ef99a1844cbf354868a70cdcc2584ec94ffceafc4ffcd3a6b5563fa1d632844e

Analysis

max time kernel
165s
max time network
174s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
01-01-2024 15:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
Size

78KB
MD5

0163a114f3cd11d4a2d3c1374bf4878d
SHA1

96b9b8510641a18f7920f48078087001a16db568
SHA256

568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919
SHA512

0104fedf9a6cc994a267f743c8fa3324af388e2191dec5aff1eedf7345a1d0bbb4829db2b846dd6f7e63e2e4c04aaa0d315ed8b7361c8fbbd8b9f0096e90cba0
SSDEEP

1536:freiQwer+Gu3gzQ6qOAI2PneemZcsABvYPpXUJqnwBWH9R1X3Jq5:yiPGu34Q6pAgeJsOOYByXHJ

Score

9^/10

persistence ransomware

Malware Config

Signatures

Renames multiple (2554) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops startup file 2 IoCs

Processes:

568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\oJeHsBqf.lnk	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\oJeHsBqf.lnk	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\oJeHsBqf = "C:\\Users\\Admin\\AppData\\Local\\Mozilla\\CfUdSDMF.exe"	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe

Drops file in Program Files directory 64 IoCs

Processes:

568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe

description	ioc	process
File opened for modification	C:\Program Files\7-Zip\Lang\ku-ckb.txt	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\7-Zip\Lang\uz-cyrl.txt	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\dom.md	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\legal\jdk\asm.md	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\NewComment.White.png	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\ITCKRIST.TTF	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E2-0409-1000-0000000FF1CE.xml	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-white_scale-80.png	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-black_scale-80.png	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\deploy.jar	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL016.XML	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\manifest.xml	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\7-Zip\Lang\cy.txt	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\deploy\splash_11@2x-lic.gif	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\7-Zip\Lang\lt.txt	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\Custom.propdesc	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-black_scale-140.png	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Office 2007 - 2010.eftx	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\Common Files\System\ado\adojavas.inc	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-white_scale-100.png	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN001.XML	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Send2.16.White.png	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-white_scale-80.png	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\Library\SOLVER\SOLVER.XLAM	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL105.XML	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN107.XML	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\pkcs11cryptotoken.md	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Red Orange.xml	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-white_scale-80.png	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\7-Zip\Lang\it.txt	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\security\blacklisted.certs	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL078.XML	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\ANTQUAI.TTF	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.scale-180.png	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\CancelGlyph.16.White@2x.png	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.scale-140.png	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\MEDIA\BREEZE.WAV	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\legal\javafx\libxslt.md	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\offsym.ttf	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-black_scale-80.png	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\7-Zip\Lang\an.txt	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART10.BDR	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL010.XML	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\Microsoft Office\root\rsod\office32mui.msi.16.en-us.tree.dat	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\GOTHIC.TTF	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\ClientLangPack_eula.txt	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\InstallerMainShell.tlb	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL022.XML	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\ext\sunmscapi.jar	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL112.XML	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\7-Zip\Lang\kaa.txt	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN111.XML	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Proof.Culture.msi.16.fr-fr.xml	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-checkmark.png	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\ext\sunjce_provider.jar	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaBrightDemiBold.ttf	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\dotnet\swidtag\Microsoft Windows Desktop Runtime - 6.0.25 (x64).swidtag	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\centered.dotx	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\ANTQUABI.TTF	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\security\javaws.policy	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\jce.jar	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-white_scale-140.png	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe

pid	process
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes:

568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe

description	pid	process
Token: SeRestorePrivilege	3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
Token: SeBackupPrivilege	3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
Token: SeSecurityPrivilege	3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
Token: SeDebugPrivilege	3140	568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe

C:\Users\Admin\AppData\Local\Temp\568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe
"C:\Users\Admin\AppData\Local\Temp\568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919.exe"
1⤵
- Drops startup file
- Adds Run key to start application
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3140

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Comms\UnistoreDB\USSres00001.jrs
Filesize
3.0MB

MD5
1f68aff146b67bc2eb807af445fc8085

SHA1
e9bdbbe6963a26bc726be0a4cbefbc6274a51814

SHA256
fa7e7df5130e8272476d84df37e08e8ae7b27a61db614af67d7fac88b9e6a322

SHA512
4751b9290459418d5742be17ed2b0ed76b1e68d2a17240a741dbf00169d379eac679cf60a3258bf49ab8b24dfd0cbdd9770307e93093d16168adc4adae3944ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1
Filesize
265KB

