Analysis

  • max time kernel
    141s
  • max time network
    143s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240426-en
  • resource tags

    arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    27/05/2024, 18:43

General

  • Target

    z.txt

  • Size

    28B

  • MD5

    140c08a251459d3da1442f427fc239a7

  • SHA1

    028259a3584ae7893bd8f0d45433e1c9bfd763e4

  • SHA256

    9a28b37b1a41ec52993017236dd78e7259b95395bfa50227d93234d6248e3edf

  • SHA512

    d4a00853202b3edf7431ac48559e8256c7acb6172222cab1eeb3277aa349360b78f911c7a380fef9bf1dba706c7fa91183edaa665308d75449ad6c1960ce72d5

Score
7/10

Malware Config

Signatures

  • Modifies file permissions 1 TTPs 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 10 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 2 IoCs
  • NTFS ADS 1 IoCs
  • Opens file in notepad (likely ransom note) 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of FindShellTrayWindow 18 IoCs
  • Suspicious use of SendNotifyMessage 17 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\z.txt
    1⤵
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:2372
    • C:\Windows\system32\NOTEPAD.EXE
      "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\z.txt
      2⤵
      • Opens file in notepad (likely ransom note)
      PID:3388
  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3496
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • NTFS ADS
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4184
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4184.0.1357979792\1430122300" -parentBuildID 20230214051806 -prefsHandle 1788 -prefMapHandle 1780 -prefsLen 22074 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {493e540f-76b2-485f-88b7-5760d500dd43} 4184 "\\.\pipe\gecko-crash-server-pipe.4184" 1880 28a43311758 gpu
        3⤵
          PID:1612
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4184.1.1654601226\97864980" -parentBuildID 20230214051806 -prefsHandle 2392 -prefMapHandle 2388 -prefsLen 22110 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {24611308-16da-4401-a9d0-3981b12d4582} 4184 "\\.\pipe\gecko-crash-server-pipe.4184" 2404 28a3648a558 socket
          3⤵
          • Checks processor information in registry
          PID:2160
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4184.2.1293404583\933925410" -childID 1 -isForBrowser -prefsHandle 3152 -prefMapHandle 3052 -prefsLen 22148 -prefMapSize 235121 -jsInitHandle 1364 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5296b6f0-2109-43bb-a64b-575a0ee8907e} 4184 "\\.\pipe\gecko-crash-server-pipe.4184" 3164 28a46023858 tab
          3⤵
            PID:4364
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4184.3.889474825\1371103440" -childID 2 -isForBrowser -prefsHandle 3356 -prefMapHandle 1256 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1364 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {527f057a-74fa-4faf-87c4-e710eb742c4a} 4184 "\\.\pipe\gecko-crash-server-pipe.4184" 3636 28a3647ae58 tab
            3⤵
              PID:3628
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4184.4.1611652508\1689788875" -childID 3 -isForBrowser -prefsHandle 5168 -prefMapHandle 5152 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1364 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b7d570b4-77b9-40ee-a896-5f37c5a75647} 4184 "\\.\pipe\gecko-crash-server-pipe.4184" 5188 28a3643ee58 tab
              3⤵
                PID:2736
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4184.5.365002468\1736590111" -childID 4 -isForBrowser -prefsHandle 5324 -prefMapHandle 5328 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1364 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1d6aad79-f62f-4f1a-8f59-257c4492eea8} 4184 "\\.\pipe\gecko-crash-server-pipe.4184" 5316 28a4b866e58 tab
                3⤵
                  PID:2252
