Analysis Overview
SHA256
556164b58aee462e134a213c17d3907f7e31e2e6d58b3783a236f4e919ebcf87
Threat Level: Shows suspicious behavior
The file ts2dezll.jok.bin.zip was found to be: Shows suspicious behavior.
Malicious Activity Summary
Executes dropped EXE
Drops file in Windows directory
Enumerates physical storage devices
Unsigned PE
Enumerates processes with tasklist
Suspicious use of SendNotifyMessage
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Checks SCSI registry key(s)
Delays execution with timeout.exe
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-07-09 14:13
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-07-09 14:13
Reported
2024-07-09 14:14
Platform
win10-20240611-en
Max time kernel
16s
Max time network
23s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\622814\Stockholm.pif | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\rescache\_merged\1601268389\715946058.pri | C:\Windows\system32\taskmgr.exe | N/A |
| File created | C:\Windows\rescache\_merged\4183903823\2290032291.pri | C:\Windows\system32\taskmgr.exe | N/A |
Enumerates physical storage devices
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\timeout.exe | N/A |
Enumerates processes with tasklist
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\622814\Stockholm.pif | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\622814\Stockholm.pif | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\622814\Stockholm.pif | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\622814\Stockholm.pif | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\622814\Stockholm.pif | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\622814\Stockholm.pif | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| N/A | N/A | C:\Windows\system32\taskmgr.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\tasklist.exe | N/A |
| Token: 33 | N/A | C:\Windows\system32\taskmgr.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\taskmgr.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\ts2dezll.jok.exe
"C:\Users\Admin\AppData\Local\Temp\ts2dezll.jok.exe"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /k copy Invision Invision.cmd & Invision.cmd & exit
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Windows\SysWOW64\tasklist.exe
tasklist
C:\Windows\SysWOW64\findstr.exe
findstr /I "wrsa.exe opssvc.exe"
C:\Windows\SysWOW64\tasklist.exe
tasklist
C:\Windows\SysWOW64\findstr.exe
findstr /I "avastui.exe avgui.exe bdservicehost.exe nswscsvc.exe sophoshealth.exe"
C:\Windows\SysWOW64\cmd.exe
cmd /c md 622814
C:\Windows\SysWOW64\findstr.exe
findstr /V "hophierarchychildrensfour" Close
C:\Windows\SysWOW64\cmd.exe
cmd /c copy /b Figure + Giant + Realm + Weapon 622814\e
C:\Users\Admin\AppData\Local\Temp\622814\Stockholm.pif
622814\Stockholm.pif 622814\e
C:\Windows\SysWOW64\timeout.exe
timeout 5
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | bgRrCYIpXQsqtNfiG.bgRrCYIpXQsqtNfiG | udp |
Files
C:\Users\Admin\AppData\Local\Temp\Invision
| MD5 | dcd6244f36dbb6cb09977c90c3f08e20 |
