2a95754b452cb336cdb5d3cfd7def1d4076844517704d5c471edc32701d3e7fb

Analysis

max time kernel
150s
max time network
153s
platform
windows11-21h2_x64
resource
win11-20240214-en
resource tags

arch:x64arch:x86image:win11-20240214-enlocale:en-usos:windows11-21h2-x64system
submitted
08/03/2024, 16:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Furk Ultra.exe
Size

87.5MB
MD5

09e2e90098a609fff4d1aa0af3a43621
SHA1

9041c201d1c6999453ba0e00a995a51beab1b430
SHA256

aafffe547de1f166e4aaee963d2b9af93b1f09c9a4e1cb4d551cb7d07c2b84aa
SHA512

2ad82c3028925f76edcc31ef31e057d081baf213c328b1412bdc61686912a2f36ee08afdf1f3527589be87629ce9e014690c9f371ed510ca651a0c9115e8714b
SSDEEP

1572864:9GeYzsQMjvg7bz9gwWxsF28gZqYyxv3G6W3OS1cHyf/u+w76YHDwRqiA:4IN+WxsF28gzevG6W3OS1jGWKDw4iA

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 7 IoCs

pid	Process
896	Furk Ultra.exe
2804	Furk Ultra.exe
672	Furk Ultra.exe
5080	Furk Ultra.exe
2576	Furk Ultra.exe
1428	Furk Ultra.exe
1716	Furk Ultra.exe

