Overview

overview

10

Static

static

1

2023-03-09...is.exe

windows7-x64

10

2023-03-09...is.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-03-2023 18:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2023-03-09_29320eedebbf9198c3dad888578d0707_crysis.exe

  • Size

    92KB

  • MD5

    29320eedebbf9198c3dad888578d0707

  • SHA1

    9e32b1e3b4b96b5d0795d60cf2b1b9093c1df167

  • SHA256

    0291e99acfedf4e277d56babb2783ce0a01e873a42627b4e3f4a56c2a10cc24d

  • SHA512

    67e7db4c3d907192b79fcb37d78f7d7d00299b304f5125239d50a0d127034dd6098945d1ca20bed854811d1b4cfdc540ebc0bc017773a5813a96679e90a1f18d

  • SSDEEP

    1536:mBwl+KXpsqN5vlwWYyhY9S4AEf1a9unhr3AFIvAuUbrcH/zFVc8leMb7bt:Qw+asqN5aW/hL5Mhr3AFIv0u487

Score
10/10
dharmapersistenceransomwarespywarestealer

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta

Ransom Note
All your files have been encrypted! All your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e-mail WildMouse@cock.li Write this ID in the title of your message 0091E9EA In case of no answer in 24 hours write us to theese e-mails: WildMouse@cock.li You have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment we will send you the decryption tool that will decrypt all your files. Free decryption as guarantee Before paying you can send us up to 1 file for free decryption. The total size of files must be less than 1Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets, etc.) How to obtain Bitcoins The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price. https://localbitcoins.com/buy_bitcoins Also you can find other places to buy Bitcoins and beginners guide here: http://www.coindesk.com/information/how-can-i-buy-bitcoins/ Attention! Do not rename encrypted files. Do not try to decrypt your data using third party software, it may cause permanent data loss. Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.
Emails

WildMouse@cock.li

Signatures

  • Dharma

    Dharma is a ransomware that uses security software installation to hide malicious activities.

    ransomwaredharma
  • Deletes shadow copies 2 TTPs

    Ransomware often targets backup files to inhibit system recovery.

    ransomware
  • Modifies Installed Components in the registry 2 TTPs 1 IoCs
    persistence
  • Modifies extensions of user files 3 IoCs

    Ransomware generally changes the extension on encrypted files.

    ransomware
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file 5 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 3 IoCs
    persistence
  • Drops desktop.ini file(s) 64 IoCs
  • Enumerates connected drives 3 TTPs 1 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 2 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Program crash 1 IoCs
  • Checks SCSI registry key(s) 3 TTPs 58 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Interacts with shadow copies 2 TTPs 2 IoCs

    Shadow copies are often targeted by ransomware to inhibit system recovery.