| SHA1 | 5989ff1e3ab91157e3cd8b9baa8256bae1255c42 |
| SHA256 | 413373ebd5dc4adb95caa56c4f923f9b213357038a23fce617894cbbc7d4bb37 |
| SHA512 | 9bebba4f6d47956643f335fd4ba308089af5219bf20ddbd8b53ab5bd4050cf81b3054ff53c93d4490c7fbbd1b42abceba2388f019376c46a8add5773c5315b41 |
memory/4516-319-0x0000000002730000-0x00000000027DE000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Close
| MD5 | fddd5bae9019ac4a197c26d8944bb5d1 |
| SHA1 | 5460f00dcc6933fdc62553ab956e82b338972c8e |
| SHA256 | 6860467d64e2a7362de6e1c55e85598a86f9fe15e6c54f5ceaeefd5dc4fba563 |
| SHA512 | 55abe3af6cfca3402982d3cbf4ff2172b6a552f626f980b5529c9f717aaae4df783afa820441a4a524cd4fee85af7a257b7ceeb415821445f17f52e1b17f2322 |
C:\Users\Admin\AppData\Local\Temp\Amendment
| MD5 | 453f0ddf29f36cb5fcec3f426b7a7ddc |
| SHA1 | bc81c8f56b09930b40e25a03bd4941f1143d0b6c |
| SHA256 | dafb6fc32ceb25827d274e2ae8f55ab9ad725aabda56570a61b56ab2ead85296 |
| SHA512 | 3756ba383998df8838e98931ce85e678edd56e002e5a35f66f6def30051564f7ecf0eb9a6e9442ff350dd056a7eae038abd8a411a7ccadfafc5aad3d893328de |
C:\Users\Admin\AppData\Local\Temp\Aurora
| MD5 | a25452465661fb6f3a9027001a7c14d3 |
| SHA1 | f1d68c34717fcabd4d1666c114ce237b4250358b |
| SHA256 | 66d354ce428008d553566746da683ccf7b1879319b4e6029c1b3ac2b15c66aae |
| SHA512 | 0eb25915b1c55fd78a5260f70c3394d73756dcffe6eee86539828d05752f8f23467daf9a5cf651570494bd102e0c4c265fa358ef5b419451f78556ee6b9f7d6d |
C:\Users\Admin\AppData\Local\Temp\Gay
| MD5 | e473cb4d32454de289570e72449b46cd |
| SHA1 | b887710f9baebf5ba07a9bfcd620a7f2f12bbb34 |
| SHA256 | 29ad8606520a87efbf25527cd0d22b92963d65fef45dace7c78fa09714ac0195 |
| SHA512 | e45125ea88cdb30af17761688fbc986f6d78441b27e80d184fd946e8c5dae87203d943977bfc077a974cae026f121c881efade3863c2e018b14b908df8b3fbfe |
C:\Users\Admin\AppData\Local\Temp\Functioning
| MD5 | 8e9f571afaaaa2312f5e902a8194a335 |
| SHA1 | 0e514ab6750b6f4c00e5b828f57b68e4eb41e4f6 |
| SHA256 | d7d36c1fd43de3c93869f2015e29386a234faea9f9c3e2aa18d240834e36a723 |
| SHA512 | bf3be6b891b4b5039439ef6db81dd80f675dc834d05d45cd8f7bee3d2818baa59639289350abbd519451789b8864e5790b99cdd8602240a46098a9409bf2250f |
C:\Users\Admin\AppData\Local\Temp\Pins
| MD5 | 739f8cde6bc9fd4301625c8617abecfe |
| SHA1 | 03bbf91e7a80355ed2a50e2dec6f222f83e822ff |
| SHA256 | 7ef482eea81ba12c367cd2ee1879fba072dc17a1b05be7b5533b886f23b8e7bb |
| SHA512 | d303155dc840fa7f81a2555819e5a94ed2b911ad85a0732564fe060a83252f1eda50049c5bcfb85c4040aad2339e2a1622b1629f09ab4ae0e958c1c34d83ecd0 |
C:\Users\Admin\AppData\Local\Temp\Chrome
| MD5 | 0cd67281cc0f3992643872064ae936a9 |
| SHA1 | 440d9eb5accd108e6972c7ba08071a4a75da17f7 |
| SHA256 | 2bf63cdffa011a72134b8a0e7e0e152f53d8546bd768c96f422a525cd83ecf22 |
| SHA512 | 98a5f9834245d89f05aef2077a5306bfda4c44aed16b8a116b1295bbfc248d1a9d9e06bd0db7e0fcab81dac9b4483c5728f7adc9bf608850b74b89a06c2dea92 |
C:\Users\Admin\AppData\Local\Temp\Hydrogen
| MD5 | 25555d9adbfe77a93e02ed0aea4b70ac |
| SHA1 | b6136ab724b57bb0ce3aefa49cc742ae34d694f5 |
| SHA256 | cbd0eabd3f26ca1ce25a3385a6b75b3fb49ed04ce6bbf63749e3229ddb527c2e |