Loads dropped DLL 11 IoCs

pid	Process
896	Furk Ultra.exe
2804	Furk Ultra.exe
672	Furk Ultra.exe
5080	Furk Ultra.exe
5080	Furk Ultra.exe
5080	Furk Ultra.exe
5080	Furk Ultra.exe
5080	Furk Ultra.exe
2576	Furk Ultra.exe
1716	Furk Ultra.exe
1716	Furk Ultra.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2567984660-2719943099-2683635618-1000\Software\Microsoft\Windows\CurrentVersion\Run\Furk Ultra = "C:\\Users\\Admin\\AppData\\Roaming\\Furk Ultra\\Furk Ultra.exe"	Furk Ultra.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies system certificate store 2 TTPs 11 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 5c000000010000000400000000080000040000000100000010000000324a4bbbc863699bbe749ac6dd1d4624030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e76200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb65809000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e650190000000100000010000000fd960962ac6938e0d4b0769aa1a64e262000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	Furk Ultra.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474	Furk Ultra.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 0f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f53000000010000007f000000307d3020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b060105050703080b0000000100000030000000440069006700690043006500720074002000420061006c00740069006d006f0072006500200052006f006f007400000062000000010000002000000016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c7f000000010000000c000000300a06082b060105050703097e000000010000000800000000c001b39667d601030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9	Furk Ultra.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 19000000010000001000000068cb42b035ea773e52ef50ecf50ec529030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae4747e000000010000000800000000c001b39667d6017f000000010000000c000000300a06082b060105050703091d0000000100000010000000918ad43a9475f78bb5243de886d8103c140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df062000000010000002000000016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb0b0000000100000030000000440069006700690043006500720074002000420061006c00740069006d006f0072006500200052006f006f007400000009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b0601050507030853000000010000007f000000307d3020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f20000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9	Furk Ultra.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	Furk Ultra.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A	Furk Ultra.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 040000000100000010000000324a4bbbc863699bbe749ac6dd1d4624030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e76200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb65809000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030153000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	Furk Ultra.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	Furk Ultra.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 5c0000000100000004000000001000001900000001000000100000002fe1f70bb05d7c92335bc5e05b984da60f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f63030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e814000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e20000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	Furk Ultra.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	Furk Ultra.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e260f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030206082b0601050507030306082b0601050507030406082b060105050703016200000001000000200000001465fa205397b876faa6f0a9958e5590e40fcc7faa4fb7c2c8677521fb5fb658140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a040000000100000010000000324a4bbbc863699bbe749ac6dd1d46242000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	Furk Ultra.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1416	msedge.exe
1416	msedge.exe
2276	msedge.exe
2276	msedge.exe
4016	identity_helper.exe
4016	identity_helper.exe
2124	msedge.exe
2124	msedge.exe
1716	Furk Ultra.exe
1716	Furk Ultra.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	896	Furk Ultra.exe
Token: SeCreatePagefilePrivilege	896	Furk Ultra.exe
Token: SeShutdownPrivilege	896	Furk Ultra.exe
Token: SeCreatePagefilePrivilege	896	Furk Ultra.exe
Token: SeShutdownPrivilege	896	Furk Ultra.exe
Token: SeCreatePagefilePrivilege	896	Furk Ultra.exe
Token: SeShutdownPrivilege	896	Furk Ultra.exe
Token: SeCreatePagefilePrivilege	896	Furk Ultra.exe
Token: SeShutdownPrivilege	896	Furk Ultra.exe
Token: SeCreatePagefilePrivilege	896	Furk Ultra.exe
Token: SeShutdownPrivilege	896	Furk Ultra.exe
Token: SeCreatePagefilePrivilege	896	Furk Ultra.exe
Token: SeShutdownPrivilege	896	Furk Ultra.exe
Token: SeCreatePagefilePrivilege	896	Furk Ultra.exe
Token: SeShutdownPrivilege	896	Furk Ultra.exe
Token: SeCreatePagefilePrivilege	896	Furk Ultra.exe
Token: SeShutdownPrivilege	896	Furk Ultra.exe
Token: SeCreatePagefilePrivilege	896	Furk Ultra.exe
Token: SeShutdownPrivilege	896	Furk Ultra.exe
Token: SeCreatePagefilePrivilege	896	Furk Ultra.exe
Token: SeShutdownPrivilege	896	Furk Ultra.exe
Token: SeCreatePagefilePrivilege	896	Furk Ultra.exe
Token: SeShutdownPrivilege	896	Furk Ultra.exe
Token: SeCreatePagefilePrivilege	896	Furk Ultra.exe
Token: SeShutdownPrivilege	896	Furk Ultra.exe
Token: SeCreatePagefilePrivilege	896	Furk Ultra.exe
Token: SeShutdownPrivilege	896	Furk Ultra.exe
Token: SeCreatePagefilePrivilege	896	Furk Ultra.exe
Token: SeShutdownPrivilege	896	Furk Ultra.exe
Token: SeCreatePagefilePrivilege	896	Furk Ultra.exe
Token: SeShutdownPrivilege	896	Furk Ultra.exe
Token: SeCreatePagefilePrivilege	896	Furk Ultra.exe
Token: SeShutdownPrivilege	896	Furk Ultra.exe
Token: SeCreatePagefilePrivilege	896	Furk Ultra.exe
Token: SeShutdownPrivilege	896	Furk Ultra.exe
Token: SeCreatePagefilePrivilege	896	Furk Ultra.exe
Token: SeShutdownPrivilege	896	Furk Ultra.exe
Token: SeCreatePagefilePrivilege	896	Furk Ultra.exe
Token: SeShutdownPrivilege	896	Furk Ultra.exe
Token: SeCreatePagefilePrivilege	896	Furk Ultra.exe
Token: SeShutdownPrivilege	896	Furk Ultra.exe
Token: SeCreatePagefilePrivilege	896	Furk Ultra.exe
Token: SeShutdownPrivilege	896	Furk Ultra.exe
Token: SeCreatePagefilePrivilege	896	Furk Ultra.exe
Token: SeShutdownPrivilege	896	Furk Ultra.exe
Token: SeCreatePagefilePrivilege	896	Furk Ultra.exe
Token: SeShutdownPrivilege	896	Furk Ultra.exe
Token: SeCreatePagefilePrivilege	896	Furk Ultra.exe
Token: SeShutdownPrivilege	896	Furk Ultra.exe
Token: SeCreatePagefilePrivilege	896	Furk Ultra.exe
Token: SeShutdownPrivilege	896	Furk Ultra.exe
Token: SeCreatePagefilePrivilege	896	Furk Ultra.exe
Token: SeShutdownPrivilege	896	Furk Ultra.exe
Token: SeCreatePagefilePrivilege	896	Furk Ultra.exe
Token: SeShutdownPrivilege	896	Furk Ultra.exe
Token: SeCreatePagefilePrivilege	896	Furk Ultra.exe
Token: SeShutdownPrivilege	896	Furk Ultra.exe
Token: SeCreatePagefilePrivilege	896	Furk Ultra.exe
Token: SeShutdownPrivilege	896	Furk Ultra.exe
Token: SeCreatePagefilePrivilege	896	Furk Ultra.exe
Token: SeShutdownPrivilege	896	Furk Ultra.exe
Token: SeCreatePagefilePrivilege	896	Furk Ultra.exe
Token: SeShutdownPrivilege	896	Furk Ultra.exe
Token: SeCreatePagefilePrivilege	896	Furk Ultra.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4904 wrote to memory of 896	4904	Furk Ultra.exe	82
PID 4904 wrote to memory of 896	4904	Furk Ultra.exe	82
PID 896 wrote to memory of 5080	896	Furk Ultra.exe	83
PID 896 wrote to memory of 5080	896	Furk Ultra.exe	83
PID 896 wrote to memory of 5080	896	Furk Ultra.exe	83
PID 896 wrote to memory of 5080	896	Furk Ultra.exe	83
PID 896 wrote to memory of 5080	896	Furk Ultra.exe	83
PID 896 wrote to memory of 5080	896	Furk Ultra.exe	83
PID 896 wrote to memory of 5080	896	Furk Ultra.exe	83
PID 896 wrote to memory of 5080	896	Furk Ultra.exe	83
PID 896 wrote to memory of 5080	896	Furk Ultra.exe	83
PID 896 wrote to memory of 5080	896	Furk Ultra.exe	83
PID 896 wrote to memory of 5080	896	Furk Ultra.exe	83
PID 896 wrote to memory of 5080	896	Furk Ultra.exe	83
PID 896 wrote to memory of 5080	896	Furk Ultra.exe	83
PID 896 wrote to memory of 5080	896	Furk Ultra.exe	83
PID 896 wrote to memory of 5080	896	Furk Ultra.exe	83
PID 896 wrote to memory of 5080	896	Furk Ultra.exe	83
PID 896 wrote to memory of 5080	896	Furk Ultra.exe	83
PID 896 wrote to memory of 5080	896	Furk Ultra.exe	83
PID 896 wrote to memory of 5080	896	Furk Ultra.exe	83
PID 896 wrote to memory of 5080	896	Furk Ultra.exe	83
PID 896 wrote to memory of 5080	896	Furk Ultra.exe	83
PID 896 wrote to memory of 5080	896	Furk Ultra.exe	83
PID 896 wrote to memory of 5080	896	Furk Ultra.exe	83
PID 896 wrote to memory of 5080	896	Furk Ultra.exe	83
PID 896 wrote to memory of 5080	896	Furk Ultra.exe	83
PID 896 wrote to memory of 5080	896	Furk Ultra.exe	83
PID 896 wrote to memory of 5080	896	Furk Ultra.exe	83
PID 896 wrote to memory of 5080	896	Furk Ultra.exe	83
PID 896 wrote to memory of 5080	896	Furk Ultra.exe	83
PID 896 wrote to memory of 5080	896	Furk Ultra.exe	83
PID 896 wrote to memory of 5080	896	Furk Ultra.exe	83
PID 896 wrote to memory of 5080	896	Furk Ultra.exe	83
PID 896 wrote to memory of 5080	896	Furk Ultra.exe	83
PID 896 wrote to memory of 5080	896	Furk Ultra.exe	83
PID 896 wrote to memory of 5080	896	Furk Ultra.exe	83
PID 896 wrote to memory of 5080	896	Furk Ultra.exe	83
PID 896 wrote to memory of 5080	896	Furk Ultra.exe	83
PID 896 wrote to memory of 5080	896	Furk Ultra.exe	83
PID 896 wrote to memory of 2804	896	Furk Ultra.exe	84
PID 896 wrote to memory of 2804	896	Furk Ultra.exe	84
PID 896 wrote to memory of 672	896	Furk Ultra.exe	85
PID 896 wrote to memory of 672	896	Furk Ultra.exe	85
PID 896 wrote to memory of 2576	896	Furk Ultra.exe	86
PID 896 wrote to memory of 2576	896	Furk Ultra.exe	86
PID 896 wrote to memory of 2576	896	Furk Ultra.exe	86
PID 896 wrote to memory of 2576	896	Furk Ultra.exe	86
PID 896 wrote to memory of 2576	896	Furk Ultra.exe	86
PID 896 wrote to memory of 2576	896	Furk Ultra.exe	86
PID 896 wrote to memory of 2576	896	Furk Ultra.exe	86
PID 896 wrote to memory of 2576	896	Furk Ultra.exe	86
PID 896 wrote to memory of 2576	896	Furk Ultra.exe	86
PID 896 wrote to memory of 2576	896	Furk Ultra.exe	86
PID 896 wrote to memory of 2576	896	Furk Ultra.exe	86
PID 896 wrote to memory of 2576	896	Furk Ultra.exe	86
PID 896 wrote to memory of 2576	896	Furk Ultra.exe	86
PID 896 wrote to memory of 2576	896	Furk Ultra.exe	86
PID 896 wrote to memory of 2576	896	Furk Ultra.exe	86
PID 896 wrote to memory of 2576	896	Furk Ultra.exe	86
PID 896 wrote to memory of 2576	896	Furk Ultra.exe	86
PID 896 wrote to memory of 2576	896	Furk Ultra.exe	86
PID 896 wrote to memory of 2576	896	Furk Ultra.exe	86
PID 896 wrote to memory of 2576	896	Furk Ultra.exe	86

