70bdda0f395afa52daabce2624a4e2887cdbe07074b651b965f52886c8653cda

Resubmissions

23-06-2024 03:48

240623-ecrpkasfjl 6

23-06-2024 03:44

240623-eahc4syene 9

Analysis

max time kernel
20s
max time network
75s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
23-06-2024 03:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

target.ps1
Size

216KB
MD5

8a0ed06ea875330985c5ffbf67c7663f
SHA1

a50e761889b230946640ab68ed40fc81ec20f5bb
SHA256

70bdda0f395afa52daabce2624a4e2887cdbe07074b651b965f52886c8653cda
SHA512

f27dfd276cadc0a7d04adc1940d5e101d63d8a260de090dbc574bd77ce43c67432ef4df07143aa79bdcf2c6f63cdad59719aa11a3d2b88c05c08c8e9affb7bf7
SSDEEP

1536:dsSJiKBE1iKmGFQtEissfP0IAymAssa7S9BZwrAPm0KgQHdHsPyolOKCic/V0kZ+:dKKpEen9Hm0KgQ968ika/

Score

6^/10

execution

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service
T1102

Processes:

flow ioc

99 href.li
100 href.li
101 href.li
Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs
Using powershell.exe command.
execution

PowerShell
T1059.001

Processes:

powershell.exe

pid process

2160 powershell.exe
Delays execution with timeout.exe 2 IoCs
evasion

Processes:

timeout.exetimeout.exe

pid process

1876 timeout.exe
1716 timeout.exe
Enumerates processes with tasklist 1 TTPs 4 IoCs

Process Discovery
T1057

Processes:

tasklist.exetasklist.exetasklist.exetasklist.exe

pid process

3040 tasklist.exe
2276 tasklist.exe
1204 tasklist.exe
2700 tasklist.exe

flow	ioc
99	href.li
100	href.li
101	href.li

pid	process
2160	powershell.exe

pid	process
1876	timeout.exe
1716	timeout.exe

pid	process
3040	tasklist.exe
2276	tasklist.exe
1204	tasklist.exe
2700	tasklist.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Opens file in notepad (likely ransom note) 1 IoCs
ransomware

Processes:

NOTEPAD.EXE

pid process

1184 NOTEPAD.EXE
Suspicious behavior: EnumeratesProcesses 3 IoCs

Processes:

powershell.exechrome.exe

pid process

2160 powershell.exe
2796 chrome.exe
2796 chrome.exe

pid	process
1184	NOTEPAD.EXE

pid	process
2160	powershell.exe
2796	chrome.exe
2796	chrome.exe

Suspicious use of AdjustPrivilegeToken 33 IoCs

Processes:

powershell.exechrome.exe

description	pid	process
Token: SeDebugPrivilege	2160	powershell.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe
Token: SeShutdownPrivilege	2796	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

Processes:

chrome.exe

pid	process
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

Processes:

chrome.exe

pid	process
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe
2796	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 2796 wrote to memory of 2968	2796	chrome.exe	chrome.exe
PID 2796 wrote to memory of 2968	2796	chrome.exe	chrome.exe
PID 2796 wrote to memory of 2968	2796	chrome.exe	chrome.exe
PID 2796 wrote to memory of 2528	2796	chrome.exe	chrome.exe
PID 2796 wrote to memory of 2528	2796	chrome.exe	chrome.exe
PID 2796 wrote to memory of 2528	2796	chrome.exe	chrome.exe
PID 2796 wrote to memory of 2528	2796	chrome.exe	chrome.exe
PID 2796 wrote to memory of 2528	2796	chrome.exe	chrome.exe
PID 2796 wrote to memory of 2528	2796	chrome.exe	chrome.exe
PID 2796 wrote to memory of 2528	2796	chrome.exe	chrome.exe
PID 2796 wrote to memory of 2528	2796	chrome.exe	chrome.exe
PID 2796 wrote to memory of 2528	2796	chrome.exe	chrome.exe
PID 2796 wrote to memory of 2528	2796	chrome.exe	chrome.exe
PID 2796 wrote to memory of 2528	2796	chrome.exe	chrome.exe
PID 2796 wrote to memory of 2528	2796	chrome.exe	chrome.exe
PID 2796 wrote to memory of 2528	2796	chrome.exe	chrome.exe
PID 2796 wrote to memory of 2528	2796	chrome.exe	chrome.exe
PID 2796 wrote to memory of 2528	2796	chrome.exe	chrome.exe
PID 2796 wrote to memory of 2528	2796	chrome.exe	chrome.exe
PID 2796 wrote to memory of 2528	2796	chrome.exe	chrome.exe
PID 2796 wrote to memory of 2528	2796	chrome.exe	chrome.exe
PID 2796 wrote to memory of 2528	2796	chrome.exe	chrome.exe
PID 2796 wrote to memory of 2528	2796	chrome.exe	chrome.exe
PID 2796 wrote to memory of 2528	2796	chrome.exe	chrome.exe
PID 2796 wrote to memory of 2528	2796	chrome.exe	chrome.exe
PID 2796 wrote to memory of 2528	2796	chrome.exe	chrome.exe
PID 2796 wrote to memory of 2528	2796	chrome.exe	chrome.exe
PID 2796 wrote to memory of 2528	2796	chrome.exe	chrome.exe
PID 2796 wrote to memory of 2528	2796	chrome.exe	chrome.exe
PID 2796 wrote to memory of 2528	2796	chrome.exe	chrome.exe
PID 2796 wrote to memory of 2528	2796	chrome.exe	chrome.exe
PID 2796 wrote to memory of 2528	2796	chrome.exe	chrome.exe
PID 2796 wrote to memory of 2528	2796	chrome.exe	chrome.exe
PID 2796 wrote to memory of 2528	2796	chrome.exe	chrome.exe
PID 2796 wrote to memory of 2528	2796	chrome.exe	chrome.exe
PID 2796 wrote to memory of 2528	2796	chrome.exe	chrome.exe
PID 2796 wrote to memory of 2528	2796	chrome.exe	chrome.exe
PID 2796 wrote to memory of 2528	2796	chrome.exe	chrome.exe
PID 2796 wrote to memory of 2528	2796	chrome.exe	chrome.exe
PID 2796 wrote to memory of 2528	2796	chrome.exe	chrome.exe
PID 2796 wrote to memory of 2528	2796	chrome.exe	chrome.exe
PID 2796 wrote to memory of 2528	2796	chrome.exe	chrome.exe
PID 2796 wrote to memory of 2556	2796	chrome.exe	chrome.exe
PID 2796 wrote to memory of 2556	2796	chrome.exe	chrome.exe
PID 2796 wrote to memory of 2556	2796	chrome.exe	chrome.exe
PID 2796 wrote to memory of 2600	2796	chrome.exe	chrome.exe
PID 2796 wrote to memory of 2600	2796	chrome.exe	chrome.exe
PID 2796 wrote to memory of 2600	2796	chrome.exe	chrome.exe
PID 2796 wrote to memory of 2600	2796	chrome.exe	chrome.exe
PID 2796 wrote to memory of 2600	2796	chrome.exe	chrome.exe
PID 2796 wrote to memory of 2600	2796	chrome.exe	chrome.exe
PID 2796 wrote to memory of 2600	2796	chrome.exe	chrome.exe
PID 2796 wrote to memory of 2600	2796	chrome.exe	chrome.exe
PID 2796 wrote to memory of 2600	2796	chrome.exe	chrome.exe
PID 2796 wrote to memory of 2600	2796	chrome.exe	chrome.exe
PID 2796 wrote to memory of 2600	2796	chrome.exe	chrome.exe
PID 2796 wrote to memory of 2600	2796	chrome.exe	chrome.exe
PID 2796 wrote to memory of 2600	2796	chrome.exe	chrome.exe
PID 2796 wrote to memory of 2600	2796	chrome.exe	chrome.exe
PID 2796 wrote to memory of 2600	2796	chrome.exe	chrome.exe
PID 2796 wrote to memory of 2600	2796	chrome.exe	chrome.exe
PID 2796 wrote to memory of 2600	2796	chrome.exe	chrome.exe
PID 2796 wrote to memory of 2600	2796	chrome.exe	chrome.exe
PID 2796 wrote to memory of 2600	2796	chrome.exe	chrome.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\target.ps1
1⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2160

