cobaltstrike | hxxp://64[.]150[.]190[.]149[.]64

Analysis

max time kernel
301s
max time network
278s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
16/12/2023, 04:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://64.150.190.149.64

Score

10^/10

cobaltstrike connectback backdoor trojan

Malware Config

Extracted

Family

cobaltstrike

http://185.74.222.145:676/y6Dj

http://185.74.222.145:676/PPDy

Attributes

user_agent
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko

Extracted

Family

connectback

185.74.222.145:957

Signatures

Cobaltstrike
Detected malicious payload which is part of Cobaltstrike.
trojan backdoor cobaltstrike
ConnectBack
A small Linux reverse shell that establishes a connection back to the attacker.
backdoor connectback

Blocklisted process makes network request 10 IoCs

flow	pid	Process
46	1924	powershell.exe
48	1924	powershell.exe
49	1924	powershell.exe
50	1924	powershell.exe
51	1924	powershell.exe
55	1924	powershell.exe
56	1924	powershell.exe
58	1924	powershell.exe
60	1924	powershell.exe
62	1924	powershell.exe

Downloads MZ/PE file

Executes dropped EXE 3 IoCs

pid	Process
4640	sjhduieo.exe
4956	sjdsn.exe
732	dfffreps.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\Local Settings	OpenWith.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
3984	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
1988	chrome.exe
1988	chrome.exe
1924	powershell.exe
1924	powershell.exe
1924	powershell.exe
3980	chrome.exe
3980	chrome.exe
2752	powershell_ise.exe
2752	powershell_ise.exe
3456	powershell_ise.exe
3456	powershell_ise.exe
3456	powershell_ise.exe
732	dfffreps.exe
732	dfffreps.exe
732	dfffreps.exe
732	dfffreps.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5040	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe
Token: SeShutdownPrivilege	1988	chrome.exe
Token: SeCreatePagefilePrivilege	1988	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe
1988	chrome.exe

