94508cea72965d73ee31afb7c631d14aa06f3f677e0ee3c57c

Download Submit
\Users\Admin\AppData\Local\Programs\shield\ffmpeg.dll

Filesize
2.6MB

MD5
08e9070f59ca6ba9edf7a22c33ac79f4

SHA1
34ab94d3c929edec56a1f0b3bf772d07e1082f9a

SHA256
8e3e6d74bcaae9bdef2fc25361f07b542ae311a96c121ce7820d618fab949b1f

SHA512
c8693d56699edcdf44aee62dbbfd43267df844f875ff14b337b568d41dc53aad2ef7891cb9df4f94508cea72965d73ee31afb7c631d14aa06f3f677e0ee3c57c

Download Submit
\Users\Admin\AppData\Local\Programs\shield\ffmpeg.dll

Filesize
2.6MB

MD5
08e9070f59ca6ba9edf7a22c33ac79f4

SHA1
34ab94d3c929edec56a1f0b3bf772d07e1082f9a

SHA256
8e3e6d74bcaae9bdef2fc25361f07b542ae311a96c121ce7820d618fab949b1f

SHA512
c8693d56699edcdf44aee62dbbfd43267df844f875ff14b337b568d41dc53aad2ef7891cb9df4f94508cea72965d73ee31afb7c631d14aa06f3f677e0ee3c57c

Download Submit
\Users\Admin\AppData\Local\Programs\shield\ffmpeg.dll

Filesize
2.6MB

MD5
08e9070f59ca6ba9edf7a22c33ac79f4

SHA1
34ab94d3c929edec56a1f0b3bf772d07e1082f9a

SHA256
8e3e6d74bcaae9bdef2fc25361f07b542ae311a96c121ce7820d618fab949b1f

SHA512
c8693d56699edcdf44aee62dbbfd43267df844f875ff14b337b568d41dc53aad2ef7891cb9df4f94508cea72965d73ee31afb7c631d14aa06f3f677e0ee3c57c

Download Submit
\Users\Admin\AppData\Local\Programs\shield\ffmpeg.dll

Filesize
2.6MB

MD5
08e9070f59ca6ba9edf7a22c33ac79f4

SHA1
34ab94d3c929edec56a1f0b3bf772d07e1082f9a

SHA256
8e3e6d74bcaae9bdef2fc25361f07b542ae311a96c121ce7820d618fab949b1f

SHA512
c8693d56699edcdf44aee62dbbfd43267df844f875ff14b337b568d41dc53aad2ef7891cb9df4f94508cea72965d73ee31afb7c631d14aa06f3f677e0ee3c57c

Download Submit
\Users\Admin\AppData\Local\Programs\shield\libEGL.dll

Filesize
437KB

MD5
b729e51875a36553db9afa9500828a64

SHA1
7d0d833fe1ec8b5d3acd0a13c946a9bf156cf89b

SHA256
3096f43775b041718da22d480cb70db2149061967d0a5778ac5bb8e99cb3026f

SHA512
bcb220d63ca3f96d892b7eb488b16989d5a49488875e289adafe031a1b88803e824f76998cf32762d269260cf89e39ff23fd966010e73b1d6614b9c9d7a075d6

Download Submit
\Users\Admin\AppData\Local\Programs\shield\libEGL.dll

Filesize
437KB

MD5
b729e51875a36553db9afa9500828a64

SHA1
7d0d833fe1ec8b5d3acd0a13c946a9bf156cf89b

SHA256
3096f43775b041718da22d480cb70db2149061967d0a5778ac5bb8e99cb3026f

SHA512
bcb220d63ca3f96d892b7eb488b16989d5a49488875e289adafe031a1b88803e824f76998cf32762d269260cf89e39ff23fd966010e73b1d6614b9c9d7a075d6

Download Submit
\Users\Admin\AppData\Local\Programs\shield\libEGL.dll

Filesize
437KB

MD5
b729e51875a36553db9afa9500828a64

SHA1
7d0d833fe1ec8b5d3acd0a13c946a9bf156cf89b

SHA256
3096f43775b041718da22d480cb70db2149061967d0a5778ac5bb8e99cb3026f

SHA512
bcb220d63ca3f96d892b7eb488b16989d5a49488875e289adafe031a1b88803e824f76998cf32762d269260cf89e39ff23fd966010e73b1d6614b9c9d7a075d6

Download Submit
\Users\Admin\AppData\Local\Programs\shield\libGLESv2.dll

Filesize
6.7MB

MD5
8b6b5dfdbb3076baf1079640fcd8d21c

SHA1
1e7a176868b403de782e0405d19b60709d695272

SHA256
987ed1566d557d968b19480146abd09fced7ff50fa0ca3e123dd59c14202fac4

SHA512
bdffeabacf1979fc06816351cee6e121c7bc78d6894ee8a3a015e8fa91a08464fda03e1681c9d69f8edfd64624c672739f8fdf55bbe16f384c7246fb7e22223e

Download Submit
\Users\Admin\AppData\Local\Programs\shield\libGLESv2.dll

Filesize
6.7MB

MD5
8b6b5dfdbb3076baf1079640fcd8d21c

SHA1
1e7a176868b403de782e0405d19b60709d695272

SHA256
987ed1566d557d968b19480146abd09fced7ff50fa0ca3e123dd59c14202fac4

SHA512
bdffeabacf1979fc06816351cee6e121c7bc78d6894ee8a3a015e8fa91a08464fda03e1681c9d69f8edfd64624c672739f8fdf55bbe16f384c7246fb7e22223e

Download Submit
\Users\Admin\AppData\Local\Programs\shield\libGLESv2.dll

Filesize
6.7MB

MD5
8b6b5dfdbb3076baf1079640fcd8d21c

SHA1
1e7a176868b403de782e0405d19b60709d695272

SHA256
987ed1566d557d968b19480146abd09fced7ff50fa0ca3e123dd59c14202fac4

SHA512
bdffeabacf1979fc06816351cee6e121c7bc78d6894ee8a3a015e8fa91a08464fda03e1681c9d69f8edfd64624c672739f8fdf55bbe16f384c7246fb7e22223e

Download Submit
\Users\Admin\AppData\Local\Temp\nso5B1D.tmp\SpiderBanner.dll

Filesize
9KB

MD5
17309e33b596ba3a5693b4d3e85cf8d7

SHA1
7d361836cf53df42021c7f2b148aec9458818c01

SHA256
996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93

SHA512
1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

Download Submit
\Users\Admin\AppData\Local\Temp\nso5B1D.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
\Users\Admin\AppData\Local\Temp\nso5B1D.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
\Users\Admin\AppData\Local\Temp\nso5B1D.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
\Users\Admin\AppData\Local\Temp\nso5B1D.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
\Users\Admin\AppData\Local\Temp\nso5B1D.tmp\nsExec.dll

Filesize
6KB

MD5
ec0504e6b8a11d5aad43b296beeb84b2

SHA1
91b5ce085130c8c7194d66b2439ec9e1c206497c

SHA256
5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962

SHA512
3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57

Download Submit
\Users\Admin\AppData\Local\Temp\nso5B1D.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
memory/1328-85-0x000007FEFC281000-0x000007FEFC283000-memory.dmp

Filesize
8KB

Download
memory/1996-54-0x0000000076171000-0x0000000076173000-memory.dmp

Filesize
8KB

Download