Analysis

  • max time kernel
    411s
  • max time network
    336s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29-06-2024 08:44

General

  • Target

    Setup.exe

  • Size

    675.4MB

  • MD5

    14cf56e3094e94a6bcd9f1b18c2e9726

  • SHA1

    b4d6a5f8f6cc0429c02d5b9d0be1e29172010d3c

  • SHA256

    e42c58c29931bee78061436503afbbef40e74c43da2c6291e0e09213add1c5e6

  • SHA512

    122f873501c376615139f7387c33cc533b83af4555f92fe0c09fcca837fdc1f3af2a3659f44c037748b06c613d014160304cf487eb68c154086f0d3749292e65

  • SSDEEP

    196608:L0bq45mmYPrOLaxhyEjILWjDLGfCYZmJu9JgU04IcW7fIxOntw93/sDF1kIQyXjX:obq4o3jOLaXILWfSbg

Malware Config

Extracted

Family

vidar

C2

https://t.me/g067n

https://steamcommunity.com/profiles/76561199707802586

Attributes
  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:129.0) Gecko/20100101 Firefox/129.0

Signatures

  • Detect Vidar Stealer 11 IoCs
  • Stealc

    Stealc is an infostealer written in C++.

  • Vidar

    Vidar is an infostealer based on Arkei stealer.

  • Downloads MZ/PE file
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 6 IoCs
  • Reads data files stored by FTP clients 2 TTPs

    Tries to access configuration files associated with programs like FileZilla.

