troldesh | hxxps://github[.]com/Endermanch/MalwareDatabase

Analysis

max time kernel
368s
max time network
415s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
10-04-2024 20:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Endermanch/MalwareDatabase

Score

10^/10

troldesh bootkit persistence ransomware trojan upx

Malware Config

Signatures

Troldesh, Shade, Encoder.858
Troldesh is a ransomware spread by malspam.
ransomware trojan troldesh

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3292-704-0x0000000000400000-0x00000000005DE000-memory.dmp	upx
behavioral1/memory/3292-734-0x0000000000400000-0x00000000005DE000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Client Server Runtime Subsystem = "\"C:\\ProgramData\\Windows\\csrss.exe\""	[email protected]

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
88	raw.githubusercontent.com
89	raw.githubusercontent.com
34	camo.githubusercontent.com

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	[email protected]

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133572529965993160"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
452	chrome.exe
452	chrome.exe
1192	chrome.exe
1192	chrome.exe
3292	[email protected]
3292	[email protected]
3292	[email protected]
3292	[email protected]

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
452	chrome.exe
452	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe
Token: SeShutdownPrivilege	452	chrome.exe
Token: SeCreatePagefilePrivilege	452	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe
452	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4680	[email protected]

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 452 wrote to memory of 3824	452	chrome.exe	91
PID 452 wrote to memory of 3824	452	chrome.exe	91
PID 452 wrote to memory of 3308	452	chrome.exe	93
PID 452 wrote to memory of 3308	452	chrome.exe	93
PID 452 wrote to memory of 3308	452	chrome.exe	93
PID 452 wrote to memory of 3308	452	chrome.exe	93
PID 452 wrote to memory of 3308	452	chrome.exe	93
PID 452 wrote to memory of 3308	452	chrome.exe	93
PID 452 wrote to memory of 3308	452	chrome.exe	93
PID 452 wrote to memory of 3308	452	chrome.exe	93
PID 452 wrote to memory of 3308	452	chrome.exe	93
PID 452 wrote to memory of 3308	452	chrome.exe	93
PID 452 wrote to memory of 3308	452	chrome.exe	93
PID 452 wrote to memory of 3308	452	chrome.exe	93
PID 452 wrote to memory of 3308	452	chrome.exe	93
PID 452 wrote to memory of 3308	452	chrome.exe	93
PID 452 wrote to memory of 3308	452	chrome.exe	93
PID 452 wrote to memory of 3308	452	chrome.exe	93
PID 452 wrote to memory of 3308	452	chrome.exe	93
PID 452 wrote to memory of 3308	452	chrome.exe	93
PID 452 wrote to memory of 3308	452	chrome.exe	93
PID 452 wrote to memory of 3308	452	chrome.exe	93
PID 452 wrote to memory of 3308	452	chrome.exe	93
PID 452 wrote to memory of 3308	452	chrome.exe	93
PID 452 wrote to memory of 3308	452	chrome.exe	93
PID 452 wrote to memory of 3308	452	chrome.exe	93
PID 452 wrote to memory of 3308	452	chrome.exe	93
PID 452 wrote to memory of 3308	452	chrome.exe	93
PID 452 wrote to memory of 3308	452	chrome.exe	93
PID 452 wrote to memory of 3308	452	chrome.exe	93
PID 452 wrote to memory of 3308	452	chrome.exe	93
PID 452 wrote to memory of 3308	452	chrome.exe	93
PID 452 wrote to memory of 3308	452	chrome.exe	93
PID 452 wrote to memory of 3308	452	chrome.exe	93
PID 452 wrote to memory of 3308	452	chrome.exe	93
PID 452 wrote to memory of 3308	452	chrome.exe	93
PID 452 wrote to memory of 3308	452	chrome.exe	93
PID 452 wrote to memory of 3308	452	chrome.exe	93
PID 452 wrote to memory of 3308	452	chrome.exe	93
PID 452 wrote to memory of 3308	452	chrome.exe	93
PID 452 wrote to memory of 4912	452	chrome.exe	94
PID 452 wrote to memory of 4912	452	chrome.exe	94
PID 452 wrote to memory of 2816	452	chrome.exe	95
PID 452 wrote to memory of 2816	452	chrome.exe	95
PID 452 wrote to memory of 2816	452	chrome.exe	95
PID 452 wrote to memory of 2816	452	chrome.exe	95
PID 452 wrote to memory of 2816	452	chrome.exe	95
PID 452 wrote to memory of 2816	452	chrome.exe	95
PID 452 wrote to memory of 2816	452	chrome.exe	95
PID 452 wrote to memory of 2816	452	chrome.exe	95
PID 452 wrote to memory of 2816	452	chrome.exe	95
PID 452 wrote to memory of 2816	452	chrome.exe	95
PID 452 wrote to memory of 2816	452	chrome.exe	95
PID 452 wrote to memory of 2816	452	chrome.exe	95
PID 452 wrote to memory of 2816	452	chrome.exe	95
PID 452 wrote to memory of 2816	452	chrome.exe	95
PID 452 wrote to memory of 2816	452	chrome.exe	95
PID 452 wrote to memory of 2816	452	chrome.exe	95
PID 452 wrote to memory of 2816	452	chrome.exe	95
PID 452 wrote to memory of 2816	452	chrome.exe	95
PID 452 wrote to memory of 2816	452	chrome.exe	95
PID 452 wrote to memory of 2816	452	chrome.exe	95
PID 452 wrote to memory of 2816	452	chrome.exe	95
PID 452 wrote to memory of 2816	452	chrome.exe	95