C:\Users\Admin\AppData\Local\Temp\Furk Ultra.exe
"C:\Users\Admin\AppData\Local\Temp\Furk Ultra.exe"
1⤵
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:4904
- C:\Users\Admin\AppData\Roaming\Furk Ultra\Furk Ultra.exe
  "C:\Users\Admin\AppData\Roaming\Furk Ultra\Furk Ultra.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies system certificate store
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:896
- - C:\Users\Admin\AppData\Roaming\Furk Ultra\Furk Ultra.exe
    "C:\Users\Admin\AppData\Roaming\Furk Ultra\Furk Ultra.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\furk-ultra-nativefier-e68f82" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1584 --field-trial-handle=1656,i,6474285693516052489,12212864080860509088,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:5080
- - C:\Users\Admin\AppData\Roaming\Furk Ultra\Furk Ultra.exe
    "C:\Users\Admin\AppData\Roaming\Furk Ultra\Furk Ultra.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\furk-ultra-nativefier-e68f82" --mojo-platform-channel-handle=1836 --field-trial-handle=1656,i,6474285693516052489,12212864080860509088,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2804
- - C:\Users\Admin\AppData\Roaming\Furk Ultra\Furk Ultra.exe
    "C:\Users\Admin\AppData\Roaming\Furk Ultra\Furk Ultra.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\furk-ultra-nativefier-e68f82" --app-user-model-id=furk-ultra-nativefier-e68f82 --app-path="C:\Users\Admin\AppData\Roaming\Furk Ultra\resources\app" --no-sandbox --no-zygote --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2040 --field-trial-handle=1656,i,6474285693516052489,12212864080860509088,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:672
- - C:\Users\Admin\AppData\Roaming\Furk Ultra\Furk Ultra.exe
    "C:\Users\Admin\AppData\Roaming\Furk Ultra\Furk Ultra.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\furk-ultra-nativefier-e68f82" --app-user-model-id=furk-ultra-nativefier-e68f82 --app-path="C:\Users\Admin\AppData\Roaming\Furk Ultra\resources\app" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3320 --field-trial-handle=1656,i,6474285693516052489,12212864080860509088,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:2576
- - C:\Users\Admin\AppData\Roaming\Furk Ultra\Furk Ultra.exe
    "C:\Users\Admin\AppData\Roaming\Furk Ultra\Furk Ultra.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\furk-ultra-nativefier-e68f82" --app-user-model-id=furk-ultra-nativefier-e68f82 --app-path="C:\Users\Admin\AppData\Roaming\Furk Ultra\resources\app" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=1632 --field-trial-handle=1656,i,6474285693516052489,12212864080860509088,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
    3⤵
    - Executes dropped EXE
    PID:1428
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://d2yc1amd5aqnhl.cloudfront.net/public/dynamo/lockerClick.php?offer=53456766&offer_position=3&it=3540027&m=0&visitor_id=Vdbd3b83f76847&cpguid=&hash=e443ff744986b73ad638350877e24719
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:2276
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb6b733cb8,0x7ffb6b733cc8,0x7ffb6b733cd8
      4⤵
      PID:2968
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1768,16936411892082993126,9944035345311903139,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1968 /prefetch:2
      4⤵
      PID:4508
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1768,16936411892082993126,9944035345311903139,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2028 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1416
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1768,16936411892082993126,9944035345311903139,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2504 /prefetch:8
      4⤵
      PID:4680
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1768,16936411892082993126,9944035345311903139,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
      4⤵
      PID:1880
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1768,16936411892082993126,9944035345311903139,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
      4⤵
      PID:4320
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1768,16936411892082993126,9944035345311903139,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:1
      4⤵
      PID:3424
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1768,16936411892082993126,9944035345311903139,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
      4⤵
      PID:4664
  - - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1768,16936411892082993126,9944035345311903139,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5784 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4016
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1768,16936411892082993126,9944035345311903139,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5228 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2124
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1768,16936411892082993126,9944035345311903139,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3496 /prefetch:1
      4⤵
      PID:2196
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1768,16936411892082993126,9944035345311903139,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
      4⤵
      PID:2384
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1768,16936411892082993126,9944035345311903139,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4064 /prefetch:1
      4⤵
      PID:4776
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1768,16936411892082993126,9944035345311903139,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
      4⤵
      PID:3044
- - C:\Users\Admin\AppData\Roaming\Furk Ultra\Furk Ultra.exe
    "C:\Users\Admin\AppData\Roaming\Furk Ultra\Furk Ultra.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --user-data-dir="C:\Users\Admin\AppData\Roaming\furk-ultra-nativefier-e68f82" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3604 --field-trial-handle=1656,i,6474285693516052489,12212864080860509088,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    PID:1716