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Checks whether UAC is enabled 1 TTPs 2 IoCs
  • Suspicious use of SetThreadContext 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 4 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Delays execution with timeout.exe 1 IoCs
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 6 IoCs
  • Opens file in notepad (likely ransom note) 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 6 IoCs
  • Suspicious behavior: MapViewOfSection 4 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 64 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Setup.exe
    "C:\Users\Admin\AppData\Local\Temp\Setup.exe"
    1⤵
    • Checks whether UAC is enabled
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:4812
    • C:\Users\Admin\AppData\Local\Temp\nodealt\JRWeb.exe
      C:\Users\Admin\AppData\Local\Temp\nodealt\JRWeb.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2992
      • C:\Users\Admin\AppData\Roaming\nodealt\JRWeb.exe
        C:\Users\Admin\AppData\Roaming\nodealt\JRWeb.exe
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious use of SetThreadContext
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: MapViewOfSection
        • Suspicious use of WriteProcessMemory
        PID:3484
        • C:\Windows\SysWOW64\more.com
          C:\Windows\SysWOW64\more.com
          4⤵
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious behavior: MapViewOfSection
          • Suspicious use of WriteProcessMemory
          PID:1608
          • C:\Users\Admin\AppData\Local\Temp\VIDA.au3
            C:\Users\Admin\AppData\Local\Temp\VIDA.au3
            5⤵
            • Checks computer location settings
            • Loads dropped DLL
            • Checks processor information in registry
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious behavior: GetForegroundWindowSpam
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:4188
            • C:\Windows\SysWOW64\cmd.exe
              "C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\FIIEHJDBKJKE" & exit
              6⤵
              • Suspicious use of WriteProcessMemory
              PID:2976
              • C:\Windows\SysWOW64\timeout.exe
                timeout /t 10
                7⤵
                • Delays execution with timeout.exe
                PID:2428
  • C:\Windows\system32\taskmgr.exe
    "C:\Windows\system32\taskmgr.exe" /4
    1⤵
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:4696
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:1560
    • C:\Program Files\7-Zip\7zFM.exe
      "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\VIDA.au3"
      1⤵
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      PID:4952
    • C:\Windows\system32\OpenWith.exe
      C:\Windows\system32\OpenWith.exe -Embedding
      1⤵
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4504
      • C:\Windows\system32\NOTEPAD.EXE
        "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\7zO853C9C29\1000
        2⤵
          PID:2720
      • C:\Windows\system32\OpenWith.exe
        C:\Windows\system32\OpenWith.exe -Embedding
        1⤵
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:3816
        • C:\Windows\system32\NOTEPAD.EXE
          "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\7zO85363799\166
          2⤵
            PID:3640
        • C:\Windows\system32\OpenWith.exe
          C:\Windows\system32\OpenWith.exe -Embedding
          1⤵
          • Modifies registry class
          • Suspicious behavior: GetForegroundWindowSpam
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:4232
          • C:\Windows\system32\NOTEPAD.EXE
            "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\7zO853C3A4A\.text
            2⤵
              PID:2728
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe"
            1⤵
            • Enumerates system info in registry
            • Modifies data under HKEY_USERS
            • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:2388
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fffd4c4ab58,0x7fffd4c4ab68,0x7fffd4c4ab78
              2⤵
                PID:4832
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1712 --field-trial-handle=1932,i,17058151714064643761,1318385114835449948,131072 /prefetch:2
                2⤵
                  PID:3580
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1932,i,17058151714064643761,1318385114835449948,131072 /prefetch:8
                  2⤵
                    PID:4772
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2304 --field-trial-handle=1932,i,17058151714064643761,1318385114835449948,131072 /prefetch:8
                    2⤵
                      PID:1988
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2884 --field-trial-handle=1932,i,17058151714064643761,1318385114835449948,131072 /prefetch:1
                      2⤵
                        PID:988
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2908 --field-trial-handle=1932,i,17058151714064643761,1318385114835449948,131072 /prefetch:1
                        2⤵
                          PID:2152
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4392 --field-trial-handle=1932,i,17058151714064643761,1318385114835449948,131072 /prefetch:1
                          2⤵
                            PID:2936
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4528 --field-trial-handle=1932,i,17058151714064643761,1318385114835449948,131072 /prefetch:8
                            2⤵
                              PID:4916
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4672 --field-trial-handle=1932,i,17058151714064643761,1318385114835449948,131072 /prefetch:8
                              2⤵
                                PID:3396
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4608 --field-trial-handle=1932,i,17058151714064643761,1318385114835449948,131072 /prefetch:8
                                2⤵
                                  PID:3792
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4844 --field-trial-handle=1932,i,17058151714064643761,1318385114835449948,131072 /prefetch:8
                                  2⤵
                                    PID:3920
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5008 --field-trial-handle=1932,i,17058151714064643761,1318385114835449948,131072 /prefetch:8
                                    2⤵
                                      PID:3964
                                    • C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
                                      "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --reenable-autoupdates --system-level
                                      2⤵
                                        PID:3180
                                        • C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
                                          "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x254,0x258,0x25c,0x230,0x260,0x7ff68513ae48,0x7ff68513ae58,0x7ff68513ae68
                                          3⤵
                                            PID:1756
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4516 --field-trial-handle=1932,i,17058151714064643761,1318385114835449948,131072 /prefetch:1
                                          2⤵
                                            PID:4516
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4844 --field-trial-handle=1932,i,17058151714064643761,1318385114835449948,131072 /prefetch:1
                                            2⤵
                                              PID:1528
                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3600 --field-trial-handle=1932,i,17058151714064643761,1318385114835449948,131072 /prefetch:1
                                              2⤵
                                                PID:4928
                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3588 --field-trial-handle=1932,i,17058151714064643761,1318385114835449948,131072 /prefetch:1
                                                2⤵
                                                  PID:5032
                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5148 --field-trial-handle=1932,i,17058151714064643761,1318385114835449948,131072 /prefetch:1
                                                  2⤵
                                                    PID:1896
                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5260 --field-trial-handle=1932,i,17058151714064643761,1318385114835449948,131072 /prefetch:1
                                                    2⤵
                                                      PID:1684
                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5308 --field-trial-handle=1932,i,17058151714064643761,1318385114835449948,131072 /prefetch:1
                                                      2⤵
                                                        PID:788
                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5444 --field-trial-handle=1932,i,17058151714064643761,1318385114835449948,131072 /prefetch:1
                                                        2⤵
                                                          PID:2488
                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5496 --field-trial-handle=1932,i,17058151714064643761,1318385114835449948,131072 /prefetch:1
                                                          2⤵
                                                            PID:4476
                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5504 --field-trial-handle=1932,i,17058151714064643761,1318385114835449948,131072 /prefetch:1
                                                            2⤵
                                                              PID:4596
                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5520 --field-trial-handle=1932,i,17058151714064643761,1318385114835449948,131072 /prefetch:1
                                                              2⤵
                                                                PID:1136
                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6060 --field-trial-handle=1932,i,17058151714064643761,1318385114835449948,131072 /prefetch:1
                                                                2⤵
                                                                  PID:4708
                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5796 --field-trial-handle=1932,i,17058151714064643761,1318385114835449948,131072 /prefetch:1
                                                                  2⤵
                                                                    PID:1160
                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6596 --field-trial-handle=1932,i,17058151714064643761,1318385114835449948,131072 /prefetch:8
                                                                    2⤵
                                                                      PID:1020
                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=5576 --field-trial-handle=1932,i,17058151714064643761,1318385114835449948,131072 /prefetch:1
                                                                      2⤵
                                                                        PID:5568
                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=6032 --field-trial-handle=1932,i,17058151714064643761,1318385114835449948,131072 /prefetch:1
                                                                        2⤵
                                                                          PID:5808
                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=5312 --field-trial-handle=1932,i,17058151714064643761,1318385114835449948,131072 /prefetch:1
                                                                          2⤵
                                                                            PID:6092
                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=4680 --field-trial-handle=1932,i,17058151714064643761,1318385114835449948,131072 /prefetch:1
                                                                            2⤵
                                                                              PID:6128
                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3620 --field-trial-handle=1932,i,17058151714064643761,1318385114835449948,131072 /prefetch:8
                                                                              2⤵
                                                                                PID:5196
                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5388 --field-trial-handle=1932,i,17058151714064643761,1318385114835449948,131072 /prefetch:8
                                                                                2⤵
                                                                                  PID:5200
                                                                              • C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
                                                                                "C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
                                                                                1⤵
                                                                                  PID:3820
                                                                                • C:\Users\Admin\AppData\Local\Temp\Setup.exe
                                                                                  "C:\Users\Admin\AppData\Local\Temp\Setup.exe"
                                                                                  1⤵
                                                                                  • Checks whether UAC is enabled
                                                                                  PID:2300
                                                                                  • C:\Users\Admin\AppData\Local\Temp\nodealt\JRWeb.exe
                                                                                    C:\Users\Admin\AppData\Local\Temp\nodealt\JRWeb.exe
                                                                                    2⤵
                                                                                    • Executes dropped EXE
                                                                                    • Loads dropped DLL
                                                                                    PID:5880
                                                                                    • C:\Users\Admin\AppData\Roaming\nodealt\JRWeb.exe
                                                                                      C:\Users\Admin\AppData\Roaming\nodealt\JRWeb.exe
                                                                                      3⤵
                                                                                      • Executes dropped EXE
                                                                                      • Loads dropped DLL
                                                                                      • Suspicious use of SetThreadContext
                                                                                      • Suspicious behavior: MapViewOfSection
                                                                                      PID:5044
                                                                                      • C:\Windows\SysWOW64\more.com
                                                                                        C:\Windows\SysWOW64\more.com
                                                                                        4⤵
                                                                                        • Suspicious behavior: MapViewOfSection
                                                                                        PID:4364
                                                                                        • C:\Users\Admin\AppData\Local\Temp\VIDA.au3
                                                                                          C:\Users\Admin\AppData\Local\Temp\VIDA.au3
                                                                                          5⤵
                                                                                          • Loads dropped DLL
                                                                                          • Checks processor information in registry
                                                                                          PID:536
                                                                                • C:\Windows\system32\OpenWith.exe
                                                                                  C:\Windows\system32\OpenWith.exe -Embedding
                                                                                  1⤵
                                                                                  • Modifies registry class
                                                                                  • Suspicious behavior: GetForegroundWindowSpam
                                                                                  • Suspicious use of SetWindowsHookEx
                                                                                  PID:4912
                                                                                  • C:\Windows\system32\NOTEPAD.EXE
                                                                                    "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\3777294602\payload.dat
                                                                                    2⤵
                                                                                    • Opens file in notepad (likely ransom note)
                                                                                    PID:3604

