Analysis Overview
SHA256
57b5c39fdcd0054a5f8979a1531861a4a1fe39bf55f4e9efbc331cdb24da12e7
Threat Level: Known bad
The file 2024-06-18_363933ccd21e56d8786ffde6ee09a4b1_blackkingdom was found to be: Known bad.
Malicious Activity Summary
UPX packed file
Loads dropped DLL
Reads user/profile data of web browsers
Drops desktop.ini file(s)
Detects Pyinstaller
Unsigned PE
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-19 00:14
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Detects Pyinstaller
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-19 00:14
Reported
2024-06-19 00:17
Platform
win7-20240508-en
Max time kernel
150s
Max time network
122s
Command Line
Signatures
Loads dropped DLL
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops desktop.ini file(s)
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-06-18_363933ccd21e56d8786ffde6ee09a4b1_blackkingdom.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-06-18_363933ccd21e56d8786ffde6ee09a4b1_blackkingdom.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-06-18_363933ccd21e56d8786ffde6ee09a4b1_blackkingdom.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-18_363933ccd21e56d8786ffde6ee09a4b1_blackkingdom.exe"
C:\Users\Admin\AppData\Local\Temp\2024-06-18_363933ccd21e56d8786ffde6ee09a4b1_blackkingdom.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-18_363933ccd21e56d8786ffde6ee09a4b1_blackkingdom.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c powershell Get-Service *sql*|Stop-Service -Force 2>$null
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Service *sql*
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c powershell rm (Get-PSReadlineOption).HistorySavePath
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell rm (Get-PSReadlineOption).HistorySavePath
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | mega.io | udp |
Files
memory/2072-0-0x000000013F800000-0x000000013F87C000-memory.dmp
memory/2072-1032-0x0000000000210000-0x000000000028C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI20722\ucrtbase.dll
| MD5 | 298e85be72551d0cdd9ed650587cfdc6 |
| SHA1 | 5a82bcc324fb28a5147b4e879b937fb8a56b760c |
| SHA256 | eb89af5911a60d892a685181c397d32b72c61dc2ad77dd45b8cac0fbb7602b84 |
| SHA512 | 3fafea5ff0d0b4e07f6354c37b367ada4da1b607186690c732364518a93c3fd2f5004014c9c3d23dde28db87d1cb9ae1259cda68b9ba757db59a59d387ac4e02 |
memory/2284-1033-0x000000013F800000-0x000000013F87C000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI20722\api-ms-win-core-localization-l1-2-0.dll
| MD5 | 54d2f426bc91ecf321908d133b069b20 |
| SHA1 | 78892ea2873091f016daa87d2c0070b6c917131f |
| SHA256 | 646b28a20208be68439d73efa21be59e12ed0a5fe9e63e5d3057ca7b84bc6641 |
| SHA512 | 6b1b095d5e3cc3d5909ebda4846568234b9bc43784919731dd906b6fa62aa1fdf723ac0d18bca75d74616e2c54c82d1402cc8529d75cb1d7744f91622ac4ec06 |
C:\Users\Admin\AppData\Local\Temp\_MEI20722\api-ms-win-core-processthreads-l1-1-1.dll
| MD5 | d1b3cc23127884d9eff1940f5b98e7aa |
| SHA1 | d1b108e9fce8fba1c648afaad458050165502878 |
| SHA256 | 51a73fbfa2afe5e45962031618ec347aaa0857b11f3cf273f4c218354bfe70cb |
| SHA512 | ee5e0d546190e8ba9884ab887d11bb18fc71d3878983b544cd9ab80b6dd18ad65e66fe49fe0f4b92cbc51992fb1c39de091cf789159625341a03f4911b968fa2 |
C:\Users\Admin\AppData\Local\Temp\_MEI20722\api-ms-win-core-file-l1-2-0.dll
| MD5 | b5060343583e6be3b3de33ccd40398e0 |
| SHA1 | 5b33b8db5d6cfb0e8a5bb7f209df2c6191b02edb |
| SHA256 | 27878021c6d48fb669f1822821b5934f5a2904740bebb340b6849e7635490cb7 |
| SHA512 | 86610edc05aa1b756c87160f9eefe9365e3f712c5bed18c8feca3cae12aef07ccc44c45c4be19dc8f9d337a6f6709b260c89019a5efcfe9fa0847d85ab64d282 |
C:\Users\Admin\AppData\Local\Temp\_MEI20722\api-ms-win-core-file-l2-1-0.dll
| MD5 | 2e8995e2320e313545c3ddb5c71dc232 |
| SHA1 | 45d079a704bec060a15f8eba3eab22ac5cf756c6 |
| SHA256 | c55eb043454ac2d460f86ea26f934ecb16bdb1d05294c168193a05090bf1c56c |