Suspicious use of SetWindowsHookEx 17 IoCs

pid	Process
5040	OpenWith.exe
5040	OpenWith.exe
5040	OpenWith.exe
5040	OpenWith.exe
5040	OpenWith.exe
5040	OpenWith.exe
5040	OpenWith.exe
5040	OpenWith.exe
5040	OpenWith.exe
5040	OpenWith.exe
5040	OpenWith.exe
5040	OpenWith.exe
5040	OpenWith.exe
5040	OpenWith.exe
5040	OpenWith.exe
5040	OpenWith.exe
5040	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1988 wrote to memory of 1256	1988	chrome.exe	87
PID 1988 wrote to memory of 1256	1988	chrome.exe	87
PID 1988 wrote to memory of 1376	1988	chrome.exe	89
PID 1988 wrote to memory of 1376	1988	chrome.exe	89
PID 1988 wrote to memory of 1376	1988	chrome.exe	89
PID 1988 wrote to memory of 1376	1988	chrome.exe	89
PID 1988 wrote to memory of 1376	1988	chrome.exe	89
PID 1988 wrote to memory of 1376	1988	chrome.exe	89
PID 1988 wrote to memory of 1376	1988	chrome.exe	89
PID 1988 wrote to memory of 1376	1988	chrome.exe	89
PID 1988 wrote to memory of 1376	1988	chrome.exe	89
PID 1988 wrote to memory of 1376	1988	chrome.exe	89
PID 1988 wrote to memory of 1376	1988	chrome.exe	89
PID 1988 wrote to memory of 1376	1988	chrome.exe	89
PID 1988 wrote to memory of 1376	1988	chrome.exe	89
PID 1988 wrote to memory of 1376	1988	chrome.exe	89
PID 1988 wrote to memory of 1376	1988	chrome.exe	89
PID 1988 wrote to memory of 1376	1988	chrome.exe	89
PID 1988 wrote to memory of 1376	1988	chrome.exe	89
PID 1988 wrote to memory of 1376	1988	chrome.exe	89
PID 1988 wrote to memory of 1376	1988	chrome.exe	89
PID 1988 wrote to memory of 1376	1988	chrome.exe	89
PID 1988 wrote to memory of 1376	1988	chrome.exe	89
PID 1988 wrote to memory of 1376	1988	chrome.exe	89
PID 1988 wrote to memory of 1376	1988	chrome.exe	89
PID 1988 wrote to memory of 1376	1988	chrome.exe	89
PID 1988 wrote to memory of 1376	1988	chrome.exe	89
PID 1988 wrote to memory of 1376	1988	chrome.exe	89
PID 1988 wrote to memory of 1376	1988	chrome.exe	89
PID 1988 wrote to memory of 1376	1988	chrome.exe	89
PID 1988 wrote to memory of 1376	1988	chrome.exe	89
PID 1988 wrote to memory of 1376	1988	chrome.exe	89
PID 1988 wrote to memory of 1376	1988	chrome.exe	89
PID 1988 wrote to memory of 1376	1988	chrome.exe	89
PID 1988 wrote to memory of 1376	1988	chrome.exe	89
PID 1988 wrote to memory of 1376	1988	chrome.exe	89
PID 1988 wrote to memory of 1376	1988	chrome.exe	89
PID 1988 wrote to memory of 1376	1988	chrome.exe	89
PID 1988 wrote to memory of 1376	1988	chrome.exe	89
PID 1988 wrote to memory of 1376	1988	chrome.exe	89
PID 1988 wrote to memory of 116	1988	chrome.exe	90
PID 1988 wrote to memory of 116	1988	chrome.exe	90
PID 1988 wrote to memory of 2416	1988	chrome.exe	91
PID 1988 wrote to memory of 2416	1988	chrome.exe	91
PID 1988 wrote to memory of 2416	1988	chrome.exe	91
PID 1988 wrote to memory of 2416	1988	chrome.exe	91
PID 1988 wrote to memory of 2416	1988	chrome.exe	91
PID 1988 wrote to memory of 2416	1988	chrome.exe	91
PID 1988 wrote to memory of 2416	1988	chrome.exe	91
PID 1988 wrote to memory of 2416	1988	chrome.exe	91
PID 1988 wrote to memory of 2416	1988	chrome.exe	91
PID 1988 wrote to memory of 2416	1988	chrome.exe	91
PID 1988 wrote to memory of 2416	1988	chrome.exe	91
PID 1988 wrote to memory of 2416	1988	chrome.exe	91
PID 1988 wrote to memory of 2416	1988	chrome.exe	91
PID 1988 wrote to memory of 2416	1988	chrome.exe	91
PID 1988 wrote to memory of 2416	1988	chrome.exe	91
PID 1988 wrote to memory of 2416	1988	chrome.exe	91
PID 1988 wrote to memory of 2416	1988	chrome.exe	91
PID 1988 wrote to memory of 2416	1988	chrome.exe	91
PID 1988 wrote to memory of 2416	1988	chrome.exe	91
PID 1988 wrote to memory of 2416	1988	chrome.exe	91
PID 1988 wrote to memory of 2416	1988	chrome.exe	91
PID 1988 wrote to memory of 2416	1988	chrome.exe	91