                                                                                Network

                                                                                MITRE ATT&CK Enterprise v15

                                                                                Replay Monitor

                                                                                Loading Replay Monitor...

                                                                                Downloads

                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000024

                                                                                  Filesize

                                                                                  16KB

                                                                                  MD5

                                                                                  40faa0c4150091170644046bbe98ca75

                                                                                  SHA1

                                                                                  d07b30afeaad31c52a1e9dcc2b5362065cc46625

                                                                                  SHA256

                                                                                  c3973eeb11e12431e06d1ef84661ade738e2f9d653e09bb1882dfdee5f887158

                                                                                  SHA512

                                                                                  afa3bf63f9211982ff39b058d0dc8b5ade5339ed68615df5f0c16477dac454897dc1d61e67d78ef1191c1f5859407828d297a5102ee7f28addd10449fd07c85d

                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002d

                                                                                  Filesize

                                                                                  27KB

                                                                                  MD5

                                                                                  70dc4f19424ed6d1eb3edf2e3acffdfe

                                                                                  SHA1

                                                                                  f5e03c8717997457ab5875098caf342e959c52fb

                                                                                  SHA256

                                                                                  4f0529047afe2ad52d6b531440745c009727a374b0302784e5993ad85b3030c5

                                                                                  SHA512

                                                                                  92d0562b604a951bcfcea32569343eeee2c400149faa84375b8eab5f4432bf97bb833b5f9c7c287b1f8f1a330bda52cc9a5868cd35a56789beb7ffc1e9cf7580

                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\77d99218742b4b32_0

                                                                                  Filesize

                                                                                  245B

                                                                                  MD5

                                                                                  d703180b6eebf6528a92f779f435f5e0

                                                                                  SHA1

                                                                                  0b71ce956734835065df57b1b307f03d683b55f2

                                                                                  SHA256

                                                                                  8b84bc47fb5fe3546a684b849c6c609ebbfda5120d6d88bd04785eb01e8d14f9

                                                                                  SHA512

                                                                                  0ce7386b7807d6b78c11f875914243a10262e773e1efd753e02cbbf2e435ca5c6cb6ac4b093ccef99408537a62503d83e99f0478bc57e78352e3137c594c9f94

                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\77d99218742b4b32_0

                                                                                  Filesize

                                                                                  293B

                                                                                  MD5

                                                                                  1b9a7734607e6ec54212eaf0fa05c0c8

                                                                                  SHA1

                                                                                  b0a1edd285bc7b42a393da4ea2d995a37e0f383f

                                                                                  SHA256

                                                                                  0252dc7b19350a0d41b2525023a71683ec89dd5dc5c05f38af3a32ac7697ee76

                                                                                  SHA512

                                                                                  39a9c55422086ac2f32a9b99d414d76977500f58d717ecef27fbc49c34560c492a2cbf5c28a2ec8249a9652d07961a80f094ee4d256720c21396716f69b6c1ec

                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\7e11be7244f38434_0

                                                                                  Filesize

                                                                                  271B

                                                                                  MD5

                                                                                  b88f0a471c25f8ea407ca6aa92f607e0

                                                                                  SHA1

                                                                                  be034b90ced5283d56d4a5d3bc8e3fb9f176d40c

                                                                                  SHA256

                                                                                  336b948be4ae73a825017966e977c2f34e3ca686f2e2b1dabf3ad28f4a9eb842

                                                                                  SHA512

                                                                                  f980bbb91ca0450fd777f6cec1717efc32f5f3d8138c8f783b68ca399ccf90529aa546d1018834d60aa79901aeaab40200d56cbed9619cd0f16743213dc862f7

