e879fb4a661e86f55c26d528961ffc8d19757094d1eab2d470156ceadd346b20

Analysis

max time kernel
156s
max time network
190s
platform
windows11-21h2_x64
resource
win11-20231215-en
resource tags

arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system
submitted
30/12/2023, 08:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

m.bat
Size

3KB
MD5

b206a5fc587c4b693d663a0a29dcde32
SHA1

5037fd2e3e2ea80d82250a20a21ec49ad036d0cb
SHA256

e879fb4a661e86f55c26d528961ffc8d19757094d1eab2d470156ceadd346b20
SHA512

7b8d32aedcc137cadd71aae5ad49f6e9d1b4011ddf06bee9f14bc5cd8f4cffac38d196ff668d45bd52f94f5f89b1254f48b41aec81df4ee03765d567b5146db8

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Gathers network information 2 TTPs 1 IoCs

Uses commandline utility to view network configuration.

System Information Discovery

T1082

Command and Scripting Interpreter

T1059

pid	Process
4228	ipconfig.exe

Opens file in notepad (likely ransom note) 4 IoCs

ransomware

pid	Process
2164	NOTEPAD.EXE
4068	NOTEPAD.EXE
2716	NOTEPAD.EXE
4428	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4276	msedge.exe
4276	msedge.exe
4216	msedge.exe
4216	msedge.exe
1164	identity_helper.exe
1164	identity_helper.exe
3508	msedge.exe
3508	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4216	msedge.exe
4216	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe
4216	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3424	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4168 wrote to memory of 4216	4168	cmd.exe	81
PID 4168 wrote to memory of 4216	4168	cmd.exe	81
PID 4216 wrote to memory of 2100	4216	msedge.exe	84
PID 4216 wrote to memory of 2100	4216	msedge.exe	84
PID 4168 wrote to memory of 4228	4168	cmd.exe	85
PID 4168 wrote to memory of 4228	4168	cmd.exe	85
PID 4168 wrote to memory of 2424	4168	cmd.exe	86
PID 4168 wrote to memory of 2424	4168	cmd.exe	86
PID 4168 wrote to memory of 1396	4168	cmd.exe	87
PID 4168 wrote to memory of 1396	4168	cmd.exe	87
PID 4168 wrote to memory of 4192	4168	cmd.exe	88
PID 4168 wrote to memory of 4192	4168	cmd.exe	88
PID 4168 wrote to memory of 1508	4168	cmd.exe	89
PID 4168 wrote to memory of 1508	4168	cmd.exe	89
PID 4216 wrote to memory of 2788	4216	msedge.exe	91
PID 4216 wrote to memory of 2788	4216	msedge.exe	91
PID 4216 wrote to memory of 2788	4216	msedge.exe	91
PID 4216 wrote to memory of 2788	4216	msedge.exe	91
PID 4216 wrote to memory of 2788	4216	msedge.exe	91
PID 4216 wrote to memory of 2788	4216	msedge.exe	91
PID 4216 wrote to memory of 2788	4216	msedge.exe	91
PID 4216 wrote to memory of 2788	4216	msedge.exe	91
PID 4216 wrote to memory of 2788	4216	msedge.exe	91
PID 4216 wrote to memory of 2788	4216	msedge.exe	91
PID 4216 wrote to memory of 2788	4216	msedge.exe	91
PID 4216 wrote to memory of 2788	4216	msedge.exe	91
PID 4216 wrote to memory of 2788	4216	msedge.exe	91
PID 4216 wrote to memory of 2788	4216	msedge.exe	91
PID 4216 wrote to memory of 2788	4216	msedge.exe	91
PID 4216 wrote to memory of 2788	4216	msedge.exe	91
PID 4216 wrote to memory of 2788	4216	msedge.exe	91
PID 4216 wrote to memory of 2788	4216	msedge.exe	91
PID 4216 wrote to memory of 2788	4216	msedge.exe	91
PID 4216 wrote to memory of 2788	4216	msedge.exe	91
PID 4216 wrote to memory of 2788	4216	msedge.exe	91
PID 4216 wrote to memory of 2788	4216	msedge.exe	91
PID 4216 wrote to memory of 2788	4216	msedge.exe	91
PID 4216 wrote to memory of 2788	4216	msedge.exe	91
PID 4216 wrote to memory of 2788	4216	msedge.exe	91
PID 4216 wrote to memory of 2788	4216	msedge.exe	91
PID 4216 wrote to memory of 2788	4216	msedge.exe	91
PID 4216 wrote to memory of 2788	4216	msedge.exe	91
PID 4216 wrote to memory of 2788	4216	msedge.exe	91
PID 4216 wrote to memory of 2788	4216	msedge.exe	91
PID 4216 wrote to memory of 2788	4216	msedge.exe	91
PID 4216 wrote to memory of 2788	4216	msedge.exe	91
PID 4216 wrote to memory of 2788	4216	msedge.exe	91
PID 4216 wrote to memory of 2788	4216	msedge.exe	91
PID 4216 wrote to memory of 2788	4216	msedge.exe	91
PID 4216 wrote to memory of 2788	4216	msedge.exe	91
PID 4216 wrote to memory of 2788	4216	msedge.exe	91
PID 4216 wrote to memory of 2788	4216	msedge.exe	91
PID 4216 wrote to memory of 2788	4216	msedge.exe	91
PID 4216 wrote to memory of 2788	4216	msedge.exe	91
PID 4216 wrote to memory of 4276	4216	msedge.exe	90
PID 4216 wrote to memory of 4276	4216	msedge.exe	90
PID 4216 wrote to memory of 2732	4216	msedge.exe	93
PID 4216 wrote to memory of 2732	4216	msedge.exe	93
PID 4216 wrote to memory of 2732	4216	msedge.exe	93
PID 4216 wrote to memory of 2732	4216	msedge.exe	93
PID 4216 wrote to memory of 2732	4216	msedge.exe	93
PID 4216 wrote to memory of 2732	4216	msedge.exe	93
PID 4216 wrote to memory of 2732	4216	msedge.exe	93
PID 4216 wrote to memory of 2732	4216	msedge.exe	93