MD5
d0be9549db628ce919e5acbadb18b503

SHA1
d77242248c16ff29b4c1b6fd69486023a8b881b4

SHA256
7bc480d1f7ba6a54bc3938e48c7b22c31d0fe40219cfff4915dd98e7e140745f

SHA512
109d3164aaf1f83e8ff675038edade3c3244dc7494f931794485d3e69e632e366d521df235daba768d043c5289b8377601ca5a07aeeb67de1078c9a06641ebf8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index
Filesize
2KB

MD5
918616a3b67e8bab5d7a574d31380eb6

SHA1
d13310da279fd98cb58d8fe208a659a36474db3a

SHA256
e273bcf89ef9a82e1c98ea01f36c22df30e0b8d5cd43df70e7d25e0417ccbea7

SHA512
0191b11344e6ce8fa731ec0e92ecd52567090df1c6a83c6d31291f7de55f4901f0cf3cf42d7980cb035d3839fc107763fec9b3644cbd0c03b40c9789b51ce700

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir\the-real-index
Filesize
2KB

MD5
5a069d1b4cdbb8a765da4930df517d67

SHA1
4b0e90293670ad695ff08af23531ebab45694dec

SHA256
5779906b51de8f1e121d41e2559670dd85df366892ad86f9cbea672984bce2f3

SHA512
92ebd3f761d6b11a24231a8fdf0849fd0f982bc32b47512d57bccae5874c56aca1c95c5735700edf492b962cfcb0ee84a0d4c71dfb572849706c1713b9b73453

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\MANIFEST-000001
Filesize
2KB

MD5
ad0f3e929a612b6feb2732adda946e7b

SHA1
53301053671e1f0d2aeb0875465ea46c69532d81

SHA256
0d48e0d8e3b75ece22a8ad78ba6c7c80b4e46d2105a9413a5e4f18bc38ca905c

SHA512
21621302b057cdc5d9616beb75cdd4edeabbe5a05a14a3a1d166c4a55870a7e594aa58be16e0f43cdabb349a0c0c72913689247e86c405c0bf190039dac7d479

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\logs\setup\userTelemetryCache.otc.session!==SOLUTION OF THE PROBLEM==blacknord@tutanota.com==.Black_OFFserve
Filesize
21KB

MD5
ca00eaac994cc81c2cedcefb41af77b2

SHA1
114638d503f4bf78c4253ddb1449025a2915dbf5

SHA256
2aa88a943c5ab35f08f49cc392ceddcd33008f5097bf7038ac7c2cc939d8de48

SHA512
e9d04304465b65397f238cb5685327732042bc0b68e30724305152655e7d93a0e37300e77b4082ad6ebee3bfbd9167dfda7f023c79f3e4b8fa58bc264456726e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\CfUdSDMF.exe
Filesize
78KB

MD5
0163a114f3cd11d4a2d3c1374bf4878d

SHA1
96b9b8510641a18f7920f48078087001a16db568

SHA256
568a79ce585dac32af237cb187b663cb6d2e4f594d66860c7ea1b3c66e4b7919

SHA512
0104fedf9a6cc994a267f743c8fa3324af388e2191dec5aff1eedf7345a1d0bbb4829db2b846dd6f7e63e2e4c04aaa0d315ed8b7361c8fbbd8b9f0096e90cba0

Download Submit
C:\Users\Admin\AppData\Local\Packages\1527c705-839a-4832-9118-54d4Bd6a0c89_cw5n1h2txyewy\Settings\settings.dat
Filesize
9KB

MD5
5e5a9e8818fa80d7fb91b9416c511956

SHA1
7fc77766bb86fdce9b2c6376b301dea58d589221

SHA256
b1e35b3ed80dd159fe9be72ce9e45cfa0c9d93b7c4d94df83d59773648dcf769

SHA512
9e21b65bb9f9499c126358a703e7f479ac292c9626a6ef320087149dd01385e05a03f6a9deadac7298abc30fc0c6410aa6c7840d4835fab7ea6147ad311bb90a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.LockApp_cw5n1h2txyewy\Settings\settings.dat
Filesize
9KB