                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\83d3881891293a9e_0

                                                                                  Filesize

                                                                                  33KB

                                                                                  MD5

                                                                                  a5a1532990497f13dc8ee42f26fe3e26

                                                                                  SHA1

                                                                                  a4d6584bc2fe40130dfc2f13df7b3dc0055d44fa

                                                                                  SHA256

                                                                                  8b9abb9c5dcb83c9b9992c223aa08be98ddd89aec669df3f45e8c74a0c2a0631

                                                                                  SHA512

                                                                                  a31b52f01a4f1ff5acfc4bf1fdde6124676616ca0234bf6ec9e1e91136b3321bf9b2ee381c5f478fa2c61224be5a911bb292782fd0f0f290c49eaa880501b6d4

                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\9862a3cb91851f34_0

                                                                                  Filesize

                                                                                  62KB

                                                                                  MD5

                                                                                  23a2e22d42ebade53e3044674237b7e7

                                                                                  SHA1

                                                                                  fa04df9948afc3d01088c85749eacffdf5083f66

                                                                                  SHA256

                                                                                  90294bb3229a5ca92414704471b54b8c1d0d5e7f24a5431a4c89f02668eaf2e3

                                                                                  SHA512

                                                                                  efa431b2a422280b76e245daa8fd7ef3e5010d8877209ecd161b06de865d1b30e0893c75808193202b5cdf9b77518ab4b7b954f40f5aa0fc41c78ed32639d1d1

                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                  Filesize

                                                                                  1KB

                                                                                  MD5

                                                                                  576b26c57518470f7344d141cee98428

                                                                                  SHA1

                                                                                  bcd75f91718dd7b93d444d92b98749b9537a4516

                                                                                  SHA256

                                                                                  d3b49023c2024b8359c2565f5a20edb0a4a80ba474c2af159a256992def95bcd

                                                                                  SHA512

                                                                                  bd09350c9166f1d7cdadb12fe5bd3b59bb8e450f69af36fdfec3a8af69b01d7082a13e5eda47864dc44ed77275f64bf2967da2f3974d6e03fea3bc1561b10871

                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

                                                                                  Filesize

                                                                                  264KB

                                                                                  MD5

                                                                                  503d466cc0bc9f3a37addf47fd9cfec7

                                                                                  SHA1

                                                                                  7cc760121a736ca811fd59833b23a015cb0ff1f3

                                                                                  SHA256

                                                                                  e66ccfbee3168dde480eebbf093e467afe015ae16aa5740fdd8502303893e733

                                                                                  SHA512

                                                                                  954ad87ee8aff66819135eae27a0366ea970a7c3190577986b5bac21c123b49412612e31e43aa6f761ae13218fa81b0f30bdc71c3d2e33100e30cf0cf8ced66d

                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                                  Filesize

                                                                                  14KB

                                                                                  MD5

                                                                                  34c11a90c51e8fd37353e06faeb7d07c

                                                                                  SHA1

                                                                                  4983e2c589f5bf4985366d5354da5e7a50abfcaa

                                                                                  SHA256

                                                                                  bbaa3a98acceb581ec8695e4b37198a45ae7822dff881e211ff2141852816ee2

                                                                                  SHA512

                                                                                  1a892c7513d7297ec05cb9dfb34a689af865e2e8f817d7ea6a7b09d60347f20e2b3e9bb1c80ecf0e00fff9259e8ac56f8928526ebe75336819945c5d9cbbddd3

                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                                                                                  Filesize

                                                                                  2B

                                                                                  MD5

                                                                                  d751713988987e9331980363e24189ce

                                                                                  SHA1

                                                                                  97d170e1550eee4afc0af065b78cda302a97674c

                                                                                  SHA256

                                                                                  4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                                                  SHA512

                                                                                  b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                  Filesize

                                                                                  4KB

                                                                                  MD5

                                                                                  5c20d98852edde46a39457a70f312b93

                                                                                  SHA1

                                                                                  96ff8f9b49843a3df7b56efb1abdcba7f5a28606

                                                                                  SHA256

                                                                                  8fb40f970619a4e7c08ff9786f3070c31e8dceb0ce9a1e0dd296d111352d0ebf

                                                                                  SHA512

                                                                                  d3ff5493f546bf62ee414166bb0ea05bf31ec494e886b938430f72e16f9674ba5e1a46a7752c39bb523bd0ca944f4912ca1cbd546609507b69dfbb309ecea89f

                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                  Filesize

                                                                                  1KB

                                                                                  MD5

                                                                                  439f3f4ea1ea41c93de91b22860cfaf1

                                                                                  SHA1

                                                                                  c25ffcb0af08610748a1dfa66e858aa7acc168cd

                                                                                  SHA256

                                                                                  83771f49e9f3f39882c3d6915be7f31157c14faf86e7cd175d156efb16334f56

                                                                                  SHA512

                                                                                  248662f2eff76a101b648ff26d30659e14318104e78f751ff75200ceeaf693482be16f82cffbf3bf483e1ce5d11ba909844a7da27d3eb5752220453e9d90a759

                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                  Filesize

                                                                                  356B

                                                                                  MD5

                                                                                  0f2c410b3a5cdff1c2ba1d4e0b663efa

                                                                                  SHA1

                                                                                  6fdbc459b9c01dbdd06ba524382682b7351bb67d

                                                                                  SHA256

                                                                                  10c9166100202e21dd0eeda2cc9dfab0edb94c993404e47f62f02dddaf02c511

                                                                                  SHA512

                                                                                  45df9113a4d5bc48dcb443ec02c6db20ce2effc30a1c1d1fa7359121065bcc66255778831145ad36551a406c09c10cbe5081befacb010aa7b9a79a7653c70250

