Overview

overview

10

Static

static

1

Sample.dll

windows7-x64

10

Analysis

  • max time kernel
    107s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    16-09-2023 12:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Sample.dll

  • Size

    601KB

  • MD5

    910aa49813ee4cc7e4fa0074db5e454a

  • SHA1

    45831987fabeb7b32c70f662be8cb24e2efef1dc

  • SHA256

    4218214f32f946a02b7a7bebe3059af3dd87bcd130c0469aeb21b58299e2ef9a

  • SHA512

    3a726bda8119bbb45a5407703982453abca112df38921df76d57febd455c297f61c19858c40c48f155a721b460b0b5d4b410f5427980df3b8959f8969a8d24bd

  • SSDEEP

    12288:yxqa4OJLt8sJ3y3/xi+aW4cJ6ANgRitRUA1qDoj2h9TY+gleOrnGLUVHso:uGCBQp3aW44cCIYBeOsMMo

Score
10/10
mazeransomwaretrojan

Malware Config

Extracted

Path

C:\$Recycle.Bin\S-1-5-21-3849525425-30183055-657688904-1000\DECRYPT-FILES.txt

Family

maze

Ransom Note
Attention! ---------------------------- | What happened? ---------------------------- We hacked your network and now all your files, documents, photos, databases, and other important data are safely encrypted with reliable algorithms. You cannot access the files right now. But do not worry. You can get it back! It is easy to recover in a few steps. We have also downloaded a lot of private data from your network, so in case of not contacting us as soon as possible this data will be released. If you do not contact us in a 3 days we will post information about your breach on our public news website and after 7 days the whole downloaded info. To see what happens to those who don't contact us, google: * Southwire Maze Ransomware * MDLab Maze Ransomware * City of Pensacola Maze Ransomware After the payment the data will be removed from our disks and decryptor will be given to you, so you can restore all your files. ---------------------------- | How to contact us and get my files back? ---------------------------- The only method to restore your files and be safe from data leakage is to purchase a unique for you private key which is securely stored on our servers. To contact us and purchase the key you have to visit our website in a hidden TOR network. There are general 2 ways to reach us: 1) [Recommended] Using hidden TOR network. a) Download a special TOR browser: https://www.torproject.org/ b) Install the TOR Browser. c) Open the TOR Browser. d) Open our website in the TOR browser: http://aoacugmutagkwctu.onion/6bc90cad8d6686b0 e) Follow the instructions on this page. 2) If you have any problems connecting or using TOR network a) Open our website: https://mazedecrypt.top/6bc90cad8d6686b0 b) Follow the instructions on this page. Warning: the second (2) method can be blocked in some countries. That is why the first (1) method is recommended to use. On this page, you will see instructions on how to make a free decryption test and how to pay. Also it has a live chat with our operators and support team. ---------------------------- | What about guarantees? ---------------------------- We understand your stress and worry. So you have a FREE opportunity to test a service by instantly decrypting for free three files from every system in your network. If you have any problems