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6709758,0x7fef6709768,0x7fef6709778
  2⤵
  PID:2968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1172 --field-trial-handle=1400,i,16483308625115700992,6585145176796586254,131072 /prefetch:2
  2⤵
  PID:2528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1512 --field-trial-handle=1400,i,16483308625115700992,6585145176796586254,131072 /prefetch:8
  2⤵
  PID:2556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1628 --field-trial-handle=1400,i,16483308625115700992,6585145176796586254,131072 /prefetch:8
  2⤵
  PID:2600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2324 --field-trial-handle=1400,i,16483308625115700992,6585145176796586254,131072 /prefetch:1
  2⤵
  PID:1056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2332 --field-trial-handle=1400,i,16483308625115700992,6585145176796586254,131072 /prefetch:1
  2⤵
  PID:1196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1592 --field-trial-handle=1400,i,16483308625115700992,6585145176796586254,131072 /prefetch:2
  2⤵
  PID:2040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1456 --field-trial-handle=1400,i,16483308625115700992,6585145176796586254,131072 /prefetch:1
  2⤵
  PID:1012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1272 --field-trial-handle=1400,i,16483308625115700992,6585145176796586254,131072 /prefetch:8
  2⤵
  PID:2300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3632 --field-trial-handle=1400,i,16483308625115700992,6585145176796586254,131072 /prefetch:8
  2⤵
  PID:1524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3700 --field-trial-handle=1400,i,16483308625115700992,6585145176796586254,131072 /prefetch:1
  2⤵
  PID:1168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2672 --field-trial-handle=1400,i,16483308625115700992,6585145176796586254,131072 /prefetch:1
  2⤵
  PID:2392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3768 --field-trial-handle=1400,i,16483308625115700992,6585145176796586254,131072 /prefetch:8
  2⤵
  PID:2396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4064 --field-trial-handle=1400,i,16483308625115700992,6585145176796586254,131072 /prefetch:8
  2⤵
  PID:1072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3684 --field-trial-handle=1400,i,16483308625115700992,6585145176796586254,131072 /prefetch:1
  2⤵
  PID:2244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4312 --field-trial-handle=1400,i,16483308625115700992,6585145176796586254,131072 /prefetch:8
  2⤵
  PID:3004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4304 --field-trial-handle=1400,i,16483308625115700992,6585145176796586254,131072 /prefetch:1
  2⤵
  PID:2092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4172 --field-trial-handle=1400,i,16483308625115700992,6585145176796586254,131072 /prefetch:1
  2⤵
  PID:2544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4232 --field-trial-handle=1400,i,16483308625115700992,6585145176796586254,131072 /prefetch:1
  2⤵
  PID:328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4228 --field-trial-handle=1400,i,16483308625115700992,6585145176796586254,131072 /prefetch:8
  2⤵
  PID:824

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2512

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\GmAlpHflKOY\openMe.rar"
1⤵
PID:1152

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\Downloads\GmAlpHflKOY\openMe.rar
1⤵
PID:664

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\GmAlpHflKOY\README.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:1184