                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                  Filesize

                                                                                  4KB

                                                                                  MD5

                                                                                  ad44178267f5212293b130198eaf572b

                                                                                  SHA1

                                                                                  3d69ae5b6a17bb65e398fdeaa3968e7c253af8c3

                                                                                  SHA256

                                                                                  2be3fe51a8e00855a5ce73d6ca124aaef702aca38e90aee897f6939bb31e4a10

                                                                                  SHA512

                                                                                  11059ee9068852207f43759e67529babdb0606a7026cabcf335da6050f413fe23f3251678e804cab156c9f085e216f0fee927dff22ee951b72638a04d3fc2675

                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                  Filesize

                                                                                  7KB

                                                                                  MD5

                                                                                  a7763d34a229f9ce1ef0e6ed314f8028

                                                                                  SHA1

                                                                                  9dbbfd776de48bdf9bcaf2e9d523b8480787b2f1

                                                                                  SHA256

                                                                                  f2c6220beadb0f9946c612f95f5ecb896c1e899a790b8862b88aef9322a50522

                                                                                  SHA512

                                                                                  3eded09ba9f3adbdd3163049f582b385b985d0860120b9f883a8981502e32ac5dac1c9f0810edb98b49ce3b8daa68483ac6d46b0d8acfd877d0f1d1639e440ef

                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                  Filesize

                                                                                  8KB

                                                                                  MD5

                                                                                  a9d22116f161bb12796e5f0009fe957e

                                                                                  SHA1

                                                                                  9be9fcef2ac34009869672fc8c26281f27b35f3d

                                                                                  SHA256

                                                                                  704ca1c9949225e3f77d3eec752b164b2bfb832d527662c1e340856afe3bb308

                                                                                  SHA512

                                                                                  416fb1c64b5be7c1b7cf052a5bd1463e5fa3f79529f82810dc52314aa1c3b329e3d779d47f87d3b8ded7e92db2f07e82b81d5b0349e336d67a4e5191fa979e06

                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                  Filesize

                                                                                  6KB

                                                                                  MD5

                                                                                  953a4e7fefa59d685da2d1a775f4957d

                                                                                  SHA1

                                                                                  0cea014f45fc2e911e867902543419cb9d5d73ca

                                                                                  SHA256

                                                                                  20e664922fd077e46d96a4b6c26b3537b9c9d7d0a55553d1eb1d2222fe136f9f

                                                                                  SHA512

                                                                                  e3dff04be50961665ccb0cc1e98f3c4faec40a5f5720872ec09e35ee3a4b586e7c61df26e65ce9950ae7ed75fb1a692b31ef190012a1e230072ea946a598b4fd

                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\e0f3c472-c8d6-4d5a-b048-e7182ad9b833.tmp

                                                                                  Filesize

                                                                                  16KB

                                                                                  MD5

                                                                                  1c6096632e720bae19f3c1a5850d2a98

                                                                                  SHA1

                                                                                  6520a437d89bda0991d7371807f7a5a61f2ecf1f

                                                                                  SHA256

                                                                                  5a2d35c511d0ea8179f3b71108a94d3b0959c792431d26247bcb5a2c8d70d3d4

                                                                                  SHA512

                                                                                  efcd7368f2774c00f49d709f35a6162362235aae3757fadeb8e998d8ea9878f2841bfb1e847c248cb26623884b2cfcdf8cf23596ee3e6094ec45e46fe383aa83

                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                  Filesize

                                                                                  281KB

                                                                                  MD5

                                                                                  d2df4aa4500c40cffb78e13083334c70

                                                                                  SHA1

                                                                                  2cf823d34cb368280a313f90003f08cd6629c6a1

                                                                                  SHA256

                                                                                  1c582620737fe82d6a484af61990c9c6aae1d7b2ba491db741e16da7429169af

                                                                                  SHA512

                                                                                  8ecd94045e73dc4aa4979d6a95582baeb0f2baaeb4ee295b57d28c49f1c6060125aa699c86c98e5c754e1ca80588d25183ca4fa446c681f7a9da1af1be525d9c

                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                  Filesize

                                                                                  281KB

                                                                                  MD5

                                                                                  bd53e7cf931a6e62def9dc032c8620ee

                                                                                  SHA1

                                                                                  e13084584fe4c9ab8cd45f62038512d75e9c5b46

                                                                                  SHA256

                                                                                  1ad10bad511013484c59553d7095d3ab9552e21cd1d9850d2c21ff1a6bf2f03f

                                                                                  SHA512

                                                                                  07e5cd5f85d61dd7b2cce0be9f4a90393b7d2edbc1e00d0002ca690af58151967e64bfcc33e52b22cb1e89b442a8b0a297eb69ff222a74748affc4950f639c4b

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\V54QW64X\sqlt[1].dll

                                                                                  Filesize

                                                                                  2.3MB

                                                                                  MD5

                                                                                  90e744829865d57082a7f452edc90de5

                                                                                  SHA1

                                                                                  833b178775f39675fa4e55eab1032353514e1052

                                                                                  SHA256

                                                                                  036a57102385d7f0d7b2deacf932c1c372ae30d924365b7a88f8a26657dd7550

                                                                                  SHA512

                                                                                  0a2d112ff7cb806a74f5ec17fe097d28107bb497d6ed5ad28ea47e6795434ba903cdb49aaf97a9a99c08cd0411f1969cad93031246dc107c26606a898e570323