    ransomware
  • Modifies registry class 38 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 37 IoCs
  • Suspicious use of FindShellTrayWindow 60 IoCs
  • Suspicious use of SendNotifyMessage 28 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Users\Admin\AppData\Local\Temp\2023-03-09_29320eedebbf9198c3dad888578d0707_crysis.exe
    "C:\Users\Admin\AppData\Local\Temp\2023-03-09_29320eedebbf9198c3dad888578d0707_crysis.exe"
    1⤵
    • Modifies extensions of user files
    • Checks computer location settings
    • Drops startup file
    • Adds Run key to start application
    • Drops desktop.ini file(s)
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:3800
    • C:\Windows\system32\cmd.exe
      "C:\Windows\system32\cmd.exe"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:4020
      • C:\Windows\system32\mode.com
        mode con cp select=1251
        3⤵
          PID:220
        • C:\Windows\system32\vssadmin.exe
          vssadmin delete shadows /all /quiet
          3⤵
          • Interacts with shadow copies
          PID:4732
      • C:\Windows\system32\cmd.exe
        "C:\Windows\system32\cmd.exe"
        2⤵
        • Suspicious use of WriteProcessMemory
        PID:4688
        • C:\Windows\system32\mode.com
          mode con cp select=1251
          3⤵
            PID:1356
          • C:\Windows\system32\vssadmin.exe
            vssadmin delete shadows /all /quiet
            3⤵
            • Interacts with shadow copies
            PID:4988
        • C:\Windows\System32\mshta.exe
          "C:\Windows\System32\mshta.exe" "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta"
          2⤵
            PID:5184
          • C:\Windows\System32\mshta.exe
            "C:\Windows\System32\mshta.exe" "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta"
            2⤵
              PID:5676
          • C:\Windows\system32\vssvc.exe
            C:\Windows\system32\vssvc.exe
            1⤵
            • Suspicious use of AdjustPrivilegeToken
            PID:4704
          • C:\Windows\system32\WerFault.exe
            C:\Windows\system32\WerFault.exe -pss -s 188 -p 3076 -ip 3076
            1⤵
              PID:5228
            • C:\Windows\system32\WerFault.exe
              C:\Windows\system32\WerFault.exe -u -p 3076 -s 7856
              1⤵
              • Program crash
              PID:6248
            • C:\Windows\explorer.exe
              explorer.exe
              1⤵
              • Modifies Installed Components in the registry
              • Drops desktop.ini file(s)
              • Enumerates connected drives
              • Checks SCSI registry key(s)
              • Modifies registry class
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of FindShellTrayWindow
              • Suspicious use of SendNotifyMessage
              • Suspicious use of SetWindowsHookEx
              PID:4808
            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
              1⤵
              • Modifies registry class
              • Suspicious use of SetWindowsHookEx
              PID:6056
            • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
              "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
              1⤵
              • Modifies registry class
              • Suspicious use of SetWindowsHookEx
              PID:956

            Network

            MITRE ATT&CK Matrix ATT&CK v6

            Initial Access

            Execution

            Persistence

            Registry Run Keys / Startup Folder

            2
            T1060

            Privilege Escalation

            Defense Evasion

            File Deletion

            2
            T1107

            Modify Registry

            2
            T1112

            Credential Access

            Credentials in Files

            1
            T1081

            Discovery

            Query Registry

            4
            T1012

            System Information Discovery

            4
            T1082

            Peripheral Device Discovery

            2
            T1120

            Lateral Movement

            Collection

            Data from Local System

            1
            T1005

            Exfiltration

            Command and Control

            Impact

            Inhibit System Recovery

            2
            T1490

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe.id-0091E9EA.[WildMouse@cock.li].FUNNY
              Filesize

              2.9MB

              MD5

              fb0ee88b9ccedb16c99bf8c384327fd5

              SHA1

              9803ecb201a9e193cbfcf4a66218040fa05c3433

              SHA256

              f58324e063e098b174e56f1670309dc9b9dbc27a6579c51f09fc9dec45b7bf05

              SHA512

              9ca4b9bcc0675b6a68728dc770cd3e72fe069a8eea82c6eafe7d0b424b3e1fb9bec194be744fc2f22ffde157db36e5f640124f14c7db1b7078179d37cb641e44

              Download Submit
            • C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta
              Filesize

              13KB

              MD5

              37e449964460615c93c08d5996fcc456

              SHA1

              03ba1173a8f86fe502077177f1ab6f6858ca1f8b

              SHA256

              6aa74c983de0c0cc7e7c5bf11d9712b64a40378163f7f34effffde97d10d22c3

              SHA512

              3a466a0720e8f00468b4e56c109909d3e87c352a2bd26438f5afe5f83ab39c98b43945cf9e015d01c218e6640b9899f3c8a49dfc75f54b3b1f0be9160f2dbb9d

              Download Submit
            • C:\USERS\ADMIN\DESKTOP\BLOCKDEBUG.WDP.ID-0091E9EA.[WILDMOUSE@COCK.LI].FUNNY
              Filesize

              269KB

              MD5

              e6be043d3f5e9f5475f71787051e3e83

              SHA1

              c32b7175851206522ed69c295d0d4768061ec4d9

              SHA256

              3b62cce6d3f7a32d0f8d5d97ddda10a6ff4e0e03f209e9003aca7f1a6168626a

              SHA512

              6d8f0692520ac66403aa545cdc16a022767fac2d7157712974d5d1eaf472812bbb6607f0b9eb2c4f7cdda48643ac0f9f58bad177287c27e60993853ded803ae5