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://64.150.190.149.64
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0x40,0x108,0x7ff9a75b9758,0x7ff9a75b9768,0x7ff9a75b9778
  2⤵
  PID:1256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1616 --field-trial-handle=1876,i,11324250228886571153,11302524164574825365,131072 /prefetch:2
  2⤵
  PID:1376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1876,i,11324250228886571153,11302524164574825365,131072 /prefetch:8
  2⤵
  PID:116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2228 --field-trial-handle=1876,i,11324250228886571153,11302524164574825365,131072 /prefetch:8
  2⤵
  PID:2416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3028 --field-trial-handle=1876,i,11324250228886571153,11302524164574825365,131072 /prefetch:1
  2⤵
  PID:1992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3008 --field-trial-handle=1876,i,11324250228886571153,11302524164574825365,131072 /prefetch:1
  2⤵
  PID:4388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4040 --field-trial-handle=1876,i,11324250228886571153,11302524164574825365,131072 /prefetch:8
  2⤵
  PID:1920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4232 --field-trial-handle=1876,i,11324250228886571153,11302524164574825365,131072 /prefetch:8
  2⤵
  PID:2224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4388 --field-trial-handle=1876,i,11324250228886571153,11302524164574825365,131072 /prefetch:1
  2⤵
  PID:4812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4928 --field-trial-handle=1876,i,11324250228886571153,11302524164574825365,131072 /prefetch:8
  2⤵
  PID:1760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5072 --field-trial-handle=1876,i,11324250228886571153,11302524164574825365,131072 /prefetch:8
  2⤵
  PID:4180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4248 --field-trial-handle=1876,i,11324250228886571153,11302524164574825365,131072 /prefetch:8
  2⤵
  PID:2900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4360 --field-trial-handle=1876,i,11324250228886571153,11302524164574825365,131072 /prefetch:8
  2⤵
  PID:3628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4124 --field-trial-handle=1876,i,11324250228886571153,11302524164574825365,131072 /prefetch:1
  2⤵
  PID:468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4352 --field-trial-handle=1876,i,11324250228886571153,11302524164574825365,131072 /prefetch:8
  2⤵
  PID:4412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3080 --field-trial-handle=1876,i,11324250228886571153,11302524164574825365,131072 /prefetch:8
  2⤵
  PID:5000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5260 --field-trial-handle=1876,i,11324250228886571153,11302524164574825365,131072 /prefetch:8
  2⤵
  PID:4212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=904 --field-trial-handle=1876,i,11324250228886571153,11302524164574825365,131072 /prefetch:8
  2⤵
  PID:3648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4516 --field-trial-handle=1876,i,11324250228886571153,11302524164574825365,131072 /prefetch:8
  2⤵
  PID:2264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5440 --field-trial-handle=1876,i,11324250228886571153,11302524164574825365,131072 /prefetch:8
  2⤵
  PID:752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3416 --field-trial-handle=1876,i,11324250228886571153,11302524164574825365,131072 /prefetch:8
  2⤵
  PID:2604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5292 --field-trial-handle=1876,i,11324250228886571153,11302524164574825365,131072 /prefetch:8
  2⤵
  PID:3932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4224 --field-trial-handle=1876,i,11324250228886571153,11302524164574825365,131072 /prefetch:8
  2⤵
  PID:404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4356 --field-trial-handle=1876,i,11324250228886571153,11302524164574825365,131072 /prefetch:8
  2⤵
  PID:4016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3712 --field-trial-handle=1876,i,11324250228886571153,11302524164574825365,131072 /prefetch:8
  2⤵
  PID:3256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=220 --field-trial-handle=1876,i,11324250228886571153,11302524164574825365,131072 /prefetch:8
  2⤵
  PID:4328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4964 --field-trial-handle=1876,i,11324250228886571153,11302524164574825365,131072 /prefetch:8
  2⤵
  PID:64
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1892 --field-trial-handle=1876,i,11324250228886571153,11302524164574825365,131072 /prefetch:8
  2⤵
  PID:2840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=888 --field-trial-handle=1876,i,11324250228886571153,11302524164574825365,131072 /prefetch:8
  2⤵
  PID:1840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4964 --field-trial-handle=1876,i,11324250228886571153,11302524164574825365,131072 /prefetch:8
  2⤵
  PID:112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5268 --field-trial-handle=1876,i,11324250228886571153,11302524164574825365,131072 /prefetch:8
  2⤵
  PID:1976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5528 --field-trial-handle=1876,i,11324250228886571153,11302524164574825365,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5428 --field-trial-handle=1876,i,11324250228886571153,11302524164574825365,131072 /prefetch:8
  2⤵
  PID:3980