                                                                                • C:\Users\Admin\AppData\Local\Temp\7zO85363799\166

                                                                                  Filesize

                                                                                  80B

                                                                                  MD5

                                                                                  8140596ab00b98a11c13e6977d2d0977

                                                                                  SHA1

                                                                                  58abc231c2b5ac778a543a5dffcfabe867a6758d

                                                                                  SHA256

                                                                                  54f5e2ecbfc4f87380ca7466337676b99d0c4a21f806cf83f69fd48934c857ab

                                                                                  SHA512

                                                                                  ba6525eee05af1251d92c55d302cd8efa36873128857ca7244e8766f267249878ae0a9d6ac42ec74099606f3708e7eda171eadb037880b2518ce0f934d5e174f

                                                                                • C:\Users\Admin\AppData\Local\Temp\7zO853C3A4A\.text

                                                                                  Filesize

                                                                                  570KB

                                                                                  MD5

                                                                                  37545704cd94410041e41f7b2d95d901

                                                                                  SHA1

                                                                                  8e9612760cf3d292149679485dc68b3033c590e4

                                                                                  SHA256

                                                                                  e5852635547d75252b6415bc614590e9c288d264e1e8cb6e19aff7568fa6aa01

                                                                                  SHA512

                                                                                  4b95cbd1ccb2a5d4ec3d6d843e20dc2ef7e9c9a90f051b20f3ebe6a4e8d112873ddd21533f1dc99a7dc5dbfe4f887c65c3fbdf929e95fa58585beb3ea65dbac2

                                                                                • C:\Users\Admin\AppData\Local\Temp\7zO853C9C29\1000

                                                                                  Filesize

                                                                                  252B

                                                                                  MD5

                                                                                  08e5fdcbcb2ab21352c8fc0e05b07ddb

                                                                                  SHA1

                                                                                  25d4fcfaba7226a6b786bba3bcbad3ed7391b385

                                                                                  SHA256

                                                                                  7de7438fb4425f608109111fdce25be7d2381938f6c5984bcfb14b3b88e9c883

                                                                                  SHA512

                                                                                  9d9b269ebca11f9fd72836761131141239e406d741155e0621f80046e6919cacf17da58b6a006f6737784d4a7c0b9572eaaedd9e721a55bbaab8fc2b2afb18c9

                                                                                • C:\Users\Admin\AppData\Local\Temp\c3158179

                                                                                  Filesize

                                                                                  1.7MB

                                                                                  MD5

                                                                                  5f0f5d62d37f3678d3e10e85b9588ecb

                                                                                  SHA1

                                                                                  b0a219b49e24939017959c1f5545b02abb23a62b

                                                                                  SHA256

                                                                                  d9e370f998611db2e9095f7dae91293aa7971e7ef2c01d976ab2ae9a3112973b

                                                                                  SHA512

                                                                                  ca0ccabbb6f8641c9cd880481df2ef08060b308ef7db1d1bc78c7a0f1e750ad18a0875c714ef2f0f3cd89000db4004f4114486dfd8a7ded286327df2ab213999

                                                                                • C:\Users\Admin\AppData\Local\Temp\f0fc3379

                                                                                  Filesize

                                                                                  2.7MB

                                                                                  MD5

                                                                                  269b7fe84066adeabdc1ccf7b8d0641a

                                                                                  SHA1

                                                                                  1148ecb7e08a4ad4f334d524b348c2dea033120a

                                                                                  SHA256

                                                                                  7c654bff9135e6b86c1aa7c40e29c704dea1945c96a559169bfc3300191b180d

                                                                                  SHA512

                                                                                  a1e1a7885dde35f0aa7f003422ececa24bc8f8013252b527d1dc3dcb6ffd83cc29c7fd112942a4813e46ba2e5f276235569f282c74a9fe33aed5c001ab93eea3

                                                                                • C:\Users\Admin\AppData\Local\Temp\fa6bdcf1

                                                                                  Filesize

                                                                                  1.7MB

                                                                                  MD5

                                                                                  4aefc0b6ff2fe1864c229571ee703ff0

                                                                                  SHA1

                                                                                  3c6a2bd3d6399e373d8f9b32f181695bf0b0f9d9

                                                                                  SHA256

                                                                                  ee0769ed0429544c09ac64369f884d68773cf8347dfe6e4ae5e7de5037219b4a

                                                                                  SHA512

                                                                                  8b5a7d024729d5b4ce29a225cddbdf45d1cffb51be8323c2f2b3b0eec2c7fc15905302757d91667f8b182aaa1fca5f1bf3bfb120c03ad0ca14ea236e7d1ed92a

                                                                                • C:\Users\Admin\AppData\Local\Temp\nodealt\JRWeb.exe

                                                                                  Filesize

                                                                                  1.1MB

                                                                                  MD5

                                                                                  c047ae13fc1e25bc494b17ca10aa179e

                                                                                  SHA1

                                                                                  e293c7815c0eb8fbc44d60a3e9b27bd91b44b522

                                                                                  SHA256

                                                                                  6c30c8a2e827f48fcfc934dd34fb2cb10acb8747fd11faae085d8ad352c01fbf

                                                                                  SHA512

                                                                                  0cfb96d23b043bcb954cc307f85e5bbc349c0c8a0c6eaa335ea9a8fa19ce65b047f30ed0049562d40880400d4f70e3bb28975d6970f3ae4af6da1ba06e36d48c