              Download Submit
            • C:\USERS\ADMIN\DESKTOP\CHECKPOINTREGISTER.MHT.ID-0091E9EA.[WILDMOUSE@COCK.LI].FUNNY
              Filesize

              345KB

              MD5

              85a38344280ef8fb48f80bfbb8f106a0

              SHA1

              24958624d4e07ab853d024579756088a3ca79b38

              SHA256

              1ddf2aa883736d547bbb08351a58f6fe98a575adf29133e0b78ab455f623ef83

              SHA512

              c050c468d10166ef8f6552931612cb6fe0878d591ce5a7cbec1a7a9e527969a95ddd68ea37d21baf850c599c3df7e4906774d82f7ad7f818e5b1b9625be943a6

              Download Submit
            • C:\USERS\ADMIN\DESKTOP\COMPLETEREDO.CAB.ID-0091E9EA.[WILDMOUSE@COCK.LI].FUNNY
              Filesize

              294KB

              MD5

              632c73ecc185574769f1435c851a338e

              SHA1

              f0e5ec630fc6c380c2ca9e36b5a7f7a85a4ac2b1

              SHA256

              49ed9a0a20c703651e24538a40e064d4542fb679f2f3fc9580a1cf8e51fd7c4c

              SHA512

              a249e3f6d5ef937d809ed90c4d7e400268d7f3f1858e0a291281b1246a1b10623ad642efc8228c3018aa0319d50a74395957461554a0835e0119b0c1c93a5d76

              Download Submit
            • C:\USERS\ADMIN\DESKTOP\DEBUGHIDE.WAX.ID-0091E9EA.[WILDMOUSE@COCK.LI].FUNNY
              Filesize

              333KB

              MD5

              a71ce4cf984977adef893e71230aa662

              SHA1

              b92d7dbd7a9e4532e1d3ea4ac738fb4a465c20d3

              SHA256

              530944f01e6eb778a8b558442dbba39e5723f1f06990688ee3f27b16657b0bd2

              SHA512

              c4c2190c9c74dd14c61c896a1d2c4542f3ca42e9dc70d9f6d61ee5388a1d7f57fd7d667d775cdcbbd28c6a4e7c2fdf6cb76f638330d695aece4adc701ea491af

              Download Submit
            • C:\USERS\ADMIN\DESKTOP\DEBUGSEND.MPG.ID-0091E9EA.[WILDMOUSE@COCK.LI].FUNNY
              Filesize

              192KB

              MD5

              b4f5a203e80a72f6871de401a81a021c

              SHA1

              396aed31500a103c786b1fa48772f036772a7dc6

              SHA256

              2dd126d2ceccc438788aa8b6ca25d776b08ab275132a69990ecedcc509175ede

              SHA512

              4d794912e5f34aa87c2490b17de6af7d806ed5ec059645e76d40cdd2dd95be15455dc30e114ec4d59d5cd433ff9098dc2114a1122c8f7e9a9e00e6e4a37ee625

              Download Submit
            • C:\USERS\ADMIN\DESKTOP\DISCONNECTUNREGISTER.CSS.ID-0091E9EA.[WILDMOUSE@COCK.LI].FUNNY
              Filesize

              243KB

              MD5

              20caa681319da6cd71c0e9354fe077ed

              SHA1

              5dc81742ec01d4e4cc75faedc630db58a58fd2da

              SHA256

              296160dadfdea1c884b07a9047f215af161c9174334eb2993894f22d0c3d257d

              SHA512

              0c00153b1abac61edcd1574c3e243e8c88f29d26ee1114e8981dca953a48f1368dd725d7fd2c873b3542428dc427be783b7841f812935413b7abddf9a934d02f

              Download Submit
            • C:\USERS\ADMIN\DESKTOP\EDITRENAME.MPV2.ID-0091E9EA.[WILDMOUSE@COCK.LI].FUNNY
              Filesize

              358KB

              MD5

              2e5e852f327303dd2ca8658e9dfad021

              SHA1

              f4b37796c8d45b3b4a67d089ad2def835868db51

              SHA256

              a57d22c9a743e43faf806d07b15dd50a3a59909be033ebb2bee74b394762236e

              SHA512

              c6847a966dc0846e86334f061921130209dc2110240c8ee4ebdcde30c5e514d356e58c8e258bbc7895116461965e2b64df2aa2b957d9072485835d8fb34b4b26