| SHA512 | 19adcc5dd98f30b4eebefe344e1939c93c284c802043ea3ac22654cf2e23692f868a00a482c9be1b1e88089a5031fa81a3f1165175224309828bd28ee12f2d49 |
C:\Users\Admin\AppData\Local\Temp\_MEI20722\python37.dll
| MD5 | c4709f84e6cf6e082b80c80b87abe551 |
| SHA1 | c0c55b229722f7f2010d34e26857df640182f796 |
| SHA256 | ca8e39f2b1d277b0a24a43b5b8eada5baf2de97488f7ef2484014df6e270b3f3 |
| SHA512 | e04a5832b9f2e1e53ba096e011367d46e6710389967fa7014a0e2d4a6ce6fc8d09d0ce20cee7e7d67d5057d37854eddab48bef7df1767f2ec3a4ab91475b7ce4 |
\Users\Admin\AppData\Local\Temp\_MEI20722\api-ms-win-core-timezone-l1-1-0.dll
| MD5 | 36165a5050672b7b0e04cb1f3d7b1b8f |
| SHA1 | ef17c4622f41ef217a16078e8135acd4e2cf9443 |
| SHA256 | d7ab47157bff1b2347e7ae945517b4fc256425939ba7b6288ff85a51931568a7 |
| SHA512 | da360ff716bb66dd1adb5d86866b4b81b08a6fe86362fded05430f833a96934ccdada1b3081b55766a4a30c16d0d62aa1715b8839ea5c405a40d9911715dae68 |
C:\Users\Admin\AppData\Local\Temp\_MEI20722\api-ms-win-crt-runtime-l1-1-0.dll
| MD5 | dbd23405e7baa8e1ac763fa506021122 |
| SHA1 | c50ae9cc82c842d50c4317034792d034ac7eb5be |
| SHA256 | 57fe2bab2acb1184a468e45cebe7609a2986d5220bb2d82592b9ca6e22384f89 |
| SHA512 | dafea32e44224b40dcc9ca96fd977a7c14128ca1dd0a6144844537d52ba25bcec83c2fa94a665a7497be9e079e7fc71298b950e3a8a0c03c4a5c8172f11063b9 |
C:\Users\Admin\AppData\Local\Temp\_MEI20722\api-ms-win-crt-heap-l1-1-0.dll
| MD5 | a22f9a4cbd701209842b204895fedf37 |
| SHA1 | 72fa50160baf1f2ea2adcff58f3f90a77a59d949 |
| SHA256 | 2ee3d52640d84ac4f7f7ddfe748f51baa6fd0d492286c781251222420e85ca97 |
| SHA512 | 903755d4fa6651669295a10e66be8ea223cd8d5ad60ebe06188d8b779fef7e964d0aa26dc5479f14aab655562d3c1ef76b86790fb97f991eaf52da0f70e40529 |
C:\Users\Admin\AppData\Local\Temp\_MEI20722\api-ms-win-crt-convert-l1-1-0.dll
| MD5 | 0485c463cd8d2ae1cbd42df6f0591246 |
| SHA1 | ea634140905078e8f687a031ae919cff23c27e6f |
| SHA256 | 983f4d4c7b7330e7f5f091080c1e81905575ebccd97e11dff8a064979ec8d9b8 |
| SHA512 | ddf947a1b86c3826859570a3e1d59e4ec4564cfcf25c84841383a4b5f5ad6c2fe618078416aed201fb744d5fbd6c39dab7c1e964dd5e148da018a825fcc0044a |
C:\Users\Admin\AppData\Local\Temp\_MEI20722\api-ms-win-crt-locale-l1-1-0.dll
| MD5 | ba17b278fff2c18e34e47562ddde8166 |
| SHA1 | bed762d11b98737fcf1d1713d77345ec4780a8c2 |
| SHA256 | c36f5c0ac5d91a8417866dd4d8c670c2192ba83364693e7438282fb8678c3d1e |
| SHA512 | 72516b81606ccf836549c053325368e93264fdebc7092e42e3df849a16ccefa81b7156ae5609e227faa7c9c1bf9d68b2ac349791a839f4575728f350dd048f27 |
C:\Users\Admin\AppData\Local\Temp\_MEI20722\api-ms-win-crt-time-l1-1-0.dll
| MD5 | 0d9afb006f46478008c180b9da5465ac |
| SHA1 | 3be2f543bbc8d9f1639d0ed798c5856359a9f29b |
| SHA256 | c3a70153e1d0ecd1cbf95de033bfef5cfecabe7a8274cafe272cc2c14865cd8c |
| SHA512 | 4bd76efcb2432994d10884c302aee6cadbc2d594bbbd4e654c1e8547a1efd76fd92e4879b8120dfacb5e8a77826009f72faa5727b1aa559ed3fc86d0ce3ed029 |
C:\Users\Admin\AppData\Local\Temp\_MEI20722\api-ms-win-crt-environment-l1-1-0.dll
| MD5 | e48a1860000fd2bd61566e76093984f5 |
| SHA1 | aa3f233fb19c9e7c88d4307bade2a6eef6518a8a |
| SHA256 | 67bbb287b2e9057bf8b412ad2faa266321ac28c6e6ba5f22169e2517a3ead248 |
| SHA512 | 46b384c45d2fe2b70a5ac8ee087ba55828a62ccab876a21a3abd531d4de5ec7be21ff34b2284e0231b6cf0869eba09599c3b403db84448f20bd0fff88c1956d5 |
C:\Users\Admin\AppData\Local\Temp\_MEI20722\api-ms-win-crt-filesystem-l1-1-0.dll
| MD5 | 1193f810519fbc07beb3ffbad3247fc4 |
| SHA1 | db099628a19b2d34e89028c2e16bc89df28ed78f |
| SHA256 | ab2158fe6b354fb429f57f374ca25105b44e97edcbdc1b752650d895dadd6fd1 |
| SHA512 | 3222a10c3be5098aca0211015efe75cfbcd408fd28315acedd016d8f77513f81e207536b072001525965635da39c4aae8ef9f6ad367f5d695de67b1614179353 |
C:\Users\Admin\AppData\Local\Temp\_MEI20722\base_library.zip
| MD5 | a70f10b994f5b2e03777b4d355eef788 |
| SHA1 | 141be3cef837cf6120f71c714259d9799586b483 |
| SHA256 | 766089d80d0136ce9a4f24f1dd717a8575b0075c5d9c3c72b84807e0647ffa2c |