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/Endermanch/MalwareDatabase
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0x40,0x108,0x7fffd7889758,0x7fffd7889768,0x7fffd7889778
  2⤵
  PID:3824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1760 --field-trial-handle=1900,i,16934579555690912836,14881641165491569254,131072 /prefetch:2
  2⤵
  PID:3308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1900,i,16934579555690912836,14881641165491569254,131072 /prefetch:8
  2⤵
  PID:4912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2220 --field-trial-handle=1900,i,16934579555690912836,14881641165491569254,131072 /prefetch:8
  2⤵
  PID:2816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3004 --field-trial-handle=1900,i,16934579555690912836,14881641165491569254,131072 /prefetch:1
  2⤵
  PID:2584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3044 --field-trial-handle=1900,i,16934579555690912836,14881641165491569254,131072 /prefetch:1
  2⤵
  PID:3860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5328 --field-trial-handle=1900,i,16934579555690912836,14881641165491569254,131072 /prefetch:8
  2⤵
  PID:2400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3924 --field-trial-handle=1900,i,16934579555690912836,14881641165491569254,131072 /prefetch:8
  2⤵
  PID:1148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4704 --field-trial-handle=1900,i,16934579555690912836,14881641165491569254,131072 /prefetch:8
  2⤵
  PID:4100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5352 --field-trial-handle=1900,i,16934579555690912836,14881641165491569254,131072 /prefetch:8
  2⤵
  PID:3500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4584 --field-trial-handle=1900,i,16934579555690912836,14881641165491569254,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4704 --field-trial-handle=1900,i,16934579555690912836,14881641165491569254,131072 /prefetch:8
  2⤵
  PID:2388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4956 --field-trial-handle=1900,i,16934579555690912836,14881641165491569254,131072 /prefetch:8
  2⤵
  PID:1052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2736 --field-trial-handle=1900,i,16934579555690912836,14881641165491569254,131072 /prefetch:8
  2⤵
  PID:3364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3980 --field-trial-handle=1900,i,16934579555690912836,14881641165491569254,131072 /prefetch:8
  2⤵
  PID:3668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3772 --field-trial-handle=1900,i,16934579555690912836,14881641165491569254,131072 /prefetch:8
  2⤵
  PID:5100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4964 --field-trial-handle=1900,i,16934579555690912836,14881641165491569254,131072 /prefetch:8
  2⤵
  PID:988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1640 --field-trial-handle=1900,i,16934579555690912836,14881641165491569254,131072 /prefetch:8
  2⤵
  PID:500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5424 --field-trial-handle=1900,i,16934579555690912836,14881641165491569254,131072 /prefetch:8
  2⤵
  PID:2176

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:5060

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3488 --field-trial-handle=3088,i,14310325015283915034,7660943942870463106,262144 --variations-seed-version /prefetch:8
1⤵
PID:3600

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4936

C:\Users\Admin\AppData\Local\Temp\Temp1_Fantom.zip\Fantom.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_Fantom.zip\Fantom.exe"
1⤵
PID:4164

C:\Users\Admin\AppData\Local\Temp\Temp1_NoMoreRansom.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp1_NoMoreRansom.zip\[email protected]"
1⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
PID:3292

C:\Users\Admin\AppData\Local\Temp\Temp1_Petya.A.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp1_Petya.A.zip\[email protected]"
1⤵
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetWindowsHookEx
PID:4680

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
b740b5f1307a092b52d3bf999095f098

SHA1
f031c182cf0875912d185510c9af52ff8874d93d

SHA256
f934eb9b569e60db13efd287b75088f5bce5fb2a6fc0e751cd8542e3734e0914

SHA512
59c5b953370d88dd5861e3f68ea4e8325a99016928d20d398bbcd3f85f28ba88b24ae557e0085351fc3afd1e716764a13820655877026db25759facd28ca3a34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
1e1b89efa84c88660185fb839d69a733