              Download Submit
            • C:\USERS\ADMIN\DESKTOP\EXPANDRESUME.3G2.ID-0091E9EA.[WILDMOUSE@COCK.LI].FUNNY
              Filesize

              153KB

              MD5

              35640a5ffbc3d3365214dab0fe646ca8

              SHA1

              eba86ebd13a8b1082f4ff8eceb59e56d4dd8609b

              SHA256

              a2596f4e3cdda0c80fd99b11596e057d56756be2cf4ac9bf4d5acc79fd81f2fc

              SHA512

              3473c239147656e53f19a213c12bf955aaaa086ed7f618bf258d65e241f47e6bd49de278230f33af8b213a6be525426d8ad352fb4d2ffd2dde9ec02b86c89620

              Download Submit
            • C:\USERS\ADMIN\DESKTOP\FILES ENCRYPTED.TXT
              Filesize

              168B

              MD5

              d91b7949789f2c047f68469e54bad7e0

              SHA1

              4d72611c57c9713eb1e7ad91e25c69d604c99c1f

              SHA256

              74f86a8c72d658f39b905b00681f4eec495f97007190ce218b2c954f07bb4554

              SHA512

              bca2bf5ab982f856b6659480916a33f32dea076355529a82095e3f84edddd41f3a526a9ec1c8e146581a8c2ad2bc4e88f26b7eaad68bee0a2032bf6699fc9ed2

              Download Submit
            • C:\USERS\ADMIN\DESKTOP\JOINSYNC.OGG.ID-0091E9EA.[WILDMOUSE@COCK.LI].FUNNY
              Filesize

              179KB

              MD5

              9772ebdbb0c1a43b40df515ef2b6b621

              SHA1

              a0ec3cf291ade467ac6ba9239224a80a34a1d920

              SHA256

              937953ecb737f42e7de9ef753167ce1007c429d6810a772c5436d5e6284835c0

              SHA512

              d7a25963f4e3e27b41cea222698e55b9f487bf4a63c90e401fc7ae6e255e94b3287e6b26779970dc2038799877901dcfbbb0ab23c5a40563a27051d098792be7

              Download Submit
            • C:\USERS\ADMIN\DESKTOP\MICROSOFT EDGE.LNK.ID-0091E9EA.[WILDMOUSE@COCK.LI].FUNNY
              Filesize

              2KB

              MD5

              d580cf0dc8a981cbab608ba3a1048e9e

              SHA1

              80e51168f79bb867a8401019590df9ac04339d7b

              SHA256

              78b19a365f042adf865b6f334db6e4a6107cf44e8e8a62b7e4f7702ffc120877

              SHA512

              5b25da6856c363bd7c319e8e075aafe68d0b667fe04e487677147a9dc7d47d5bdad6fd9ce7df08c9ac6800ca102517703eeb5ccda116689d1cb48a6f0fc63869

              Download Submit
            • C:\USERS\ADMIN\DESKTOP\OPTIMIZEUNINSTALL.WMX.ID-0091E9EA.[WILDMOUSE@COCK.LI].FUNNY
              Filesize

              166KB

              MD5

              cb8e22e94d73d9fd4fa096834fd5d1d0

              SHA1

              929c2a6940290128b85c8d4ae3c59fb5c7385058

              SHA256

              5c0704d6cc228df791edb90512a530d12ebb820a475a731a3df253dd92ba6f3a

              SHA512

              9bdc80e2607f26deae31ee6e0130227be3682c0a7d5fd3aecf6116de0efca683f8d74087163ebb42fe6dc3a94a311313eb7f79558125f6f6bfe9ac0dab7c45e4

              Download Submit
            • C:\USERS\ADMIN\DESKTOP\PINGIMPORT.PNG.ID-0091E9EA.[WILDMOUSE@COCK.LI].FUNNY
              Filesize