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3216

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4104

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ec7568123e3bee98a389e115698dffeb

SHA1
1542627dbcbaf7d93fcadb771191f18c2248238c

SHA256
5b5e61fe004e83477411dd2b6194e90591d36f2f145cc3b4faa20cf7ae266a75

SHA512
4a53fbbd7281a1a391f0040f6ff5515cedf6e1f97f2dae4ab495b4f76eb4f929dcda6b347f9bf7f66a899330f8897e1ed117314945d1de27b035cc170fa447d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
194KB

MD5
f5b4137b040ec6bd884feee514f7c176

SHA1
7897677377a9ced759be35a66fdee34b391ab0ff

SHA256
845aa24ba38524f33f097b0d9bae7d9112b01fa35c443be5ec1f7b0da23513e6

SHA512
813b764a5650e4e3d1574172dd5d6a26f72c0ba5c8af7b0d676c62bc1b245e4563952bf33663bffc02089127b76a67f9977b0a8f18eaef22d9b4aa3abaaa7c40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
d7bcf5ccb5003632f37e5bf3fef9dba6

SHA1
08177bc8324742fc5604c75f6627ec7325529423

SHA256
d717f8dfaa7509fd95850696036323dd5d43db2a531395e33f3d4cd512ae3a4a

SHA512
ab7c70273269f266b8f11b85c2b9d68b3fe005aabd3e845e2cf5b249ef1ea8fd8fd0f527be5f7afdc4f7924fb45debc6aec4b2f2a7ff03437b14c81f6149e590

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
f5d90379bc7907086385d7e84d542298

SHA1
83782c272a4b3706c2ac31af6540a0ff0171e8c0

SHA256
d3ea22d81b057328e51fb5ab3ad6c1273c95aa6ddac43feca7ba4d5eda0e5af8

SHA512
1203bc75b7f1227121d3eac7b64d333a2ecdcb569bc06c2251b29e89e59b0551b060125f29406df6d226c31ac66acfe0d38e5b96ab590e5326be149abeb4d06d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e9b2deee5d88a1e726f87fe1c42dd68b

SHA1
3fb045531c28ba1ebc8d68dc640da590f225729f

SHA256
834e0ca2e276a4fcdc149b133ab646edd1d3507179fa62639f8ab17371e46f8f

SHA512
96cd97c961a5cce66fe015d4d55f28f76b8fd7cd899f5750a2085c19d7e9c84a5c79d8182619429f54acdfec09419c81d3a38e4c86e4b36ef8b0fc9257216b58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
25KB

MD5
0ba15f72ffb0a37243558588d3e78221

SHA1
814bdfffd723f7de9f8d6d6a0bc8d85a9f275cc0

SHA256
3d0223e1f8bb35870db41872cfbbe467f65bf9a1208dcb4d4ad874e250ccc10a

SHA512
02b168ef9cc226a08955092173c3745a55b28faa438b8152acb90d3bc1d9f433de7d8341def8b452db1986392a59cabc7c69689ad00825c58371ca78021183be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e1fa50dc8e98f0ad54261443b6047138

SHA1
f79f322202ff204f8fa67bfc7c47f00b70011555

SHA256
b14a4a84faa4d653089ab2c7376d7f4fa464895c0680f2ecb7f0171dee9fc534

SHA512
809e63af86cc991765c3463c6a5a685fe5c3bbf654ba77ad69462ba69d3c1a3c2f56275af97996476ea1743b0cae04f5589c0ee5ef52c8134b174d62cc22aeff

Download Submit
C:\Users\Admin\AppData\Roaming\Furk Ultra\D3DCompiler_47.dll

Filesize
2.2MB

MD5
e95bf12483dcc686033b35b970497481

SHA1
c0dee05240b8a5dcf9665511af6c2959b2400b8b

SHA256
1dafdd6d6e0db1b6a4843cb84e1f48e4c7864d0df7be836796a0b8e159834c8a

SHA512
45d080e46095808da9fb3d590ba6bfeb3163988eb94069d8587e35b26550ff46ec520a3e67988bfe55249130ba896dac8f6ac25e7c56b7268fa795b03b144e53

Download Submit
C:\Users\Admin\AppData\Roaming\Furk Ultra\Furk Ultra.exe

Filesize
142.1MB

MD5
51ec100bcfbe7029d6c9d3d76053ea85

SHA1
8e4960d45aaf8bea7fb38859d36f15f252a39d2c

SHA256
736ef0af00b3f31ac399a80e8084314f3a820fee01bee9a79f56e6f4c3ceed35

SHA512
a3d08524abe3c5544c7aa2f936bd68ce1a667e80419edccd500a4112a44e9594d887aa41982f755af34bdcc2368bac6c4389c8e9a82bbfe0c6e76b1b71d71e58

Download Submit
C:\Users\Admin\AppData\Roaming\Furk Ultra\Furk Ultra.exe

Filesize
11.9MB

MD5
de1ab0cc08a698b736a767b990851a13

SHA1
db6daecb65e912f0cc3caa4855773aebadc455ee

SHA256
6b1d994ada581221cc0cd201e07eacde9ce4fe7a27718d02ee74200de8ad498f

SHA512
91d5c42d039bf7a62d1901cabdeaee8ef8601e3812545a0fe3a2dba8885f3f6979c0f9e1f14d8086b9969c29381147b072d8b194cc99ba1adf7bd1411ede2687

Download Submit
C:\Users\Admin\AppData\Roaming\Furk Ultra\Furk Ultra.exe

Filesize
2.1MB

MD5
f76daf6d3f8ca570a4f4de6f65bb3239

SHA1
da2356113a66fd55c9d876d48e445bc003303fa0

SHA256
4ab479d978c35e0389cb508206dbfb4d5706d458a07812481f87a64877c3132b

SHA512
42a5c9d80c0b3e89aaed7811972449d473b491974da91bc9f703e4cbdd63a2c2f08a3da38f553331fe1e075e1eac4a93eb171b7b98685dc1af658980f506b5bb

