Overview

overview

10

Static

static

1

RNSM00476.7z

windows10-2004-x64

10

Resubmissions

21-09-2024 21:15

240921-z37hxsvamj 3

21-09-2024 21:08

240921-zy79natgkl 10

Analysis

  • max time kernel
    275s
  • max time network
    277s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21-09-2024 21:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    RNSM00476.7z

  • Size

    53.6MB

  • MD5

    3453b51a79f4053a6642b7ee5ad12413

  • SHA1

    854615633e791d6b0ffcbdbffa00987df74f9f2a

  • SHA256

    03a15123b54b8e5252af565dbc10e7c1d732ab8a92b905f6811e621680d7ff2c

  • SHA512

    10ad20ff82d71848d8e53e26f77b488744d11e97a913501fe5411a94dea7718f0d54720139c2ddb0091d57db2823e522304e09daddf7bb7510f8935947953879

  • SSDEEP

    1572864:5VYlmb1XMQnjyzo5ZMTxV85tW1gR1MXJVAbW:L1c+3YTA5EgM5VAbW

Score
10/10
avoslockerchaosgandcrabbackdoordiscoveryexecutionpersistencepyinstallerransomwarespywarestealerupx

Malware Config

Extracted

Family

gandcrab

C2

http://gdcbghvjyqy7jclk.onion.top/

Extracted

Path

C:\Users\Admin\Desktop\00476\read_it.txt

Family

chaos

Ransom Note
----> Chaos is multi language ransomware. Translate your note to any language <---- All of your files have been encrypted Your computer was infected with a ransomware virus. Your files have been encrypted and you won't be able to decrypt them without our help.What can I do to get my files back?You can buy our special decryption software, this software will allow you to recover all of your data and remove the ransomware from your computer.The price for the software is $1,500. Payment can be made in Bitcoin only. How do I pay, where do I get Bitcoin? Purchasing Bitcoin varies from country to country, you are best advised to do a quick google search yourself to find out how to buy Bitcoin. Many of our customers have reported these sites to be fast and reliable: Coinmama - hxxps://www.coinmama.com Bitpandva - hxxps://www.bitpanda.com Payment informationAmount: 0.1473766 BTC Bitcoin Address: bc1qlnzcep4l4ac0ttdrq7awxev9ehu465f2vpt9x0

Extracted

Path

F:\$RECYCLE.BIN\README.txt

Ransom Note
NOT YOUR LANGUAGE? USE https://translate.google.com What happened to your files ? All of your files were protected by a strong encryption with RSA4096 More information about the encryption keys using RSA4096 can be found here: http://en.wikipedia.org/wiki/RSA_(cryptosystem) How did this happen ? !!! Specially for your PC was generated personal RSA4096 Key , both public and private. !!! ALL YOUR FILES were encrypted with the public key, which has been transferred to your computer via the Internet. !!! Decrypting of your files is only possible with the help of the private key and decrypt program , which is on our Secret Server What do I do ? So , there are two ways you can choose: wait for a _miracle_ and get _your_ PRICE DOUBLED! Or start obtaining *BITCOIN NOW! , and restore _YOUR_ _DATA_ easy way If You have really valuable _DATA_, you better _NOT_ _WASTE_ _YOUR_ _TIME_, because there is _NO_ other way to get your files, except make a _PAYMENT_ Your personal ID: 74F3607E4A638F47C51F018334090501�������� For more specific instructions, please visit your personal home page, there are a few different addresses pointing to your page below: 1 - http://xijymvzq4zkyubfe.onion.to 2 - http://xijymvzq4zkyubfe.onion.city If for some reasons the addresses are not availablweropie, follow these steps: 1 - Download and install tor-browser: http://www.torproject.org/projects/torbrowser.html.en 2 - Video instruction: https://www.youtube.com/watch?v=NQrUZdsw2hA 3 - After a successful installation, run the browser 4 - Type in the address bar: http://xijymvzq4zkyubfe.onion 5 - Follow the instructions on the site �
URLs

http://xijymvzq4zkyubfe.onion.to

http://xijymvzq4zkyubfe.onion.city

http://xijymvzq4zkyubfe.onion

Signatures

  • Avoslocker Ransomware

    Avoslocker is a relatively new ransomware, that was observed in late June and early July, 2021.