| SHA512 | 685f62f68462f1225bc6b6cc434ac8ab85ce3e3a47eea24415b1f505098394381eca6b8a3f19138e27364bc693bdcb2f9c53090aa8bf4acea7be4539dfcb7903 |
C:\Users\Admin\AppData\Local\Temp\Completed
| MD5 | 2974a3776121de0ff4af26b3a61f2404 |
| SHA1 | dcb283d4818bb93817f46073ad1134859aaf675e |
| SHA256 | 9f50b41bb9e5ba70cc52504397108fd09ea615f81648c53f5b639ee65b3aeaa7 |
| SHA512 | cfe74b89ea5e77aa4d1cd12420490e656e9790d6a741b479605e1d66ea0a82a8b9203277b9c71bfbe1599d7a33390084bb6e0fc59f5ce390bd32d1ad46b949da |
C:\Users\Admin\AppData\Local\Temp\Builds
| MD5 | 4dde4b052ded57bb35720230c2a1bfd3 |
| SHA1 | b963d77130b85c8a822a3760fc91ff826927691f |
| SHA256 | 30f1a95b9680f38d85b62710d4c7a5bdf9fb440bd82574ede85b93cc54f8e8af |
| SHA512 | 2350d5774297da327ae290b041a44d91cfdd79626a51ee4d461b85cf1046b9e348eb05e38930ac37818039570b7cfa88e0ac971be009c0e0116d66825bc14a12 |
C:\Users\Admin\AppData\Local\Temp\Linear
| MD5 | 347ea445947fce26069d1416df1231d9 |
| SHA1 | 75bf8c7828a35b894519eb64593b9af4d05a7f24 |
| SHA256 | 0ff46454fcd0acb98a0a65f44a7b9104d3f4f9bcf813dd669e0f4e95dd5a5de4 |
| SHA512 | 3df4dc4d5bbe1fff0527443502458f1dccbee250a9a4e48df7b81d34b94da5f4f9436420bdb88bad8321d131aec759e8f92fc6af436659275aa6567d8ccd30da |
C:\Users\Admin\AppData\Local\Temp\Ga
| MD5 | fc5b5c4895f21b3f1d53ab1ceb41b053 |
| SHA1 | 927c30832191ff5b2ab98521f8ec42bcec2a5ad1 |
| SHA256 | 7f37cc5de00dd606cd81cb98bc57ff42df2428cdcefcb6ff8f02cb6791a4b604 |
| SHA512 | 786656a7e582395d649b58ad4b48a4782d378f279493a017b1161638f892c9abef8d6812af82a630e60d396a116fd061ac80e860e34d63f669d7da4725d7fcb1 |
C:\Users\Admin\AppData\Local\Temp\Issue
| MD5 | 1e7217ae13ed72520376be8165ded9f2 |
| SHA1 | 36bfef64fb0210ddac354fd6f9f46e9fd8aa73cd |
| SHA256 | 2aaf0e8af02c0bfe0c667cedcd37ca01adc56cd7591f3a8f0d4ffb79a35033ba |
| SHA512 | e2d10df193367f9c088808a345b845cb92edd18fe276ae45955aaed6e3fbc2982f129d340f9e5f05f3823f400bd036f0aa7353d3349ade1a1bb09d8a96ebde7e |
C:\Users\Admin\AppData\Local\Temp\Four
| MD5 | 14cbdbd43de0b6d63c087119f4fdd80d |
| SHA1 | e1ed33a79e9be261d5c68812d36e7c3860508403 |
| SHA256 | 7102938b273ea82d8db39b5ff476c56793677ce175cffe72ab250bab3db97804 |
| SHA512 | 05c5da429afa87bec26817e011391a54ff133aca29d0506af14c97a22861595c6af2e3d5f607124f2392b78af812a5cef92e7ed9f438aaf9215d264dcb5542c4 |
C:\Users\Admin\AppData\Local\Temp\Hair
| MD5 | 4c20543e6137dd6bb2189482b02ca073 |
| SHA1 | 4fbe6d8305c4b28e44330d5ad3b15f94d487d79f |
| SHA256 | 217ada2347aab3bc1cab4efb945371e8102ea11be07248ec34c9d709e971d535 |
| SHA512 | 3850126336deb39a22bc05d970b9129f0a485f06fb0a6db29617d9dfc497a9d2cd06f1509be30e532c4fa1e3bb0ae7230a03353ede2b059dd71ab40674085cdd |
C:\Users\Admin\AppData\Local\Temp\Frank
| MD5 | 1c1561abe23a61fc6971de6bff07020d |
| SHA1 | e9ca9aba0fb64ac201b12ac13addb6d0fd1397f1 |
| SHA256 | 501e0d995c4e628c03f9fb7ec72dd8c654b6d13618e72c790e3a163dcc0a0c6b |
| SHA512 | 3e4a1aaad536d1828caaeba0f7f774cca44dfb24b6657c03e2e4e88b3fc904074a5a8c0c3cce22c9b8d1e055ba8b47d0cb24b2c481a7781516677e8bd587a42d |