Views/modifies file attributes 1 TTPs 7 IoCs

evasion

Hidden Files and Directories

T1564.001

pid	Process
1396	attrib.exe
1508	attrib.exe
5088	attrib.exe
1028	attrib.exe
4044	attrib.exe
1660	attrib.exe
2424	attrib.exe

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\m.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:4168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://media.discordapp.net/attachments/1171199057348263996/1171261368717037700/Jq9XNeo.jpg?ex=659ca2a7&is=658a2da7&hm=e584359e6d8774a5d4d4f23f6b5f2b20a2715bdcc056d11f5fe0c641e0d9fc15&
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:4216
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ff8ac643cb8,0x7ff8ac643cc8,0x7ff8ac643cd8
    3⤵
    PID:2100
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1968,10850718625094624875,17937247441675633478,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4276
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1968,10850718625094624875,17937247441675633478,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1980 /prefetch:2
    3⤵
    PID:2788
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1968,10850718625094624875,17937247441675633478,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2600 /prefetch:8
    3⤵
    PID:2732
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,10850718625094624875,17937247441675633478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
    3⤵
    PID:1460
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,10850718625094624875,17937247441675633478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
    3⤵
    PID:1616
- - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1968,10850718625094624875,17937247441675633478,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5580 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1164
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1968,10850718625094624875,17937247441675633478,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4064 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3508
- C:\Windows\system32\ipconfig.exe
  ipconfig /release
  2⤵
  - Gathers network information
  PID:4228
- C:\Windows\system32\attrib.exe
  attrib +h C:\Users\Admin\AppData\Local\Temp\m.bat
  2⤵
  - Views/modifies file attributes
  PID:2424
- C:\Windows\system32\attrib.exe
  attrib +h /s /d
  2⤵
  - Views/modifies file attributes
  PID:1396
- C:\Windows\system32\cipher.exe
  cipher /e /s /a
  2⤵
  PID:4192
- C:\Windows\system32\attrib.exe
  attrib +h /s /d
  2⤵
  - Views/modifies file attributes
  PID:1508
- C:\Windows\system32\cipher.exe
  cipher /e /s /a
  2⤵
  PID:576
- C:\Windows\system32\attrib.exe
  attrib +h /s /d
  2⤵
  - Views/modifies file attributes
  PID:5088
- C:\Windows\system32\cipher.exe
  cipher /e /s /a
  2⤵
  PID:3152
- C:\Windows\system32\attrib.exe
  attrib +h /s /d
  2⤵
  - Views/modifies file attributes
  PID:1028
- C:\Windows\system32\cipher.exe
  cipher /e /s /a
  2⤵
  PID:2228
- C:\Windows\system32\attrib.exe
  attrib +h /s /d
  2⤵
  - Views/modifies file attributes
  PID:4044
- C:\Windows\system32\cipher.exe
  cipher /e /s /a
  2⤵
  PID:3228
- C:\Windows\system32\attrib.exe
  attrib +h /s /d
  2⤵
  - Views/modifies file attributes
  PID:1660
- C:\Windows\system32\cipher.exe
  cipher /e /s /a
  2⤵
  PID:3744