    ransomwareavoslocker
  • Chaos

    Ransomware family first seen in June 2021.

    ransomwarechaos
  • Chaos Ransomware 2 IoCs
  • GandCrab payload 10 IoCs
  • Gandcrab

    Gandcrab is a Trojan horse that encrypts files on a computer.

    ransomwarebackdoorgandcrab
  • Renames multiple (176) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Renames multiple (74) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Downloads MZ/PE file
  • Checks computer location settings 2 TTPs 6 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file 5 IoCs
  • Executes dropped EXE 21 IoCs
  • Loads dropped DLL 4 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • UPX packed file 12 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 4 IoCs
    persistence
  • Drops desktop.ini file(s) 35 IoCs
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Uses Tor communications 1 TTPs

    Malware can proxy its traffic through Tor for more anonymity.

  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
    ransomware
  • Drops file in Program Files directory 64 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

    execution
  • Detects Pyinstaller 1 IoCs
    pyinstaller
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 34 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 6 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 11 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 13 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies registry class 24 IoCs
  • Modifies registry key 1 TTPs 1 IoCs
  • Opens file in notepad (likely ransom note) 2 IoCs
    ransomware
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 28 IoCs
  • Suspicious use of AdjustPrivilegeToken 18 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\RNSM00476.7z
    1⤵
    • Modifies registry class
    PID:4476
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4556
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:4460
    • C:\Program Files\7-Zip\7zFM.exe
      "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\RNSM00476.7z"
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      PID:1904
    • C:\Windows\system32\taskmgr.exe
      "C:\Windows\system32\taskmgr.exe" /4
      1⤵
      • Checks SCSI registry key(s)
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:3036
      • C:\Windows\system32\taskmgr.exe
        "C:\Windows\system32\taskmgr.exe" /1
        2⤵
        • Drops startup file
        • Checks SCSI registry key(s)
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        PID:3440
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"
      1⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2356
      • C:\Windows\system32\cmd.exe
        "C:\Windows\system32\cmd.exe"
        2⤵
        • Suspicious use of WriteProcessMemory
        PID:1792
        • C:\Users\Admin\DEsktop\00476\HEUR-Trojan-Ransom.MSIL.Agent.gen-40a1c3ab6869ce4fc5237f521cae6d9dd97287627c9283d6b5bcbf02b946b277.exe
          HEUR-Trojan-Ransom.MSIL.Agent.gen-40a1c3ab6869ce4fc5237f521cae6d9dd97287627c9283d6b5bcbf02b946b277.exe
          3⤵
          • Checks computer location settings
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:64
          • C:\Users\Admin\AppData\Local\Temp\RarSFX0\c.exe
            "C:\Users\Admin\AppData\Local\Temp\RarSFX0\c.exe"
            4⤵
            • Checks computer location settings
            • Executes dropped EXE
            • Suspicious use of AdjustPrivilegeToken
            PID:1448
            • C:\Users\Admin\AppData\Roaming\svchost.exe
              "C:\Users\Admin\AppData\Roaming\svchost.exe"
              5⤵
              • Checks computer location settings
              • Drops startup file
              • Executes dropped EXE
              • Drops desktop.ini file(s)
              • Modifies registry class
              • Suspicious behavior: AddClipboardFormatListener
              • Suspicious use of AdjustPrivilegeToken
              PID:6132
              • C:\Windows\system32\NOTEPAD.EXE
                "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Roaming\read_it.txt
                6⤵
                • Opens file in notepad (likely ransom note)
                PID:5976
        • C:\Users\Admin\DEsktop\00476\HEUR-Trojan-Ransom.MSIL.Agent.gen-7298275ad4bcdad520077fb9464e9777591522c840d76e9fc3a34aa17b4403b2.exe
          HEUR-Trojan-Ransom.MSIL.Agent.gen-7298275ad4bcdad520077fb9464e9777591522c840d76e9fc3a34aa17b4403b2.exe
          3⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: GetForegroundWindowSpam