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4184.6.1446537821\1870224624" -childID 5 -isForBrowser -prefsHandle 5544 -prefMapHandle 5552 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1364 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dba2b565-5cc9-43f5-98c0-e2afee444623} 4184 "\\.\pipe\gecko-crash-server-pipe.4184" 5536 28a4b866858 tab
                  3⤵
                    PID:400
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4184.7.1984582266\675003607" -childID 6 -isForBrowser -prefsHandle 5924 -prefMapHandle 5928 -prefsLen 27774 -prefMapSize 235121 -jsInitHandle 1364 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ae5b61a7-8fb9-46e6-800e-e3053072e0f4} 4184 "\\.\pipe\gecko-crash-server-pipe.4184" 5940 28a4cd32858 tab
                    3⤵
                      PID:1288
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4184.8.1980604921\445835876" -parentBuildID 20230214051806 -prefsHandle 5716 -prefMapHandle 3940 -prefsLen 28175 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {29f22130-3e7e-4266-9e91-6c466153e50d} 4184 "\\.\pipe\gecko-crash-server-pipe.4184" 6204 28a426f1758 rdd
                      3⤵
                        PID:4596
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4184.9.524363899\1950042168" -parentBuildID 20230214051806 -sandboxingKind 1 -prefsHandle 3936 -prefMapHandle 2756 -prefsLen 28175 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1a21f03c-6722-46b0-9b18-54cb9b5fb090} 4184 "\\.\pipe\gecko-crash-server-pipe.4184" 6224 28a478e7258 utility
                        3⤵
                          PID:4820
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4184.10.964091804\834649439" -childID 7 -isForBrowser -prefsHandle 10212 -prefMapHandle 6348 -prefsLen 28175 -prefMapSize 235121 -jsInitHandle 1364 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5ff3fdd4-c074-4a77-9484-aed5e66af836} 4184 "\\.\pipe\gecko-crash-server-pipe.4184" 10320 28a48850258 tab
                          3⤵
                            PID:5112
                          • C:\Program Files\Mozilla Firefox\firefox.exe
                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4184.11.376798737\273097528" -childID 8 -isForBrowser -prefsHandle 10132 -prefMapHandle 6448 -prefsLen 28175 -prefMapSize 235121 -jsInitHandle 1364 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fa7c95dc-7b6a-43cc-8e6a-872443db0814} 4184 "\\.\pipe\gecko-crash-server-pipe.4184" 10348 28a48851a58 tab
                            3⤵
                              PID:4748
                        • C:\Program Files\Java\jre-1.8\bin\javaw.exe
                          "C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\Downloads\thunderhack-1.6.jar"
                          1⤵
                            PID:2732
                            • C:\Windows\system32\icacls.exe
                              C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
                              2⤵
                              • Modifies file permissions
                              PID:3208
                          • C:\Windows\System32\rundll32.exe
                            C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                            1⤵
                              PID:996
                            • C:\Program Files\Java\jre-1.8\bin\javaw.exe
                              "C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\Downloads\thunderhack-1.6.jar"
                              1⤵
                                PID:4068
                              • C:\Program Files\Java\jre-1.8\bin\javaw.exe
                                "C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\Downloads\thunderhack-1.6.jar"
                                1⤵
                                  PID:2332
                                • C:\Program Files\Java\jre-1.8\bin\javaw.exe
                                  "C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\Downloads\thunderhack-1.6.jar"
                                  1⤵
                                    PID:3276