              128KB

              MD5

              7bc0d02f165c679e62fe641877ca7962

              SHA1

              ac03fad006ab5b033658cae50c93f0ad7c603c3f

              SHA256

              deca49398fccb8c52b47175988a573e9e00fb5da9a4b0656b267b4855753c5ac

              SHA512

              e0dd6309c33327167213e87a7015654450f962ec7aa9535f23b18f20b2b6069e72d0c8551f9615e9c7320251ccc02b04154ac753ad3732cdc217d1473ac96bd5

              Download Submit
            • C:\USERS\ADMIN\DESKTOP\PROTECTTEST.RLE.ID-0091E9EA.[WILDMOUSE@COCK.LI].FUNNY
              Filesize

              307KB

              MD5

              05a6608ca6e2a75ece9b8945d8ee804f

              SHA1

              31207b29811257cef3d52c68571b6d56990ccc1c

              SHA256

              0e03d9e31dfb261c6795cd57ce6cd3ef14c2f1f111eca5394e71cf3b45553d3a

              SHA512

              f9248d5e04304b4143bd66331f057308eb2dadda5efb06d27c07f53ed54727c92d558b68bb283f8284f0c0d98f30f79d1cfd15f8509159c50f536c8dcfdf4f2a

              Download Submit
            • C:\USERS\ADMIN\DESKTOP\PUBLISHCONFIRM.AVI.ID-0091E9EA.[WILDMOUSE@COCK.LI].FUNNY
              Filesize

              256KB

              MD5

              773a3f6517fc02fe3c13dd68437a89df

              SHA1

              78e506c04dd0ab58e769aeb72a5902e6f5503d0f

              SHA256

              51f1a3a7c174447a34198c4553f59f2a43c860accc829609ca8ce771a02de902

              SHA512

              b6ed29a3335b9441aa7c7723f21e86892d1c451c30d6abc57c5b4aa2050fc55322e86af3ef696026f6057412e743fc68742711d331fb0b7545c8edaabffdd0c2

              Download Submit
            • C:\USERS\ADMIN\DESKTOP\PUBLISHUNPROTECT.AVI.ID-0091E9EA.[WILDMOUSE@COCK.LI].FUNNY
              Filesize

              141KB

              MD5

              51203006572490f0cc29e8f819bea7bd

              SHA1

              255ef03160e717babef605a2b79b07fa002e49e2

              SHA256

              9009bd0c06be10d7c06eb1edad96b8d8ea4afd49ad297fc96ff6260eb1466146

              SHA512

              393d76c50d4141f51951b03f81a0de2fc310046d8410dc8ee5789c17c6d0d783c99dbed8e1b7cc26e4dce534fe4dc41d2e925a7734560a154f90101e77f841c4

              Download Submit
            • C:\USERS\ADMIN\DESKTOP\PUSHPOP.PNG.ID-0091E9EA.[WILDMOUSE@COCK.LI].FUNNY
              Filesize

              320KB

              MD5

              1f6b1aa5455b4b57f70cc3a2dbd901bb

              SHA1

              09f48e69d81ab31209d2406b007914ab2f166c44

              SHA256

              086d440f420ea46078ca8a61529dd3af86e21a883f477681a93c0d76629f4a26

              SHA512

              6651468eff3db44156bd0081ac4323801f29883224941d519681e20d19ba681867d93f18b43ee70658ed51457a509d4137c8f81b9c4b19d14b7921e40d6e0099

              Download Submit
            • C:\USERS\ADMIN\DESKTOP\READRENAME.ODT.ID-0091E9EA.[WILDMOUSE@COCK.LI].FUNNY
              Filesize

              499KB

              MD5

              79a9ef9cf848e334a18774f2dd612a23

              SHA1

              0b90ec4abc55176c2afaca08617f1b02268f2c44

              SHA256

              35e76a0062ea7594d5bbd7a30dd3b9c1616083af40a591b9f4fd384852548a33

              SHA512

              a5388f44e8b263c99f7b2ef68f726d183a82f4ccfe8d648ad856e28ebe20475f1b75d352ff4027ecbd482e8003f34d832e67acf797bf1b6bcb51e88409b7be6b

              Download Submit
            • C:\USERS\ADMIN\DESKTOP\RESUMESYNC.M4V.ID-0091E9EA.[WILDMOUSE@COCK.LI].FUNNY
              Filesize