SHA1
04ecc49dd5d50a6cc99bc644d756a7e4a6897a72

SHA256
bf6fa5c8394f9022b5226d7d8f786c4d6cb6997da89f358fff3ea2bf505f0cd5

SHA512
0debb801b7903dba17efec227bb4665fced3c5d73cb2b856a0efae4433aa3628355d1e4e0ed47d4d0d958eca74c286285e7bb209b73092b23db61ee57d86c0e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
d8955f3a9554e1de2b3ff6d1096de314

SHA1
1e8bb9905618ccc936434ed15afb95da91daf38d

SHA256
9dc70f7be13d65e2cdde9186087a60fa301562f542be6b506ace6bf3d65d4910

SHA512
465b2c8b053dfc3fdf79fa738c4058bd462e33b1fb73bcc5eb640c012ac6b760d6bd483e57f8b1df0709afcd2f350228ec1de9d996f6211ad144ba814a7a5984

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
986B

MD5
da80ecaf65c1525a2b0a0858b6d7f466

SHA1
6b1cc989d0d980becffde734277353be3444b2ad

SHA256
0380690db92a3cc639d1c5115aeb836d7a38acd3d61c1ded02a12a72502338f2

SHA512
1cc16b1e2115c029a8e9ac3edfd68ab98eae52d34411b5b4383de946a0c265237bcf058558305b5f131c64654ef2478cadd1e6cf5ec44e5aa806a131d0153f3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
be4b8bb5177e444d79131eee7c8763ba

SHA1
28c659fd73efa3296579b4130c3f02c3bd5c9e57

SHA256
b10abd92f2be7ae1c9fd3ee5845bda5298df410caea9545ff651f1a605fdfbfd

SHA512
3cb04c6fae5b1043680ff82ac209b00d9d6596da5d2ed1b10b5d964e79ce5ef2b608ee4f9ff1b375746416deee7c7c01e477c47254030d58cce46e979e7f0082

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
94e069520f2176c4ebfa7770a76d2625

SHA1
63a1a37a3ea832e8b0510828c9fd067a8d68d630

SHA256
4525bd0f5fe985d1017d199412abadec0cd3bde9358edc5c2497444b423da0ac

SHA512
f06d0ff28f5327e67bc3618817380ace62627596673e5a12c5f68717a4bfc042c041ad400f9fadc3e28dfeae376b6b0bfff51766d0312187e04e21e42d7aead8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7ddb43839d4866b0f318eccb075e6001

SHA1
c65ee796b58b8f6e0f668efa70117b140ce675cb

SHA256
54989e450404bb135475adb13ae005e0d1c4b7bc5279f87697b24b68a7c93f21

SHA512
59df511e1792e1af250aa7cfb2fb67d12df42fc6cbd89c7b35dfebadd3d9ec0cb7cb017663180710b1c2649548d907a75517d619ed4d806ae568179db78162d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a6c9dbb6f24023dd53f22c685f5c378a

SHA1
62e17568aca8526a9acc943f6a0108eee0ce382b

SHA256
bcd166f6f7f71682fd102f401371528d966df448f0d4dbe7c952300cc7f9a386

SHA512
7d6586c3d508ae83f1c25977035b240c4141a4b4f33133f068e9f2736eb6d443b080f08eac0eea9959839caf9ef77fa28a5898e69b807a6160208c97a42e4800

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
45885c446ba6202f8f22894240ddfe17

SHA1
4484a4e06e90fc27a233892d7677f4be62969a29

SHA256
05e5b8e821e04b39307e577630155cff126f2437084be98dbe5c5b5d5e7b49c5

SHA512
c4e35cee6025fa19220948bb856174a00b497f5062a4f12034bafc5c2c5aa8616713a2fce6cb45a9cb553b1361432a44c484a1cd77c6d1f7426ce2381127b2ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
57ac637d0740cb4d856bb7504e405ab3

SHA1
74f111445224d19c78c318bc7ae48722b633f35b

SHA256
a6d9a0ff7327348b4b2c890f5d262a711854fc5c7955ae64ed7abf0e62d32cb0

SHA512
7b8e212a08702999b4431672c2edb21c38e6514d4a367b4d9e5dbfb29521ea618058bb0e2ae2a14c7022e47c872e7c2460aaf23015e11b14134d4f65c29b1e84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
00c0e936bcc769b57c22b2e76ecff2d2

SHA1
c932cf0acadf1ead91bf78510d90aede735a40fe

SHA256
ca8d93213f5db4a838eb4b364a40f90c31b4eef4ffef21439f24a20ad30f98c7

SHA512
883b8375975fca971bffa284e5634e2a5ab81e8ef779e1a07470cc37f4a45deb5ae34dcb58247d5f6c88754ea2aea6acbf1605e114443e99a17591e2c316c416

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
91477c70c115f7cd2360f7982acee379