our friendly support team is always here to assist you in a live chat! P.S. Dear system administrators, do not think you can handle it by yourself. Inform leadership as soon as possible. By hiding the fact of the breach you will be eventually fired and sometimes even sued. ------------------------------------------------------------------------------- THIS IS A SPECIAL BLOCK WITH A PERSONAL AND CONFIDENTIAL INFORMATION! DO NOT TOUCH IT WE NEED IT TO IDENTIFY AND AUTHORIZE YOU ---BEGIN MAZE KEY--- sydpXWBXGU6htg8z0FhPAGNWALffGCHE7mA90Ps+jfUY9Te7fPbQYCUVe33MXBrsy61lodERWQVZ4iv1qBwhSAGu+uro++USrXm2Ngu/5/5W6HAU9AbIJgbXDU0ycywJzhLCL3mYgvl3BqvIZkUWrNMP+XOkEI2ZLW9GFFDglQ7RYY3TjGj6CdbvhxcJULEunxSi4I6Zm6sX3tgqTrIH7AAi5rGwnRqAA+UYXdy7UKn5gtg6x3tABWz3XaFASVvapKAgLcNhzVC67ZfNrBdu/B1jAYbO/BqnDdkm1+l1A6D86B5buQrcoZMQ9hpjtU+xOvs9VcgBAG+l2P8QA3FyWkUkSp9OlmmrhLqWYn/ohfjJq8ooeZpd6v3PPfNopDma5EpXSfsOsifJvanJQpR0wJO6Bq/cp6mghEOq8JthgaYB7W1dPELanCGAIlK/tugwFqNBwsSyKGET9FA3bNfngmm/z2fUFMDWigEw8vVMtHfg/krtIe8+WChR/VDGfH954hOjMdSkCo2KgSpiwjvLh6/+ZUwlzfNuym+Kv/yF5Sp60IwwsIYoFuupp0UdsywJ38GMMDySKtI0K40Kmpqewud9dey9BBlbi+wYJ3zd1VqFH6yrtIKvB2lqjxMZ2nNAAuFhkzqULbOrrSsdEV/qfITPTdBgTELPrDyUgCReDP28zsT4Hj1Nf13dZXNp74i+SWl7sNv9JffilkIZlrVkfAjYvtHAMeqB2YyvDc7qPy9LF1eVVbLwHZ/V20ICsLdt/ekSGVuCGE8mqzBbI6f4drmEEpOrmOGC0RJdogm4ccKhc7inEN8bkh+xx9jb2sCmeYvHNUwDsNQD5YBT8PGM1+nNJCdvPMv5qQgcD5KR0w44O1hqvRrS5cHyuCJ4g47lkLjx3mnacGihLJQ+UFyUa2iLMMX6X65k03s7eMzTcXbCJSPXh+M+kTxsjm5cYq4Upro/pSP7TNeYyN94ybDDVN+ygwAVRH+17ubcy21s7ExPpIYpIcNuwwmcx42JsAH1DgqmrA2a1HptJwcSchTyM5w2Zd5Y4xw4pxdrd82cT8EZ+97PrhGy3CV6Sd4F5wOyTLGMbQQz6+DWYMqZ++EXdR5y6NBh9+KoIaiL6fDLfaCvUXMcfNIn7beetp5eSA7b7BqaddS4P3cgPbVNvJiOFYg4uSVzaSfzPA5FZk7X7MVd4oFzwZqO/OcMrRGjCxeRznYW1OpYtRnvGuWd1LuEBnIczcjHPLEIxpcDnGeJuckRrmea/ndyOHHcBznsh9tdgy98QS+RifnnN5MzyWAsjoa9q9NHqdW8sYcTGBmXtBzgI9Nj0MI5q4i1BIwHxxkReJA915E2pHsSNzdORkdeBa0UWKLHj7uylqMOegRj/m6yrDHckCm0av+/7+DXAtV6CCZAgl2AaeQCW5pRgpDDZcSRzO94bc9w5i/umy+XY0sJETBzn7a6IMs2218Aq35IgGIJ38336PgWySEoeQkybSFPK5dMUQrUd2QfuLhXIhJw3Ev1AE04QkKMEU3dlg6X4yQtvmH+mVHPI56Al9hcyVF8y1l7+VhvcaiybJqcM9p8yj+YTUT//xAfzcFVsb9mv+IUI3sZTDBboFqVaDEGp68CBEPYd5EKUrUDexx9cHlAd9ZrnNvOsew/dpD/1H0ht6ojX/1n30AL3vabFD0pTbv+Hq4KLH+pJhap9CtcAzHBYLak5ycaxqU8gh0bUHx6p+lmURviIdMFsa7EK6u+Tt3jhMJf9fja94vIn0IND7gnLz6T/cqvaqs1KSplhfMBDepF4v7cN82pvg2JzlOiPOoGyrFYBPiBgQMqe6Q5ZE4JycQtyHQNJ1VTQ7S9EuU/28aN9lmNM/JVEFCNSvToQpol+5r8h/rL74x18W3lyGprIYCX/q9SfGNJqVSQybRJvJliIY027RD5LRaHKmnQXQ/8omfg8JP9x21Xst/Oux7lCfI+Y9P17IDW2aVT9mGKNyEaxGeY/d6MWAC1/BTn/BToDBGt8rsf89I6wjFtuXrCyc4K8P+Gkwgd/qy11UvgS81MI0oKlUExfATP7yRhJUttcB22Qs7lj6nyuelY4Y4YjB2OrAlfZ7nxemZINkHcn2GxzdT+Ky5MpGIkyts6iZ8N5ho/ciyZOyr2aT20keyaU1a2bk1JzEPo6dh8j/hzOdU+oO6goVD5ovvqxkLknvcIK0USlRZFVLYT3QpZe0nblngPTGf0PSrz/bx/uBeVv4n7KwoiNgBiAGMAOQAwAGMAYQBkADgAZAA2ADYAOAA2AGIAMAAAABCAYBoMQQBkAG0AaQBuAAAAIiZXAE8AUgBLAEcAUgBPAFUAUABcAEsARwBQAE0ATgBVAEQARwAAACoMbgBvAG4AZQB8AAAAMiZXAGkAbgBkAG8AdwBzACAANwAgAFUAbAB0AGkAbQBhAHQAZQAAADoofABkAGUAcAByAGUAYwBhAHQAZQBkACAAPgAgAHYAMgAuADMAfAAAAEJWfABDAF8ARgBfADIAMAA0ADgAMQAvADIANAAxADMANgAxAHwARABfAFUAXwAwAC8AMAB8AEYAXwBGAF8AMgAwADMAOAA5AC8AMgAwADQANwA5AHwAAABIAFBAWIkIYIkIaIkIcPWV2Xt4DoABAYoBBTIuMy4y ---END MAZE KEY---
URLs