C:\Users\Admin\AppData\Local\Temp\Talking
| MD5 | 413cf0d0ca1fdf9f2fbb5ba37568f37a |
| SHA1 | 48fcdc4aa18001251f18e86fbc24fcbfee6d575f |
| SHA256 | c9a27bf0a0c40a5f205453a870eb48db476b2f737b9a96114f00ff3ceebc3f72 |
| SHA512 | 085f63dc907f610a062adbe43cf09b9fcec17c52e3cae78e1e1675ede831e480eeb7bd725e8802d9258672b16cea9fd16acfb2a1e8becbbe13de991a8f95b878 |
C:\Users\Admin\AppData\Local\Temp\Burns
| MD5 | 3e3070d01e9a68967db526012a723e9c |
| SHA1 | abcd6b9569d50cac6931e1463a0826d96bf963eb |
| SHA256 | fbf73914ec14497be89e9e4ade9e295cc7aa6a5a0910a0943fc21c712be159fe |
| SHA512 | ecc66b2f5cffa44cc52eda1dd9e1bbcb9cc5d26091d2a60e23966fe5e198317d24260aea666a68404618e0cf3c58c1325e2bbeaba0007b25f1dc2971d8714920 |
C:\Users\Admin\AppData\Local\Temp\Aside
| MD5 | 61c5ff2c456d6723243b5a92e5ac313f |
| SHA1 | 734c2eccde8c43fbfea9397f95d116aad5215ceb |
| SHA256 | f835f0e90904f9753cf9082a6fa99fe4a91f06046bfd24dc7d26004248a43cd6 |
| SHA512 | 6f732bc206b9a8ba2f57fd562f29481ac57966a1fc5df4ae6081da85db305de9b08f05aacff10145c4fb55513963035a3ac95ae57fee83e15a896ac43ff90b43 |
C:\Users\Admin\AppData\Local\Temp\Insider
| MD5 | d43818576168fbadaa89df997710407e |
| SHA1 | b9018909cf7a8c3208b0819ac2575b20fcf13f7d |
| SHA256 | 5255752930a5b78a905850f08f2c0876932e7ebd38f7939c4d503566cc51ebe4 |
| SHA512 | adf0cb98cd49579f9ee6c6cab8ce0f13a012096289adaea9fcff95a24c59f9a9d6d9847a24603a48be727269982519ca78f89eca82ba00beab0e01f40097d1ab |
C:\Users\Admin\AppData\Local\Temp\Bronze
| MD5 | e63819404f9b7d6dab058ffdc4895e99 |
| SHA1 | 77353c249c437550146c655b8566bd788f35cc56 |
| SHA256 | a007ae12a8f23611f64e253b23a09e664368b6e2cfb1160aafe38d26145532eb |
| SHA512 | a7379b6a763d637be374c954a7ecc7f38c1b9802564a0f095384ac63d1a9287ead24d9b475d49506ce90a0ec4fe4a01e20a8f4921cdbcb89a0acbbe8dc21ced8 |
C:\Users\Admin\AppData\Local\Temp\Please
| MD5 | 6b528946c33427972a15d8eabfab0686 |
| SHA1 | c1c877784d64b434de8fed5bc948536bd6311f19 |
| SHA256 | 1256b7d69423a99ba7abbf92402ba1fd8ad4e58cb80bbc299bc48286d032cfd1 |
| SHA512 | 2f1c2c5e8f8a94c023904e5f51d8c10111cec3c59fcf5dfd496e7cb8610eb412516d71405f0745961c8c101bf791ed980cdf1d5215a710b1ab738e436f6fe164 |
C:\Users\Admin\AppData\Local\Temp\Showers
| MD5 | 962acba697097e36e2c65cd88226b703 |
| SHA1 | f5a1e30490704344d85c3e90c5ee612595874be5 |
| SHA256 | b5888f7da8149b258908a7b48d04f5f020a57622387fc4dfefc845e3ecf59e5a |
| SHA512 | be764a1a73da6df738dc7b00fbfe86ad4ad0a8ec77f5582e0e81f203dc8b5e01b73cda7834d0c23f1d722ba256f2857ecb4e263fb8262ccdf8a00080f8dcbe1d |
C:\Users\Admin\AppData\Local\Temp\Crack
| MD5 | ec57171d25cb585020d8cacddec8d0e7 |
| SHA1 | c4c31f8737cf02466e4c8ab36bf112f5ffc501f0 |
| SHA256 | f01c60c8a2e6ed32e58f5ccc2af697a9f7474074529adcd0f2ce2620db9c08f4 |
| SHA512 | b20c7f6edc5980c06534a8ea08a0077ab41ce07f91e8b4cb9858f8b032809a867bcf402ed77e917b54665c2712334be6af33fc1467fbe097bbfcf4b406120fbc |
C:\Users\Admin\AppData\Local\Temp\Academy
| MD5 | 616f8d3eb30081aa0206a7a65fff97cf |
| SHA1 | c25f90bb63dc1f2078a953cf35dd46e0ceff68da |
| SHA256 | 11b40328101cf6cac85f825d8800e98a7c472f0dad428fb584c7379d663da9a1 |