                                                                                • C:\Users\Admin\AppData\Local\Temp\nodealt\WebView2Loader.dll

                                                                                  Filesize

                                                                                  157KB

                                                                                  MD5

                                                                                  4a99cb402c0d843b61a83015e0d3d731

                                                                                  SHA1

                                                                                  ac59e7722c85fef8050a715e6f4c3a3e5085d98e

                                                                                  SHA256

                                                                                  4ae3f7437a6991db64eac8e5d2fa02e9edce56ad98aaa273006963fed39548a8

                                                                                  SHA512

                                                                                  1eceb6ff5f53a98e61f21c90de9242e46c9607817eeb7ce77f500a5b225e123ac52b357c7729b334063cd8c8b37c2fbe38e76c1a5ee77244b176aa3e08d7eb18

                                                                                • C:\Users\Admin\AppData\Local\Temp\nodealt\butadiene.wav

                                                                                  Filesize

                                                                                  1.2MB

                                                                                  MD5

                                                                                  4f43217ff7e7fcb652b20534150b9f0d

                                                                                  SHA1

                                                                                  035e35018b9c88309c8fdd7edde4d3add42606b8

                                                                                  SHA256

                                                                                  223b47f477447d6584a7d27a10e92694a5a9c4c3823e126a2753a1e700128017

                                                                                  SHA512

                                                                                  e06b90045ad605de2fae14a65959e684d4a64a85dec8eedf26b179ca16d3d17601afa2766a4cbde4f2061f70ee99f4d9746d7edc1a0e93648abe366616560479

                                                                                • C:\Users\Admin\AppData\Local\Temp\nodealt\perfidy.svg

                                                                                  Filesize

                                                                                  65KB

                                                                                  MD5

                                                                                  d7046da347cd1c24f9af82a326413734

                                                                                  SHA1

                                                                                  a8ecd6cd212e0b866ef9611bf07b6826262da0c4

                                                                                  SHA256

                                                                                  580209f46352f01b832c81a836e72d05819d33502f51bdda6212eefe0b7675d6

                                                                                  SHA512

                                                                                  cd0327dce2c68ee800e204972a88afc30b59e93847a4837fb72ddb2ee0de73e40b8e4450d7f800d50adf239ee0bdf6a1818e21c05677d1893906fc898f59c9de

                                                                                • \??\c:\users\admin\appdata\local\temp\vida.au3

                                                                                  Filesize

                                                                                  872KB

                                                                                  MD5

                                                                                  c56b5f0201a3b3de53e561fe76912bfd

                                                                                  SHA1

                                                                                  2a4062e10a5de813f5688221dbeb3f3ff33eb417

                                                                                  SHA256

                                                                                  237d1bca6e056df5bb16a1216a434634109478f882d3b1d58344c801d184f95d

                                                                                  SHA512

                                                                                  195b98245bb820085ae9203cdb6d470b749d1f228908093e8606453b027b7d7681ccd7952e30c2f5dd40f8f0b999ccfc60ebb03419b574c08de6816e75710d2c

                                                                                • \??\pipe\crashpad_2388_URPHNPRSDLSJTPYW

                                                                                  MD5

                                                                                  d41d8cd98f00b204e9800998ecf8427e

                                                                                  SHA1

                                                                                  da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                                                  SHA256

                                                                                  e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                                                  SHA512

                                                                                  cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                                                                • memory/536-769-0x0000000000C00000-0x0000000000E49000-memory.dmp