              217KB

              MD5

              5441ba0b0653d2fd7c908f0ccec61ac6

              SHA1

              37100bbd25ddb4646c7c307f71826ecf37edea63

              SHA256

              9cdbefbba843187254b647a3c3008f4628d09a01a727e13ae938e6d7aa3dc6ef

              SHA512

              c0db36203d000f3c265b8ed3f5c63a02fe96ccbeeda8e48d15527e7ce5546db6c5ef0f70dd5cbfefac70768692094b3206a4094586b0944b09469a8776c87c4d

              Download Submit
            • C:\USERS\ADMIN\DESKTOP\SHOWCONNECT.EDRWX.ID-0091E9EA.[WILDMOUSE@COCK.LI].FUNNY
              Filesize

              281KB

              MD5

              69b4b5008f7484bf364245cd4305e0e2

              SHA1

              4078b9d3538c309bc159c8c7606cd51ea0012fb2

              SHA256

              c86c9c97f50a9a70e49733bfd5635ac8385ebb13c0a7ad11c3a6e0bc18a8cecc

              SHA512

              76b20cf30f53d55fe99fc2028a1de07b496ec1c85543aa79b6ab25609fc6c9702c7a38e675f0906918466bb6362a8bef62519e343b1f1efce62930d972d41780

              Download Submit
            • C:\USERS\ADMIN\DESKTOP\STEPREDO.CONTACT.ID-0091E9EA.[WILDMOUSE@COCK.LI].FUNNY
              Filesize

              205KB

              MD5

              d395bae5f5fea20715bd8d6c977682a5

              SHA1

              e2caca598b670ffbfedb16167c666f2a1adbf226

              SHA256

              4c2c7c9e3e7904781f3d122b85d337b8fa0ff63b0bdffbed586dc2b6624f896a

              SHA512

              5d6e05959567c58ef2b1b88610312f670e435a40b4bcc5c82355fc7dc0e83c3a2595663599270ac5e1a09d69f3ad0a74e5e41d8fc624074c5fc902d48c2ca926

              Download Submit
            • C:\USERS\ADMIN\DESKTOP\USEREGISTER.TIFF.ID-0091E9EA.[WILDMOUSE@COCK.LI].FUNNY
              Filesize

              230KB

              MD5

              8a0e8c40515001a4eb6b581938146ca4

              SHA1

              c22b7f71f18847cad0bda01b0977af1d1200d266

              SHA256

              5c0727edbf85f9377ec2c01ccf1c280a9edd8a7ea64db521cb554f9abdd16e68

              SHA512

              6a414d0a4e9c8e7c888712091dd5e17fd3781a30db62eb4e41973f635fc7b4700a2a5621bf6a7bb0383a5091a48886e625f5f749abf134efe58fbe5be051e0f4

              Download Submit
            • C:\USERS\PUBLIC\DESKTOP\ACROBAT READER DC.LNK.ID-0091E9EA.[WILDMOUSE@COCK.LI].FUNNY
              Filesize

              2KB

              MD5

              15ff3c700220ce82795d9693f4e44c54

              SHA1

              e82f63116024c8a4e24b73f70a73b7d7d4f9f8d9

              SHA256

              214862d99bf2a92659280491b0fd1e0d273fa83532c68646027630ab5b2104ed

              SHA512

              f8664347bc40829dd8a498e406fe1d9f057006e5a3e4bf88b5562eb799bae4c40f4d8c3c5576a8841990a3e44e292353b2893bf997c63c651d9e4258c313b208

              Download Submit
            • C:\USERS\PUBLIC\DESKTOP\FILES ENCRYPTED.TXT
              Filesize

              168B

              MD5

              d91b7949789f2c047f68469e54bad7e0

              SHA1

              4d72611c57c9713eb1e7ad91e25c69d604c99c1f

              SHA256

              74f86a8c72d658f39b905b00681f4eec495f97007190ce218b2c954f07bb4554

              SHA512

              bca2bf5ab982f856b6659480916a33f32dea076355529a82095e3f84edddd41f3a526a9ec1c8e146581a8c2ad2bc4e88f26b7eaad68bee0a2032bf6699fc9ed2