http://aoacugmutagkwctu.onion/6bc90cad8d6686b0

https://mazedecrypt.top/6bc90cad8d6686b0

Signatures

  • Maze

    Ransomware family also known as ChaCha.

    trojanransomwaremaze
  • Deletes shadow copies 2 TTPs

    Ransomware often targets backup files to inhibit system recovery.

    ransomware
  • Drops startup file 2 IoCs
  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
    ransomware
  • Drops file in Program Files directory 45 IoCs
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 57 IoCs
  • Suspicious use of FindShellTrayWindow 36 IoCs
  • Suspicious use of SendNotifyMessage 32 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\Sample.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2800
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\Sample.dll
      2⤵
      • Drops startup file
      • Sets desktop wallpaper using registry
      • Drops file in Program Files directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2804
      • C:\Windows\system32\wbem\wmic.exe
        "C:\f\lre\..\..\Windows\kfsgd\k\a\..\..\..\system32\fptjm\bhk\xg\..\..\..\wbem\y\xwhjm\..\..\wmic.exe" shadowcopy delete
        3⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:1344
  • C:\Windows\system32\vssvc.exe
    C:\Windows\system32\vssvc.exe
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2636
  • C:\Windows\SysWOW64\DllHost.exe
    C:\Windows\SysWOW64\DllHost.exe /Processid:{3F6B5E16-092A-41ED-930B-0B4125D91D4E}
    1⤵
      PID:1520
    • C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      1⤵
        PID:2144
      • C:\Windows\system32\NOTEPAD.EXE
        "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Network Shortcuts\DECRYPT-FILES.txt
        1⤵
        • Suspicious use of FindShellTrayWindow
        PID:1400
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe"
        1⤵
        • Enumerates system info in registry
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of WriteProcessMemory
        PID:2236
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef57d9758,0x7fef57d9768,0x7fef57d9778
          2⤵
            PID:2120
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1160 --field-trial-handle=1256,i,7784431652343613115,14522586937419556980,131072 /prefetch:2
            2⤵
              PID:2196
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1620 --field-trial-handle=1256,i,7784431652343613115,14522586937419556980,131072 /prefetch:8
              2⤵
                PID:2536
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1508 --field-trial-handle=1256,i,7784431652343613115,14522586937419556980,131072 /prefetch:8
                2⤵
                  PID:1068
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2312 --field-trial-handle=1256,i,7784431652343613115,14522586937419556980,131072 /prefetch:1
                  2⤵
                    PID:2824
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2308 --field-trial-handle=1256,i,7784431652343613115,14522586937419556980,131072 /prefetch:1
                    2⤵
                      PID:2820
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3252 --field-trial-handle=1256,i,7784431652343613115,14522586937419556980,131072 /prefetch:2
                      2⤵
                        PID:2452
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2204 --field-trial-handle=1256,i,7784431652343613115,14522586937419556980,131072 /prefetch:2
                        2⤵
                          PID:1880
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=2272 --field-trial-handle=1256,i,7784431652343613115,14522586937419556980,131072 /prefetch:1
                          2⤵
                            PID:1368
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3512 --field-trial-handle=1256,i,7784431652343613115,14522586937419556980,131072 /prefetch:8
                            2⤵
                              PID:2000
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3632 --field-trial-handle=1256,i,7784431652343613115,14522586937419556980,131072 /prefetch:8
                              2⤵
                                PID:1408
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3652 --field-trial-handle=1256,i,7784431652343613115,14522586937419556980,131072 /prefetch:1
                                2⤵
                                  PID:3032
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3992 --field-trial-handle=1256,i,7784431652343613115,14522586937419556980,131072 /prefetch:8
                                  2⤵
                                    PID:1284
                                • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                                  "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                                  1⤵
                                    PID:2476
                                  • C:\Windows\explorer.exe
                                    "C:\Windows\explorer.exe"
                                    1⤵
                                      PID:2944