Download Submit
C:\Users\Admin\AppData\Roaming\Furk Ultra\Furk Ultra.exe

Filesize
2.3MB

MD5
97edbc66a8a7f85816f638a82c020d2d

SHA1
6b9e46bd1e6efe1c7f4fd6bfd38a213c7b9bba37

SHA256
0d43cb9e7113cd0c7b553f556437c79993717ec2855e4348d91968ced0158bbe

SHA512
5dc53623ac2f4120e68a3a5f520f29f8970ec67cb81230340014e61db9128bc5b634303097bde6b5bc2c25a028e8f186a41a677d7dfd5ca6a7e03e75b3551dfd

Download Submit
C:\Users\Admin\AppData\Roaming\Furk Ultra\Furk Ultra.exe

Filesize
1.7MB

MD5
1bdc6666081332e476ce642845c46c3c

SHA1
0912da18e7ac01bb2e26e683449328982fd1da2f

SHA256
1e1c1c30fc43daa46e7317935a8d1aa4b4ac31f9344340581db56829bfe56fab

SHA512
30f1719aaa3422880a7656cd6628c9048934c5c07fb232c9e412e8b7a43f6f21278b51bcc1ce9f82b3c1409a56f446658ceb2cd24c12055f5789239eee767bf1

Download Submit
C:\Users\Admin\AppData\Roaming\Furk Ultra\Furk Ultra.exe

Filesize
2.0MB

MD5
30d73e5af7053b96563a7ca9d8144bf9

SHA1
4ce785bdb79fb1a4779cebf8087687e1c50d8a6f

SHA256
889c96bbacdb93154a0b0da70fb1c2378a91c9c34e8e9367d1f5b25fc162013a

SHA512
650d086f3e6eb53544ecda45be2f5b2a498116177868a468aaea4c860c0c109a735f3bf0f4253387477607c5bfb1b41d1375f3b10b8cd5889b4d511c67be3686

Download Submit
C:\Users\Admin\AppData\Roaming\Furk Ultra\Furk Ultra.exe

Filesize
953KB

MD5
c5f62d60c8855560ae2aca341e33cf68

SHA1
410d79316602d34baf8c8f4f81acb396d5ec3370

SHA256
555f12d1ec5ecec1391362405e133db4783359f3c122670e36a1fb25eb3fe99e

SHA512
0d5685c7adaef10418f416bd0538fb312997e9c97d2cda99ca389a0659953297bba8ffcac2d596af04d75c1b297303149fbb814c58ee394ac20f7d0e79a82c14

Download Submit
C:\Users\Admin\AppData\Roaming\Furk Ultra\Furk Ultra.exe

Filesize
20.0MB

MD5
1a126b8b430b1eeeae5c95fb06ccf0bb

SHA1
860640b68e8d3f8df0f7179885c35f8fe2d396a0

SHA256
081bc5e8f7ea46d070789fffb34afd21b063250a9add691f9f7d3e1d3fc64b31

SHA512
f5e737cf090a881a0df3b8f9584fd1606be63014781f42a4576b41728b14f30cdde11b2ffe05ad4409dfd955eb6b6872ed756ded88cc3326f012fe31e138b45e

Download Submit
C:\Users\Admin\AppData\Roaming\Furk Ultra\Furk Ultra.exe

Filesize
371KB

MD5
616590bf2ff7dbfdc51cf4a054959a6b

SHA1
218e135366d8615565a817d87647f9f9b3ec5f8a

SHA256
9a17b4b88be2c7d6505d0f454d8a894da4e52260b8c4eb6299d1b1869931c593

SHA512
588b1a2495a2d7ba264eb915db056453e07c50992ae509ad07b77ca4b18740f60040db3198d5d5a0a90eeeb77991422ad4b5502cef5dc7c7d9905437c301d070

Download Submit
C:\Users\Admin\AppData\Roaming\Furk Ultra\chrome_100_percent.pak

Filesize
125KB

MD5
0cf9de69dcfd8227665e08c644b9499c

SHA1
a27941acce0101627304e06533ba24f13e650e43

SHA256
d2c299095dbbd3a3cb2b4639e5b3bd389c691397ffd1a681e586f2cfe0e2ab88

SHA512
bb5d340009cef2bcb604ef38fdd7171fed0423c2dc6a01e590f8d15c4f6bc860606547550218db41fba554609e8395c9e3c3508dfa2d8b202e5059e7646bdcef

Download Submit
C:\Users\Admin\AppData\Roaming\Furk Ultra\chrome_200_percent.pak

Filesize
174KB

MD5
d88936315a5bd83c1550e5b8093eb1e6

SHA1
6445d97ceb89635f6459bc2fb237324d66e6a4ee

SHA256
f49abd81e93a05c1e53c1201a5d3a12f2724f52b6971806c8306b512bf66aa25

SHA512
75142f03df6187fb75f887e4c8b9d5162902ba6aac86351186c85e5f0a2d3825ca312a36cf9f4bd656cdfc23a20cd38d4580ca1b41560d23ebaa0d41e4cf1dd2

Download Submit
C:\Users\Admin\AppData\Roaming\Furk Ultra\d3dcompiler_47.dll

Filesize
3.0MB

MD5
92eb8860a58836d7d7b177d6dc18702f

SHA1
89815237559995bed374f7bf78496a5aecaba061

SHA256
88527eb263d095fb316ed37a6555b4a0a0e7cdeb2f6b5031908c08ac38e12d13

SHA512
87a1f1cbf41a3f0a5a87be72e23c223b0aaa1d52f3a1b5097b52241203ed947dc1f9c41ad1b8b57108b86997d2f101133adb3725b122a737ae12ccbc37a488e8

Download Submit
C:\Users\Admin\AppData\Roaming\Furk Ultra\ffmpeg.dll

Filesize
2.7MB

MD5
b41b5ca7e8cdf2669494ae42bf476eca

SHA1
47fe1078383d1f42b62b96bc2aa73e2dd529c3c4

SHA256
308d47179729e3e06f5153c26621bb67af12fca73a37123987176df5fe9be218

SHA512
98d6822f6a7be5c9b86b6d63140f5e1b653021bf666a8611a18c37202f77947676d8c5c59022d99721423d3799375210b46f25c795e62dc1b258fffcfb3f9d2a