MD5
e24aa1c0b2bd23e5f34460d19ed79f68

SHA1
ef3e91e355da08e7d0bd0a1af1c5164a7974290e

SHA256
1d03ff51ae65ca028176e1838b4e5d1cbd82ecda85d25af351f00c4e59a751ba

SHA512
adb3a5abaf97ad2a7240b1b4e32a0546ea6d03423b0c8ba5f8b48f14da1d3acca7dc6cdec7af6e1faeb7f149a8cba9303f8c3d35f8aeda6716237dfafbc41a7e

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe\Settings\settings.dat
Filesize
9KB

MD5
863dfc9604d690a7e34ce249896b25d5

SHA1
2a2305fcb5e53e9f162c6af6bd58e7537473b934

SHA256
fa8881d9b9eabe9860e945f9284c284f5173527d3692c08332fdbfa1ebc5ba60

SHA512
563e198a817048a2f1932e3cde8b775fe0d16a2ceaf405b416ff0ab17714c195045d130adda3831677675570ce272fc990aa60fab0dac2e46a423b78d89ed98f

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.CapturePicker_cw5n1h2txyewy\Settings\settings.dat
Filesize
9KB

MD5
d458ce80d5263ff214bea97bb3d7110f

SHA1
01e44d2a56c2e3a43c3ecd0bc1ed15e95010afa0

SHA256
e770e31a151d766071d1f838a90b97bc62009e4c870a0c75e5581171d7b44234

SHA512
c7d2acafe860289aca1cb5ba76eb04a7cf90fcb913613c13138e2d3121362b1d0167aff6b6ee8cea3e2aca1f95b914c0a8cc6a966269a98d890ee2e4e9bad97e

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_msotd_exe_15
Filesize
38KB

MD5
0d528644e42e1413833ef74920760b27

SHA1
ed9bb8606d3f91beebfa473a7e4c0fd44d5ae4e9

SHA256
789feb8dcf4981e109afcd0cd1ae55b7c821982950633bf715100841e19e9b75

SHA512
11125eb6f7c16256f3f42f687fc352e0af4bfe762bcbc1051d9b8a0574d8874157029f3af6a64bef48b66daea684ceafad365be89236b89ca9735886f2e8859b

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_msinfo32_exe
Filesize
38KB

MD5
94afb7e593b3f4317e38192ccf50fb09

SHA1
5984e6eb0687bbdfdf874c3ec1fc2f54affd6e34

SHA256
a3315de302a7c0935bc4b8b1b458b5124af63357a3e397e44d3d2b567c6c355d

SHA512
c26c3231665f77889e4ea94058773517b7992f7349249bdac7bd83b17c7154f81335e89c1679e1d5066ebfaa009b8b391fbfaab35fa84f3c3cfe000662ccfe0e

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{F38BF404-1D43-42F2-9305-67DE0B28FC23}_regedit_exe
Filesize
38KB

MD5
8d1c5747f67055f8e184b8596f68b751

SHA1
211c83303133d9acc3c321d0ff9a1671904e29e7

SHA256
5a6abf547d88c6c6ed478a606359885605adcc4782b51ad6c6912ffb7a854bd7

SHA512
c4ae6fe343d27300a1b766c3bf3213ddda98fc40d59d0d334aaa3a709bbf6c61493fa17fbe1fa4d053894b753c1470e3dc0fff8b067416f741a29df0976ce758

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{c955d514-503d-47b0-893f-10ff442fd93a}\Settings.index!==SOLUTION OF THE PROBLEM==blacknord@tutanota.com==.Black_OFFserve
Filesize
1.4MB

MD5
86037c80563112a8b9ddcce89bd098d0

SHA1
066432052cbf336201dab5a5d18d77697bd8b13e

SHA256
9f2e0e99d306f34207c4fcc00c1471cb1789dd6ba4670efc832d323e5d4551b2

SHA512
c4d4253c69bc57d01bb9d7493daf70038b0e6b850efeb580f20c536cf2803c353ac47ecd3423184bed029b8516589802f514c986a24cb023194511f4bc837714

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133471143919198982.txt
Filesize
79KB

MD5
d233bc72bbf7c3737e1b8524683e89e7

SHA1
4a808d4dce3b8ebe0cfd2805cbc0b719b11077c2

SHA256
41be0848ae4a3ea004e19fbad8ef92252522c953118372baa9ed7b6561d5552e

SHA512
db2eadab6d69857befaa9c3ae510ffdda16ba1545cac7695de6a20fe11003c137be6723d51f32e36aaa55f64a7dd61883fe2c9368d525f92d4e199aa57e1e5e7