                                  Network

                                        MITRE ATT&CK Enterprise v15

                                        Replay Monitor

                                        Loading Replay Monitor...

                                        Downloads

                                        • C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

                                          Filesize

                                          46B

                                          MD5

                                          f8e9141bd180cd418a80d5cb8e6eefeb

                                          SHA1

                                          b3b3c104fedf0570edf3ed6aa52914f4848547b8

                                          SHA256

                                          bc3aba627a5103d769d094b550a633d262f25ab9cc3b6b523607919484bdf510

                                          SHA512

                                          ac5e97b9dca1e6368c740b7c195a330738a2b3cbb8932ed67a5f5b1816122bc120561df826d2e718cfe10e890395ecd1ab1b8b171bbccc138af741064bf99801

                                        • C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

                                          Filesize

                                          46B

                                          MD5

                                          fbb31393360061daf059339999f81ceb

                                          SHA1

                                          03096b781166a551b6a61905cb25a9b8a4049db2

                                          SHA256

                                          f6e52f528f5e79a80379a47a868c6426d38762660991ab63448a3340957faec2

                                          SHA512

                                          530a0cdf6099beef31636ba4ab7801d545aa9810c5b97f56e369540ef3c984145c656a4a898bdb801b4c5815d25fb547de3f35cf886663258cc8246a6594421a

                                        • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3b1psp2h.default-release\activity-stream.discovery_stream.json.tmp

                                          Filesize

                                          27KB

                                          MD5

                                          c73f5cb343416423917d8745a12a15ad

                                          SHA1

                                          3de11bc36221232d1272e5596876440eae08f998

                                          SHA256

                                          f92fc60a3e98ae1961187ee57751d740679f462dc70d7dfbbeaafc8b574c3893

                                          SHA512

                                          a41eec673c462e807e3dc9f8d415b53ed42ffc1372408f08e655909893c6da553991445035570edcd56540dfbedb3b1846e6474cb12714a14e8344ebfdf23e3e

                                        • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3b1psp2h.default-release\cache2\doomed\5354

                                          Filesize

                                          10KB

                                          MD5

                                          5e2a3cadedc19c4cb9ca994a4acf1307

                                          SHA1

                                          1e6ddd0137a263df09a464f77e87534aae567324

                                          SHA256

                                          d5a878fd20d8db2c13d58fab9d213f5d88e1c140b9d7f025d78df43f37f70521

                                          SHA512

                                          f1ce012198834ce09e4d018c4cf0a015ad060e45991be744bbf8a97c9b829d1a4923bd5f96828bb37686818672c9de876db8a55ec523bcc2e55624fb6860d474

                                        • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3b1psp2h.default-release\cache2\entries\1158B341543196B1FFC5BA8A0B593ABD33165001

                                          Filesize

                                          60KB

                                          MD5

                                          4587c19a67f2a6ab0ee766b2b0d2e1ac

                                          SHA1

                                          bd03deaa9bb8c9b35fdef9c71469b235b08f4e19

                                          SHA256

                                          9ca970cf4202a1a15c811ba96074c3b31cb39b0fea468546855fe9a89eaa590a

                                          SHA512

                                          ade981b7037c49d8cbc676d6590f57ac0ce5c490b983db0746f71e28c3538f01088016d7d76824e2ec9424edd2551b0f8265b0de8d09c9a870e43a192880ea57

                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3b1psp2h.default-release\prefs-1.js

                                          Filesize

                                          6KB

                                          MD5

                                          57a8e5ca0e846ec5f5a947aa54fc6988

                                          SHA1

                                          5868dcd8c5d7bb4a069ce7db4bd8cb5cfbb3b291

                                          SHA256

                                          e1989966e8b4f3f21e635599bded42ed3b05bb2f1424e642ff77a0fdbc50add1

                                          SHA512

                                          34f2c9cb0d7a8047f52bcbda0c5b42761b7915f84e43a8231e25ba8469bb1f699fd8a0d881941c8f016ee4c89f835403b758e22fd30f6fb3f5d370ce28d19e09

                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3b1psp2h.default-release\prefs-1.js

                                          Filesize

                                          7KB

                                          MD5

                                          d45c6c143114aa21bf2ab0eac9a6fc97

                                          SHA1

                                          bd9a2c29a8bfe1dea5d1af2939224ae850b273a5

                                          SHA256

                                          541fdff8a496a04a2578c756790e7320add8baf2d953160e185456c856dee726

                                          SHA512

                                          c5d06a8a42c6e306e097e52e502356478b8e0fc3622a7daffcd87ebbc6edfe310dce81a6e822372417847e0d6955828f1fcb9a8d1749d7a747e7df0bc1fb1614

                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3b1psp2h.default-release\prefs-1.js