Download Submit
C:\Users\Admin\AppData\Roaming\Furk Ultra\ffmpeg.dll

Filesize
2.2MB

MD5
dbbd0b7fde7b83d209018e0150728c59

SHA1
97fe2935eb0c3bfc3c3dda92fda2afc9639f6b2e

SHA256
82b85f4b8df1404456593fb09d96b4fbc964bd2a0f79c59bff43547bde6596ef

SHA512
4343106cda605461e824e3fa61a5db19e8c54c7d65bbab58a0203cada86cc8be7d89807f557760d9c8cd5b61a38e2a64ddde0a6c4b00352b72254d53dfb26faa

Download Submit
C:\Users\Admin\AppData\Roaming\Furk Ultra\ffmpeg.dll

Filesize
1.9MB

MD5
2c30554ee1e7463ae36cc2df54534501

SHA1
9a5d23f5c65cde6bd004a3db4d5d2362a5e065cf

SHA256
0de443a0b24d695c6bbbb1e2d019240e0f02b644f3cbbf7125908789125232a8

SHA512
f14c5c071ae311e8dc196943d3c1ed79f53cc368aef128f7f7411ef4a6b66b28129f94c3ee8dc8435c339ce901f2ae881d65873e3948211df0d30518fb594eb9

Download Submit
C:\Users\Admin\AppData\Roaming\Furk Ultra\ffmpeg.dll

Filesize
1.6MB

MD5
0f23bd51ae07e300d7a7f042859728d0

SHA1
c14667272ad3c376c6422931790a1d363c445cc1

SHA256
10f31880cad908a3be7585361f86bc3d40ebd5698d3f73de4b31aded8f155f38

SHA512
f959795ab25c9527108bf88a06c34591fa246f976a409eeba773aa7de21b3eed7a7c2e1f2f97f4fd9ed142c098ed48120b9a470d862c7abacfdd0af94d39a069

Download Submit
C:\Users\Admin\AppData\Roaming\Furk Ultra\ffmpeg.dll

Filesize
1.1MB

MD5
1d82c5ff8e7b5ec2d88706bdf7b94f21

SHA1
1f87961fa556dd6bbc5fca402c1086056f5eaa73

SHA256
892249de83c6908ace0d23334ab6a881d67426a2bc33fe124b445d8d4c320dcd

SHA512
75c27de1f7d44bf83c3f7786aebd31e8d5de817fa6a64a31f9466f8b81d269cb1eae0f8bc8dd9a96f6a958f7dbe851063052722972dfdad38ef09fce2a53978b

Download Submit
C:\Users\Admin\AppData\Roaming\Furk Ultra\icudtl.dat

Filesize
9.9MB

MD5
c6ae43f9d596f3dd0d86fb3e62a5b5de

SHA1
198b3b4abc0f128398d25c66455c531a7af34a6d

SHA256
00f755664926fda5fda14b87af41097f6ea4b20154f90be65d73717580db26ee

SHA512
3c43e2dcdf037726a94319a147a8bc41a4c0fd66e6b18b3c7c95449912bf875382dde5ec0525dcad6a52e8820b0859caf8fa73cb287283334ec8d06eb3227ec4

Download Submit
C:\Users\Admin\AppData\Roaming\Furk Ultra\libEGL.dll

Filesize
460KB

MD5
961c060f241a7ae22e962c82d7803ef1

SHA1
0060b167e55db981c1588ca2074b8ca38b9a8153

SHA256
c8e8007d746df73edbf73cdff18c09bb756f43814978c84a28a72f95d0ac5dc9

SHA512
79539e0d0036124b59f94c6fec0c596e64c41626b9994ff7457f2f6b26e8f2648f93f63f6422c444eb3c8b803079f6ef1f52191980ea88de9d25c40b30547599

Download Submit
C:\Users\Admin\AppData\Roaming\Furk Ultra\libGLESv2.dll

Filesize
2.4MB

MD5
0aa0ad66337f13a221da3310eb2d8bec

SHA1
d2a3630fbe060137df36b0c08bb6d73ebc9f3704

SHA256
4349ca3d613966e7b3d13e2387bbc8976096817779abd8763eb4936df6f6d09a

SHA512
7a80f1094025bdede4e016b6056b59c1bb88519708d391422ce94862ce8995bc1bc72ea1ed7aa6e1555aea56ec10efb762f1aebeaad9b96dd9772ba84825fc80

Download Submit
C:\Users\Admin\AppData\Roaming\Furk Ultra\libglesv2.dll

Filesize
2.6MB

MD5
d2f71063d50ef33f9d53c0064b58ece3

SHA1
1526888ef726ee35c17b2b9dbfacb99b4488e87a

SHA256
f83b0eeee4fa2dc5c9fef8a3345d093875a1059ecdc2bcdce3038c16d02ac6e3

SHA512
461a6b0b3ed0a3a797300d59799d98840444caf1eda30914933e11481784905fcd34583f49bb052ce6dc5e40a0b30650a6f83b6d57f0c02ef84342e00158d2ff

Download Submit
C:\Users\Admin\AppData\Roaming\Furk Ultra\locales\en-US.pak

Filesize
115KB

MD5
f982582f05ea5adf95d9258aa99c2aa5

SHA1
2f3168b09d812c6b9b6defc54390b7a833009abf

SHA256
4221cf9bae4ebea0edc1b0872c24ec708492d4fe13f051d1f806a77fe84ca94d

SHA512
75636f4d6aa1bcf0a573a061a55077106fbde059e293d095557cddfe73522aa5f55fe55a48158bf2cfc74e9edb74cae776369a8ac9123dc6f1f6afa805d0cc78

Download Submit
C:\Users\Admin\AppData\Roaming\Furk Ultra\resources.pak

Filesize
2.4MB

MD5
63a888ad74cc1e530f17f74b38147bc5

SHA1
befc6e834d4ca2447e8fc3ba2e074461a1383e4c

SHA256
1d9bbbd979fd62f5a4221dc43218d7bd1456965f13f54926364e9cf3ec0a76ae

SHA512
8a9c1866ce256f71ede76c0b03d28d41d3129ea067cdea3403d7f9b88c1cec635f6eedc2dca5658f6bae173a68d1b84cb7b0304efbcd039be2a9849391ba2388