| SHA512 | 734ac4907825a83cc51c1501b5d024d5c2e41a4c0f9feda23732a0d38f5fd12e8e266d8e83462425f06e54bab359b1175f67987286b8dec41bc76176042cba52 |
C:\Users\Admin\AppData\Local\Temp\Doe
| MD5 | 95eda64bc162b005b8868c77107b844c |
| SHA1 | 1dde05abd0e55bfabd55d2ad5720dba15003dcea |
| SHA256 | 0d1dda9cc11bcfad0877b168726e95c69aee15ecf32029bd32bf37df19b29666 |
| SHA512 | 2e18168865520ed59fc8467b7099cb24f5b41b7a557f4e938f02018bba12095e5048bc36e07738d723c58091fe4ae6aa3121bb0409831bb78639f41f186c7e1d |
C:\Users\Admin\AppData\Local\Temp\Extras
| MD5 | ca4270d699eb0ddaf60f97c8931bfc37 |
| SHA1 | 5052bb712499b3f93ebb88b36ae07071489117c2 |
| SHA256 | 2586c6793bf69b70fb7dc6e3c1c3dcb1392d18dd27fc757c52459de6d2b2ec25 |
| SHA512 | b7ccdd38b9a4e85d420d114ef0d0c588da1cd9988ac0f6645cbca9e7ffeef80b63f0d9eaba5f77f2a2113f2c1dac7b2ed00bb3dfc3b7ddfe14fe4d6ab5a8678e |
C:\Users\Admin\AppData\Local\Temp\Figure
| MD5 | e4fee1c5de030b78acbfcf715ae5ad55 |
| SHA1 | 217654be1469e0a54a663742115f0ecf8d31053d |
| SHA256 | 4bf3c79babba096fb1f6190857da49310f51a3b743aac3e64c14c995e90b3807 |
| SHA512 | e97e48f4f01f44ecfbe23150d72583850fb675bb2a936022c7efc69c88451cc4d42742a59c074f97f999c942d90557fdebde0e82625b34e9fbd81da8a332b36d |
C:\Users\Admin\AppData\Local\Temp\Giant
| MD5 | 5a95cd6ebb447b6d1458e19d54a1bea9 |
| SHA1 | 0c6b6436d1033e97fb469279f39b877a47f3e74b |
| SHA256 | b94db5888d3655d56369ec0fad7f767d3e35ecd7d115544dd520786403cf8cc5 |
| SHA512 | 040832ac89d1f540ab50c7042d3df3a20ac4d95f8db770b4de3c156d19ff42736687160d4d7ffca9df5cd31a5fec442b4a92f1fffd36d7ca8ac691581a2bff51 |
C:\Users\Admin\AppData\Local\Temp\Realm
| MD5 | 3c410e0b87de4c6d20454567bdf3188c |
| SHA1 | d18d0cce032454672c7e241648b981764c9689c3 |
| SHA256 | b9a2616461913d1198b81bdf59bc032fb8a0dc64cd1065a3f923dfeb51fef6d8 |
| SHA512 | a1c4d2a9c9062f83c4f02aebb88a89685ad06de099a4636d7a244f289e397da9604ebd8c4c0e1eee86138d88d188168c3dd4174e94259c58bd524999527c9879 |
C:\Users\Admin\AppData\Local\Temp\Weapon
| MD5 | a016f2931a9c72aef52e32f77ea02c5d |
| SHA1 | f2ab1dc6f41f655f191a6893913970f0a2e153fa |
| SHA256 | d2bb028bd1d52358dcacea6d6ce33d8c9361342b64167fc1d89676471520bf29 |
| SHA512 | 1985772d2cff33887ec89852de4bca48a38ccb9a3aada653ffb4edc4c9b90fe7d0963b606806759e200424b4b642bb4982c6e007d6bd4dcb40b973ee5abf86fe |
C:\Users\Admin\AppData\Local\Temp\622814\Stockholm.pif
| MD5 | b06e67f9767e5023892d9698703ad098 |
| SHA1 | acc07666f4c1d4461d3e1c263cf6a194a8dd1544 |
| SHA256 | 8498900e57a490404e7ec4d8159bee29aed5852ae88bd484141780eaadb727bb |
| SHA512 | 7972c78acebdd86c57d879c12cb407120155a24a52fda23ddb7d9e181dd59dac1eb74f327817adbc364d37c8dc704f8236f3539b4d3ee5a022814924a1616943 |
C:\Users\Admin\AppData\Local\Temp\622814\e
| MD5 | 65ac9eade3494b6424b2d31ba75be325 |
| SHA1 | 767e2fd28c8363fc4775aa1dea99200f390adf13 |
| SHA256 | 3104004ba01526e82382f0fbbb4eb659e36d074a8caab787b84bc1f92a0316a2 |
| SHA512 | 76273e30f2da05791506c7758c4b4a29f5a4410428ec4ad0c3d7fd888bbcc106a73c40945fc16e814a2114ae56baff1e39c0d01102cca97b33ab05d46626f5c9 |