| SHA512 | 5651e26f0a3de35e455977d3cfc06e2b38defe5e52656e3213177a0a621eca3b3391bf414371cecf88d9ff903747231092b8d1d2206d5f020e1c438c70d8eb38 |
\Users\Admin\AppData\Local\Temp\_MEI20722\_ctypes.pyd
| MD5 | 5e869eebb6169ce66225eb6725d5be4a |
| SHA1 | 747887da0d7ab152e1d54608c430e78192d5a788 |
| SHA256 | 430f1886caf059f05cde6eb2e8d96feb25982749a151231e471e4b8d7f54f173 |
| SHA512 | feb6888bb61e271b1670317435ee8653dedd559263788fbf9a7766bc952defd7a43e7c3d9f539673c262abedd97b0c4dd707f0f5339b1c1570db4e25da804a16 |
C:\Users\Admin\AppData\Local\Temp\_MEI20722\_socket.pyd
| MD5 | 8ea18d0eeae9044c278d2ea7a1dbae36 |
| SHA1 | de210842da8cb1cb14318789575d65117d14e728 |
| SHA256 | 9822c258a9d25062e51eafc45d62ed19722e0450a212668f6737eb3bfe3a41c2 |
| SHA512 | d275ce71d422cfaacef1220dc1f35afba14b38a205623e3652766db11621b2a1d80c5d0fb0a7df19402ebe48603e76b8f8852f6cbff95a181d33e797476029f0 |
\Users\Admin\AppData\Local\Temp\_MEI20722\api-ms-win-crt-conio-l1-1-0.dll
| MD5 | 75e626c3ebf160ebe75c59d3d6ac3739 |
| SHA1 | 02a99199f160020b1086cec6c6a2983908641b65 |
| SHA256 | 762ca8dd14f8ff603d06811ba904c973a684022202476bca45e9dc1345151ac4 |
| SHA512 | 5ad205b90ac1658c5b07f6f212a82be8792999b68f9c9617a1298b04d83e7fcb9887ed307a9d31517bcba703b3ee6699ea93f67b06629355ea6519fed0a6d29a |
\Users\Admin\AppData\Local\Temp\_MEI20722\api-ms-win-crt-process-l1-1-0.dll
| MD5 | d8a5c1960281ec59fd4164c983516d7c |
| SHA1 | 29e6feff9fb16b9d8271b7da6925baf3c6339d06 |
| SHA256 | 12bb3f480ec115d5f9447414525c5dcd236ed48356d5a70650541c9499bc4d19 |
| SHA512 | c97aa4029bcd8ffc490547dd78582ac81049dded2288102b800287a7fb623d9fde327702f8a24dfe2d2d67b2c9aaf97050756474faa4914ca4cb6038449c64bf |
\Users\Admin\AppData\Local\Temp\_MEI20722\api-ms-win-crt-math-l1-1-0.dll
| MD5 | c4cac2d609bb5e0da9017ebb535634ce |
| SHA1 | 51a264ce4545a2f0d9f2908771e01e001b4e763e |
| SHA256 | 7c3336c3a50bf3b4c5492c0d085519c040878243e9f7d3ea9f6a2e35c8f1f374 |
| SHA512 | 3b55bdbc5132d05ab53852605afe6ed49f4b3decdde8b11f19a621a78a37d98c7aeaaa8c10bf4565b9b50162816305fa5192ee31950a96dc08ae46bfc6af4ffe |
\Users\Admin\AppData\Local\Temp\_MEI20722\api-ms-win-crt-stdio-l1-1-0.dll
| MD5 | 5df2410c0afd30c9a11de50de4798089 |
| SHA1 | 4112c5493009a1d01090ccae810500c765dc6d54 |
| SHA256 | e6a1ef1f7c1957c50a3d9c1d70c0f7b0d8badc7f279cd056eb179dc256bfefda |
| SHA512 | 8ecb79078d05d5b2a432f511953985b3253d5d43d87709a5795709ee8dbca63c5f1166ed94d8984c13f2ea06adfa7d6b82c6735c23c6e64f2f37a257066864e6 |
\Users\Admin\AppData\Local\Temp\_MEI20722\api-ms-win-crt-string-l1-1-0.dll
| MD5 | aacade02d7aaf6b5eff26a0e3a11c42d |
| SHA1 | 93b8077b535b38fdb0b7c020d24ba280adbe80c3 |
| SHA256 | e71d517e6b7039437e3fc449d8ad12eeeca0d5c8ed1c500555344fd90ddc3207 |
| SHA512 | e02fcbcb70100f67e65903d8b1a7e6314cabfb0b14797bd6e1c92b7bcb3994a54133e35d16da0a29576145b2783221330591526f856b79a25c0575fc923985a6 |
\Users\Admin\AppData\Local\Temp\_MEI20722\VCRUNTIME140.dll
| MD5 | 89a24c66e7a522f1e0016b1d0b4316dc |
| SHA1 | 5340dd64cfe26e3d5f68f7ed344c4fd96fbd0d42 |
| SHA256 | 3096cafb6a21b6d28cf4fe2dd85814f599412c0fe1ef090dd08d1c03affe9ab6 |
| SHA512 | e88e0459744a950829cd508a93e2ef0061293ab32facd9d8951686cbe271b34460efd159fd8ec4aa96ff8a629741006458b166e5cff21f35d049ad059bc56a1a |
C:\Users\Admin\AppData\Local\Temp\_MEI20722\select.pyd
| MD5 | fb4a0d7abaeaa76676846ad0f08fefa5 |
| SHA1 | 755fd998215511506edd2c5c52807b46ca9393b2 |
| SHA256 | 65a3c8806d456e9df2211051ed808a087a96c94d38e23d43121ac120b4d36429 |
| SHA512 | f5b3557f823ee4c662f2c9b7ecc5497934712e046aa8ae8e625f41756beb5e524227355316f9145bfabb89b0f6f93a1f37fa94751a66c344c38ce449e879d35f |
C:\Users\Admin\AppData\Local\Temp\_MEI20722\pywintypes37.dll
| MD5 | 77b6875977e77c4619bbb471d5eaf790 |
| SHA1 | f08c3bc5e918c0a197fbfd1b15e7c0491bd5fade |
| SHA256 | 780a72ba3215ff413d5a9e98861d8bb87c15c43a75bb81dc985034ae7dcf5ef6 |