              Download Submit
            • C:\USERS\PUBLIC\DESKTOP\FIREFOX.LNK.ID-0091E9EA.[WILDMOUSE@COCK.LI].FUNNY
              Filesize

              1KB

              MD5

              65934618634c3194fae8623c236f1a92

              SHA1

              0a09d7d2ce67a3a10d110ca217defdb7cc5d56d5

              SHA256

              c6f6fcd9db2ef3723fbc8510cfadc268fd7a6b943d36add8dcb1417ff5d5bc99

              SHA512

              f6affb88445bd37104253348bed33056b170fcee63e28495c47433a877e6c57cce3005d6bbfe9293e37e2855210556fbc791e657a6bbdb54c8f058c59b8ceeaf

              Download Submit
            • C:\USERS\PUBLIC\DESKTOP\GOOGLE CHROME.LNK.ID-0091E9EA.[WILDMOUSE@COCK.LI].FUNNY
              Filesize

              2KB

              MD5

              6e848d3c3551c78dca4f9d294d97adf3

              SHA1

              340091e4d7bac3a9c03c0f085d6e44b9a2ecb8b0

              SHA256

              c2be28bdfe205345d9fb871f776b034626bbdb835522ba71de9df77f6d1f3d54

              SHA512

              6c470e507b5fa71baead5606ec598a97365a74c7485a2e45a7b15988df71882a4e7d168a605b4189a36668961ef423749578b15c1e262f92f6ab16fe9b51e4df

              Download Submit
            • C:\USERS\PUBLIC\DESKTOP\VLC MEDIA PLAYER.LNK.ID-0091E9EA.[WILDMOUSE@COCK.LI].FUNNY
              Filesize

              1KB

              MD5

              790c479d11f8943a4ae21d257419f813

              SHA1

              294ec45fdd3d7e7a75be885f19c7bbf7934dc6a2

              SHA256

              96be7c62a31f6ed02c03b63d6b7199fc1d7820b2dd66e6ad5d33efdbfe5fff79

              SHA512

              e52bf81742f4bd3ba98ddd3ec663c2ce79900416215e40a9945fce247db44774a64a14ea18fa8d28b6571c477844144fb2463f34457e77261e59be43f6072c25

              Download Submit
            • C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\Burn\desktop.ini
              Filesize

              174B

              MD5

              e0fd7e6b4853592ac9ac73df9d83783f

              SHA1

              2834e77dfa1269ddad948b87d88887e84179594a

              SHA256

              feea416e5e5c8aa81416b81fb25132d1c18b010b02663a253338dbdfb066e122

              SHA512

              289de77ffbe328388ad080129b7460712985d42076e78a3a545124881c30f564c5ef8fb4024d98903d88a6a187c60431a600f6ecbbe2888ee69e40a67ce77b55

              Download Submit
            • C:\Users\Admin\AppData\Local\Microsoft\Windows\Caches\{03BA58C4-B905-4D30-88C9-B63C603DA134}.3.ver0x0000000000000001.db.id-0091E9EA.[WildMouse@cock.li].FUNNY
              Filesize

              414KB

              MD5

              ef2e00a46dcc56c4a1ca6a061f2ee4fa

              SHA1

              c323f996c5cf844ad56254faf6ca947278064daf

              SHA256

              04ca05daddd48e8d371c620c55cdd27bf044634e4986d99f9761a55a52a6d455

              SHA512

              487d8cec989403e603b1945309bd198245210ebbb83614754eb7b4fc658f26f26dbd6f269508074bba843bedc46b744b804ab6793c5a33839103ababacf7d403

              Download Submit
            • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\X2AZMHV0\microsoft.windows[1].xml
              Filesize

              97B

              MD5

              768055ed85d55e7db870a3b986bcd639

              SHA1

              7997463d3ff4c2dc612fb615c8fb7e23cab47565

              SHA256

              c95bbd411ef3e77773d5cf46c2465cf91e6e5b75819543df16ccb6c2cd5f287b

              SHA512

              8af7528b64a4d871d3c8eaa1923bd49cf53956f7f2af4331f8106bb7dd7c9afb4971e3128c0d9cdcb13fc6c4271f92c6152298de5f5d73a7544dc5a2e9f5c837