C:\Users\Admin\Downloads\SSS\Solara.exe
"C:\Users\Admin\Downloads\SSS\Solara.exe"
1⤵
PID:3008
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c copy Trouble Trouble.cmd & Trouble.cmd
  2⤵
  PID:2372
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    - Enumerates processes with tasklist
    PID:3040
- - C:\Windows\SysWOW64\findstr.exe
    findstr /I "wrsa.exe opssvc.exe"
    3⤵
    PID:1116
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    - Enumerates processes with tasklist
    PID:2276
- - C:\Windows\SysWOW64\findstr.exe
    findstr /I "avastui.exe avgui.exe nswscsvc.exe sophoshealth.exe"
    3⤵
    PID:1568
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c md 294265
    3⤵
    PID:2036
- - C:\Windows\SysWOW64\findstr.exe
    findstr /V "CustomizeMacedoniaColleagueToolkit" Var
    3⤵
    PID:688
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c copy /b Electro + Gained + Expiration + Canada + Reliable 294265\I
    3⤵
    PID:2512
- - C:\Users\Admin\AppData\Local\Temp\294265\Type.pif
    294265\Type.pif 294265\I
    3⤵
    PID:1116
- - C:\Windows\SysWOW64\timeout.exe
    timeout 5
    3⤵
    - Delays execution with timeout.exe
    PID:1876

C:\Users\Admin\Downloads\SSS\Solara.exe
"C:\Users\Admin\Downloads\SSS\Solara.exe"
1⤵
PID:1892
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c copy Trouble Trouble.cmd & Trouble.cmd
  2⤵
  PID:2736
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    - Enumerates processes with tasklist
    PID:1204
- - C:\Windows\SysWOW64\findstr.exe
    findstr /I "wrsa.exe opssvc.exe"
    3⤵
    PID:1968
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    - Enumerates processes with tasklist
    PID:2700
- - C:\Windows\SysWOW64\findstr.exe
    findstr /I "avastui.exe avgui.exe nswscsvc.exe sophoshealth.exe"
    3⤵
    PID:3036
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c md 294265
    3⤵
    PID:2060
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c copy /b Electro + Gained + Expiration + Canada + Reliable 294265\I
    3⤵
    PID:848
- - C:\Users\Admin\AppData\Local\Temp\294265\Type.pif
    294265\Type.pif 294265\I
    3⤵
    PID:2496
- - C:\Windows\SysWOW64\timeout.exe
    timeout 5
    3⤵
    - Delays execution with timeout.exe
    PID:1716

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
851b49dcbb9264dc8636c062a8cc6c8f

SHA1
23e27edc00b12a639eb7d0b2177607d0431e40be

SHA256
f47aee9a09c26cb7b181bb226b3138ca2e74a4399bfc47d503ca7437b50c46c2

SHA512
7c38c17580455e0a2927c8444f856a3e123d9b14ee0292ceb823fb0665d4a0d731f4269fec2d48c09249c97c4cec0614057f63d1fffdff276fa55cf520a6a38d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\53e9932c-b23c-4550-8fe0-aa6fb94c91a1.tmp

Filesize
6KB

MD5
f7ce887fe6c18b7f0f1163cda119efac

SHA1
37808eef3e767b724888cdd523dff999ba91623a

SHA256
d13d08920ec00edfb18e2888c3ce78d60b0bf6760a6c2e690f983fd2f048ee69

SHA512
598cb99018e1e21a88e6ab850bb6c7a1e554b5db74ab956456785680abca86c8ac562e42089de17b3f05b44b51253995f2a038f6ddd652f616d04914ad4c8b55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
226KB

MD5
12a946fafe430a89d3e7ee3ff37934a3

SHA1
cf46d69bf283d22c9d9d8cb980cbf50cd45f6bcc

SHA256
8fb8fe3aa67a7b73063fce39c0c40d90b7c078764c1c5a587ac0834222ad540c

SHA512
8ef266ec0bb300112865d9f01b7b418df0afa75bd301c8453ba30b879b18714b5683c61b1db519f56df496106cdd9720fd07c855a354ff3f94e0e18ce13de1db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
94KB

MD5
99aa22beafe33e525b3a8ac6e3a72752

SHA1
fd759203efe57254dec2ef3044b36635648a783e

SHA256
fffd23f26ec662ca75619830fad48189b5aec2c2f7196ade4160acbbce46751e

SHA512
13b5ee53620b65fd4de95ec7dee53315b0acb05665408eea915540fdd6d654cb7c6b74a4b1f1937d1ac2cfe978b8168e8bbf6d2b73380c3636d0ff99b4800096

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
19KB

MD5
5abc2d6a81ee083df5c49e83a342037c

SHA1
1b17bb65749f39ede44e145735252b0d56fc7003

SHA256
e2cb2ad4bb24d27e3b8e92e5a7839d4e68ff613d7e91e19a2668c7c12739267e

SHA512
0eceac3e1207bc2e31238db6880ed6f4026e0ae2ef9f102e08b8e6da79a5495c7ce4bb32c4ecc50ed2f2990cfd1610cfa974b1864455c325560d1d070ff48f93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
46KB

MD5
3dda883b89b1f31dd1e8e0be2d4250e9

SHA1
ff69000e8307afcb2b4db7d6117b47975f9de06a

SHA256
e60268695e6c66a62ad318850e45954bb22d21f2ae62fe9f0c5490dcb1e69f9b

SHA512
25176c5acc9cf658129508ccc1b7fc8e93777cc59a404caf06a0e0eeb7c10b5276923aa51d56a99ebfd45d9f05b16f598794fb31ea0aa39565770b3c3b8c8c43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
806KB

MD5
296107fd9e4b08da2a5eb5381e62e59c

SHA1
0fab647f77db64c6284dd6335f6f01696217fb88

SHA256
9a75f06abaf3c4db9cb4110d32c18ba80356efafd79e6f6255aefc31054ff133

SHA512
519f5c12f414e6321e63c5c2992b4eb89131334543310513ffefcb9b4cfdc9cbf9adc48854dd40daa8475b238ec4a1b1d6f31d666e5edb773f433582777bea43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
32KB