| SHA512 | 783939fc97b2445dfe7e21eb6b71711aba6d85e275e489eddcc4f20c2ed018678d8d14c9e1856f66e3876f318312d69c22cee77f9105a72e56a1be4f3e8a7c2e |
C:\Users\Admin\AppData\Local\Temp\_MEI20722\_ssl.pyd
| MD5 | 5a393bb4f3ae499541356e57a766eb6a |
| SHA1 | 908f68f4ea1a754fd31edb662332cf0df238cf9a |
| SHA256 | b6593b3af0e993fd5043a7eab327409f4bf8cdcd8336aca97dbe6325aefdb047 |
| SHA512 | 958584fd4efaa5dd301cbcecbfc8927f9d2caec9e2826b2af9257c5eefb4b0b81dbbadbd3c1d867f56705c854284666f98d428dc2377ccc49f8e1f9bbbed158f |
C:\Users\Admin\AppData\Local\Temp\_MEI20722\libcrypto-1_1.dll
| MD5 | cc4cbf715966cdcad95a1e6c95592b3d |
| SHA1 | d5873fea9c084bcc753d1c93b2d0716257bea7c3 |
| SHA256 | 594303e2ce6a4a02439054c84592791bf4ab0b7c12e9bbdb4b040e27251521f1 |
| SHA512 | 3b5af9fbbc915d172648c2b0b513b5d2151f940ccf54c23148cd303e6660395f180981b148202bef76f5209acc53b8953b1cb067546f90389a6aa300c1fbe477 |
C:\Users\Admin\AppData\Local\Temp\_MEI20722\api-ms-win-crt-utility-l1-1-0.dll
| MD5 | 9b622ca5388b6400705c8f21550bae8e |
| SHA1 | eb599555448bf98cdeabc2f8b10cfe9bd2181d9f |
| SHA256 | af1e1b84f066ba05da20847bffd874d80a810b5407f8c6647b3ff9e8f7d37863 |
| SHA512 | 9872f54ac744cf537826277f1c0a3fd00c5aa51f353692c1929be7bc2e3836e1a52cab2c467ba675d4052ac3116f5622755c3db8be389c179f7d460391105545 |
C:\Users\Admin\AppData\Local\Temp\_MEI20722\libssl-1_1.dll
| MD5 | bc778f33480148efa5d62b2ec85aaa7d |
| SHA1 | b1ec87cbd8bc4398c6ebb26549961c8aab53d855 |
| SHA256 | 9d4cf1c03629f92662fc8d7e3f1094a7fc93cb41634994464b853df8036af843 |
| SHA512 | 80c1dd9d0179e6cc5f33eb62d05576a350af78b5170bfdf2ecda16f1d8c3c2d0e991a5534a113361ae62079fb165fff2344efd1b43031f1a7bfda696552ee173 |
C:\Users\Admin\AppData\Local\Temp\_MEI20722\_hashlib.pyd
| MD5 | b32cb9615a9bada55e8f20dcea2fbf48 |
| SHA1 | a9c6e2d44b07b31c898a6d83b7093bf90915062d |
| SHA256 | ca4f433a68c3921526f31f46d8a45709b946bbd40f04a4cfc6c245cb9ee0eab5 |
| SHA512 | 5c583292de2ba33a3fc1129dfb4e2429ff2a30eeaf9c0bcff6cca487921f0ca02c3002b24353832504c3eec96a7b2c507f455b18717bcd11b239bbbbd79fadbe |
C:\Users\Admin\AppData\Local\Temp\_MEI20722\_tkinter.pyd
| MD5 | 09f66528018ffef916899845d6632307 |
| SHA1 | cf9ddad46180ef05a306dcb05fdb6f24912a69ce |
| SHA256 | 34d89fe378fc10351d127fb85427449f31595eccf9f5d17760b36709dd1449b9 |
| SHA512 | ed406792d8a533db71bd71859edbb2c69a828937757afec1a83fd1eacb1e5e6ec9afe3aa5e796fa1f518578f6d64ff19d64f64c9601760b7600a383efe82b3de |
C:\Users\Admin\AppData\Local\Temp\_MEI20722\tcl86t.dll
| MD5 | c0b23815701dbae2a359cb8adb9ae730 |
| SHA1 | 5be6736b645ed12e97b9462b77e5a43482673d90 |
| SHA256 | f650d6bc321bcda3fc3ac3dec3ac4e473fb0b7b68b6c948581bcfc54653e6768 |
| SHA512 | ed60384e95be8ea5930994db8527168f78573f8a277f8d21c089f0018cd3b9906da764ed6fcc1bd4efad009557645e206fbb4e5baef9ab4b2e3c8bb5c3b5d725 |
C:\Users\Admin\AppData\Local\Temp\_MEI20722\tk86t.dll
| MD5 | fdc8a5d96f9576bd70aa1cadc2f21748 |
| SHA1 | bae145525a18ce7e5bc69c5f43c6044de7b6e004 |
| SHA256 | 1a6d0871be2fa7153de22be008a20a5257b721657e6d4b24da8b1f940345d0d5 |
| SHA512 | 816ada61c1fd941d10e6bb4350baa77f520e2476058249b269802be826bab294a9c18edc5d590f5ed6f8dafed502ab7ffb29db2f44292cb5bedf2f5fa609f49c |
memory/2072-1097-0x000000013F800000-0x000000013F87C000-memory.dmp
memory/2284-1098-0x000000013F800000-0x000000013F87C000-memory.dmp
memory/1084-1104-0x0000000002A70000-0x0000000002AF0000-memory.dmp
memory/1084-1105-0x000000001B740000-0x000000001BA22000-memory.dmp
memory/1084-1106-0x0000000001E10000-0x0000000001E18000-memory.dmp
memory/2072-1427-0x0000000000210000-0x000000000028C000-memory.dmp
C:\MSOCache\All Users\decrypt_file.TxT
| MD5 | 695fb1522f187a5a7abe658e3dd78490 |
| SHA1 | 784874fb1c6b876f7c891cf300d03f11d1ed2021 |
| SHA256 | 7327f0cd89043b414e60aedd6abb44d2d28b34cb39755fcaa45610791e02ece6 |
| SHA512 | 03bd9806852138a5a3cb820a6cf79e61cae397053fb80619f5f9cf04a688fe7893646fbea22f195e9e5b89ca85850ca35b2da641698d6b95c23cfe18bf1d1290 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-19 00:14