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2972

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2412

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "-Command" "if((Get-ExecutionPolicy ) -ne 'AllSigned') { Set-ExecutionPolicy -Scope Process Bypass }; & 'C:\Users\Admin\Downloads\ak12sd3.ps1'"
1⤵
- Blocklisted process makes network request
- Suspicious behavior: EnumeratesProcesses
PID:1924

C:\Users\Admin\Downloads\sjhduieo.exe
"C:\Users\Admin\Downloads\sjhduieo.exe"
1⤵
- Executes dropped EXE
PID:4640

C:\Users\Admin\Downloads\sjdsn.exe
"C:\Users\Admin\Downloads\sjdsn.exe"
1⤵
- Executes dropped EXE
PID:4956

C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe" "C:\Users\Admin\Downloads\ak12sd3.ps1"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:2752

C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe" "C:\Users\Admin\Downloads\ak12sd3.ps1"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:3456

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5040
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\skls7.elf
  2⤵
  - Opens file in notepad (likely ransom note)
  PID:3984

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\djkjnfdnff\" -spe -an -ai#7zMap17521:82:7zEvent32203
1⤵
PID:2788

C:\Users\Admin\Downloads\djkjnfdnff\dfffreps.exe
"C:\Users\Admin\Downloads\djkjnfdnff\dfffreps.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:732

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\djkjnfdnff\wwfdrddps\" -spe -an -ai#7zMap22858:104:7zEvent29475
1⤵
PID:4412

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
PID:1840

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
717f9c67f66602ca44269371bef87c55

SHA1
53d232e4618d3971c74ce50a5ea6209ac521ddef

SHA256
e895ac9e6e0c0d3cc911985937bf2d7e07a73f7ba1d1948ea9d2a84f94faf91a

SHA512
556e380c009341111e7d9f42ebc0b5a711c33421db4743cadf4f3f71f8bdfd8c7e624243f8587834f6095fb1c98139d6bf071ac9e86a1c7d8abb1a69d5a50cf4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
2bf174f116f6f9fec03e76427050c2e4

SHA1
f632f34fe1e7700de6df20a015faed4732c05f1e

SHA256
8fde05c7f928bb169991fd0dc01c5e57b67108614d75abddd6338e7635f8c8f9

SHA512
3615569ede1648f5280b60fe02225793038027664da725ea49176a168cc42d40a3733ccca5f2293ba2b257e2894ef1f24f99c21ebae671b5ea4914e5ab3bcea2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
369B

MD5
1f788114d785f84431ef3a8718974fb9

SHA1
597674f710bbc2155cf959ce81c2aa2df63a08c4

SHA256
b908212887e24cc7a61667d4f62132b22514b2f3dd99a955bba75eb20df91afd

SHA512
783827754f59e3941d5d69f5977bb66b530e9f39cbabdf6dd30a9a5887cb7ba67e373f5fa49c6519aab8094924bc775328c419f28600009672b4e49b8bba7585

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
d6aaf5e6fc587a5375fac8de263148e7

SHA1
d018c91e11868f06805f1fa2ea170864a6ca237b

SHA256
b840dc351577ab8c1e42304b2a045193955f75c9f44a37253f833df92037d038

SHA512
40e08919780730c019a3fb76805f5950c29d00d14fcc0a6cc868ef2391bdb897b64b4de0f4afaf01a848b12827fffd6863beb00291b9301e86237d66000578da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7a194ca65a769c429439bb408c950f81

SHA1
36b0908b4ca7165a13d2eebc4c097214d3428a47

SHA256
35d50b501ef266427e3e23c6e2d12c022571a7b9f17d07e31c7dbf3cc98d908c

SHA512
05ae20ab87a0312858d9b945eaeb79eaa989a5844d642a4316841d62b45b113ab8e487c42498b0225510124e33153026275473a53adf9929baab7334699a60b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3a7ba0d94e0cab6feab4dc1cb6d54616