                                          Filesize

                                          7KB

                                          MD5

                                          1a18fd579503d1b5574c82da84780332

                                          SHA1

                                          eca0c856cbeb9cdef332fbef9f77ea37b4ba4863

                                          SHA256

                                          2b48ec79b99f379d38465777678c9b7284d40779f3256131daf6cca1de927a07

                                          SHA512

                                          a3fbe4698faebb05249fa2916539246d116d018fc2100b63c33f267222eea7269b349dd3b548ef8dd5a65fe46a0fe95605e5256b3b065d71f921f04e820f3feb

                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3b1psp2h.default-release\prefs.js

                                          Filesize

                                          6KB

                                          MD5

                                          a2feff1d5e19d861e9bebafef80f14e1

                                          SHA1

                                          a7023fe693e5efb6a792327fe6d707f3ade43655

                                          SHA256

                                          1d3dcb69dd67b4d5b11785923c8ba529e149ec0b0fd34016a7e1c5effdaee81d

                                          SHA512

                                          92632f742705a974d43f8c2f2def7bc72f98e1994dbffad5c49a5d71d65276e52b53c963e6651a837138e2a516cd23920186faaa9aebea1899d83887b0ea4692

                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3b1psp2h.default-release\prefs.js

                                          Filesize

                                          7KB

                                          MD5

                                          18eed9ddab8f87a76506d603a17bd0aa

                                          SHA1

                                          56dd4ac8da11f2ef5e0877e51208fed1cf232a17

                                          SHA256

                                          2b970a03deabdf8056c3c78dcc8b99379dc87f1db89b31f699b280cb6e1cac62

                                          SHA512

                                          2a4caa7706d841f718b1ff942cbe1660e379b1ef1c7077a32eacae65fc3299bbaf7477bbf531e98968eb0323b250f855e3469e06ded5285e7f1dc8c43a76a356

                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3b1psp2h.default-release\sessionstore-backups\recovery.jsonlz4

                                          Filesize

                                          4KB

                                          MD5

                                          1b77221033a694fb06501b5bced51053

                                          SHA1

                                          c03571b70730590cca9ca735131fe3b901e3aa29

                                          SHA256

                                          ea7ae3c79c3700fbbe8e090474cd3aabaaa68759cd39db18b1efccdaf6800337

                                          SHA512

                                          d10e2b8468dabd08422b0ec59a484c84d2381dc4f033878cd0fbe9b9e8f7a8b41634c95276e3acbf521b617186bfe734321a31ca08d5caa5bc77ff4a43aeaca0

                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3b1psp2h.default-release\sessionstore-backups\recovery.jsonlz4

                                          Filesize

                                          4KB

                                          MD5

                                          972f2655986a93bc5e5a147b1583c4f5

                                          SHA1

                                          1d6f955c1c4d83143393422b927f7fdf1156d888

                                          SHA256

                                          38abc7540a594987ff92da703506babbada4e9aa84d1c2c3d54518fac1e9acf2

                                          SHA512

                                          4d8ac7c0d0c6804b9cc8aca39fc2d08fcdb32a3234f8b0f10b48ef4da843323cb78ee1439b3852bb40a746ca1874ae6013df347b4a65992a0eadf1ee6d81fa31

                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3b1psp2h.default-release\sessionstore-backups\recovery.jsonlz4

                                          Filesize

                                          3KB

                                          MD5

                                          6ba73caabd2eefbfa34c41aabd1463a2

                                          SHA1

                                          15306813951b464cec4fb42985451aeb735344db

                                          SHA256

                                          04caac7380d4a191c64114ff20ac66fab78f282b627a9db9e5ce93ae1f1e3678

                                          SHA512

                                          e40bfcd68f401a99cb43b4376fea80a1889b5be63c55461515f4f8b77a13645f13f199b645a89634df32d9145ae5274c86f2e658df8637445b1851121a68540e