          • Suspicious use of AdjustPrivilegeToken
          PID:2220
        • C:\Users\Admin\DEsktop\00476\HEUR-Trojan-Ransom.MSIL.Agent.gen-d43d393a57eba94438dc27c4a06940ff705d6cfc3327ee3a45480797b7f40b63.exe
          HEUR-Trojan-Ransom.MSIL.Agent.gen-d43d393a57eba94438dc27c4a06940ff705d6cfc3327ee3a45480797b7f40b63.exe
          3⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          PID:3396
        • C:\Users\Admin\DEsktop\00476\HEUR-Trojan-Ransom.MSIL.Blocker.gen-5c500d5168113c41bb7816036f3241446f1d0d869cedf78ce1442939db113766.exe
          HEUR-Trojan-Ransom.MSIL.Blocker.gen-5c500d5168113c41bb7816036f3241446f1d0d869cedf78ce1442939db113766.exe
          3⤵
          • Checks computer location settings
          • Executes dropped EXE
          • Adds Run key to start application
          • System Location Discovery: System Language Discovery
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:2176
          • C:\Users\Admin\AppData\Roaming\Cntrlphse.exe
            "C:\Users\Admin\AppData\Roaming\Cntrlphse.exe"
            4⤵
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            PID:5024
        • C:\Users\Admin\DEsktop\00476\HEUR-Trojan-Ransom.MSIL.Encoder.gen-cc58ef77008f989fa8ccdb4d489be6633c4c2cace8f800dbdb6397b6a90b2366.exe
          HEUR-Trojan-Ransom.MSIL.Encoder.gen-cc58ef77008f989fa8ccdb4d489be6633c4c2cace8f800dbdb6397b6a90b2366.exe
          3⤵
          • Checks computer location settings
          • Executes dropped EXE
          • Drops desktop.ini file(s)
          • System Location Discovery: System Language Discovery
          PID:3012
          • C:\Users\Admin\AppData\ChickiMiki Design.exe
            "C:\Users\Admin\AppData\ChickiMiki Design.exe"
            4⤵
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            PID:5960
        • C:\Users\Admin\DEsktop\00476\HEUR-Trojan-Ransom.MSIL.PolyRansom.gen-ded2b5c541c8bc976318035e5d339b055d3f14cdbc70b496e4e40ce2b2f2f2d6.exe
          HEUR-Trojan-Ransom.MSIL.PolyRansom.gen-ded2b5c541c8bc976318035e5d339b055d3f14cdbc70b496e4e40ce2b2f2f2d6.exe
          3⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Checks processor information in registry
          • Suspicious use of AdjustPrivilegeToken
          PID:1216
        • C:\Users\Admin\DEsktop\00476\HEUR-Trojan-Ransom.Win32.Agent.pef-0d612a4cb723da27d89d54602bfb83a1d7067c4b1315604b1cc22734cae8f3ff.exe
          HEUR-Trojan-Ransom.Win32.Agent.pef-0d612a4cb723da27d89d54602bfb83a1d7067c4b1315604b1cc22734cae8f3ff.exe
          3⤵
          • Executes dropped EXE
          • Drops desktop.ini file(s)
          • System Location Discovery: System Language Discovery
          PID:3628
        • C:\Users\Admin\DEsktop\00476\HEUR-Trojan-Ransom.Win32.Blocker.pef-d21200eaa45fdfb70c681802a1b2a8a72135984fdcc5363d2f8aaa04b3059823.exe
          HEUR-Trojan-Ransom.Win32.Blocker.pef-d21200eaa45fdfb70c681802a1b2a8a72135984fdcc5363d2f8aaa04b3059823.exe
          3⤵
          • Checks computer location settings
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:928
          • C:\Users\Admin\AppData\Local\Temp\zbhnd.exe
            "C:\Users\Admin\AppData\Local\Temp\zbhnd.exe"
            4⤵
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            PID:3940
        • C:\Users\Admin\DEsktop\00476\HEUR-Trojan-Ransom.Win32.Blocker.vho-9c510fb052fc192f3413070c98441380e5acedf9d68956a7b5d33e7a9a28757a.exe
          HEUR-Trojan-Ransom.Win32.Blocker.vho-9c510fb052fc192f3413070c98441380e5acedf9d68956a7b5d33e7a9a28757a.exe
          3⤵
          • Executes dropped EXE
          • Suspicious use of WriteProcessMemory
          PID:4164
          • C:\Users\Admin\DEsktop\00476\HEUR-Trojan-Ransom.Win32.Blocker.vho-9c510fb052fc192f3413070c98441380e5acedf9d68956a7b5d33e7a9a28757a.exe
            HEUR-Trojan-Ransom.Win32.Blocker.vho-9c510fb052fc192f3413070c98441380e5acedf9d68956a7b5d33e7a9a28757a.exe
            4⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Suspicious use of WriteProcessMemory
            PID:4576
            • C:\Windows\system32\cmd.exe
              C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\_MEI41~1\mouranth.jpg"
              5⤵
                PID:1808
              • C:\Windows\system32\cmd.exe
                C:\Windows\system32\cmd.exe /c "reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v update /t REG_SZ /d "C:\Users\Admin\AppData\Roaming\Windows Explorer.exe""
                5⤵
                • Suspicious use of WriteProcessMemory