Reported
2024-06-19 00:17
Platform
win10v2004-20240508-en
Max time kernel
150s
Max time network
154s
Command Line
Signatures
Loads dropped DLL
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops desktop.ini file(s)
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-06-18_363933ccd21e56d8786ffde6ee09a4b1_blackkingdom.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-06-18_363933ccd21e56d8786ffde6ee09a4b1_blackkingdom.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-06-18_363933ccd21e56d8786ffde6ee09a4b1_blackkingdom.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-18_363933ccd21e56d8786ffde6ee09a4b1_blackkingdom.exe"
C:\Users\Admin\AppData\Local\Temp\2024-06-18_363933ccd21e56d8786ffde6ee09a4b1_blackkingdom.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-18_363933ccd21e56d8786ffde6ee09a4b1_blackkingdom.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c powershell Get-Service *sql*|Stop-Service -Force 2>$null
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell Get-Service *sql*
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c powershell rm (Get-PSReadlineOption).HistorySavePath
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell rm (Get-PSReadlineOption).HistorySavePath
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mega.io | udp |
Files
memory/3916-3-0x00007FF783850000-0x00007FF7838CC000-memory.dmp
memory/2932-1032-0x00007FF783850000-0x00007FF7838CC000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_MEI39162\base_library.zip
| MD5 | a70f10b994f5b2e03777b4d355eef788 |
| SHA1 | 141be3cef837cf6120f71c714259d9799586b483 |
| SHA256 | 766089d80d0136ce9a4f24f1dd717a8575b0075c5d9c3c72b84807e0647ffa2c |
| SHA512 | 5651e26f0a3de35e455977d3cfc06e2b38defe5e52656e3213177a0a621eca3b3391bf414371cecf88d9ff903747231092b8d1d2206d5f020e1c438c70d8eb38 |
C:\Users\Admin\AppData\Local\Temp\_MEI39162\_ctypes.pyd
| MD5 | 5e869eebb6169ce66225eb6725d5be4a |
| SHA1 | 747887da0d7ab152e1d54608c430e78192d5a788 |
| SHA256 | 430f1886caf059f05cde6eb2e8d96feb25982749a151231e471e4b8d7f54f173 |
| SHA512 | feb6888bb61e271b1670317435ee8653dedd559263788fbf9a7766bc952defd7a43e7c3d9f539673c262abedd97b0c4dd707f0f5339b1c1570db4e25da804a16 |
C:\Users\Admin\AppData\Local\Temp\_MEI39162\_socket.pyd
| MD5 | 8ea18d0eeae9044c278d2ea7a1dbae36 |
| SHA1 | de210842da8cb1cb14318789575d65117d14e728 |
| SHA256 | 9822c258a9d25062e51eafc45d62ed19722e0450a212668f6737eb3bfe3a41c2 |
| SHA512 | d275ce71d422cfaacef1220dc1f35afba14b38a205623e3652766db11621b2a1d80c5d0fb0a7df19402ebe48603e76b8f8852f6cbff95a181d33e797476029f0 |
C:\Users\Admin\AppData\Local\Temp\_MEI39162\select.pyd
| MD5 | fb4a0d7abaeaa76676846ad0f08fefa5 |
| SHA1 | 755fd998215511506edd2c5c52807b46ca9393b2 |
| SHA256 | 65a3c8806d456e9df2211051ed808a087a96c94d38e23d43121ac120b4d36429 |
| SHA512 | f5b3557f823ee4c662f2c9b7ecc5497934712e046aa8ae8e625f41756beb5e524227355316f9145bfabb89b0f6f93a1f37fa94751a66c344c38ce449e879d35f |
C:\Users\Admin\AppData\Local\Temp\_MEI39162\libcrypto-1_1.dll
| MD5 | cc4cbf715966cdcad95a1e6c95592b3d |
| SHA1 | d5873fea9c084bcc753d1c93b2d0716257bea7c3 |
| SHA256 | 594303e2ce6a4a02439054c84592791bf4ab0b7c12e9bbdb4b040e27251521f1 |
| SHA512 | 3b5af9fbbc915d172648c2b0b513b5d2151f940ccf54c23148cd303e6660395f180981b148202bef76f5209acc53b8953b1cb067546f90389a6aa300c1fbe477 |
C:\Users\Admin\AppData\Local\Temp\_MEI39162\_ssl.pyd
| MD5 | 5a393bb4f3ae499541356e57a766eb6a |
| SHA1 | 908f68f4ea1a754fd31edb662332cf0df238cf9a |
| SHA256 | b6593b3af0e993fd5043a7eab327409f4bf8cdcd8336aca97dbe6325aefdb047 |
| SHA512 | 958584fd4efaa5dd301cbcecbfc8927f9d2caec9e2826b2af9257c5eefb4b0b81dbbadbd3c1d867f56705c854284666f98d428dc2377ccc49f8e1f9bbbed158f |
C:\Users\Admin\AppData\Local\Temp\_MEI39162\libssl-1_1.dll
| MD5 | bc778f33480148efa5d62b2ec85aaa7d |
| SHA1 | b1ec87cbd8bc4398c6ebb26549961c8aab53d855 |