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133471155475836821.txt!==SOLUTION OF THE PROBLEM==blacknord@tutanota.com==.Black_OFFserve
Filesize
76KB

MD5
6f7ca4add8677634538a153e28710ff1

SHA1
ad5ac79b3a1010aaa8b819d71e859cc0aff111dd

SHA256
25a5db3b77e2098baf764d9f9def8fbd7bb05b638cd218c996e388816d2b0be3

SHA512
806d1350469954faae7f7e429e4c15725bee055490dc5d2bf85fc0522164b19925bba7e09c413585094cc43930b7cf897511e296479801a3bc32791e1576a0b8

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133471185328760704.txt
Filesize
76KB

MD5
d6cf1e03b0a03df911b0a5ea98fb0068

SHA1
97551fb6d1c44b7929627637713966fa26fce656

SHA256
6106d3efbf8cb7bb1184fcff38d2842dcbc23c19460878186732588dd53c9400

SHA512
3f07008159fb6399f9b209fc810ed47cede8b3f0698a40ff47843b110626de10b9ccfa9d9c6ea2f0be59345eaffb8a1c47db8742e1d6cd8686a87213cbafcc3c

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy\Settings\settings.dat
Filesize
9KB

MD5
e8c25b2272f1dafda7133feed9eff437

SHA1
09ea8ff5a82824d192e2f028b79524ff4bb6ca5e

SHA256
3add399a25fd12b8159c5634e26db17d9b90fc1c38f5a7a06991d87fad93858a

SHA512
d6158102158c299d9682873dd2a21e2ba7010a33753c2a1aba06eb07192ed43f2b47ff2ba77f3d837e699779ea6396d1f7756a0f244917fa9db0cffbc7ce46c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\wctD9FB.tmp
Filesize
65KB

MD5
f4ae4751603c37a5b0c7aed1d50e6cdc

SHA1
394beb984f2969f158ccf5340727d8029b65994f

SHA256
a27ef416e95876dcd610ef91a7eef19c59fc5d72f966ec589f376cdb048d9ac2

SHA512
37df1ef7d6f43f453e8ed1ab702d46c9f06ddfb105823f2c7efcf2d50c812e3017a323a5d3c46a9441d951e99c9528abf2f302168917361265e6f37c32959af5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\oJeHsBqf.lnk
Filesize
1KB

MD5
2082bae1abdbb23de8e4dedc3a1da760

SHA1
ad33127238755289b09b660c6efda803754cfcb6

SHA256
40ac4b6db0d6434cbc10592838343f4dd69a2d78c72d937c180369922a11f1ab

SHA512
e294e5bcca13045f5c78085df413d0bd8b6b8abd4bc2e033720eff5531936c16230929f3c669f1d85a67fae4470f82f2eadc1089c342dafde39509244d5a0310

Download Submit
C:\Users\Admin\Desktop\ApproveShow.DVR-MS!==SOLUTION OF THE PROBLEM==blacknord@tutanota.com==.Black_OFFserve
Filesize
373KB

MD5
7725281fc52d11e72a1c0f676ec45a69

SHA1
cac7f5449e9fb57aab3e55197fdcee35aa1a812d

SHA256
80d7c52fb5f76e07d43e4158a94fe33e89460451a4f8e983fb22ca058b6a44c0

SHA512
e1e50949f1d100b78ce4a0741fb940eac23048112cb00984b668d0911414637d33b0940da402aef665e1ab02e050615eae6881bcae52741d447d6749575b5d40

Download Submit
C:\Users\Admin\Desktop\BackupResize.aifc!==SOLUTION OF THE PROBLEM==blacknord@tutanota.com==.Black_OFFserve
Filesize
294KB

MD5
64c5675085dfcab5ded0bb54565b8638

SHA1
4b5b56e5bc5bf1386c8f371c60f4cfb19fb27cb9

SHA256
61d3c8dd467d985b2ae1b900e9667da1cf2330dd5e5bde0f2fd69f50068b4697

SHA512
c01d90d4fb900c1efc1d4babe8795c645487bebe424af198a3ceaab1e80a68df484c8552fe5e5bfecac226a7785ffe0a55fd9bf39287c2071095924c6c8b9fbe

Download Submit
C:\Users\Admin\Desktop\BlockNew.3gp!==SOLUTION OF THE PROBLEM==blacknord@tutanota.com==.Black_OFFserve
Filesize
494KB