                PID:4196
                • C:\Windows\system32\reg.exe
                  reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v update /t REG_SZ /d "C:\Users\Admin\AppData\Roaming\Windows Explorer.exe"
                  6⤵
                  • Adds Run key to start application
                  • Modifies registry key
                  PID:4664
          • C:\Users\Admin\DEsktop\00476\HEUR-Trojan-Ransom.Win32.Crypmodadv.vho-f2568e132b3fedc231ea1c120bdcb294eb449a8ee6374b71baf071721ab10e2d.exe
            HEUR-Trojan-Ransom.Win32.Crypmodadv.vho-f2568e132b3fedc231ea1c120bdcb294eb449a8ee6374b71baf071721ab10e2d.exe
            3⤵
            • Executes dropped EXE
            • Drops desktop.ini file(s)
            • Drops file in Program Files directory
            PID:3180
          • C:\Users\Admin\DEsktop\00476\HEUR-Trojan-Ransom.Win32.Cryptoff.vho-fe3cd19a757f7223bc2d49bbeb8c06dba44709dc12f60df6beb6ba29f0f60693.exe
            HEUR-Trojan-Ransom.Win32.Cryptoff.vho-fe3cd19a757f7223bc2d49bbeb8c06dba44709dc12f60df6beb6ba29f0f60693.exe
            3⤵
            • Executes dropped EXE
            • Adds Run key to start application
            PID:3212
          • C:\Users\Admin\DEsktop\00476\HEUR-Trojan-Ransom.Win32.Cryptor.gen-eb1d63ef65c7f04d361a4547c8601b8fa801fe47f7348fe84bca77e415eb7cf7.exe
            HEUR-Trojan-Ransom.Win32.Cryptor.gen-eb1d63ef65c7f04d361a4547c8601b8fa801fe47f7348fe84bca77e415eb7cf7.exe
            3⤵
            • Executes dropped EXE
            • System Location Discovery: System Language Discovery
            • Suspicious use of WriteProcessMemory
            PID:2068
            • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
              powershell -Command "$a = [System.IO.File]::ReadAllText(\"C:\GET_YOUR_FILES_BACK.txt\");Add-Type -AssemblyName System.Drawing;$filename = \"$env:temp\$(Get-Random).png\";$bmp = new-object System.Drawing.Bitmap 1920,1080;$font = new-object System.Drawing.Font Consolas,10;$brushBg = [System.Drawing.Brushes]::Black;$brushFg = [System.Drawing.Brushes]::White;$format = [System.Drawing.StringFormat]::GenericDefault;$format.Alignment = [System.Drawing.StringAlignment]::Center;$format.LineAlignment = [System.Drawing.StringAlignment]::Center;$graphics = [System.Drawing.Graphics]::FromImage($bmp);$graphics.FillRectangle($brushBg,0,0,$bmp.Width,$bmp.Height);$graphics.DrawString($a,$font,$brushFg,[System.Drawing.RectangleF]::FromLTRB(0, 0, 1920, 1080),$format);$graphics.Dispose();$bmp.Save($filename);reg add \"HKEY_CURRENT_USER\Control Panel\Desktop\" /v Wallpaper /t REG_SZ /d $filename /f;Start-Sleep 1;rundll32.exe user32.dll, UpdatePerUserSystemParameters, 0, $false;"
              4⤵
              • Command and Scripting Interpreter: PowerShell
              • System Location Discovery: System Language Discovery
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              PID:7352
              • C:\Windows\SysWOW64\reg.exe
                "C:\Windows\system32\reg.exe" add "HKEY_CURRENT_USER\Control Panel\Desktop" /v Wallpaper /t REG_SZ /d C:\Users\Admin\AppData\Local\Temp\1550356177.png /f
                5⤵
                • Sets desktop wallpaper using registry
                • System Location Discovery: System Language Discovery
                PID:5504
              • C:\Windows\SysWOW64\rundll32.exe
                "C:\Windows\system32\rundll32.exe" user32.dll UpdatePerUserSystemParameters 0 False
                5⤵
                • System Location Discovery: System Language Discovery
                PID:6032
          • C:\Users\Admin\DEsktop\00476\HEUR-Trojan-Ransom.Win32.GandCrypt.pef-cc7943a212fbd7fa64825ca9255387e28a2666e9da1a6d5ad1929ad3f8ec8087.exe
            HEUR-Trojan-Ransom.Win32.GandCrypt.pef-cc7943a212fbd7fa64825ca9255387e28a2666e9da1a6d5ad1929ad3f8ec8087.exe
            3⤵
            • Executes dropped EXE
            • Adds Run key to start application
            • Enumerates connected drives
            • System Location Discovery: System Language Discovery
            • Checks processor information in registry
            • Suspicious use of WriteProcessMemory
            PID:7188
            • C:\Windows\SysWOW64\nslookup.exe
              nslookup nomoreransom.bit dns1.soprodns.ru
              4⤵
              • System Location Discovery: System Language Discovery
              PID:8040
            • C:\Windows\SysWOW64\nslookup.exe
              nslookup emsisoft.bit dns1.soprodns.ru
              4⤵