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2776

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1452

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\LLC.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:2164

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Suspicious use of SetWindowsHookEx
PID:3424

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\LLC.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:4068

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\how_to_decrypt.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:2716

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\how_to_avoid_these_attacks_in_the_future.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:4428

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\6b5c7ccc-ded5-4567-bd5d-b11686035630.tmp

Filesize
10KB

MD5
a49be4507f75620ebce0c9c7e92e8086

SHA1
2ec8ea5ca61d760aca4400d60e87a32174d01242

SHA256
311dc0cca111446d46f677774c8fa85d1fc99588794f4c4bb181f903316ba930

SHA512
0989b17d71a698ea74dbc99585fda4d1d41f0f13849ef364aa26bb9fb19c4de11efef7d2d31205d49ff8d98aba2426a06815eb644d27c46c382b3442c88b9f0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
92e040d7c1eeb7646714b53e4a95eb91

SHA1
4eaae5706d13b5f0ca9f2e4c994cfca63890dd7d

SHA256
5342d5a6f08451e0f1c54f8e3658dd91eeba2be804f3582ddf8d6a4e2d0c6468

SHA512
e5b4c0ee79b7536679bf2e54f865f91b4957d4f66e498a026b88a6c14a13163f897f54baa9da747c1523eaf20d29cca960b8949a08a7b0ab9b0bbe92478a34f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
477B

MD5
453840742492637c9c66ecca0ad64448

SHA1
08b86c48b09947fd675321ec0405adc2c7989ffc

SHA256
af1caa86a388796704053428b781de08c69099b3fb70e8ff3d34733dbc1d98cd

SHA512
8eee201973bfd0ee2de1ecc81d47b6e526bdf23b22ab65fd22ea7963af27fd09c26be68953787d3328e65008abb74b06ccbefcd7cb4018f1519dda6a7e6b3e84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
60a62b49cc67932149133c701f1852bb

SHA1
ea1cda8afd6ac0aba54af85e8a0a72ef15fb04ec

SHA256
f13d12f306c98cf8b432f36685bf366a1a11338e3d2d37ddebf1a859b119e256

SHA512
557b2a62c9edd88d611196a182ace619ca5c1b1ba6dca1b60297e6deb53f3ca06a879e13e8561c6ef66d5d9c1f39420471881ba6b3d99b1563af79ccd13964dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c30f92f9ee9eb07ad864b2c35599c8c6

SHA1
719bbba7c20505380e258eac490b3a97b747e5f3

SHA256
c28864cca32483ccee649bb2345dcd4884b9e07b60f62dbee86a527fbc514787

SHA512
d265209436061cfeb7b1c4c377be531d6bebfbd6f8047eff0a54f361a24f26c880897515a084567fda46ca96250a96f7025b91b3b9ebf95021acc672592dd5e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
22cb763dc4cc8e48f1e48797c2648a54

SHA1
d0d6ea5f78cdadc36eede6cd306dbce5db55b6f9

SHA256
5c5b34d18c942c28949539568ac07afe481a30d8d7ba4346984b2a7919afa753

SHA512
c0184b6fa4db87c6791c1f51dfeb5d71a6de6b7581afdae42776a2175eac70e341eaf0ca79e796005bfd909e691f8789fdd39cb14f5ce733854de9676b9e0a01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
efd8cfc1da63ea5de5ce4df40e424be1