SHA1
8a16093c539a9fe3e04377d81565c9e7d5b93133

SHA256
5fa8be657516a8d4536c605b45f68eb016c3d13f9d0a583534ea6d1903bcb018

SHA512
5f6f43f5592f0bd8b4d667b23bbf6a368080d297365a25a4f7fba84034276cbe1d13735360bb91eeb939e263df660ca4b332e1e18d93ffcaadd2d79870f162c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ef27d6f196c888fe4e0660c612585299

SHA1
f87ce5415bf4de37d81e366058c07f1350d82122

SHA256
001fa59d4cfb294b324d324a38f7d6e75c8c1d9e8aef40669811954a9f5388c8

SHA512
79489b78104ae86975c7f8947e95d85ac41ec4f40f68b9abb006c2eafb1e32c0a53e088c6621eb3a9177b5a651c6d284f726a70111be5dcb79de15f22ebe07b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
be6515dc8c64164941eaee2562e61f5a

SHA1
6915c0a413c74ec3450143b33da1be066a709e7a

SHA256
b92313a86139d26ce4b5546b93cac4b66459475a8efeceb1c5043127adf9e5fc

SHA512
0ca00a9e5723a3770d0c2eb999091c1cbc1b35bf084dc1689cbab44a05e0e8edf3bc4a4e788a9f95a01e0dc176974f842c85ea79265c02e015c09ecfebbba7bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
61a125039f56a3ae754a4693862e14f9

SHA1
14a2f1a3039ee79931414cc2befdfba472d80520

SHA256
bfbeada293dd74330bd2edec2df2fb93e91d37597c65c103fc25c32ed12448c0

SHA512
04c9d1d5621044487a7d5b94c988a306c5de15e299516843541e5c425ca4c0d05da68b62fae4be275cd91a3776377716f81486a645ad777364c036efb47c9b73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
fd393028b70d3fd10e7dbc0a99d10a35

SHA1
0ed91c34a9ece5ca8d3c5e6d4b6a5715850317ff

SHA256
a9b50ae5c6a792bea2456fd2d1c92956864550b8aa18c7fdfe0e08b749e03701

SHA512
e2131adba4c97f3ac8647ad8369736266e459ac2190ac65d72df59f4507c22613c085d85f651aae277bc36cd86634d9e6cb629395ea209207e490b3118457117

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ab10472587462fa95a6b849ef5507eaa

SHA1
db1b8ba708bdd55eb83632032e3db76171f18188

SHA256
dd77592b425b4a57865f7c149f0237e20fa146e1142a05b65920eb17de2a2ac6

SHA512
7ae12352c63cd97979ad55bdb884a5512d4811558de88b56462dc7e5c1b0f46ba61b9ae4671b2a20c8d9a157944384e9d4832ea99fae9aff382cf465c67d389d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
fe88fe8a4a1e20dd770e89cbc8761e05

SHA1
2589f582947ace8a21609b8e69af59b837dde59f

SHA256
fd0c66f3a21cc4b45140954ed222163c239f1e2edcc89aa330d5174b560be8d0

SHA512
1ab751340756f0e3604345bb0c7d52f00fa295030c347c29485a7600120aede86e4d5ab7ed2aa0fd18212c6a9b62945275e216b6ab78e180af0bb699955fe8d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c322e804fd82f91d0bba3fc8290c6167

SHA1
0787dd8b74f2bd3652e3c47300675e54d060112b

SHA256
f87e9bb6f689c640d78a10033d49328d7d74c879f24a050c02bc8a79a071360e

SHA512
27c0f157152c77b50ff21dc8d28dacbe5ee6576a61aa457346669898fc69fddb9ce0910d16b520c285c6c3a34d0cb7c27ba698e8f03a3f2afe1080075d4a000a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1e8080139f6941582f5c4ced94444c4c

SHA1
7c2d30d5b8ddc3be99788a7fd55219b5690c7287

SHA256
784cab0fa383fdb5af12a7cec64637b509368b3adddef3351f2a80588cdac8ac

SHA512
cfa9d235df3f81cbd38737bf8512526ab583405616833de86d4574a76782a7a4a44a46a4cfc0f4f39a11699a5b5ae1935dd67354c39f84e21fa95b61f1644b94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7cab4685259ea124f8d45c3d2f5efc2f

SHA1
f6ea6d05f82142354fb6430a228af2c26fc7814b

SHA256
650b6a783a9a95e289abdf2e9026bb02e2aa364951052ecada96589a32f822f2

SHA512
afcdebc413fb67689c6219038efdf1ba13a5c01a71cf4e231fcd5dac3b8940297e1a94e352eb6e081ba921a25edc8ecdd33c0f5d2b0257a51f82ed5d5ddb4205

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d7df8532a087b821c652946800270a26