                                                                                  Filesize

                                                                                  2.3MB

                                                                                • memory/536-757-0x0000000000C00000-0x0000000000E49000-memory.dmp

                                                                                  Filesize

                                                                                  2.3MB

                                                                                • memory/536-759-0x00007FFFF25B0000-0x00007FFFF27A5000-memory.dmp

                                                                                  Filesize

                                                                                  2.0MB

                                                                                • memory/536-771-0x000000001D070000-0x000000001D2CF000-memory.dmp

                                                                                  Filesize

                                                                                  2.4MB

                                                                                • memory/536-778-0x0000000000C00000-0x0000000000E49000-memory.dmp

                                                                                  Filesize

                                                                                  2.3MB

                                                                                • memory/1608-54-0x00000000755F0000-0x000000007576B000-memory.dmp

                                                                                  Filesize

                                                                                  1.5MB

                                                                                • memory/1608-52-0x00007FFFF25B0000-0x00007FFFF27A5000-memory.dmp

                                                                                  Filesize

                                                                                  2.0MB

                                                                                • memory/2300-720-0x00007FFFE3250000-0x00007FFFE33C2000-memory.dmp

                                                                                  Filesize

                                                                                  1.4MB

                                                                                • memory/2300-712-0x00007FF685A90000-0x00007FF686901000-memory.dmp

                                                                                  Filesize

                                                                                  14.4MB

                                                                                • memory/2300-718-0x00007FFFE3250000-0x00007FFFE33C2000-memory.dmp

                                                                                  Filesize

                                                                                  1.4MB

                                                                                • memory/2300-747-0x00007FFFE3250000-0x00007FFFE33C2000-memory.dmp

                                                                                  Filesize

                                                                                  1.4MB

                                                                                • memory/2992-35-0x00007FFFE3020000-0x00007FFFE3192000-memory.dmp

                                                                                  Filesize

                                                                                  1.4MB

                                                                                • memory/3484-46-0x00007FFFE3020000-0x00007FFFE3192000-memory.dmp

                                                                                  Filesize

                                                                                  1.4MB

                                                                                • memory/3484-49-0x00007FFFE3020000-0x00007FFFE3192000-memory.dmp

                                                                                  Filesize

                                                                                  1.4MB

                                                                                • memory/4188-66-0x0000000001800000-0x0000000001A49000-memory.dmp

                                                                                  Filesize

                                                                                  2.3MB

                                                                                • memory/4188-63-0x00007FFFF25B0000-0x00007FFFF27A5000-memory.dmp

                                                                                  Filesize

                                                                                  2.0MB

                                                                                • memory/4188-115-0x0000000001800000-0x0000000001A49000-memory.dmp

                                                                                  Filesize

                                                                                  2.3MB

                                                                                • memory/4188-114-0x0000000001800000-0x0000000001A49000-memory.dmp

                                                                                  Filesize

                                                                                  2.3MB

                                                                                • memory/4188-68-0x000000001B5E0000-0x000000001B83F000-memory.dmp

                                                                                  Filesize

                                                                                  2.4MB

                                                                                • memory/4188-107-0x0000000001800000-0x0000000001A49000-memory.dmp

                                                                                  Filesize

                                                                                  2.3MB

                                                                                • memory/4188-108-0x0000000001800000-0x0000000001A49000-memory.dmp

                                                                                  Filesize

                                                                                  2.3MB

                                                                                • memory/4188-117-0x0000000001800000-0x0000000001A49000-memory.dmp

                                                                                  Filesize

                                                                                  2.3MB

                                                                                • memory/4188-113-0x0000000001800000-0x0000000001A49000-memory.dmp

                                                                                  Filesize

                                                                                  2.3MB

                                                                                • memory/4188-61-0x0000000001800000-0x0000000001A49000-memory.dmp

                                                                                  Filesize

                                                                                  2.3MB

                                                                                • memory/4364-752-0x0000000075550000-0x00000000756CB000-memory.dmp

                                                                                  Filesize

                                                                                  1.5MB

                                                                                • memory/4364-751-0x00007FFFF25B0000-0x00007FFFF27A5000-memory.dmp

                                                                                  Filesize

                                                                                  2.0MB

                                                                                • memory/4696-11-0x000002A2E4800000-0x000002A2E4801000-memory.dmp

                                                                                  Filesize

                                                                                  4KB

                                                                                • memory/4696-7-0x000002A2E4800000-0x000002A2E4801000-memory.dmp

                                                                                  Filesize

                                                                                  4KB

                                                                                • memory/4696-12-0x000002A2E4800000-0x000002A2E4801000-memory.dmp

                                                                                  Filesize

                                                                                  4KB

                                                                                • memory/4696-0-0x000002A2E4800000-0x000002A2E4801000-memory.dmp

                                                                                  Filesize

                                                                                  4KB

                                                                                • memory/4696-2-0x000002A2E4800000-0x000002A2E4801000-memory.dmp

                                                                                  Filesize

                                                                                  4KB

                                                                                • memory/4696-1-0x000002A2E4800000-0x000002A2E4801000-memory.dmp

                                                                                  Filesize

                                                                                  4KB

                                                                                • memory/4696-10-0x000002A2E4800000-0x000002A2E4801000-memory.dmp

                                                                                  Filesize

                                                                                  4KB

                                                                                • memory/4696-6-0x000002A2E4800000-0x000002A2E4801000-memory.dmp

                                                                                  Filesize

                                                                                  4KB

                                                                                • memory/4696-9-0x000002A2E4800000-0x000002A2E4801000-memory.dmp

                                                                                  Filesize

                                                                                  4KB

                                                                                • memory/4696-8-0x000002A2E4800000-0x000002A2E4801000-memory.dmp

                                                                                  Filesize

                                                                                  4KB

                                                                                • memory/4812-19-0x00007FFFE3020000-0x00007FFFE3192000-memory.dmp

                                                                                  Filesize

                                                                                  1.4MB

                                                                                • memory/4812-13-0x00007FF685A90000-0x00007FF686901000-memory.dmp

                                                                                  Filesize

                                                                                  14.4MB

                                                                                • memory/4812-21-0x00007FFFE3020000-0x00007FFFE3192000-memory.dmp

                                                                                  Filesize

                                                                                  1.4MB

                                                                                • memory/4812-48-0x00007FFFE3020000-0x00007FFFE3192000-memory.dmp

                                                                                  Filesize

                                                                                  1.4MB

                                                                                • memory/5044-748-0x00007FFFE3250000-0x00007FFFE33C2000-memory.dmp

                                                                                  Filesize

                                                                                  1.4MB

                                                                                • memory/5044-746-0x00007FFFE3250000-0x00007FFFE33C2000-memory.dmp

                                                                                  Filesize

                                                                                  1.4MB

                                                                                • memory/5880-734-0x00007FFFE3250000-0x00007FFFE33C2000-memory.dmp

                                                                                  Filesize

                                                                                  1.4MB