                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3b1psp2h.default-release\sessionstore-backups\recovery.jsonlz4

                                          Filesize

                                          4KB

                                          MD5

                                          dccd1e92d1cab09f1c281e0e227a7e88

                                          SHA1

                                          71f28bef50bb53aced7b1b1656bf4da5214c50cd

                                          SHA256

                                          70bf5c56f77468c9359b5805bedfe632a99081bca11f4e6f6172c83118ce09b9

                                          SHA512

                                          feaff1b7f7c06930297f83a81bc73710f46047eb7e7264a71e52b051e0dd600bf793bc9dfe9d2be1bfcd76c3e132d20543d5eabaea1cdb046bde605c7b4db9c5

                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3b1psp2h.default-release\sessionstore.jsonlz4

                                          Filesize

                                          5KB

                                          MD5

                                          75b6208d1976ac8092c82cf53487ec2a

                                          SHA1

                                          c26ea31740775a32209b4f228c3c9b47e7e259f0

                                          SHA256

                                          9eab125fef4d14ad8df4411582cee510b4c206e9e54099d72b29a7acad0a89bb

                                          SHA512

                                          f0346ec7c50e5f3e473a6e4c43aeb0e379c6bc1a423694dfbe835a5cc83c8d570547a91dece85d1d081ae9841785e21c843ebb21cc04085d1aec33d3f718a944

                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3b1psp2h.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite

                                          Filesize

                                          48KB

                                          MD5

                                          a046802a086641508226391874157420

                                          SHA1

                                          a35a5dd0e984aa3bccda356ebdddff70697ccc67

                                          SHA256

                                          26e5a153696bc656b91d6b7a879d10b6f2529b6da021803872427ebfacd31d4b

                                          SHA512

                                          4188d27a34e11f98e91e218564a2fb8a1d4014dc7e957c8e78da8373a098b6112a85f0e0ff595de9b67298f7bf499e5b233e602cb4bd9e1c2a853a17e06ba674

                                        • C:\Users\Admin\Downloads\thunderhack-1.6.jar

                                          Filesize

                                          5.5MB

                                          MD5

                                          d09b08e8a8b4fda3c4bc9fdd7e1d573a

                                          SHA1

                                          4d2e28b9cc7bab778943e1d51007feb32daeb866

                                          SHA256

                                          3cbd5128127ec3e1e2b6c10702175fdd0c2f7a58233673ad4844cfda8441f5c9

                                          SHA512

                                          b2482b31fa74d57bd63cf18178b70196aeb4e02abcbc3c5949378d4d20e4f7517c81f47bae5f5acc18a7edaaeed2a0e7a29f8e1a1301cd411f0257a667b748de

                                        • C:\Users\Admin\Downloads\thunderhack-1.JohE5EfN.6.jar.part

                                          Filesize

                                          37KB

                                          MD5

                                          c1e96a07f785f211c7a643f2ee819da8

                                          SHA1

                                          78bea77c5c4f8e3040d9733a56430d14140ecd94

                                          SHA256

                                          fd569f6ec31422cd75fa3851a04e32de703629d6769f11fa71d4497941701691

                                          SHA512

                                          da0938098308c31f515c7d4a018f2b88b1ad7194e787aedf4e6bf38a71b2176387638c79faf4ad74f16e5f3eaa74acad77a2912d73e9b354b22a36d7d507de45

                                        • memory/2332-568-0x000001FD44400000-0x000001FD44401000-memory.dmp

                                          Filesize

                                          4KB

                                        • memory/2732-543-0x00000279B30A0000-0x00000279B30A1000-memory.dmp

                                          Filesize

                                          4KB

                                        • memory/3276-580-0x00000167A4A10000-0x00000167A4A11000-memory.dmp

                                          Filesize

                                          4KB

                                        • memory/4068-556-0x0000023DA5520000-0x0000023DA5521000-memory.dmp

                                          Filesize

                                          4KB