MD5
fc48cf248229ad8686eb77300a78daec

SHA1
296a0ca8f11e043acf0b005e8ade51656fb2af6e

SHA256
63bd216b1612653bcbd661cee187b56f2ec2f3587cba7e638793ffe6d48a1429

SHA512
3fa41693e2824711e981cbb0945ae7b99299689946bfe30b722bbc2a6e14701743dbd3801c1edd9a5f83da2f23a01b5f4c4de30e8b2f08cdad0d9d0ca666cf4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

Filesize
32KB

MD5
20adea22eec53811cc6bb3e6fb9648a1

SHA1
89ccfb989609bb343bff0f260fbc28e78b0ae16a

SHA256
d1b7f4208210049da4739648765e40bb8d8f0a7fd4e942df1d736e803739f5ea

SHA512
24342b4e909b88faa4b028aba8428bf4b3fac6203a61e74890a4c3439817444826c6d4785f0cef484b73c6116a9913c2980be3c59abaf2b3711942e1e53e6b55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT~RFf7636ba.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
854B

MD5
c9acbdc625c35188342d8bd6662e8132

SHA1
6daa7822c29ce2027c8a48b8e2ef383658fabba7

SHA256
03d0f5d6f4c6c73c04bf8e1931b53a6a0a781e33374377e94b911da4ddbbd91b

SHA512
deacf6424be5b3d1e406e2640779d9b122d6e4e0113e4642209280294de8e4d8ab0e6b3af3a4359dadefbed750d2028e6fa130602d580cf25f626c7915b31b45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
854B

MD5
0e0e8ac07645c16aba2016dc29bdeeb6

SHA1
95131221e1d7c4bc9d7255d2e78adefcffd5bf0a

SHA256
52fb4fde8958dc25eda876c25bd52c00594ab6741984e681e6823b8ae735d8dd

SHA512
44e0af99e72e7d64cb601d4cd700a1064e0daa6b4c4c4bfef6b112ea629c3eda27f45d5817223d3c03a972161b84cd10500e7901c75582674758f71511604c65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
9dd4f88e558eaba1323d9cc8358503f8

SHA1
e4ea8ee151e54d75f25dac9a93db1410da19e2d7

SHA256
72a5f6c27c5b573727eb84253e632fc130fe5c1cbaa2c46d3e647cbfb075f98f

SHA512
759022daca28e251de2c66cb7f4cd5e7f11933041e7325cbfe0b622e0b805d06aea26b571eeaf12046ea745c4ba918d3476c9c0544aec4754a10d8bde7485c38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
a9161d128e0ea6502c4b1208b9a7ff07

SHA1
2535492fba2b0c1328ee4d6afbecd3ccb713b834

SHA256
75a6200a3cd91732fbc1a10d992bc64704377053438c8e4674deb2f6d6dfb708

SHA512
2ea81e27294e13fb9f056f99b2676e447bc37a9846c83e8435557564f94b8e66a54b792000910492c62ab95bcc6f07858d30732aaf7ab336a7cb23d9be1e688e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\586dd87c-45ae-4576-8677-ccf623e0558f\index-dir\the-real-index

Filesize
2KB

MD5
77e8769a46f0a494ad462faf1f94a475

SHA1
43731639cc3983ea2299afeb63eaeeb3fdec581a

SHA256
fdfcf3710ed8b9a1a64dbdb64d04d9745d0639c0b6f832157446e44cd9ee52a4

SHA512
609ced56455fa354a403040bb5eb6f93c07904224806b581f2647833fe08cd3990d7767fac508ea7573a711bda57a59d50b336ce64f9c83fc23864342a85bc7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\d6a23f0f-0b12-4ed8-920c-13c3d9e0fca7\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
178B

MD5
49d2a807cd383d8db2b9491b84b0e8e9

SHA1
728b128728e1a26c90b3c2ffde4e85e6bbf24f39

SHA256
475a5c285750a6ca9c0d89d249aaff14aabc90aa3124dd3979417f2fe56ad341

SHA512
9d0a0bdbfdfa9cc9a9f241a374fb8fd3c3887b433fca1aa8510311fac45b960b1c9bdb6c664cdfff499c3c70871dc8c24d15e426111fa6ac528748b3a7f0619d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
187B

MD5
13aa103d43d8574ae10596814d67e6c1

SHA1
67b000c58dae919e648792771b8fc4cf8d80e350

SHA256
90510ccda0e6f61f8066fa3f240c52c460e14205087ac318bbd6c8440bf1c3f1

SHA512
dd27e3a203ae64865ee1a7790adf115a09bd71cd2382850e07a84111005adfd033a54506657a1186f134abfd5690d007fab62639275db4e087527db5a3fb2db4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
68e84635d18c532021f1db8e4cef8927

SHA1
30ccbccfce85b3c32d6268f0a42b50ded492d0df

SHA256
deb2fc3ef4b7be6737059b451f2c4506413d359ae32194b25b43e7e932bacb0e

SHA512
85043f73cc5fc38559e74bd347369d8d06e1ef25f32fcb1c0076d9c72a4b45e3468b4fc1417e7d539efd70c730fe8c8ab91f6d19d0d76841606c877108bd9e83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
176B

MD5
3a569fda3d268548234d43326c876518

SHA1
f1e6c6f03850c5a2e75756a4b26f67c0b3937a84

SHA256
18158312a08cd4aaa1be8514862cd32f80a6e1c12ca8ece1eeb052b7bb3c142e

SHA512
c5b8987f7afa8eee4d7b28afe93bdb718c504278b5bdb1d3af584081c514d9b5224098c0b2578239e955473c6d78a8dba339f4de76ee4a0e3a305a71d1b5bd5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
114B