SHA1
490230dd3f3f56fea22eab7829e98435d34f6d2e

SHA256
8c70a17cf6eb731ba9e2b53376445c9e2a30de924f559cf960a366b871b1b1df

SHA512
5b9b5090544b6b422323e6d1f624426f11b2085e22a1e7024cc9cd47dd64896d5c95e04a101f3bf888f7e0f9d221ab83f843497d5f455b3ce0ce4ba3867b13ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f6681fc17e7e2e2033674790f3603df0

SHA1
4ed4fa885de4c6fba5879627e2541eef82623edd

SHA256
2cf05c750b843b18131b594e8760b333b68049d4d762282dc00478d1a7230843

SHA512
890aa5791f33ff04ef1f36a2db4be0b299bafdaeca443d7a960c15b97bb8f11f2633aefa0abb640cbdbff169422f47364ffbbabdb25ad456721dffc3a790fad6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7d3c92fa166f03d963a5798f0ed20bb9

SHA1
98038473f2e6680111ab0ec140bec1bb78d629eb

SHA256
7b64644c3bbdccd474046c7d9f6bc1014f821cd1fd8262ef570a8d00e3534ac5

SHA512
5ec77017296adfd7278ee1ca5b1bf5dabffce5223951119b7a24bb49230ac2b7b06621556e2ec8f6ad8fdb3fda045a38baf50515b11dcd06e19db3e2b53af139

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4724b91a540f9ce3abb6c469e3ec6d69

SHA1
33b1c619e1ef432c6805eb69276f5221781b8282

SHA256
d07bfd675696d3b2b06ccbdb2e786c3eeab7dc4fbc84408fa552727cb4e5aaf6

SHA512
0a5c49dfda9235f6eec31f46d6cb3472220b68533130b2f7623d64433a1f615acc40acf478754270805fb5f5b6fd2b48b49524baa5d9ffc7031b1c868d6adacd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4603903680a1e2a335e1d3adf184e444

SHA1
ccc525811bba8050e786a54175d90ec7708b9c43

SHA256
59c0c4f89798604fe779ef180488493d8db9688cff49288cae1f1a5bccd24a0f

SHA512
f4979d32fce6ce9e5638aafc50fd26781489a4a2ba9b45cd616594f624ffff438ba54390ba1f8961be884bb453b237099631564945e3c960cbae7726835ac73a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6f987fa997a5a60bc1acca1567a543a2

SHA1
f2f2156842baae8a8028113e13161421fbad9349

SHA256
ded2b743cb8049d8f47dfc558c243a6cb120736f4a1169266b55277ee370db28

SHA512
23ea1faa398e525937b70f9f508afd07b028da7f3d2d080dca735b2f01c685f7a3a36b9ca13c5c31bdd7f736b25df96c6f638a04d173ebb76a844ba38fab6179

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ebf24415dd8bc8030470227d324eeb78

SHA1
1b97a061f4356fe0897f0d4ee3b9332f5ca19c73

SHA256
4953881e3e571d07b365a24073f030e808d7f76078b78f32694cbcdfc00411f1

SHA512
daf040b8131def54f46ab78a8ff2ace6993c429ab62c8cc0c362f58b04819a505c592aeabe5e772599ba92820bb4673eea50b7354ff8c1e92d6c3d40cf39bbde

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
bce1bb535129fa41bb2a777aaff45dae

SHA1
de2f9b72cc8d35d44f4f2650d4cda922f49c5873

SHA256
86394df7ac28b4081062c465a2710159510054e8a2dbe3359ae8ef2fccf7eebd

SHA512
39bcc4b581d234db8475a0ae78e33680f241bbbab5bb0b44d016e35e4fdf04d32e57a02f18ff76732838b22d4e1650df41393a51f664447372d31d32d3d7e1e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
959659a15cd1b1d718d3a2c02c5821b9

SHA1
328764694ed17fb03933beeda84db7b97e67f856

SHA256
e621b9d4e001820f1b83fd2c6500b83a31d809b1c7e8c2cc8c1c79658c5c9929

SHA512
f375f8886a7cca4a2b8996e10e142fbc8018a12aa6c4a24f2fea49fc8ff50d98a279051bfb273b3e9ba0dcd4227b51a6af5dc4beb74e9dc5093f7e3eb62e148d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
997ac6c77c2c061b2f2d3eb5eced6408

SHA1
10ba4032e1d9308e53515d60e81f69cf94e2f229

SHA256
4d253e181176f42e1d2d3761ccc1e11c021a38a6939b64a8a69bccfbf01a39d4

SHA512
386a3424214b9df87cc82612d358a8d86acb9194a47210f3c4968e17c4e53b16e03ddd603be3890cc8da28aedd4698668f7450b35095e24f09f144e1eb3b88a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
db9169d062198ecc9c3387df66349ce5