| SHA256 | 9d4cf1c03629f92662fc8d7e3f1094a7fc93cb41634994464b853df8036af843 |
| SHA512 | 80c1dd9d0179e6cc5f33eb62d05576a350af78b5170bfdf2ecda16f1d8c3c2d0e991a5534a113361ae62079fb165fff2344efd1b43031f1a7bfda696552ee173 |
C:\Users\Admin\AppData\Local\Temp\_MEI39162\_hashlib.pyd
| MD5 | b32cb9615a9bada55e8f20dcea2fbf48 |
| SHA1 | a9c6e2d44b07b31c898a6d83b7093bf90915062d |
| SHA256 | ca4f433a68c3921526f31f46d8a45709b946bbd40f04a4cfc6c245cb9ee0eab5 |
| SHA512 | 5c583292de2ba33a3fc1129dfb4e2429ff2a30eeaf9c0bcff6cca487921f0ca02c3002b24353832504c3eec96a7b2c507f455b18717bcd11b239bbbbd79fadbe |
C:\Users\Admin\AppData\Local\Temp\_MEI39162\tcl\encoding\cp1252.enc
| MD5 | 5900f51fd8b5ff75e65594eb7dd50533 |
| SHA1 | 2e21300e0bc8a847d0423671b08d3c65761ee172 |
| SHA256 | 14df3ae30e81e7620be6bbb7a9e42083af1ae04d94cf1203565f8a3c0542ace0 |
| SHA512 | ea0455ff4cd5c0d4afb5e79b671565c2aede2857d534e1371f0c10c299c74cb4ad113d56025f58b8ae9e88e2862f0864a4836fed236f5730360b2223fde479dc |
C:\Users\Admin\AppData\Local\Temp\_MEI39162\_lzma.pyd
| MD5 | 5fbb728a3b3abbdd830033586183a206 |
| SHA1 | 066fde2fa80485c4f22e0552a4d433584d672a54 |
| SHA256 | f9bc6036d9e4d57d08848418367743fb608434c04434ab07da9dabe4725f9a9b |
| SHA512 | 31e7c9fe9d8680378f8e3ea4473461ba830df2d80a3e24e5d02a106128d048430e5d5558c0b99ec51c3d1892c76e4baa14d63d1ec1fc6b1728858aa2a255b2fb |
C:\Users\Admin\AppData\Local\Temp\_MEI39162\_cpyHook.cp37-win_amd64.pyd
| MD5 | 3271deb52590ba75eadbd732e859ea51 |
| SHA1 | a001ed3664f9fb87a6b52411438157f4619f50fd |
| SHA256 | dc80b2f6122ff5f6b8bb37068f602809e9d4e54eaed70b6ae5b22901c83b3993 |
| SHA512 | 472d9dc42cceb0c569b8f40c3a9d5844dd131bad02e206f7f4fbdc48c6c109f770bd3a69af6d37482d2cea1a23bad58b1c1642caf905df056668127dc1c2adf8 |
C:\Users\Admin\AppData\Local\Temp\_MEI39162\Crypto\Cipher\_raw_cfb.cp37-win_amd64.pyd
| MD5 | 00afcb334aa9cbc635ffb7864d487bca |
| SHA1 | 9b0c29dc4c01984ef63d2b868b7d27637aeabde2 |
| SHA256 | 69e5945cde019e9dcdc23404e81fcc7dd2313eebf259daa3a5af537eaf418267 |
| SHA512 | ef1b73b5906713f9b90afc41c60a29d45a1630a6ab1c22be1cc7aa72dc5db7b7bc90dfce1eefda9167a98e911952f7232c5c0f1c4e043428d292cf64fbae284b |
C:\Users\Admin\AppData\Local\Temp\_MEI39162\Crypto\Cipher\_Salsa20.cp37-win_amd64.pyd
| MD5 | 2b6eac8d1d5cd08279f4c711f84e3953 |
| SHA1 | c1b44d08dcf6fe7f50a1707d91f606b70538ce62 |
| SHA256 | a05ffcf7b30d87021f67dc94324f4e7e0481809b07f59cbc77b6798aeb319e7b |
| SHA512 | 827215a6894c20e9dde798a660ba49f5810d48d50f75cbbe88607254dbd5bad9518c612f1a06fdd932e3836e928ef9f04df7ce4800614e09ca74fffc0070b86d |
C:\Users\Admin\AppData\Local\Temp\_MEI39162\Crypto\Hash\_MD5.cp37-win_amd64.pyd
| MD5 | 9172a2fc5c66fff01f12676d16d8e882 |
| SHA1 | ee71eafd922f0ee24f1559c63dd8c82b16dbba00 |
| SHA256 | 1143956ef572524ca0a4db6e55b918d7e3e137fa87d15df31ae4f8a4d5c6334b |
| SHA512 | 8a70a90edbac647d04444e5c926d7619d200632192e978fb56f9597583d3cd4ed8dcb5a0db89f0d3f89a41157388d51a3ab3eca7bc19d37da6917ca954ee0741 |
C:\Users\Admin\AppData\Local\Temp\_MEI39162\Crypto\Hash\_SHA256.cp37-win_amd64.pyd
| MD5 | fd2bab04dcf785080fd7e6aa1abdb566 |
| SHA1 | 9eece186b95a4a6ffa8fadca283ebd2e1f60a340 |
| SHA256 | a660650ba2a0914d510d931458bf93a2e2479cf5922bd830f55ff74deebb19c9 |
| SHA512 | 5ba2a7e097506c18c5ac74c0adac276b137b04185286fc7f2151dc7e7628c044a99d062b123c56dcf2d409dea1b9a5624a08899f5b7735a233f465317e8cfac5 |
C:\Users\Admin\AppData\Local\Temp\_MEI39162\Crypto\Hash\_SHA1.cp37-win_amd64.pyd
| MD5 | 609daa8ccbefeda1291d663235c257eb |
| SHA1 | 3a7232f1f6c6b1c03963316c45b7ae335fd9ede6 |
| SHA256 | 28cca9038d7f709a8cc251cc664195c68f65d61832547459fb8b3021044fe6da |
| SHA512 | 028a198e5c8b2f2f7bf8df716a06b5ffae0a875a9ac4d42c1bc64e4232e1d0700f79a01485a87c8fa7515e7c458912ef89487f4aea77fd769bd32e02ce3b1c64 |
C:\Users\Admin\AppData\Local\Temp\_MEI39162\Crypto\Hash\_BLAKE2s.cp37-win_amd64.pyd
| MD5 | f79a4c8843675e13fc0d4f057faec76a |
| SHA1 | 80f8d466d2a42a3b278db0f6edb7e60c2f5afa26 |