                                    Network

                                    MITRE ATT&CK Enterprise v15

                                    Replay Monitor

                                    Loading Replay Monitor...

                                    Downloads

                                    • C:\$Recycle.Bin\S-1-5-21-3849525425-30183055-657688904-1000\DECRYPT-FILES.txt
                                      Filesize

                                      10KB

                                      MD5

                                      7ab374e97e539c19a74d150e2a6eb884

                                      SHA1

                                      b9da4a594521837483318db9018cd848df43f8a7

                                      SHA256

                                      f24a11f59c89026fd60bc41488d02f81ea7af6f68d5080f6d14b632c20d22a0c

                                      SHA512

                                      0604c4e4d24f91804b9048f8545144461abccb49d69054e6db632de33fda83c88e56211f5a352d7236080f08dd86d992b12c238769a3c7cb0817c71ddbee9f7e

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\31d6b3eb-2f1e-4103-befd-b741f8b68733.tmp
                                      Filesize

                                      196KB

                                      MD5

                                      b7f185f4eaac67cb2c2bbab97a18e455

                                      SHA1

                                      d9a38ab42f93652cf595488c32781f83fc01e851

                                      SHA256

                                      8c59d4173f014957c7ed700fc29fc8b4ba0c8785682a5186ac6639a1673d35fd

                                      SHA512

                                      f78acd3f987c204dd414ca3579e0685505a1e5a564fca1371d741b9870c7caf5b4d61c5a511e2ef84efaa6868321fd8ae4a9c33ec5d031842287981059d326bf

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
                                      Filesize

                                      264KB

                                      MD5

                                      f50f89a0a91564d0b8a211f8921aa7de

                                      SHA1

                                      112403a17dd69d5b9018b8cede023cb3b54eab7d

                                      SHA256

                                      b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

                                      SHA512

                                      bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                      Filesize

                                      4KB

                                      MD5

                                      71b1b9f5b6db9a16d039f28882544d5f

                                      SHA1

                                      740b5e15b555750c83f19fc6a5cdd8cc8591a263

                                      SHA256

                                      df3e45b83b390ea450ab4d8addb8bfa0d0f0ce5552a8dd7be607893292d315a3

                                      SHA512

                                      b1abf41aa69d487ff44c99411aa0a01d885488c8844bf38f2e16508e3e06f34d6241e7c4b9001ce064935ecb14fea6b2b12777022eefc5a52b622704ea82f289

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp
                                      Filesize

                                      16B

                                      MD5

                                      18e723571b00fb1694a3bad6c78e4054

                                      SHA1

                                      afcc0ef32d46fe59e0483f9a3c891d3034d12f32

                                      SHA256

                                      8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

                                      SHA512

                                      43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                      Filesize

                                      196KB

                                      MD5

                                      d0e6171a09517b10c1133be3bb5ae59b

                                      SHA1

                                      619b94c316ff97b34a611f7bc4e2e0c98dc68d2f

                                      SHA256

                                      2ffe1c8058a7d6007613ea2d212c6f2bb5311ba67068907b67c4d7a5ae90ee3c

                                      SHA512

                                      4081e4cc1b84953196880e4c2957ff454f50aae1a29eb79ae8027525bae9214fd092dfd0474731616fe7be154e07f332e039704948469f7569683df7cb1403be

                                      Download Submit

                                    • C:\Users\Admin\AppData\Roaming\Microsoft\Speech\Files\UserLexicons\SP_85BE06CC3D55448E8C0F9C1F401E244D.dat
                                      Filesize

                                      940B

                                      MD5

                                      05abbc4b21c1e1ef5aa9d2012caa4907

                                      SHA1

                                      ab7669a38b26ba612aaf977fb62bcc44ceb1adbe

                                      SHA256

                                      9139c30744e404572835590849b129fadd9492d7e5b6c051f845084f3b0843fa

                                      SHA512

                                      082b17d64ac1a820c78cc4cf56d2f6851321718c033dfd6f3a910632ead101d8ddcdd554ffffc394fb3353afcd1cf853fe52e96b8f7817f815f5acbf49e1ce6c