Download Submit
C:\Users\Admin\AppData\Roaming\Furk Ultra\resources\app\icon.ico

Filesize
28KB

MD5
e718b557b56021745c64f924972e082a

SHA1
fd77644ba0e3e643fe31a9d8e8dabb43b1741342

SHA256
8b063509b751d03434b657a555a0a863573f0b7261d4ecf675f969fc4abb1514

SHA512
f528be23c02847bf8efd2eb8f04e02597a23aa4fee1e3f62ab35403eb2df89dbdb0695a7b41516ea5d5188d901dd9a1140727cec0e06599533ee578555940fb2

Download Submit
C:\Users\Admin\AppData\Roaming\Furk Ultra\resources\app\lib\main.js

Filesize
496KB

MD5
7327af37c332ad146899073ec665a18a

SHA1
d35b0c9187a674bbe16687dc7c857d65b94a6f36

SHA256
d6d58a6a98a77a3c0cdb45e642d0a5d125ff3d75bb1f42e7803d100a9160dd05

SHA512
39d35e82d355b573e7ad153b2f4a36b226c39127bd19c48f722b670813d86adfc658563afa53c4129289ad397985f801020daf11174f7df850ea622cb0356435

Download Submit
C:\Users\Admin\AppData\Roaming\Furk Ultra\resources\app\lib\preload.js

Filesize
12KB

MD5
cfd7e6489b0d63738319982f68ff935e

SHA1
d05ab48d9dc3a52946511c2c4cf5de0fcb4f1290

SHA256
d50ca2fa212df1c1ff69b5d26ba594bd39bfd86a71b068a650cc577e5dc9a94e

SHA512
9b4c0fb83033163f8e8e35c9da2d33265f7d36eefa22774399abaf867e3d22a3e0cba71f2bb2037fe055e5b9932b25dd98a63b7543c3a15f2667ec40d7bcdf93

Download Submit
C:\Users\Admin\AppData\Roaming\Furk Ultra\resources\app\nativefier.json

Filesize
958B

MD5
41dc3e744563e3642c2bc516997d6f56

SHA1
549a2bd27f5d97c3f18f28375c6d769739c3818e

SHA256
405878eda58ebdfa94a7d47192c0ac36a26e88bc995cc4a858ac4e197c1c5146

SHA512
79b44908c531ba3921d9637b1df56fe71e4e519556f16d569e3aa94e71e1c7160eebde274a90d354c9f40ba7d92a25e8253f3cd0ead1825855d7a055426f8070

Download Submit
C:\Users\Admin\AppData\Roaming\Furk Ultra\resources\app\package.json

Filesize
597B

MD5
3bc4c02fee47249319a04daad21b4930

SHA1
32a161782fa72efb0c189d6c6240b1add0513f0d

SHA256
38bdba6eba2bc4ded383d59ec5d53cb9516ce0ea6db65d477a02242bd115dfbc

SHA512
2152d5f4ff69ea2db7b576cccbf695a7cd70ec339fb5f79b8359cb2d7fc79767cd491fc7e14cd4cfec9dab8562a11d3b223f88680f03b4edaf925c83a41b756e

Download Submit
C:\Users\Admin\AppData\Roaming\Furk Ultra\v8_context_snapshot.bin

Filesize
713KB

MD5
1270ddd6641f34d158ea05531a319ec9

SHA1
7d688b21acadb252ad8f175f64f5a3e44b483b0b

SHA256
47a8d799b55ba4c7a55498e0876521ad11cc2fa349665b11c715334a77f72b29

SHA512
710c18ef4e21aa6f666fa4f8d123b388c751e061b2197dae0332091fbef5bd216400c0f3bca8622f89e88733f23c66571a431eb3330dba87de1fc16979589e97

Download Submit
C:\Users\Admin\AppData\Roaming\Furk Ultra\vk_swiftshader.dll

Filesize
1.9MB

MD5
68bceabfb20cd68d0e926824619f3222

SHA1
ebec47f89aa9c0914d6173b7e2c0f46a7d13843d

SHA256
bd46e7eb4efb9dd52d2ee641f4f5ee6349b85764290078394834e120bc0f4618

SHA512
5ace800893e73f39cf6ee5c2bc3e7c59033416a61d8c522bdd7dcbd4ab52c59fa59f956690b6a04150f9e35cfef0dfa4fa109e3deccf1547689a8c284c8f7197

Download Submit
C:\Users\Admin\AppData\Roaming\Furk Ultra\vk_swiftshader.dll

Filesize
1.7MB

MD5
1f66f366bc78d2bbc09ee5cc9f6d039e

SHA1
9e18126ab94ace0b177b2e33e5cb9d37a401c7d7

SHA256
5cc9e723af1550515a5f46397920b221aee95bc8eef4aa3172b49da98ed77a62

SHA512
8a2497287f888cd5fd039ae559eaf5c31e1af314992acf54ba113e722d7e9d53ae521cd45351530b7c26b19272a38365367cff3a873d7f7d89a05c02304da205

Download Submit
C:\Users\Admin\AppData\Roaming\Furk Ultra\vk_swiftshader.dll

Filesize
4.5MB

MD5
fcec6c6fbc34cfd9a449af66364da381

SHA1
f6016b721dec138d75e9d542f3e2210a673ad52b

SHA256
738fe97f7fbafa6524f11cf0cf0999ca3aef752bed44e1179d589aae92937ed2

SHA512
26527975979e58870c3c365b9ab432b4b3af88ed606673971fba009489db4482a5ace0e122b8cf67de075c37174c7c423ee8e219cfb4c9a331be66bb8af9edf9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\furk-ultra-nativefier-e68f82\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
da6f418e81f5748dfd9bf5fc6c20c7ce