SHA1
5edc7cfea72a2c0dad485f93193446530f80f514

SHA256
ed44b937bb94498a5529334acc3d3cda4913ef658adf0a2f894a683e4584a9a2

SHA512
541db84aa922722b7adb85253ff6fc460386902599317022463ee3417ff1454b22603ed0c98b0aefa2f651525353f5de97db87f9cba2d472665cdeabf53054fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f8c39fd51c01c28a362f484af8336df5

SHA1
eb6aded1143343c181c66fd16aab822123b316a0

SHA256
add5f76aabddd603597630ae16d968f352cc1fc3b407f32ebb304505c28ccc8d

SHA512
fcab08eb2e9c73af57e8ebea4d2825d6ad2e70c821818cb3a83986b6efd09d3f07fe3f85fb06247381ea367a2e465a89bca7a708394dd0f2156ebc4161f2352d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
8eca6105d145f4720f077da5864d70f9

SHA1
5951996e988002644351e88753973cdfd978d7e7

SHA256
324a27ba77a19182ae73510c52b3f77f967bf970d43ae8c72dda09476ccb5000

SHA512
cdd7a29ae1c02e644156bb5d12241306f3c08ff5f37bdcf4bec6f8263afc346c803dae020fd9dcf8ebbdb1833440bcf2918f26a0f9e21235642aab9b9849c235

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
488beb26248abeb8ec20a337b3d703ed

SHA1
eb4b20433dc37b48681427d3272e5aec2303b830

SHA256
6f01c89cd0ec2fbfcebe9867537a068f75755afdccc1c220608ded668f5bbe7c

SHA512
92b4235cf03ffe39c0251356b7eea86c5915476916479e2a779e728b0a6a7a2357f0297929b371ca67f34d85b7e7143f3f6a2d29bcc6b949175c5cdc9d0b715a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
7b20eb71ac16c073bb8b957c96026719

SHA1
e5fb752b8cba2b3490fdfa1d5fc9d87385c9b320

SHA256
59ebcaf85d572ecf9956fb2a951456b6110f7bf9f447efe8dbe57956089ecefa

SHA512
e2021d24ddf15d509f12db1a7b309655461cc62d317f33550e75b58533e7c0e0845f6bd5f909aead2a7abfcabdc98b10521f4b181ff1735dc0941a76c54d8bf0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
110KB

MD5
fcda89d22fbb6a80d61798557b354205

SHA1
ecf7109717a5e126c0e0053ff6738c500ca22103

SHA256
d7f974901a530e6e2ebae43ca8b1a14e7abbe956e4e88148e92b73d85615b6fc

SHA512
d2cd898ab2d8096f35acca9f9b518617d288804569942cfbddf9a4ea53418e1535d75c338b98c43f3a4c68da2a8706a2fceb361258da527d289fcc9e6c67ce99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe59f052.TMP

Filesize
101KB

MD5
9c94a53705d6fc77857cf86ca77a3966

SHA1
a5281ee779e5046bca64681776b0fa5f3e00b40a

SHA256
a6f2dd72e7f951b01609acc590dfed64439faba838af070dfd198b8840e29f1b

SHA512
2acda71db190256b59a6ab0382108507583753f13c6c099f93175c96c839d4c014fcb8f8683591a4b9dba674b1b27e72e3301b1f5c86be6a63fb89551e0f6375

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\Fantom.zip

Filesize
198KB

MD5
3500896b86e96031cf27527cb2bbce40

SHA1
77ad023a9ea211fa01413ecd3033773698168a9c

SHA256
7b8e6ac4d63a4d8515200807fbd3a2bd46ac77df64300e5f19508af0d54d2be6

SHA512
3aaeeb40471a639619a6022d8cfc308ee5898e7ce0646b36dd21c3946feb3476b51ed8dfdf92e836d77c8e8f7214129c3283ad05c3d868e1027cb8ce8aa01884

Download Submit
C:\Users\Admin\Downloads\Flasher.zip

Filesize
236KB

MD5
4c8bbc6463c293014ebc570d8df35403

SHA1
aee8b60bbd853603234a68905e268cc45152237b

SHA256
646b0a869c221a54fe1f311e8576bbf9c5ee6e1e4f4f15a327115cf7951ad395

SHA512
aaa15c109c4a7eacd9fac1520c16c8b2a9bdc93c9b6afd29b3145e3a74d34fd07502532f28d27edc2cd8e9384657371f82555e3dab1c2c0da956c69d463bb67d

Download Submit
C:\Users\Admin\Downloads\Launcher.zip

Filesize
189KB

MD5
2c3ad97f5d5314dc0be1c7859c300b8c

SHA1
00eb5237723cf6bef658e9bef0c5a466067fe67c

SHA256
291146daa2d2c2c07a299f0e5f3bf6c6d84dbd4b6ab88dfb8024ab7541a1a382

SHA512
8f5073f2f601c8ae9e0f01130ab9d9be1d6793f58905c15be99164e855150abf19fb19123faf0019ea1bb52b3acde2ea4d5d8c38c85481f5a040a3727104d23a