MD5
e96ba6a3d34f20392314346bfbd8f519

SHA1
a30441fb9c1400057fa79da6dc47dff0f32e88f6

SHA256
2b70c7f2dd1e360f7a007b99f0f47a37944cf359b6f4245db6d1ecbb801c6a6a

SHA512
23e5d2abd3ae705ea55221b91651ade56d85d85356456f60227d60ab3575fd6504c9746596ff5013d47eaf3fca5a734dfdb200d25ae8d1b2a09c98366187e0a6

Download Submit
C:\Users\Admin\Desktop\CheckpointGet.mp3!==SOLUTION OF THE PROBLEM==blacknord@tutanota.com==.Black_OFFserve
Filesize
477KB

MD5
ad6d5a8c9e982512676729b2cc449139

SHA1
a41635079111b45cd3629bf1e4fc1818a3671c44

SHA256
c8bc2420c452cc74a77e8ef551272d0eee5a18c276fe1c9b1199532ef41fc93d

SHA512
76b00fe240722018313769a022bf562d6c0b09d39293828942e1f4a9c7da57b16c6a832ab78835fbe5cea4693246116af34e8e85b2cfb9db5d0e3427b77bf9a1

Download Submit
C:\Users\Admin\Desktop\ClearImport.vstm!==SOLUTION OF THE PROBLEM==blacknord@tutanota.com==.Black_OFFserve
Filesize
324KB

MD5
ee0a6f60f43de212c20a27e5f10d8683

SHA1
89cc3eafdb70ce922b92ad57729ac74b0d138ef4

SHA256
6dd70bc388305bd14171f4797bccf6ab02f2eed34a4e91c5fc5d7f6a907b3358

SHA512
1782da48f05575e4d8ed80f3c1f38069712fab2cf23a6013aff56668ece0c235c7e58c4c65798d63cc623a7bf3363ab9a04700c99cb359ac23129848f7856a9b

Download Submit
C:\Users\Admin\Desktop\CompareGet.mpv2!==SOLUTION OF THE PROBLEM==blacknord@tutanota.com==.Black_OFFserve
Filesize
405KB

MD5
1eded956f1257f182f8e51f048dab21e

SHA1
1787ec4bc6755ff0de226d9325d7fb90815427d0

SHA256
ae9286dd584c4d0b3809555711653c5daa593f117291a27d1357719d3c004fbd

SHA512
295c81a3eae6cb380ee9039452cf91aab9aa466774ca18dd2e9cffabd540d6d13c59cd569eab8b83974246301fbc86d8f9cf11b0f5d4ded67fdd1935d1b5f3f1

Download Submit
C:\Users\Admin\Desktop\CompressCheckpoint.wax!==SOLUTION OF THE PROBLEM==blacknord@tutanota.com==.Black_OFFserve
Filesize
255KB

MD5
a72ecd9ef309be8f33570fd118c3ba71

SHA1
57972d6a980160671c7cc513964d5e0ecb23c684

SHA256
dad3c927cbefdf090975f9a05d0edfbf941e95f05d4f2ad4b062719fbeea0ab2

SHA512
56329df6c2d0de44db676c023e53ae5dea142edb369cdec05c1c7c71dfd142dff5074b1ee91f6755f48c16f764b58736bd957df17a0af5735d6445bd42347e10

Download Submit
C:\Users\Admin\Desktop\CompressReset.mpg!==SOLUTION OF THE PROBLEM==blacknord@tutanota.com==.Black_OFFserve
Filesize
28KB

MD5
ece656765321ca732a8224574260e3e5

SHA1
596112c8812d060bf2ac9ff1bd39133be0d84735

SHA256
da2f0dd8a95bcd1237006f87c22098da4ba684badec40974d3823c483996a0ee

SHA512
290c7db293f87a1a8252502922f07efb3d6484817e26dbb19bb9564aa376a00e3ae01cd0806f83b87848815d4fd0c5ba738449cb9bf9eb261f4a19ac01a1af10

Download Submit
C:\Users\Admin\Desktop\ConvertToCompare.vsw!==SOLUTION OF THE PROBLEM==blacknord@tutanota.com==.Black_OFFserve
Filesize
468KB