              • System Location Discovery: System Language Discovery
              PID:7720
            • C:\Windows\SysWOW64\nslookup.exe
              nslookup gandcrab.bit dns1.soprodns.ru
              4⤵
              • System Location Discovery: System Language Discovery
              PID:5932
            • C:\Windows\SysWOW64\nslookup.exe
              nslookup nomoreransom.bit dns1.soprodns.ru
              4⤵
              • System Location Discovery: System Language Discovery
              PID:5712
            • C:\Windows\SysWOW64\nslookup.exe
              nslookup emsisoft.bit dns1.soprodns.ru
              4⤵
              • System Location Discovery: System Language Discovery
              PID:4788
            • C:\Windows\SysWOW64\nslookup.exe
              nslookup gandcrab.bit dns1.soprodns.ru
              4⤵
              • System Location Discovery: System Language Discovery
              PID:4712
            • C:\Windows\SysWOW64\nslookup.exe
              nslookup nomoreransom.bit dns1.soprodns.ru
              4⤵
              • System Location Discovery: System Language Discovery
              PID:7600
            • C:\Windows\SysWOW64\nslookup.exe
              nslookup emsisoft.bit dns1.soprodns.ru
              4⤵
              • System Location Discovery: System Language Discovery
              PID:5592
            • C:\Windows\SysWOW64\nslookup.exe
              nslookup gandcrab.bit dns1.soprodns.ru
              4⤵
              • System Location Discovery: System Language Discovery
              PID:6392
            • C:\Windows\SysWOW64\nslookup.exe
              nslookup nomoreransom.bit dns1.soprodns.ru
              4⤵
              • System Location Discovery: System Language Discovery
              PID:4816
            • C:\Windows\SysWOW64\nslookup.exe
              nslookup emsisoft.bit dns1.soprodns.ru
              4⤵
              • System Location Discovery: System Language Discovery
              PID:4628
            • C:\Windows\SysWOW64\nslookup.exe
              nslookup gandcrab.bit dns1.soprodns.ru
              4⤵
              • System Location Discovery: System Language Discovery
              PID:7776
            • C:\Windows\SysWOW64\nslookup.exe
              nslookup nomoreransom.bit dns1.soprodns.ru
              4⤵
              • System Location Discovery: System Language Discovery
              PID:4184
            • C:\Windows\SysWOW64\nslookup.exe
              nslookup emsisoft.bit dns1.soprodns.ru
              4⤵
              • System Location Discovery: System Language Discovery
              PID:768
            • C:\Windows\SysWOW64\nslookup.exe
              nslookup gandcrab.bit dns1.soprodns.ru
              4⤵
              • System Location Discovery: System Language Discovery
              PID:7532
            • C:\Windows\SysWOW64\nslookup.exe
              nslookup nomoreransom.bit dns1.soprodns.ru
              4⤵
              • System Location Discovery: System Language Discovery
              PID:4428
            • C:\Windows\SysWOW64\nslookup.exe
              nslookup emsisoft.bit dns1.soprodns.ru
              4⤵
              • System Location Discovery: System Language Discovery
              PID:2376
            • C:\Windows\SysWOW64\nslookup.exe
              nslookup gandcrab.bit dns1.soprodns.ru
              4⤵
              • System Location Discovery: System Language Discovery
              PID:3860
      • C:\Windows\system32\wbem\WmiApSrv.exe
        C:\Windows\system32\wbem\WmiApSrv.exe
        1⤵
          PID:5632
        • C:\Windows\system32\NOTEPAD.EXE
          "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\00476\GET_YOUR_FILES_BACK.txt
          1⤵
          • Opens file in notepad (likely ransom note)
          PID:7924
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
          1⤵
          • Enumerates system info in registry
          • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
          PID:2764
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x120,0x124,0x40,0x128,0x7ffcedc746f8,0x7ffcedc74708,0x7ffcedc74718
            2⤵
            • Checks processor information in registry
            • Enumerates system info in registry
            PID:2420
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,17842015370013662339,7991482659233776040,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:2
            2⤵
              PID:5520