| SHA256 | e4f57da1c2ae72d2ab4980a2ffa370ac0cf1f3f8c76273dcea3c28fd5c858c1e |
| SHA512 | 7955edd12c426599c5103fc71d4fa051092584e5bf6755beee5bbb76977927093ec6b73eaec0276de6e3e28e4f3e1ca0507d1b4a85eeba14f2e5b6032401715d |
C:\Users\Admin\AppData\Local\Temp\_MEI39162\Crypto\Util\_strxor.cp37-win_amd64.pyd
| MD5 | 7d2ed7ed7b5f765f13123a905abdd190 |
| SHA1 | 6c99d801d39c13f86352762d3c150f0c4ff2918b |
| SHA256 | 0dcbf6c5d564b77d40cc71096769ab89092b946dd8ebde2a0effb0c28b36ef3a |
| SHA512 | 9d5f307ae558ba62abc2b44b8dd3205a7a7c7524253662ba6f427288695aa41e02ac28785ab77b95a0961bff8b5860fd5b20b54438b280bf9f6cb2523dcedac6 |
C:\Users\Admin\AppData\Local\Temp\_MEI39162\Crypto\Cipher\_raw_ctr.cp37-win_amd64.pyd
| MD5 | d02012848d57be3b3967d379ea42426e |
| SHA1 | 69610f7f1f35830639cdcf74f99a20be5bb011c7 |
| SHA256 | cc1782f000f855b66ff94ddbb34dae3aa520c3fbb98b972c5561f2745791849d |
| SHA512 | 51f2dbc9f74b9190fa1f395cac5e8e1b60ac3181da169477e7510411700d42bdcf426285cce8a09983eaa84597621c892d5dc360c56231031e2fc702cddd1be1 |
C:\Users\Admin\AppData\Local\Temp\_MEI39162\Crypto\Cipher\_raw_ofb.cp37-win_amd64.pyd
| MD5 | 22d65fdceebad51d277a2d8db999b237 |
| SHA1 | f65ed91b8bab5c2766f4aeaa86580de0017770ad |
| SHA256 | 3a4a5aaaa9a80180601376412180b024dbd43c1a3c313dc408dcdd5ee208cd6a |
| SHA512 | d574e7ba77d4bcea014742678608ce46b51b585a6cc8b6e2a2c064b426042c769083f5a74cebe00800283e6efc8f7b079ef0720c2a7bf51098b5f51978419dc9 |
C:\Users\Admin\AppData\Local\Temp\_MEI39162\Crypto\Cipher\_raw_cbc.cp37-win_amd64.pyd
| MD5 | b768eda0fa972c9cd34cebc1e7c4b54e |
| SHA1 | 95967222a6902226e9bc94bc1503c1638fbcc7cc |
| SHA256 | 4e872e1aa9229a3e95a970af1b6a71c17c5ab84e53a57012c5c7c4412fafeb3f |
| SHA512 | fcf4de7f5be68bb029cd5f6a6413ce3fc1db0ea3d58152b766f86ae1c81653ac9c1b303b8622bb2a34b254f1b9f33e8422b42642992936512d80f435e5229690 |
C:\Users\Admin\AppData\Local\Temp\_MEI39162\Crypto\Cipher\_raw_ecb.cp37-win_amd64.pyd
| MD5 | ea90e3f80b3f3d089e20514e52cae4bb |
| SHA1 | 2bd4a5e1b0871ef7ca753b635101216422260eee |
| SHA256 | 256f905da0b889b74dcc0ed69a090f26b92e82936e1b149ed1c6d413b45eff96 |
| SHA512 | 8a8715842b1773386aa75a4eb7136cb8c43da3330e54eddf952469e165c59fe8ce3ed439db6b89e24d1640cec3c64ca2bb3d673727d6a90e9cbd161602d7692c |
C:\Users\Admin\AppData\Local\Temp\_MEI39162\unicodedata.pyd
| MD5 | 4d3d8e16e98558ff9dac8fc7061e2759 |
| SHA1 | c918ab67b580f955b6361f9900930da38cec7c91 |
| SHA256 | 016d962782beae0ea8417a17e67956b27610f4565cff71dd35a6e52ab187c095 |
| SHA512 | 0dfabfad969da806bc9c6c664cdf31647d89951832ff7e4e5eeed81f1de9263ed71bddeff76ebb8e47d6248ad4f832cb8ad456f11e401c3481674bd60283991a |
C:\Users\Admin\AppData\Local\Temp\_MEI39162\certifi\cacert.pem
| MD5 | 1ba3b44f73a6b25711063ea5232f4883 |
| SHA1 | 1b1a84804f896b7085924f8bf0431721f3b5bdbe |
| SHA256 | bb77f13d3fbec9e98bbf28ac95046b44196c7d8f55ab7720061e99991a829197 |
| SHA512 | 0dd2a14331308b1de757d56fab43678431e0ad6f5f5b12c32fa515d142bd955f8be690b724e07f41951dd03c9fee00e604f4e0b9309da3ea438c8e9b56ca581b |
C:\Users\Admin\AppData\Local\Temp\_MEI39162\_bz2.pyd
| MD5 | cf77513525fc652bad6c7f85e192e94b |
| SHA1 | 23ec3bb9cdc356500ec192cac16906864d5e9a81 |
| SHA256 | 8bce02e8d44003c5301608b1722f7e26aada2a03d731fa92a48c124db40e2e41 |
| SHA512 | dbc1ba8794ce2d027145c78b7e1fc842ffbabb090abf9c29044657bdecd44396014b4f7c2b896de18aad6cfa113a4841a9ca567e501a6247832b205fe39584a9 |
C:\Users\Admin\AppData\Local\Temp\_MEI39162\_queue.pyd
| MD5 | c0a70188685e44e73576e3cd63fc1f68 |
| SHA1 | 36f88ca5c1dda929b932d656368515e851aeb175 |
| SHA256 | e499824d58570c3130ba8ef1ac2d503e71f916c634b2708cc22e95c223f83d0a |
| SHA512 | b9168bf1b98da4a9dfd7b1b040e1214fd69e8dfc2019774890291703ab48075c791cc27af5d735220bd25c47643f098820563dc537748471765aff164b00a4aa |
C:\Users\Admin\AppData\Local\Temp\_MEI39162\tcl\init.tcl
| MD5 | b900811a252be90c693e5e7ae365869d |
| SHA1 | 345752c46f7e8e67dadef7f6fd514bed4b708fc5 |