Download Submit
C:\Users\Admin\Downloads\NoMoreRansom.zip

Filesize
916KB

MD5
f315e49d46914e3989a160bbcfc5de85

SHA1
99654bfeaad090d95deef3a2e9d5d021d2dc5f63

SHA256
5cbb6442c47708558da29588e0d8ef0b34c4716be4a47e7c715ea844fbcf60d7

SHA512
224747b15d0713afcb2641f8f3aa1687516d42e045d456b3ed096a42757a6c10c6626672366c9b632349cf6ffe41011724e6f4b684837de9b719d0f351dfd22e

Download Submit
C:\Users\Admin\Downloads\Petya.A.zip

Filesize
128KB

MD5
1559522c34054e5144fe68ee98c29e61

SHA1
ff80eeb6bcf4498c9ff38c252be2726e65c10c34

SHA256
e99651aa5c5dcf9128adc8da685f1295b959f640a173098d07018b030d529509

SHA512
6dab1f391ab1bea12b799fcfb56d70cfbdbde05ad350b53fcb782418495fad1c275fe1a40f9edd238473c3d532b4d87948bddd140e5912f14aff4293be6e4b4c

Download Submit
C:\Users\Admin\Downloads\Popup.zip

Filesize
364KB

MD5
fceafeb5366fde06752d7249463fbdef

SHA1
4a4663496aa3a84ed23df76cd1ad6b6582c7130c

SHA256
dbe313c710acfb75149045d93887aaae8b62cf8932951baa82b2a995fcf6fefa

SHA512
de03e23d7594730b42897c0afaacaddaa181334efad4a35fb7df21fa0d25e834b391b20ab4e612a4a17a1b0c54a1e33d9be3d1efed4170a86de81eb67ff98f93

Download Submit
C:\Users\Admin\Downloads\Time.zip

Filesize
104KB

MD5
9418544d8cf5e54f71381e0cbbf71f90

SHA1
765b2b506571eebb0c7057f8eae4df19a02df227

SHA256
97b8f7fe0101acc64e962067791943fc8182aca1a692b18b88247d984212c513

SHA512
656e3cf0143e81350914d3211db4f5a7a1071efd960b4757da7ce2f9f106344fc741fd9f76443e12803a01e5910eabb5e7c8c03267bd9b4866c4ee0bded736a1

Download Submit
C:\Users\Admin\Downloads\Trololo.zip

Filesize
2.1MB

MD5
0d6fc3ace016c93aee727de88e129563

SHA1
b7ff775554b565c2412209bb13a6bb101f91b269

SHA256
0475c528402646e56df92200386b7aaedec2208eb03f8ddcfff64efa16b750fa

SHA512
537e971007965187fa25c9051f61f92061cf9fb9dd50208958e75e687e493ac5df2c30073d2cf632b5c7c59e0c7dc4a77984e740e3eb0007f8e515656d6168e5

Download Submit
C:\Users\Admin\Downloads\Vista.zip

Filesize
1.9MB

MD5
809d0fb04beeba2fcd97520adc64de5a

SHA1
a7aef4e35940f7d4e3bd45860e2e41a2a50742b2

SHA256
5d444a9088d2bc42d888d97d84bc74001c61c4324bdc5611e17dba3226e1ac1d

SHA512
1342715472635bdcc4fe3823683dd3648b4c6e1bca5be37a838db2a47b2dbc9813ea82364c6cc7f2e9db4620ccc690fee079772e058d1bc59791534a44fe0a15