                                      Download Submit

                                    • C:\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\DECRYPT-FILES.txt
                                      Filesize

                                      10KB

                                      MD5

                                      7ab374e97e539c19a74d150e2a6eb884

                                      SHA1

                                      b9da4a594521837483318db9018cd848df43f8a7

                                      SHA256

                                      f24a11f59c89026fd60bc41488d02f81ea7af6f68d5080f6d14b632c20d22a0c

                                      SHA512

                                      0604c4e4d24f91804b9048f8545144461abccb49d69054e6db632de33fda83c88e56211f5a352d7236080f08dd86d992b12c238769a3c7cb0817c71ddbee9f7e

                                      Download Submit

                                    • C:\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\DECRYPT-FILES.txt
                                      Filesize

                                      10KB

                                      MD5

                                      7ab374e97e539c19a74d150e2a6eb884

                                      SHA1

                                      b9da4a594521837483318db9018cd848df43f8a7

                                      SHA256

                                      f24a11f59c89026fd60bc41488d02f81ea7af6f68d5080f6d14b632c20d22a0c

                                      SHA512

                                      0604c4e4d24f91804b9048f8545144461abccb49d69054e6db632de33fda83c88e56211f5a352d7236080f08dd86d992b12c238769a3c7cb0817c71ddbee9f7e

                                      Download Submit

                                    • C:\Users\Admin\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\DECRYPT-FILES.txt
                                      Filesize

                                      10KB

                                      MD5

                                      7ab374e97e539c19a74d150e2a6eb884

                                      SHA1

                                      b9da4a594521837483318db9018cd848df43f8a7

                                      SHA256

                                      f24a11f59c89026fd60bc41488d02f81ea7af6f68d5080f6d14b632c20d22a0c

                                      SHA512

                                      0604c4e4d24f91804b9048f8545144461abccb49d69054e6db632de33fda83c88e56211f5a352d7236080f08dd86d992b12c238769a3c7cb0817c71ddbee9f7e

                                      Download Submit

                                    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Network Shortcuts\DECRYPT-FILES.txt
                                      Filesize

                                      10KB

                                      MD5

                                      7ab374e97e539c19a74d150e2a6eb884

                                      SHA1

                                      b9da4a594521837483318db9018cd848df43f8a7

                                      SHA256

                                      f24a11f59c89026fd60bc41488d02f81ea7af6f68d5080f6d14b632c20d22a0c

                                      SHA512

                                      0604c4e4d24f91804b9048f8545144461abccb49d69054e6db632de33fda83c88e56211f5a352d7236080f08dd86d992b12c238769a3c7cb0817c71ddbee9f7e

                                      Download Submit

                                    • \??\PIPE\samr
                                      MD5

                                      d41d8cd98f00b204e9800998ecf8427e

                                      SHA1

                                      da39a3ee5e6b4b0d3255bfef95601890afd80709

                                      SHA256

                                      e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                      SHA512

                                      cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                      Download Submit

                                    • \??\pipe\crashpad_2236_HTSDTATOIYJVFBQS
                                      MD5

                                      d41d8cd98f00b204e9800998ecf8427e

                                      SHA1

                                      da39a3ee5e6b4b0d3255bfef95601890afd80709

                                      SHA256

                                      e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                      SHA512

                                      cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                      Download Submit

                                    • memory/2804-0-0x0000000000180000-0x00000000001DD000-memory.dmp

                                      Filesize

                                      372KB

                                      Download

                                    • memory/2804-848-0x0000000000310000-0x000000000036D000-memory.dmp

                                      Filesize

                                      372KB

                                      Download

                                    • memory/2804-13-0x0000000000310000-0x000000000036D000-memory.dmp

                                      Filesize

                                      372KB

                                      Download

                                    • memory/2804-10-0x0000000000310000-0x000000000036D000-memory.dmp

                                      Filesize

                                      372KB

                                      Download

                                    • memory/2804-6-0x0000000000310000-0x000000000036D000-memory.dmp

                                      Filesize

                                      372KB

                                      Download

                                    • memory/2804-1-0x0000000000310000-0x000000000036D000-memory.dmp

                                      Filesize

                                      372KB

                                      Download