SHA1
8fb0bf9eb310581c0c81b56630c0d046b6ae7398

SHA256
73085a3ac23d3588163d61ef73e9587202d726a74530efc9b3bcf4d59a934005

SHA512
24c69d1145ca8d3eb98d997ec6759c464c489c88039f99de4cb73db523f0eb268cbf19443ac6879178b28a3ec7aaaacd1fa14d3337624aaac79521087717bc21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
38c08b66f6ea38f9ce0746029847fa04

SHA1
043a6b09d04a0f61652b5bd0f954816dc64bba68

SHA256
33dc245a495d07861aec37a76d8ce3e963f03183e5c6bfb291e40cbe1053d465

SHA512
d3748693b095caa59267c749e3d8c04956adf85b3580014813371522cd3f16aeade5bd007e3b95891f5f5e6652ea5be5d2db1b27c6faa90c5d86dbcf70bae518

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
60e48fae507373a0e21c19080b035265

SHA1
bf67d8e0705ae43d33f5f7c6b69c1adf676ee958

SHA256
1ce4efbed1a58f65c2d434a67dff58d7cc893dbe0bd78cbea5fe972c41eba0a1

SHA512
26cfc68bcabf120d181c2302c9313f0dda70076c0044c41b258f9673d87dae1eba4b02b674381f89b10e834d52482bab359885fcba941afd76cb5352cb1ee575

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
182ad50faa2bd1e60b9cf505a07f3f65

SHA1
cef5ff03a634714b63ae09937f11adc065a07e58

SHA256
c9bedd8578c5ea783a144ad264c8678d54b71e9caefd841a4957f615e8c9bb50

SHA512
10a58cce00b3cdcac4574ee6b757df5e3f5603c16a3f5f08734e7d78d33b36fb2a3070528316900d83c10fa371fc1bccec1ee321906bcb758244e357b0038744

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
179eb82d4d8b7c3d12446513aded9d69

SHA1
55caa4c6d3b6f8c9443f2eb7e22f5919d3c9820f

SHA256
3c2c7bcf007c053cf5901d0b59eadf61272b23b5aa878ca15b376f7ba5ad2b0b

SHA512
b5376ca10b679f8c5eb4e8cf92c632f51c1a0e942ffe909208124326d90cbf6aad469faded2ee27006f546a18e46ed1bf8a59fade6af5429296412c3b3b1434f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
7889bfaf4a8be60012c57abebfaf4819

SHA1
490d9c3e5763199624e03f8603cd5c7271ecbf16

SHA256
d896008706333b2a326a9d0718439437ba1df258baf75af0930b47533f3a39ed

SHA512
a2cf2d6f7a30908ffd3d25e84cca837ccdbea6b2516d469f09487070d6c189faa22970baf6d9346219a7995d61021f8615fb110b3097674f5965c3418d67080e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
daca0a2a4c1f10e3e3651a1cfd1ea231

SHA1
a31635ece110e83060a4c4114924ff5e299f9f30

SHA256
2e374e93c6b10787d5f727b898880ea24bdbe18c72f0a4ce0cbb53655209b3b0

SHA512
3307deab2bd33dcdb7139e4034bb4f7f9c2c65d59a93b58249251a80cde14b33be849bbdc4e3dc224b9c13c5e183c3b139d09d8ef55efb2f850d98c75287834e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ea3ca9b4ded91af987a3088417b4c58a

SHA1
b45b336e69be2c06e73c6984e9b791b50257b4ac

SHA256
473a31b9a31745dbec6b8f309ea2579c776644c1540c7d9a44240796dbf45c85

SHA512
3d76fd4fcbd297282c9a4a69baed5d5d7ed9dcecbd51048031f2599952ce40fe4388620c68942f713b078a4efd4b9a87026ffa224d6531201a62deae5b971f6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
114KB