SHA1
2dff8c4ad4840d1dad7789616ed8b9df5f1573ed

SHA256
6ca4edbe44f90b6bb1033fb9f71372629ee9012c88c7ab896cae2ccbe00744ae

SHA512
bb6924eda1daa05cdf3e1db7aea7148c76b561c5cf79878916eba9e40f8087cf4edc759a69abe5e81a3d96464cd5afa5907b6eeb233898d7c87035b90a13f520

Download Submit
C:\Users\Admin\AppData\Roaming\furk-ultra-nativefier-e68f82\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
9e888724c58534feb8a8a8ea7a8ca8d1

SHA1
30b825ba79966a29b58137f70222a928c8f2a634

SHA256
07ab91f89388ec25b281e193f079c4631431c26be7830c6264d104335b43fb33

SHA512
afbfedb27ecee256fc119d22994125cc55873ff97c3414c3fab961800ea8c48f7f3a702c321c114d75e407922bfd6243268201bdd98588e2096e4b5b2e5e02de

Download Submit
C:\Users\Admin\AppData\Roaming\furk-ultra-nativefier-e68f82\Network\Network Persistent State

Filesize
1KB

MD5
a05e41f73ddbcc098b1e74a039de6b1b

SHA1
2e298dcf701b38282c3faae01430ca8c41959874

SHA256
d4d3283dc8b98ee5f194fa2313c4e68380f475b506d5b40521f0bd346aacf1f3

SHA512
7db7c56f872e159b0f72b4fc26fd96ba61730762150ca24562044a649a83a242bc40891c7e5af65d2be50e3c2ec414861079bb8ef6925170199dcd0836c3856a

Download Submit
C:\Users\Admin\AppData\Roaming\furk-ultra-nativefier-e68f82\Network\Network Persistent State~RFe58de16.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Roaming\furk-ultra-nativefier-e68f82\Network\TransportSecurity

Filesize
539B

MD5
0e167f27617857221fcd63b61b4a6a67

SHA1
b56d9c8a598003b1642e9c0662ca400e643c6b39

SHA256
c09b68c8793a84f799a4d82881224d2f611e4d56ed857734a98ee9e35b9a55ae

SHA512
51e39c6772e4cdaec3b73ebdf8339896ede086705b92c7473a1981fa08df9f3e382605053c23abd8bdca1ccd637f7eac297b0ffd87c35d2c8d7b9d946d0c78cf

Download Submit
C:\Users\Admin\AppData\Roaming\furk-ultra-nativefier-e68f82\Network\TransportSecurity~RFe58eeb0.TMP

Filesize
539B

MD5
5d46bf9d0a0c169497965eed74f06e26

SHA1
0dda57d2126754d188932ee97ba74ea4d7bf7d8a

SHA256
4783e4dedd6e20779690f8e1e69eb39a1ed3ae0d395fe87d13179b170f23964f

SHA512
97622dd0e55a6f853c46d20f14fa88f17f5cfca039a96c0843f4ab836b907a41b8827a22e6f04c2295bf4d98b4b2e352999a480a4c35bda29d4a4db8c0e7b44a

Download Submit
C:\Users\Admin\AppData\Roaming\furk-ultra-nativefier-e68f82\Session Storage\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\Desktop\Furk Ultra.lnk

Filesize
1007B

MD5
8e758d8c88a36f122b5a8068c5998b95

SHA1
f285f1c3f5201561227da87e1368056929d82f4a

SHA256
47ec2620f09c1590dc604cc620b6291ff84c2aca7ed9638bcf9a66093f117619

SHA512
0a6aa4637f0e0d687b1b0d8404a0f5cba3c7082557ae2759c29255ceebad3ff0dad645d1d29d95aa081b9fefcdc51f7cde01e69825228c7894d5d9d4ee99f432

Download Submit
memory/1716-522-0x00000291FC700000-0x00000291FC701000-memory.dmp

Filesize
4KB

Download
memory/1716-524-0x00000291FC700000-0x00000291FC701000-memory.dmp

Filesize
4KB

Download
memory/1716-514-0x00000291FC700000-0x00000291FC701000-memory.dmp

Filesize
4KB

Download
memory/1716-515-0x00000291FC700000-0x00000291FC701000-memory.dmp

Filesize
4KB

Download
memory/1716-526-0x00000291FC700000-0x00000291FC701000-memory.dmp

Filesize
4KB

Download
memory/1716-516-0x00000291FC700000-0x00000291FC701000-memory.dmp

Filesize
4KB

Download
memory/1716-520-0x00000291FC700000-0x00000291FC701000-memory.dmp

Filesize
4KB

Download
memory/1716-525-0x00000291FC700000-0x00000291FC701000-memory.dmp

Filesize
4KB

Download
memory/1716-523-0x00000291FC700000-0x00000291FC701000-memory.dmp

Filesize
4KB

Download
memory/1716-521-0x00000291FC700000-0x00000291FC701000-memory.dmp

Filesize
4KB

Download
memory/2576-314-0x00007FFB7A2D0000-0x00007FFB7A2D1000-memory.dmp

Filesize
4KB

Download
memory/2576-339-0x0000025C58EC0000-0x0000025C59238000-memory.dmp

Filesize
3.5MB

Download
memory/2576-340-0x0000025C59240000-0x0000025C592DE000-memory.dmp

Filesize
632KB

Download
memory/2576-315-0x00007FFB7AAA0000-0x00007FFB7AAA1000-memory.dmp

Filesize
4KB

Download
memory/4904-0-0x0000000001AA0000-0x0000000001AA1000-memory.dmp

Filesize
4KB

Download
memory/4904-9-0x0000000000C80000-0x0000000000F63000-memory.dmp

Filesize
2.9MB

Download
memory/4904-185-0x0000000000C80000-0x0000000000F63000-memory.dmp

Filesize
2.9MB

Download
memory/4904-186-0x0000000001AA0000-0x0000000001AA1000-memory.dmp

Filesize
4KB

Download
memory/4904-204-0x0000000000C80000-0x0000000000F63000-memory.dmp

Filesize
2.9MB

Download
memory/5080-241-0x00007FFB78D10000-0x00007FFB78D11000-memory.dmp

Filesize
4KB

Download
memory/5080-334-0x0000022A144C0000-0x0000022A14838000-memory.dmp

Filesize
3.5MB

Download