MD5
3e78ca75aeb261dd21058be35e5e86fa

SHA1
1aa3840e40e7271fdb2bb70da0a1b059526da35a

SHA256
5d276c06f032e634c7fda8371f41f335ebe2c2bd4be78ce3cd0a1d19e2e6e930

SHA512
8ce011fddf285610cc160c859ba451112f91fc2d36792d6299fd77b6e5a7e53632e25f56676f27029d03b3800bc3596bd8d957444fe12cbbaa8a2614236052ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000002.dbtmp

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Shortcuts Menu Icons\Monochrome\1\512.png

Filesize
10KB

MD5
7f57c509f12aaae2c269646db7fde6e8

SHA1
969d8c0e3d9140f843f36ccf2974b112ad7afc07

SHA256
1d5c9f67fe93f9fcc1a1b61ebc35bda8f98f1261e5005ae37af71f42aab1d90f

SHA512
3503a0f4939bed9e1fd5e086b17d6de1063220dffdab2d2373aa9582a2454a9d8f18c1be74442f4e597bdba796d2d69220bd9e6be632a15367225b804187ea18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir2796_1139200668\Shortcuts Menu Icons\0\512.png

Filesize
2KB

MD5
12a429f9782bcff446dc1089b68d44ee

SHA1
e41e5a1a4f2950a7f2da8be77ca26a66da7093b9

SHA256
e1d7407b07c40b5436d78db1077a16fbf75d49e32f3cbd01187b5eaaa10f1e37

SHA512
1da99c5278a589972a1d711d694890f4fd4ec4e56f83781ab9dee91ba99530a7f90d969588fa24dce24b094a28bdecbea80328cee862031a8b289f3e4f38ce7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
300KB

MD5
ab576d5525152ec2537908983fc4d2cb

SHA1
46f57918c484ac2d687414e3b9c6a376e87d287f

SHA256
b8ee874062f331ee45824d87f128b13d42bf0ea6fafa8d6510a98e2ed98d43e5

SHA512
e572c7c838034f0063d880e18770aa47cef1f326cac67bb06dd4b49bd7033394cb54c0449b745c51b27fc387fc0ca810e7c354108197fe3f4a5d09a43a8eab1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\294265\I

Filesize
519KB

MD5
e98f6ecf9f3700bf5444f938ef706be6

SHA1
99591d9273d1defc785dc10f3070737b88bec86c

SHA256
faf0ac9c246a29e5215b87be2aef004438a5989b724f68e34ac6e118bdce4234

SHA512
57a426dfd75ad1df72a3484edb80f497687ccb33bf20ce1a6a475fe8ef0d71ffc684d44279a777f033ac95536c9b9cfd6fd775c13b0a741da0e8e8b3aeaeddc3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Advertisements

Filesize
52KB

MD5
bd4851ce1a9d6b4c2ff9645d26e111de

SHA1
1663f2d15d379dff801c2a3434a18cd06bba82de

SHA256
ea995718dd98a942cdd595ac026e9c3597d429b4231c417f2ee478bb7ba6e80d

SHA512
c787e2b545bb868dd40ad4bcbda67bbea9e557096ae5e93917b07afe5469bfd992504994c54f281bedc94e1f28f605984b6599a9c4d1f70910e813cdbfd47569

Download Submit
C:\Users\Admin\AppData\Local\Temp\Alot

Filesize
25KB

MD5
b87777e950eb2d9572590d72dce41ea2

SHA1
6bad030def4291fbae064237b214d3bb5cc9de08

SHA256
0a985ebdf8c632058d34b4e9c899dee189a3227dd177f10a92c59e43dc98c767

SHA512
5d029b2873274ce8eccd7b867ea9fcfd91f1c318dedc676b75796bae81ba75757f498237a4b98a5d07e20f3fafd74fbba114da131d657013942c4ba669aee77a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Appears

Filesize
35KB

MD5
9f84acca75c7a2ad2cda3565091c4673

SHA1
fbb4394f60a72704db8d8373ba5cc9d8d15a3180

SHA256
1f51c7ac297b82d9a3dc953724e1bd7c5af14dc48265c9176e9cac94aeddf4ec

SHA512
e29edfd7729b7337bcacb124c899893873cdc06879f8cda5dd861c9b31ae52f9eae6b548e22666ad7696432697652ef049c17433c0da2c1f31403d6504bae050

Download Submit
C:\Users\Admin\AppData\Local\Temp\Au

Filesize
59KB

MD5
d7f905cff3dc3767161b079909b5fde6

SHA1
bd189b7e15b54dd3199b00a40ac767191fd16fe2

SHA256
52bedf124d3a772d382111686aa48a645ef39a1fa6fc1bcce49783905c097583

SHA512
421df98700951716016fdb1edab464d32086b7db10cd301f723027e654454a87bc91585571f3a2f487f00a5a7e47ad58a12dcd8af0aef415b33a1ba02ec867ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab8345.tmp

Filesize
67KB

MD5
2d3dcf90f6c99f47e7593ea250c9e749

SHA1
51be82be4a272669983313565b4940d4b1385237

SHA256
8714e7be9f9b6de26673d9d09bd4c9f41b1b27ae10b1d56a7ad83abd7430ebd4

SHA512
9c11dd7d448ffebe2167acde37be77d42175edacf5aaf6fb31d3bdfe6bb1f63f5fdbc9a0a2125ed9d5ce0529b6b548818c8021532e1ea6b324717cc9bec0aaa5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Canada

Filesize
152KB

MD5
cbec55ef555950ea02b31ac23ce31aec

SHA1
181d7a5020c09e1ea73e671f3122df3b2ba1347e

SHA256
4125fcab0f6556aa6a945ccab5a07e45b8c86b4d3e490c0c3de2d47b11a8d4c0

SHA512
c59dcc0cf2c628a851a5b3c6bd7cc507097ce3e496469352ddc88deafe9b616db93a042ef31443213fe0910cfaba4b8b3f8c5ea4e7bf99e6cb3301f44cbb9461