MD5
df07524ad68924f815d6576fafb7a189

SHA1
18456f9f18bbefc8df49e4f8c4f0440450642da9

SHA256
48b945cc866c179dd43e6229efe84067606e397a83cc307277dc88a947b4cd0a

SHA512
27b735aa15a22ec7cb558d4ed5f6292ca00f173e52ccecf9817ade326911b2a31388ce04165191aa1e31e5e4e74c4cbefda79db545407a350379253a7b5b4a9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
107KB

MD5
179fa7fa32df3bf499776e4ec29e1e71

SHA1
25116377c0cac7bb113967ebcc0ec85cf3ad64fe

SHA256
daf87a0ef35a50161bf88969d664d4111d3c71203611a6982b2587c6135ace8c

SHA512
da19cb4bef2594b13e8442b55b3a87c1c02d55ccd8017aead881064db4106db2fe36439e848c3098aff5017287bba72e27eda44eb07fc58d606686c9987b0af6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
103KB

MD5
46a5ed89898f71da01e09d369c1abaf2

SHA1
06bdf1c3489a346d32dda31aa1a3081b9f621cf0

SHA256
b350336cf6ceb37bec42b6eab48cb6eb1900f36d76374b8bae04b1dd0aba7956

SHA512
9909f328a9b4700b19b8444d898176ae388ad42c37957695c65f9e4c4c276ca19a68f0d8f20a26883b6f7a4950b3278781cce1ddf641a51348f89e11e7636b70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe586a6d.TMP

Filesize
97KB

MD5
2aa8d02853c087ad534e87ca9aeed805

SHA1
ae48ffd6aa924a699165ab4623734fe9fba1a6ed

SHA256
cb60185f07fb72cc6762a6e8ebeb02dcee244b67dec7847f09d1efea0444ccda

SHA512
32b2bcd7c35e8fc99d28c0f2445c5f9cf425f8ca9b6b62611674910c0de8211f5b1d5c19e6a4dbb53ddb3bf72124fce4c2cd6efa5e6a3445c23983f636973530

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\ISE\S-1-5-5-0-103184\PowerShellISEPipeName_1_93c7c180-baa7-4160-96e6-2df1dfde126b

Filesize
3B

MD5
a5ea0ad9260b1550a14cc58d2c39b03d

SHA1
f0aedf295071ed34ab8c6a7692223d22b6a19841

SHA256
f1b2f662800122bed0ff255693df89c4487fbdcf453d3524a42d4ec20c3d9c04

SHA512
7c735c613ece191801114785c1ee26a0485cbf1e8ee2c3b85ba1ad290ef75eec9fede5e1a5dc26d504701f3542e6b6457818f4c1d62448d0db40d5f35c357d74

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_jfjpl4ct.nz3.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\Downloads\ak12sd3.ps1

Filesize
3KB

MD5
d0993087feee9d132bf5291e67ce7a4c

SHA1
34e29e2284ce70e02b935a1d6eaf775bd9d8916d

SHA256
593e19e58bd2fecad92114a6aed1b5049066990bc62f2c6d5df8cce3a6cf9ce6

SHA512
57e5bbd01bb46d6992c50dfc17a7ddb3c638a3f0d37b2b0fa1c43e4fb5ab5fdda7f564f57444bc683bcae37822665af2a1d06ccbe93071bfd57ca6d228abe90a

Download Submit
C:\Users\Admin\Downloads\djkjnfdnff.zip

Filesize
5.8MB

MD5
4b8cbde49e7bced4342ccffa56920396

SHA1
ade568e0df7e9852f60cd94f4468c4cc5f552f87

SHA256
f5f214e727933f9009a0292f1c88d94adcf00367937e0a802883707fd8a79825

SHA512
66b0687f2ff14e211bb2a6e01d1f29b9e2aa6a0159158ec742e8e26d2cefe1ecadd0ff876a04626719a7253ca43ae732380224121210177f6204b343b894340d