| SHA256 | bc492b19308bc011cfcd321f1e6e65e6239d4eeb620cc02f7e9bf89002511d4a |
| SHA512 | 36b8cdba61b9222f65b055c0c513801f3278a3851912215658bcf0ce10f80197c1f12a5ca3054d8604da005ce08da8dcd303b8544706b642140a49c4377dd6ce |
C:\Users\Admin\AppData\Local\Temp\_MEI39162\tk86t.dll
| MD5 | fdc8a5d96f9576bd70aa1cadc2f21748 |
| SHA1 | bae145525a18ce7e5bc69c5f43c6044de7b6e004 |
| SHA256 | 1a6d0871be2fa7153de22be008a20a5257b721657e6d4b24da8b1f940345d0d5 |
| SHA512 | 816ada61c1fd941d10e6bb4350baa77f520e2476058249b269802be826bab294a9c18edc5d590f5ed6f8dafed502ab7ffb29db2f44292cb5bedf2f5fa609f49c |
C:\Users\Admin\AppData\Local\Temp\_MEI39162\tcl86t.dll
| MD5 | c0b23815701dbae2a359cb8adb9ae730 |
| SHA1 | 5be6736b645ed12e97b9462b77e5a43482673d90 |
| SHA256 | f650d6bc321bcda3fc3ac3dec3ac4e473fb0b7b68b6c948581bcfc54653e6768 |
| SHA512 | ed60384e95be8ea5930994db8527168f78573f8a277f8d21c089f0018cd3b9906da764ed6fcc1bd4efad009557645e206fbb4e5baef9ab4b2e3c8bb5c3b5d725 |
C:\Users\Admin\AppData\Local\Temp\_MEI39162\_tkinter.pyd
| MD5 | 09f66528018ffef916899845d6632307 |
| SHA1 | cf9ddad46180ef05a306dcb05fdb6f24912a69ce |
| SHA256 | 34d89fe378fc10351d127fb85427449f31595eccf9f5d17760b36709dd1449b9 |
| SHA512 | ed406792d8a533db71bd71859edbb2c69a828937757afec1a83fd1eacb1e5e6ec9afe3aa5e796fa1f518578f6d64ff19d64f64c9601760b7600a383efe82b3de |
C:\Users\Admin\AppData\Local\Temp\_MEI39162\pywintypes37.dll
| MD5 | 77b6875977e77c4619bbb471d5eaf790 |
| SHA1 | f08c3bc5e918c0a197fbfd1b15e7c0491bd5fade |
| SHA256 | 780a72ba3215ff413d5a9e98861d8bb87c15c43a75bb81dc985034ae7dcf5ef6 |
| SHA512 | 783939fc97b2445dfe7e21eb6b71711aba6d85e275e489eddcc4f20c2ed018678d8d14c9e1856f66e3876f318312d69c22cee77f9105a72e56a1be4f3e8a7c2e |
C:\Users\Admin\AppData\Local\Temp\_MEI39162\VCRUNTIME140.dll
| MD5 | 89a24c66e7a522f1e0016b1d0b4316dc |
| SHA1 | 5340dd64cfe26e3d5f68f7ed344c4fd96fbd0d42 |
| SHA256 | 3096cafb6a21b6d28cf4fe2dd85814f599412c0fe1ef090dd08d1c03affe9ab6 |
| SHA512 | e88e0459744a950829cd508a93e2ef0061293ab32facd9d8951686cbe271b34460efd159fd8ec4aa96ff8a629741006458b166e5cff21f35d049ad059bc56a1a |
C:\Users\Admin\AppData\Local\Temp\_MEI39162\python37.dll
| MD5 | c4709f84e6cf6e082b80c80b87abe551 |
| SHA1 | c0c55b229722f7f2010d34e26857df640182f796 |
| SHA256 | ca8e39f2b1d277b0a24a43b5b8eada5baf2de97488f7ef2484014df6e270b3f3 |
| SHA512 | e04a5832b9f2e1e53ba096e011367d46e6710389967fa7014a0e2d4a6ce6fc8d09d0ce20cee7e7d67d5057d37854eddab48bef7df1767f2ec3a4ab91475b7ce4 |
C:\Users\Admin\AppData\Local\Temp\_MEI39162\ucrtbase.dll
| MD5 | 298e85be72551d0cdd9ed650587cfdc6 |
| SHA1 | 5a82bcc324fb28a5147b4e879b937fb8a56b760c |
| SHA256 | eb89af5911a60d892a685181c397d32b72c61dc2ad77dd45b8cac0fbb7602b84 |
| SHA512 | 3fafea5ff0d0b4e07f6354c37b367ada4da1b607186690c732364518a93c3fd2f5004014c9c3d23dde28db87d1cb9ae1259cda68b9ba757db59a59d387ac4e02 |
memory/2932-1097-0x00007FF783850000-0x00007FF7838CC000-memory.dmp
memory/3916-1096-0x00007FF783850000-0x00007FF7838CC000-memory.dmp
memory/4576-1099-0x00007FF9FEAF3000-0x00007FF9FEAF5000-memory.dmp
memory/4576-1105-0x00000179A6600000-0x00000179A6622000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_m5eoxf2c.p5u.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/4576-1110-0x00007FF9FEAF0000-0x00007FF9FF5B1000-memory.dmp
memory/4576-1111-0x00007FF9FEAF0000-0x00007FF9FF5B1000-memory.dmp
memory/4576-1112-0x00000179A8CE0000-0x00000179A8D24000-memory.dmp
memory/4576-1113-0x00000179A8DB0000-0x00000179A8E26000-memory.dmp
memory/4576-1116-0x00007FF9FEAF0000-0x00007FF9FF5B1000-memory.dmp
C:\Recovery\decrypt_file.TxT
| MD5 | 78e6e248da7d21211d69bc29d70b7719 |
| SHA1 | 7219642bd3ff6d85f9551d5b34a1264ced798212 |
| SHA256 | 132b0c69f07313280299c687678956e468e2558f7af20cd536a293999f83a2de |
| SHA512 | 35c355c101096dc4e2d6f5229ccc44231d7a4bfe27a85b5ea1425ca80f2146a9db0c73f1f492ecbc5b8a14611a59cd652f521f06e5fcf8978457df90128707a0 |