Download Submit
C:\Users\Admin\AppData\Local\Temp\Coat

Filesize
66KB

MD5
0131fca03f6299eb25da2fd0d9f651d1

SHA1
93b40c7ecbf49e54e717624fc3f7e91c124b821b

SHA256
0c9a1f2f2230d7354c07938a02dcc67f87198703d48a23505e7afcfd000abd82

SHA512
c8c1ba3da667db304af60626c55db81eefd18d71ee6e18da6cff2cc10084e5cc543a0414149783d9436eb895c85b1547643eab5c8356a2e6017a35e6b885271c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Colorado

Filesize
25KB

MD5
8e699c6688ad30b407eaa2f14dd0fd6d

SHA1
3a7af2d724e6ded4a7829fc4eed6afd1f4edb2b2

SHA256
ed970f518f7e65939d3f4dd4282c20cfd156b480b322a63f2a10aff3a474e4d0

SHA512
38da9347449f79017efada0a83484565a54b6d4b5e2f78791741db42507f8b1a740d18f9a1fe538632f7afb373c1299283394c5503407224c5a91152c2e66950

Download Submit
C:\Users\Admin\AppData\Local\Temp\Commands

Filesize
32KB

MD5
622081abb7c3db7b01fa6bfb39da2d17

SHA1
27e9663c69f0496f8c0dc61d5933ff7d5c0fb310

SHA256
f1a5e1c9f5a2e81348bea809ea5aff4c19c9207a477fb20ecab8ebe18901992b

SHA512
86c0bab5397e2edbccce311d20e25137535b26908d035a16cabc6b4cd34093dc3e70d91cb504f642d0e20ac43f7ea28db55f35e4f5645f0077fb86896c00565d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Consecutive

Filesize
21KB

MD5
b41d80fdc8c99f5b8d4b364336318fdf

SHA1
c8d00c8972fafbe683221292e5bafbd1a812a220

SHA256
0cef0c5a34c97162624888f2b720f62beded33eac6134135771abdfce7e54de9

SHA512
e350c06d4d0718bbf34c404e85984f534ee1a19065c2e9b2a51520a6799ddabaf61092e95b1278dcb0bb1dd2893ce1c92a231bd66b75112c6b687f5836baa986

Download Submit
C:\Users\Admin\AppData\Local\Temp\Differential

Filesize
39KB

MD5
660ee9132d2665fddb08509ba367a523

SHA1
d83d06d92055b3b20801a910a37256006c7b4b25

SHA256
82ffbfab58b5c02aa55a8250dcd0b0ce4a62c1e07b8248caa9fca42fc734e3ee

SHA512
a6bcf9a5596526161f952cf423141ad7c02d8aae2a49a378ff987b6de93624f1a24087b84baf826b4cf27773966c3f3bbc0295043d5c49d4f08e00034ffed3ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\Electro

Filesize
152KB

MD5
7e47005ccb3a978208459d5fbbb861d8

SHA1
b5115a818ad9bd80b44b4418d3ed163902999be4

SHA256
2f93ac018a19598ce459aea3122df677089ebe12f5b65a509c83a6837bd6d307

SHA512
2f285634ec5373cd9bdfdcfb92d33d264cedca3e4b8d24d428aef520d709e4a6172c9eeb46f590df4cc7f8466e6620347d9b397e32fb32d57416979703870487

Download Submit
C:\Users\Admin\AppData\Local\Temp\Empire

Filesize
28KB

MD5
85330714a1586477a2ec80ab9faf76e8

SHA1
e26cf5b6c4e5abbce4f8c4f3557bcd6228685440

SHA256
5555cd6e129c39f5addfa805531e3309f96bd9296296ef9548c101facb9c3c22

SHA512
fadbc8e51c86853579e218f1ffbc4d111f8da204bc46e5c6ea118c57e738843bec32dbf1e1d5e0910638d530f9f3ca13aa3e960b8e2e674fb3c230d74b60752c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Euro

Filesize
27KB

MD5
23cece516ca3d63a6edd2d0d922c3038

SHA1
03112926f6d949447acce199975e304a766285c4

SHA256
e376cc9010d7810bdc90362b7baea17129cc9619b60c477bf1ea20ac135c8552

SHA512
3de0eaec54c5c289127954b60ca7447944dd02a07b992f188863b55258ffcd2f420a41b35c589326aa448c932f394b24c5133eac659a71bceabcb9e3f8d97889

Download Submit
C:\Users\Admin\AppData\Local\Temp\Expiration

Filesize
67KB

MD5
8b701fd06ef6aa3739b4ad58f5442e35

SHA1
1428cbf5f368e774b1db9038b22800ac046b9dff

SHA256
ae24e306157b1ec92e5742dfb39ad79b0422d25777697f50f3dbbdbf9dbd61c8

SHA512
86ea339a579e94b37c066fd1d81db21bf01a91c960d6f00bd223a1207c938ce4ed030e4204a61d415bf0d48c1d0e412f3c4d2bf1ba5ecf4843a5338b5d538924

Download Submit
C:\Users\Admin\AppData\Local\Temp\Fabrics

Filesize
33KB

MD5
68c424ab99930aa7d490cc9157ff809a

SHA1
683ced1c20813633fdcf7ae5bcabc1643273dbfa

SHA256
ee9a14691fb2a01a83d2c5e02826775e4e8a18dc160034f2ee5ea89ebdf4550a

SHA512
8720e7ef17a928e59250bfecee1f30ee74adf9b528faf44c7919503fdee07eaa977b9673cc498ff20b56845ed00e15395154f62a04d427ed5589f120b30ca43d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Gained