              Download Submit
            • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Chrome
              Filesize

              36KB

              MD5

              bad093419be1135cfe9694ea77088c78

              SHA1

              76204c7ca72cf666add9c9931389d635c82e8af0

              SHA256

              136808af50ee73df9befd76f7aca21765782565b0095227c5a287f3be0b5ef3c

              SHA512

              3b5cb7f80d7cbc557b5a32a995cd607257ac8e56af935ce6f64c54ba1f311a65ef00c69c69047b6eb7bb678c2b1bc0a3c37548aef417ea49e414e1a34bcf651d

              Download Submit
            • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133229515130826770.txt
              Filesize

              74KB

              MD5

              57217efb9ae849bd6296101907983d1e

              SHA1

              c3a6affdfc354430b7ffca355fe3d3fb0502fc2e

              SHA256

              8ea31a718fe31bc5a25a619ae2f1509ee3d12418614dec8de1f02f05d85b98c8

              SHA512

              8c9d117c9d6c5d3dd29edc8be60c720975a7b6048495cbe9abf7b647471bd83af4b0a0942e27da6ee2a10dc5af560a88b1a0b6feacb810dfbc665818eb9eb3cf

              Download Submit
            • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133229515218101089.txt
              Filesize

              2KB

              MD5

              33d1aa31808afb2d7879d7ba177cbff4

              SHA1

              a68ec4e7c75ae55881f221b316bc2ddbed2f5305

              SHA256

              1ffb363be2a4a55e7bc09a824753118c7cf27310beb1f2a26e68b558ab35136a

              SHA512

              a9a8051a464b4f5b12ac4c90805845d87f0f3306b3a8530d993966f6015a3cf48cbb9f252d910f6652b772831603efa3643983780ffc3ee6cab4cc25a0ff5067

              Download Submit
            • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\StartUnifiedTileModelCache.dat
              Filesize

              14KB

              MD5

              7238c54ebd657e8eaccf4ff9fe34c804

              SHA1

              eed0789471ee119952acae5ffd0be45319f6c9fb

              SHA256

              f906d7cce9f838ffc3f6df396ea2c9d6293ea179890b9289f22063171604d14b

              SHA512

              e37717ab982bcc153d89d3825a082b75a42cf76f901638eb0889f5f771eaa1a4266366241ddb69b5640645954f0b42adf17ecc1fc3c57895dc01a432d775c8d3

              Download Submit
            • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\TempState\StartUnifiedTileModelCache.dat
              Filesize

              14KB

              MD5

              f0d503ad8823434e6542417e7d6d49f7

              SHA1

              95107caa2ffe0e42d15aef19568fee1bec223ee9

              SHA256

              fbb26d85bf444ef85879da40381325c000736d8145de4d03104356bb4fe0231b

              SHA512

              4cf084a362558481a2b9086881a179602008f7d6b3e3019ce79830e2a74cbbc6f6e1f2e2a20f29ac16933185dc49a235dd8081ae466f512169ddb0051e3fa6d8

              Download Submit
            • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Info.hta
              Filesize

              13KB

              MD5

              37e449964460615c93c08d5996fcc456

              SHA1

              03ba1173a8f86fe502077177f1ab6f6858ca1f8b

              SHA256

              6aa74c983de0c0cc7e7c5bf11d9712b64a40378163f7f34effffde97d10d22c3

              SHA512

              3a466a0720e8f00468b4e56c109909d3e87c352a2bd26438f5afe5f83ab39c98b43945cf9e015d01c218e6640b9899f3c8a49dfc75f54b3b1f0be9160f2dbb9d

              Download Submit
            • memory/956-23555-0x000001A671C10000-0x000001A671C30000-memory.dmp
              Filesize

              128KB

              Download
            • memory/956-23560-0x000001A671BC0000-0x000001A671BE0000-memory.dmp
              Filesize

              128KB

              Download
            • memory/956-23562-0x000001A671F50000-0x000001A671F70000-memory.dmp
              Filesize

              128KB

              Download
            • memory/4808-23546-0x0000000002C00000-0x0000000002C01000-memory.dmp
              Filesize

              4KB

              Download