Download Submit
C:\Users\Admin\Downloads\djkjnfdnff\dfffreps.exe

Filesize
16.2MB

MD5
c2611ea9c327b59334c0f94272158b3b

SHA1
3a3952c8c3ac038eecfa82c6f926f003d495eb9f

SHA256
804712359af8dbc5f37329c5b9396ab7930ea3b446af2641a07eeade8ec0be7b

SHA512
d719e991f38c6ea94381024ad13f1d951c2093f28fb39707d5e53bf91c62efbd4f8f7d560e7b3abfcf160621d25e51a1da9e07f03b83ef6e0facd4f77efcf48d

Download Submit
C:\Users\Admin\Downloads\djkjnfdnff\wwfdrddps.toml

Filesize
15B

MD5
ffbbd40267e44b281b9e236414120722

SHA1
e5bb141650f6af6d8bdf3b3855e374840247728a

SHA256
155034a032a1f24de92c7f345ef05e86a36c1f47cfbc4807d255ba4c96847e2e

SHA512
6d8c6b79c92d4dee7ecf17d29ec80dd2ac178c892c4810db6b0e4db30aa0c9b8a0acdccf7b1bb77d3708fb513cc04a9cef0a8ab4aed5fbb3becc793eca622825

Download Submit
C:\Users\Admin\Downloads\sjdsn.exe

Filesize
256KB

MD5
842ece102e0f38178015394e0b0f948a

SHA1
e15c40a4581a7d9984493ec1f1944cc94ff25bc9

SHA256
fdf762ff0afda463d9b3900486cb7f100066995266a5a8b3b2a8aa6586c3c351

SHA512
914efc3c0c81ebba2abc9175a909a3420c1130e25aa6a2f870ce2dd75f099aecd1f8dd4de678af923c0b8db844235ba4af6f2ccfb2f24fbb8f69a921d07b364f

Download Submit
C:\Users\Admin\Downloads\sjdsn.exe

Filesize
1.9MB

MD5
84ac5bc8923c9efac313cefb83028d66

SHA1
55242518eba4aa39c6221a72885b4b195a468c38

SHA256
33cb66c84213932b37696653edb0a8522c30d57b9614ed7dcf7d8d0765aa904b

SHA512
4689072a7bd62e2297dbd9070eccb68163297ba1fec6fc9416bebd7598cd4d59719b677e2d187f3c25bece70d164210c48e4d5510b267eba00b0de1f0c64e375

Download Submit
C:\Users\Admin\Downloads\sjhduieo.exe

Filesize
19KB

MD5
52c68d1f2b5e9809323785ba02188315

SHA1
4e54237e8cb5e261b97df01520e18e4b605d19ca

SHA256
2f9c3e25906dfede820b081f130f77b6cadc270f63e7f385e9ed8f3a7ac9d574

SHA512
35b9b037dcec740e302bbd4e79895423f0c2c340ffd9037350b081fca44dce79bcebb1a219471a1bcba7fa4eb383a7f5c86bd8804767c84dc4897f637e0dd0ec

Download Submit
C:\Users\Admin\Downloads\skls7.elf

Filesize
250B

MD5
592a7f78710e21202ba9f39ac7c8621b

SHA1
d2ba826bbee140186f00e699708a64178a27efa8

SHA256
5c0148cea1c85629304bb477e0263db72db82977aea1f9a64e7cbd0d74961f12

SHA512
7fd39c49ce3143ffa2fe7af004f0c59b73c04770919c8deba67eb79b4d9089468fe9b0b30e02eabef46e9133c6f35fbb57fd36eb03f928e42ecf09f243b69a91