Filesize
125KB

MD5
51c2ab0b8a86113a8c63acea991e3668

SHA1
1b77808f74de1e5ad768a325937aed20b78f1571

SHA256
10bcf690767f056124c7068258a3697c40817092f45dbd9a796153f9cb6ea73a

SHA512
1a5a397be45a3a814525a1d13a6eee08327eb24489ec8115034efe23519daf0670bd0abcce5d933a5a94bb78ad4d48601c0132f7e0582e3ffa5c8ad622ff6bca

Download Submit
C:\Users\Admin\AppData\Local\Temp\Indie

Filesize
8KB

MD5
22d90a7f00b0512f25fcb7b1a0ababc3

SHA1
420f8392132720756b483d623aac13b8259e1775

SHA256
53134c6985214fef5a9058313a3586e40e619d4a634e26266e5361c3becd29b2

SHA512
951a5390e090efd5f27bac77b26e53b08d30cdf2720f8704ab330e87286ea74c17e20057f6785ceba5d7fc2e4325c2f7e7436a71a2a2f125f3f6d0be9fe0a33a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Phrase

Filesize
52KB

MD5
3e74203ff4766b7b82493a277c124ea1

SHA1
a592e38a6b7910e437c9cb61b8e3780fad189b33

SHA256
a6f7b165ba65219b271648074a0443e1645a8a3d91944b545eedd7799dbb17c0

SHA512
7cce4185849dccc5949153891e60fe7e2cfe47d898f341807638e98775e61cf9208cc910d69d2de9a4a2cf1e7027b2d34757c6934804f93792a5108b2d662d72

Download Submit
C:\Users\Admin\AppData\Local\Temp\Rather

Filesize
50KB

MD5
57d0e3c109f9e8ae25de0d650b3bab3c

SHA1
ab12f80e028dd25501455d68f276f9c51a2bb62f

SHA256
dd16b624004392b1bb3fc672b8b2a36d2f96541a76f7bdb513e04dfb1d6e5f76

SHA512
8bf0d0af890966ad7cffada0dc4cc9c8bb0c5e163e76de6df9ce099198f9b689725cab180d4945c61a1978e37025d5f5130c14b03f3b73061349873e3951df79

Download Submit
C:\Users\Admin\AppData\Local\Temp\Reliable

Filesize
23KB

MD5
7033a92c1cfb9aee805f09f1ccb74190

SHA1
a4b4f32cf285c85403b96c571524dc931daa8e15

SHA256
5fe9d9197f982a52745d8381642adc3cc4bc78bc3feb266bd4e52b94e5539b73

SHA512
7c25780bbbdacb3430f9b68a953d66f639c3e18503d88ae74766037ebd4ffa79478c378c72344b86e85603868c8b801c6ee5b3018f1a560a7da02a366e38721b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Sample

Filesize
59KB

MD5
b7f18c118bd1b2aeb7e95aaa9493aa51

SHA1
d33fd6194b3c8e4084bb51a061cf61f6d2787ecf

SHA256
79dab4179660dcafd6064f671d62895721b5bdb245daf1a8c08b89b14552ef8d

SHA512
2d9df105fc354cb87f852ba635abb088429b18f9cede0484beb175a316244867af4d9bd5d2dbb52722d108589b4d95b632cbf763c6a5a9aff1908e581d5be9d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\San

Filesize
67KB

MD5
37d12dce6a6bef5422c13f7e818486e7

SHA1
ea1268c689eda516b0d5e8be56b09795bc4e22ec

SHA256
2245d6d07011597839a865ed434766cb9ff0dd2528003cd9d1f6e937faa495d9

SHA512
e506d90b028c354c551375519614d98b82febfacc09e3af90af2f6620a30fe3ac50f51a5a93a596a023cc5fe4c562df7d21be8b323298dbc47c3a856dd7def92

Download Submit
C:\Users\Admin\AppData\Local\Temp\Stylish

Filesize
63KB

MD5
f7441eb161bbdd0173d08acdb5f8635e

SHA1
60b90c5b85ccd939ce5fd7cba1dcaf9bc78246d3

SHA256
df1f774318647696e7d2b2e3a181e87edafb46542d297b673af17389908e90d1

SHA512
7f70db584c0e622b6c675d6abcf5ec87e508d42593be9f1948aada4b8cf8c69fb2a3136e5421393541f666ec92f58213d55bc960747061386c74ff7c0c6142a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Swift

Filesize
14KB

MD5
1a0860bb6b613b729682b244eb7a6766

SHA1
7002cbbcce8f02daaf8ea9e554b55cad1b1fd138

SHA256
a9cb3914c8ee0f57e06386039df9b5a1166c92403dedc6b3507e634981d06460

SHA512
8ebc526ad821a2922b2fa1f77abf51a949118659d66d408b39355517bbfe3ff0e98e874ecd4a39d2dfe2214559f28f72c9a060bf09189fdd4f2a90dc7f43a903

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar8417.tmp

Filesize
160KB

MD5
7186ad693b8ad9444401bd9bcd2217c2

SHA1
5c28ca10a650f6026b0df4737078fa4197f3bac1

SHA256
9a71fa0cb44aa51412b16a0bf83a275977ba4e807d022f78364338b99b3a3eed

SHA512
135be0e6370fd057762c56149526f46bf6a62fb65ef5b3b26ae01fa07b4c4e37188e203bd3812f31e260ec5cccff5924633dd55ab17e9fa106479783c2fb212b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Taylor

Filesize
67KB

MD5
0f4b6005e30479a8c1948b6d07d5ad34

SHA1
09c7d4b5a634e839cdc2b0616cb6a91de01f1976

SHA256
0e4d37cfd1084624311deca479198e4820bbeef1c774c97e508f233aa4386c55

SHA512
828fb65de99b0262dd50cccff3b02015a74c71e13ad125d14b058e4fc9763376349c8267afeb41fd79513f617533d34df4f6d1eb8fa306efff8828ad361bcf93