MD5
18e65848425e1e1ac597d3df2d0d5931

SHA1
370e7ab3d233f27826f7297ae17c236abe62eb4c

SHA256
f7c502e34082861208347f6bad72291c5712b7d4b2c7748ba7cea163289f329f

SHA512
6beaef308306573f0d6235f7f242febf8fec1c036ce978c4e7c6568433ae5c3084c457f64ad5c0b47e6205d9147f62e034ccfa8846fd290916fb38d12821d2f6

Download Submit
C:\Users\Admin\Desktop\DisableCopy.mht!==SOLUTION OF THE PROBLEM==blacknord@tutanota.com==.Black_OFFserve
Filesize
260KB

MD5
74802193de7956c30c93e7265208f689

SHA1
4b28ff8bcda0f23f2aa62ead5d5eb51fd3458472

SHA256
b50618000281aa7f58af3d49cdf29584680dee0c96e5d8ebaeababbcd08a1436

SHA512
ddab555aabedb0ced0bd68d8891f3e3ee1be9f0e4d1dfeaf55f3b0da6db2e0d87e477d45ef196e8066d58e538bdc15e53ca16a4ff8469cd61b9511562e0b4047

Download Submit
C:\Users\Admin\Desktop\DisconnectRename.xml!==SOLUTION OF THE PROBLEM==blacknord@tutanota.com==.Black_OFFserve
Filesize
258KB

MD5
64d35ec2b64c1a12203c0204e5ac1185

SHA1
acf548331685b5e6f301aca5b7923361b4e57545

SHA256
2b90cb00e94163abea6ef116f2348920368e40dca55fce7847f5a31c505abe88

SHA512
ce6da460801450996e9e8b8df5b0c2c6e1fcb3825f8febb9231ac0df9979209da736b5ef18acc9cb202209369f151e3b9993b7b58ec2c387f1025eadad894a5f

Download Submit
C:\Users\Admin\Desktop\DisconnectRepair.au3!==SOLUTION OF THE PROBLEM==blacknord@tutanota.com==.Black_OFFserve
Filesize
262KB

MD5
4704ea202fec2aa7ae95e091275a0eb3

SHA1
c03c74e1b4b0ba0c3895eb73dbe6b28a1142f9c7

SHA256
2cf69034d10a8a2c5a603e875db179208af26a787747bcffc7d4e571615a5bd7

SHA512
5e684b9ac11a2ff4699c8b45d671afe03e209994f40b984cb44b77075305caf9ced820552a2438be20115b7170a3a98a39e04f867c29183055800f7c70e659f7

Download Submit
C:\Users\Admin\Desktop\ExportDisable.mp2v!==SOLUTION OF THE PROBLEM==blacknord@tutanota.com==.Black_OFFserve
Filesize
255KB

MD5
33e937e209fad3bea406cdf87f1e0099

SHA1
ffb4cf53a44cab6a8c2ef98d5bca83d404a114a6

SHA256
0bfedc40d46c1248bad1022cac9aeaeb50751fc18fb29b9d3cba1a1c5286dd3a

SHA512
899fdea0e712a0020c23cb316e3b6a346f2a453f1bd1997ce518888a6af53e29db92713e9c1119a91725170e57058e705e39ccd9bd8e382cc078c0f8790396dd

Download Submit
C:\Users\Admin\Desktop\ExportSelect.pps!==SOLUTION OF THE PROBLEM==blacknord@tutanota.com==.Black_OFFserve
Filesize
310KB

MD5
738ae16e68c80bf2feae9953aab2847c

SHA1
663d1f557d3f5c404f2c304ea0bc705e800e2e72

SHA256
c25e9aa4885286240fbe2e0f9a993a65a5f21155c3e16ab8c125e9374985bbab

SHA512
53fd8f65f5aff0f13fb0c83252cbaa1d2fe10a6b74fd4467c99f6badf95cfffb87976a0e2fa4f39b0fdb945d7d6120e8ac1c328ad571dec858fab144264d7bb8

Download Submit
C:\Users\Admin\Desktop\FormatImport.DVR-MS!==SOLUTION OF THE PROBLEM==blacknord@tutanota.com==.Black_OFFserve
Filesize
255KB

MD5
a582023c8793ad95ec027453a8580f28

SHA1
34bf068abee70a59ce80b575c5f97e73cc713ae9

SHA256
5ff30352a39c29ca0918931ad236c32698025c66c6f8207b855b2905b3208cde

SHA512
6159ae314a6cfe3d8bb0401af218ab351ddcf2a60c7fb0d948fe8c2802937480dc17917dc4176fcac77b127fe49888ca1673b2d5e800def9f001b9462ff55218