SHA1
905116fe865c12315a83554b26088874454a368c

SHA256
ab58069110db7056db90da56127f32beb42b89c7add5d5d8ed2b677bb647f89f

SHA512
d6647e9712cc00e4f830a0e1ad0b7cb27d4e67e475f7a0f0e8e85b9c5b7ed07512d0cbca12673b241a82256e6253a511bebeefb9c24df97897455899f72ddb02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
25KB

MD5
58e2b179dbb10d049fe23616966bfb2a

SHA1
b4f722b7e798fb6347837b51b05a4314a8219d84

SHA256
cb934e662ce5441a1fec40f63ddb8b828d7cf0f4a532712907064b377d2777c4

SHA512
ef3fbdd259151b0695369fae632106d190d2b9ac20b9854c5d2c23359ffde9469ea1736e7079264fd739ef3a214ac6ac8dbb9ab6c49184e5b5ebf9b8341c0c9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d476092b4e8c18e9cd8f7ced293ff25f

SHA1
cec881b134140933fd9a538c8c832982c4e3d7e3

SHA256
c856e5d4f406ea2f90bf7efbd453cad3b44b28b09550038e62c1367cb34bf624

SHA512
b962adc1435b2e0f0ef9abbb3f6769094b26f7c8a9678a8491fb1e6ed85f5ecb68b5e5530fa89c9038fc76e24f2cb5cba999bf19f37728863696fa3b8c65f51a

Download Submit
C:\Users\Admin\Desktop\LLC.txt

Filesize
142B

MD5
2d4496d89c273c317a6cbe9d56c08550

SHA1
6b7e4abc4a50d72f437985a856ee13d10e729746

SHA256
c1a4e82f1981b6efc1efd055a3ad16bd16a7487181039cbefb65a9345348a97c

SHA512
69e78574356a5a37baeba9452d30d58a05386a59320dc0e2e9343ab03bf472f1ad0e30253069120a827ca1878e4ddb18dc6a049866c17141f3ad897d7fcdb801

Download Submit
C:\Users\Admin\Desktop\how_to_avoid_these_attacks_in_the_future.txt

Filesize
55B

MD5
953099767889ac17f2ecc00fe97f667e

SHA1
b11b8f5cd36acfd3b2223ef9ac3ffce3c9a6ea66

SHA256
5d481979be790f7678c0fb7f737c91fe0c698b23f6c74e2abe71bce59bacafd1

SHA512
bb7454e29d3d72fc60e5d6d84def8ae7116eab8b021e9c60df21f1030aedd0be34f3afb6d5e064ecfdfd29565ec57aa8be6a361316d05ece4b9bfbabae0e522c

Download Submit
C:\Users\Admin\Desktop\how_to_decrypt.txt

Filesize
76B

MD5
84e276ec3fc1ee98759e044c117a64c9

SHA1
a53d3662afbbb60aa777f3f44d718d6ae2a8a5bc

SHA256
1ebd32c76e1ff5b9d6d56b1475e651799f5011c7ae387b92b67407a06115b35d

SHA512
2c08179c16921eae2695f342c471d9a60b5db6f6b25f48ac6fb718c054c1bc9c5362d63138b685ddf2a1d24eecd52ab0739c76a11d7604dc12a6c1cc05d88e4d

Download Submit
C:\Users\Admin\Desktop\why_you_were_targeted.txt

Filesize
192B

MD5
3f2f995c59e304139076ba8c14e7409b

SHA1
c14bb35672be17fed793cf93095974099ced10b3

SHA256
fc932254d557b8ef81005715879ac3136cc2222f334f0e7353d76d38c6ee69f4

SHA512
38a3ebb0fba43fe8ba75ca4232426d701efc86f3c4ccaf0a5db0838cea70a67ceb3071dcce4dc8cd354095d3d17bbb797edbf71478cb515e4fe34d3d16ae7eff

Download Submit
C:\Users\Admin\Downloads\do not close.txt

Filesize
132B

MD5
460791485d870c39dc5273ea2ddfc119

SHA1
a247fb46e29831ebea2c4984061a1c80ed67295f

SHA256
257ea28c54cdb0fea4cb56dd97067978cde53585872fe22eb6f152d20bff1251

SHA512
e64ef367731ba22232fb1112aeafc0f2098a05321098f481d45e6e10b74ff645ed644c8c511e5cfafcf16e0da9c91c2641ed5aa8f6fbb36a43445d013f0e3e52

Download Submit