Download Submit
C:\Users\Admin\AppData\Local\Temp\Thereof

Filesize
32KB

MD5
2d5a29eeaca40b1a6b9cc7ce2e526854

SHA1
34bed3e88c4f9250c8931f684a4742dd2a9ef83e

SHA256
1cca99cb94e5fb5fbc7b3fece3f301bd97a92352c913e734fb57a9f09f38ae42

SHA512
6bcd7e6085e28559f0de9783a8330c576de38741153f371739a0c763a4e276a16750dd6b095c80ed0acb35fcb0f741317b92b32c417f86c50be12d4867be3fce

Download Submit
C:\Users\Admin\AppData\Local\Temp\Trouble

Filesize
23KB

MD5
5e1c22c60b7a7081aa8b16de36b7d0a4

SHA1
3b30c924f4d64032eba32e3bca02d740412308b8

SHA256
4229120b52e56571414adf955235d9827e28e838424002a857bd1d64bcdaeec9

SHA512
947f8255ab43f7a15794c89b9d73bec50e04f4e8d49f625065520b19b0a490a0fc2e1ea6747fe60d9ff1b0507b8624003f88568aab3878a49a6df4d8e7d17e47

Download Submit
C:\Users\Admin\AppData\Local\Temp\Twin

Filesize
18KB

MD5
71a1470a625aa7a05389dd57460e27b7

SHA1
e363906b9f7becfc225c363f2cfafa46c653847e

SHA256
a1b296ab33e4efafc97a3b8e9661bb0614b96054313afca9a87f5b529ccacd28

SHA512
3e52ca9e5971638af5838395ea418f1708ec6a3734275d2c4b1b6830d683b306c5883366fbf34cb88d3bb3df20868585d5e4d87edc07666378abdfc9274414b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Var

Filesize
143B

MD5
4a423ebfd69a4948100722cc38617394

SHA1
dc253cb051cf163d380644ca97c48f8d1d1a6b88

SHA256
956e68d47ab02037bc8edc6e5d47189e33dd1b5f54fe7af706b31c5d442790bb

SHA512
890a67c0248e82e89f1e52c82e85cbd2ac86d2638f1280e3b6f490a09334a3c5f380949860800d03ed93385569b223c838b4ad3c7494716463d88e05368b0610

Download Submit
C:\Users\Admin\AppData\Local\Temp\Vietnamese

Filesize
23KB

MD5
9fa229622a0758fe4663f9a7243a45b9

SHA1
5c2d4fd7dd6389f94659cbcd24b706e46d5dbfc2

SHA256
8f9a8a06291f193fa485eeb0ed6be096d80b5a38a7561ef15196debe53c137de

SHA512
b7a40ac2f09c35ef0aaf13566b658671308ba6976cfa37ffa45c867c3284b11531aa63755002d18dfb976dae8ba1811540554277007dab136977cede008b7949

Download Submit
C:\Users\Admin\AppData\Local\Temp\Wings

Filesize
20KB

MD5
fa1871d85599d88236acbdfe1b1b579e

SHA1
6869d1075c133d57abd57ce7b3e7a750f2b538ec

SHA256
1225c40e861f3b62f11a66a464d0276228d0602806d745eae8c290ace166f590

SHA512
b4ca17739a39d97b6cbca29f7e647e1679c7c3094c9067ee2d6f781e9f617dce6d9d47b10884fa6189267b4d7af7f20e178c459da9462305e64c17c1937957ed

Download Submit
C:\Users\Admin\Downloads\GmAlpHflKOY.zip

Filesize
8.5MB

MD5
7d16fb3bc0af9f83103373d43d7018c9

SHA1
1d1e700a00553a11315675f8ebfb0c92cae7b6e1

SHA256
86a34f6884c993b11cb28b4ed8257dc3cc6862e321c5ac30c17db94215b2b128

SHA512
23c25075908cc539c49c76b91f11d52a4acefd2a657d1505377f34fcc9c49a985072c9740f195172afa1eba01fe1baddfa6b092c77a99e26bc37280c4e841a45

Download Submit
\??\pipe\crashpad_2796_ZHRMOHXSEHGXOOUK

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\Users\Admin\AppData\Local\Temp\294265\Type.pif

Filesize
915KB

MD5
b06e67f9767e5023892d9698703ad098

SHA1
acc07666f4c1d4461d3e1c263cf6a194a8dd1544

SHA256
8498900e57a490404e7ec4d8159bee29aed5852ae88bd484141780eaadb727bb

SHA512
7972c78acebdd86c57d879c12cb407120155a24a52fda23ddb7d9e181dd59dac1eb74f327817adbc364d37c8dc704f8236f3539b4d3ee5a022814924a1616943

Download Submit
memory/2160-8-0x000007FEF5210000-0x000007FEF5BAD000-memory.dmp

Filesize
9.6MB

Download
memory/2160-5-0x000000001B670000-0x000000001B952000-memory.dmp

Filesize
2.9MB

Download
memory/2160-9-0x000007FEF5210000-0x000007FEF5BAD000-memory.dmp

Filesize
9.6MB

Download
memory/2160-10-0x000007FEF5210000-0x000007FEF5BAD000-memory.dmp

Filesize
9.6MB

Download
memory/2160-11-0x000007FEF5210000-0x000007FEF5BAD000-memory.dmp

Filesize
9.6MB

Download
memory/2160-6-0x00000000027F0000-0x00000000027F8000-memory.dmp

Filesize
32KB

Download
memory/2160-4-0x000007FEF54CE000-0x000007FEF54CF000-memory.dmp

Filesize
4KB

Download
memory/2160-7-0x000007FEF5210000-0x000007FEF5BAD000-memory.dmp

Filesize
9.6MB

Download