Download Submit
C:\Users\Admin\Desktop\InitializeComplete.docx!==SOLUTION OF THE PROBLEM==blacknord@tutanota.com==.Black_OFFserve
Filesize
270KB

MD5
0b525ce5cdda206f52e130216ae525a7

SHA1
0106d1c4a4b95e75a28cb3933a334bf2f6e0c5ac

SHA256
749cb34f2e98dcc7607d43e23815410ac62ab6659ffef69914fbfeba5b86ac2d

SHA512
500c5a70629c62f19463090f37845e67df4a32eeae2546d40b82b4f66a7ae5831276421dd113e907fba43e82b35904f37cdf27050cbcb4958bebce13d3ba3710

Download Submit
C:\Users\Admin\Desktop\MoveRename.ppsm!==SOLUTION OF THE PROBLEM==blacknord@tutanota.com==.Black_OFFserve
Filesize
258KB

MD5
d1be96346ade005a2cc739cdfa09544b

SHA1
5f1457fd73d2a49528586fa8dfb41e286eb6b4de

SHA256
da36e358100aa94260439a77662627e774ec13700583fdba3eccbb4022c993ac

SHA512
90e3afc1e9bc27d11f384effff4dbe26d10c8bb71c3a029bddf28d401a847b1be5996e342491628e3a48227fda603ac1a4ffe8341959a05e5b0cf1088dfa89b3

Download Submit
C:\Users\Admin\Desktop\OutLock.mht!==SOLUTION OF THE PROBLEM==blacknord@tutanota.com==.Black_OFFserve
Filesize
212KB

MD5
82336ae919a871f5feda387ca94e4f74

SHA1
71f8943a725e2412856a8476ff56631ebd97702e

SHA256
97d2b17ac0185de61e282926bd5ac515ed02a9e3cc8dd452832aa89aab4885a8

SHA512
7b723a6c6e62ddd6f700936efe06ee2089c6fd82357438801ba3883660931abafdd56e76a608380e6f7bd9afa643df3db6925e5a0f38caaf89fdba12fdfb7592

Download Submit
C:\Users\Admin\Desktop\RedoExpand.m4a!==SOLUTION OF THE PROBLEM==blacknord@tutanota.com==.Black_OFFserve
Filesize
208KB

MD5
6bf755f44b259295f505af7a715b8e6e

SHA1
03887cedb7b52b432b72a1fa8e28708022f66efe

SHA256
4d0241b949fc0fb03432d050e9d48a2311d36d48eaffc802fe1f5160f657d3b6

SHA512
b7ad46993f75c9baf38f39eefa6754bf830a88dc201155fb319ac0401a026aac621a142b4044eb07768fc6599aeb989d7f42c5684bc004f4f6314f7556d68ccf

Download Submit
C:\Users\Admin\Desktop\RedoMeasure.midi!==SOLUTION OF THE PROBLEM==blacknord@tutanota.com==.Black_OFFserve
Filesize
208KB

MD5
549ff2623b87a20190dbd4d4d85f3e9d

SHA1
dbd8e6ccda0784d27e83dbccd04a558fd296a440

SHA256
39fda859a181d18424ac203460c3e2b91c31932a146be3e1b187db86f6873ff6

SHA512
fdbd7ee247412cd7ac94387bf991bb020a0493655c7f6f97e8139161e6f5d788432854187bb406ec2f35f4a81a59a2260f3b5ebf55900cb60868afa2f992f03a

Download Submit
C:\Users\Admin\Desktop\RenameRequest.mp3!==SOLUTION OF THE PROBLEM==blacknord@tutanota.com==.Black_OFFserve
Filesize
24KB

MD5
1c22dfc97a4b3c805dd796dd9aa22609

SHA1
e3fd07439fd766c4fc8f68165dc4c2d8424c37bd

SHA256
3e3617af3e25668ab961236d87cc2d786fd5297bf7588c7c9c084689ad63fef2

SHA512
214c2f4b4365dbeff1357d975a81fc1ae7fd14b458c7d1badcb34c16fbdc9396d6394bc4728ed566d5bb849aa1cdf67d9fee42c8769bb5c63a70b1267f4b5285

Download Submit
C:\Users\Admin\Desktop\SelectTrace.TS!==SOLUTION OF THE PROBLEM==blacknord@tutanota.com==.Black_OFFserve
Filesize
169KB