Download Submit
memory/3292-734-0x0000000000400000-0x00000000005DE000-memory.dmp

Filesize
1.9MB

Download
memory/3292-704-0x0000000000400000-0x00000000005DE000-memory.dmp

Filesize
1.9MB

Download
memory/3292-703-0x0000000002220000-0x00000000022EE000-memory.dmp

Filesize
824KB

Download
memory/4164-546-0x0000000074A60000-0x0000000075210000-memory.dmp

Filesize
7.7MB

Download
memory/4164-554-0x00000000025B0000-0x00000000025DB000-memory.dmp

Filesize
172KB

Download
memory/4164-556-0x00000000025B0000-0x00000000025DB000-memory.dmp

Filesize
172KB

Download
memory/4164-558-0x00000000025B0000-0x00000000025DB000-memory.dmp

Filesize
172KB

Download
memory/4164-560-0x00000000025B0000-0x00000000025DB000-memory.dmp

Filesize
172KB

Download
memory/4164-562-0x00000000025B0000-0x00000000025DB000-memory.dmp

Filesize
172KB

Download
memory/4164-564-0x00000000025B0000-0x00000000025DB000-memory.dmp

Filesize
172KB

Download
memory/4164-566-0x00000000025B0000-0x00000000025DB000-memory.dmp

Filesize
172KB

Download
memory/4164-568-0x00000000025B0000-0x00000000025DB000-memory.dmp

Filesize
172KB

Download
memory/4164-570-0x00000000025B0000-0x00000000025DB000-memory.dmp

Filesize
172KB

Download
memory/4164-572-0x00000000025B0000-0x00000000025DB000-memory.dmp

Filesize
172KB

Download
memory/4164-576-0x00000000025B0000-0x00000000025DB000-memory.dmp

Filesize
172KB

Download
memory/4164-574-0x00000000025B0000-0x00000000025DB000-memory.dmp

Filesize
172KB

Download
memory/4164-578-0x00000000025B0000-0x00000000025DB000-memory.dmp

Filesize
172KB

Download
memory/4164-580-0x00000000025B0000-0x00000000025DB000-memory.dmp

Filesize
172KB

Download
memory/4164-582-0x00000000025B0000-0x00000000025DB000-memory.dmp

Filesize
172KB

Download
memory/4164-584-0x00000000025B0000-0x00000000025DB000-memory.dmp

Filesize
172KB

Download
memory/4164-586-0x00000000025B0000-0x00000000025DB000-memory.dmp

Filesize
172KB

Download
memory/4164-588-0x00000000025B0000-0x00000000025DB000-memory.dmp

Filesize
172KB

Download
memory/4164-590-0x00000000025B0000-0x00000000025DB000-memory.dmp

Filesize
172KB

Download
memory/4164-592-0x00000000025B0000-0x00000000025DB000-memory.dmp

Filesize
172KB

Download
memory/4164-594-0x00000000025B0000-0x00000000025DB000-memory.dmp

Filesize
172KB

Download
memory/4164-596-0x00000000025B0000-0x00000000025DB000-memory.dmp

Filesize
172KB

Download
memory/4164-598-0x00000000025B0000-0x00000000025DB000-memory.dmp

Filesize
172KB

Download
memory/4164-600-0x00000000025B0000-0x00000000025DB000-memory.dmp

Filesize
172KB

Download
memory/4164-602-0x00000000025B0000-0x00000000025DB000-memory.dmp

Filesize
172KB

Download
memory/4164-604-0x00000000025B0000-0x00000000025DB000-memory.dmp

Filesize
172KB

Download
memory/4164-606-0x00000000025B0000-0x00000000025DB000-memory.dmp

Filesize
172KB

Download
memory/4164-608-0x00000000025B0000-0x00000000025DB000-memory.dmp

Filesize
172KB

Download
memory/4164-610-0x00000000025B0000-0x00000000025DB000-memory.dmp

Filesize
172KB

Download
memory/4164-671-0x0000000004C90000-0x0000000004CA0000-memory.dmp

Filesize
64KB

Download
memory/4164-674-0x0000000004C90000-0x0000000004CA0000-memory.dmp

Filesize
64KB

Download
memory/4164-675-0x0000000002600000-0x0000000002601000-memory.dmp

Filesize
4KB

Download
memory/4164-552-0x00000000025B0000-0x00000000025DB000-memory.dmp

Filesize
172KB

Download
memory/4164-679-0x0000000004CA0000-0x0000000005244000-memory.dmp

Filesize
5.6MB

Download
memory/4164-684-0x0000000004B70000-0x0000000004C02000-memory.dmp

Filesize
584KB

Download
memory/4164-550-0x00000000025B0000-0x00000000025DB000-memory.dmp

Filesize
172KB

Download
memory/4164-548-0x00000000025B0000-0x00000000025DB000-memory.dmp

Filesize
172KB

Download
memory/4164-547-0x00000000025B0000-0x00000000025DB000-memory.dmp

Filesize
172KB

Download
memory/4164-545-0x00000000025B0000-0x00000000025E2000-memory.dmp

Filesize
200KB

Download
memory/4164-706-0x0000000005500000-0x000000000550A000-memory.dmp

Filesize
40KB

Download
memory/4164-544-0x0000000004C90000-0x0000000004CA0000-memory.dmp

Filesize
64KB

Download
memory/4164-543-0x0000000002410000-0x0000000002442000-memory.dmp

Filesize
200KB

Download
memory/4164-542-0x0000000004C90000-0x0000000004CA0000-memory.dmp

Filesize
64KB

Download
memory/4164-541-0x0000000074A60000-0x0000000075210000-memory.dmp

Filesize
7.7MB

Download
memory/4680-746-0x0000000002050000-0x0000000002062000-memory.dmp

Filesize
72KB

Download
memory/4680-745-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download