Download Submit
memory/1924-136-0x000002990BF90000-0x000002990BFA0000-memory.dmp

Filesize
64KB

Download
memory/1924-196-0x00007FF993BF0000-0x00007FF9946B1000-memory.dmp

Filesize
10.8MB

Download
memory/1924-109-0x000002990C500000-0x000002990C522000-memory.dmp

Filesize
136KB

Download
memory/1924-110-0x00007FF993BF0000-0x00007FF9946B1000-memory.dmp

Filesize
10.8MB

Download
memory/1924-137-0x000002990BF90000-0x000002990BFA0000-memory.dmp

Filesize
64KB

Download
memory/1924-113-0x000002990BF90000-0x000002990BFA0000-memory.dmp

Filesize
64KB

Download
memory/1924-131-0x00007FF993BF0000-0x00007FF9946B1000-memory.dmp

Filesize
10.8MB

Download
memory/1924-111-0x000002990BF90000-0x000002990BFA0000-memory.dmp

Filesize
64KB

Download
memory/1924-112-0x000002990BF90000-0x000002990BFA0000-memory.dmp

Filesize
64KB

Download
memory/1924-116-0x000002990BFA0000-0x000002990BFA1000-memory.dmp

Filesize
4KB

Download
memory/2752-238-0x000001D686F00000-0x000001D686F38000-memory.dmp

Filesize
224KB

Download
memory/2752-249-0x000001D6A2F70000-0x000001D6A2F78000-memory.dmp

Filesize
32KB

Download
memory/2752-259-0x000001D6A15C0000-0x000001D6A15D0000-memory.dmp

Filesize
64KB

Download
memory/2752-261-0x00007FF993D10000-0x00007FF9947D1000-memory.dmp

Filesize
10.8MB

Download
memory/2752-244-0x000001D6A3000000-0x000001D6A3038000-memory.dmp

Filesize
224KB

Download
memory/2752-239-0x00007FF993D10000-0x00007FF9947D1000-memory.dmp

Filesize
10.8MB

Download
memory/2752-240-0x000001D6A15C0000-0x000001D6A15D0000-memory.dmp

Filesize
64KB

Download
memory/2752-243-0x000001D688CF0000-0x000001D688CFE000-memory.dmp

Filesize
56KB

Download
memory/2752-241-0x000001D6A15C0000-0x000001D6A15D0000-memory.dmp

Filesize
64KB

Download
memory/2752-242-0x000001D6A2FB0000-0x000001D6A2FFA000-memory.dmp

Filesize
296KB

Download
memory/3456-294-0x00000231F82E0000-0x00000231F8306000-memory.dmp

Filesize
152KB

Download
memory/3456-299-0x00000231F6200000-0x00000231F6210000-memory.dmp

Filesize
64KB

Download
memory/3456-293-0x00000231F8110000-0x00000231F8118000-memory.dmp

Filesize
32KB

Download
memory/3456-290-0x00000231F7E70000-0x00000231F7E78000-memory.dmp

Filesize
32KB

Download
memory/3456-295-0x00007FF993D10000-0x00007FF9947D1000-memory.dmp

Filesize
10.8MB

Download
memory/3456-297-0x00000231F6200000-0x00000231F6210000-memory.dmp

Filesize
64KB

Download
memory/3456-298-0x00000231F6200000-0x00000231F6210000-memory.dmp

Filesize
64KB

Download
memory/3456-291-0x00000231F7E80000-0x00000231F7E88000-memory.dmp

Filesize
32KB

Download
memory/3456-300-0x00000231F6200000-0x00000231F6210000-memory.dmp

Filesize
64KB

Download
memory/3456-306-0x00007FF993D10000-0x00007FF9947D1000-memory.dmp

Filesize
10.8MB

Download
memory/3456-289-0x00000231F6200000-0x00000231F6210000-memory.dmp

Filesize
64KB

Download
memory/3456-288-0x00000231F6200000-0x00000231F6210000-memory.dmp

Filesize
64KB

Download
memory/3456-273-0x00000231F6200000-0x00000231F6210000-memory.dmp

Filesize
64KB

Download
memory/3456-272-0x00007FF993D10000-0x00007FF9947D1000-memory.dmp

Filesize
10.8MB

Download
memory/4640-237-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download
memory/4640-234-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download