MD5
711f92a8fb29fbb23e34e35e87501fe6

SHA1
a0fd7b20a5020e102280e8e36d9e22e5cc8aa157

SHA256
34eb20d1abd6404b2d308eca7e82d0bde799ab2600d92346900be3892b487081

SHA512
4bbfd83da7e393348f403249fc529aee9a87ccf067234dee6df1b3bfde40472fe26b146cbe368f4cbfee848c6890adc68915fdb932303578787c7c58ca367a54

Download Submit
C:\Users\Admin\Desktop\SelectWrite.odt!==SOLUTION OF THE PROBLEM==blacknord@tutanota.com==.Black_OFFserve
Filesize
163KB

MD5
23ff88b74828de8c8b053939dec17506

SHA1
b8e48f01f84e307277c408f0890f31a5c8ecd08c

SHA256
06ede4481fc4fb7290b47b937f51fff6eb9961bc20a622ae804577063b956b53

SHA512
0582b4dd8d16d20a6f4d2498b5713488d82e53f9906bbfe220444c8e2f20f559968df3fda32e2eef77787db69632552744375ad197c13d5f67c44f97a6f5c15a

Download Submit
C:\Users\Admin\Desktop\SplitDebug.clr!==SOLUTION OF THE PROBLEM==blacknord@tutanota.com==.Black_OFFserve
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\Desktop\UnpublishMeasure.aifc!==SOLUTION OF THE PROBLEM==blacknord@tutanota.com==.Black_OFFserve
Filesize
224KB

MD5
0e8e42b66ff748c7acb2a4069b512ba9

SHA1
4169a21e95af6f3df2a830a316eb37ceffa70bff

SHA256
0855e94f0a41041d8432e5793bcabe369de38e764251467b4d1267b2cd3a4a6e

SHA512
d5ffb99fec5b58dc397f29c09a806997de3c7a0fab01e62e42baa5e75f0fefabd727a38887a324a05fca8dd1f5a14ac1eb8631fe0a69d64e8443ad06905bf43c

Download Submit
C:\Users\Admin\Desktop\UnpublishUpdate.tif!==SOLUTION OF THE PROBLEM==blacknord@tutanota.com==.Black_OFFserve
Filesize
45KB

MD5
a37119dcde0be8df9ad4854182de6f8e

SHA1
12b210f2419dca954404655fbb9d9c59018a4803

SHA256
435a8407ea7e37849f32fd01e617241f8c44e6e2b6a4e55f3f7867151b008629

SHA512
e0de3226571565a8760fd055ab7a896f1d815de346be8f076d6cef459fd90f48c1343adbb4bc06864409b7dcecb5899b0d98ebd898642e8927b99d92c1ff8390

Download Submit
C:\Users\Admin\Desktop\WaitRead.jpeg!==SOLUTION OF THE PROBLEM==blacknord@tutanota.com==.Black_OFFserve
Filesize
95KB

MD5
4ffa37fe8372a0aea9041a42c49a5c2c

SHA1
9f4b2b8f067c83f1d113fccfecfb2aad298e0cc7

SHA256
9091b34d756f9668e2a0ed2717a1830aa15be6ddeb553f5c7eaf42dcd389daf5

SHA512
ab26078682788a57fa7f676868a8f8671854938b24205a9b7ce81ca12914c636b75f2e8af4885432ad47906f5492dd21fc07ca9bb689f8db75090e279aec3b81

Download Submit
C:\Users\Admin\Desktop\WriteSet.svgz!==SOLUTION OF THE PROBLEM==blacknord@tutanota.com==.Black_OFFserve
Filesize
17KB

MD5
f4a36cea0d2281705c7544b7e56f9d79

SHA1
8b6d7851b546f204d489ec7ef1a928dc13c2d0c2

SHA256
d9d6083c47f7d4690084b73047a3f908a75258c249790224c0f85a86105b78dd

SHA512
6fad9c69999a1ee5659bb3f8010e9d43ad96638b514303ab29361c863a4d0695912ad18805578390ba97db411f0a7b8349b1266a1f6ff1de400ebcadf3117917

Download Submit
memory/3140-0-0x0000000000400000-0x0000000000415000-memory.dmp

Filesize
84KB

Download
memory/3140-1-0x00000000005E0000-0x00000000005E1000-memory.dmp

Filesize
4KB

Download