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,17842015370013662339,7991482659233776040,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2428 /prefetch:3
              2⤵
                PID:5540
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,17842015370013662339,7991482659233776040,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2732 /prefetch:8
                2⤵
                  PID:5672
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,17842015370013662339,7991482659233776040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3656 /prefetch:1
                  2⤵
                    PID:6056
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,17842015370013662339,7991482659233776040,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3668 /prefetch:1
                    2⤵
                      PID:7756
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,17842015370013662339,7991482659233776040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3972 /prefetch:1
                      2⤵
                        PID:6324
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,17842015370013662339,7991482659233776040,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
                        2⤵
                          PID:6332
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,17842015370013662339,7991482659233776040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3696 /prefetch:1
                          2⤵
                            PID:6612
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,17842015370013662339,7991482659233776040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3876 /prefetch:1
                            2⤵
                              PID:6688
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,17842015370013662339,7991482659233776040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4008 /prefetch:1
                              2⤵
                                PID:5256
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,17842015370013662339,7991482659233776040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
                                2⤵
                                  PID:1880
                                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,17842015370013662339,7991482659233776040,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:8
                                  2⤵
                                    PID:5208
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,17842015370013662339,7991482659233776040,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:8
                                    2⤵
                                      PID:8108
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,17842015370013662339,7991482659233776040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
                                      2⤵
                                        PID:4212
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,17842015370013662339,7991482659233776040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4016 /prefetch:1
                                        2⤵
                                          PID:2620
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,17842015370013662339,7991482659233776040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
                                          2⤵
                                            PID:7088
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,17842015370013662339,7991482659233776040,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
                                            2⤵
                                              PID:7084
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2132,17842015370013662339,7991482659233776040,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3664 /prefetch:8
                                              2⤵
                                                PID:5620
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,17842015370013662339,7991482659233776040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
                                                2⤵
                                                  PID:956
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,17842015370013662339,7991482659233776040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1
                                                  2⤵
                                                    PID:3868
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,17842015370013662339,7991482659233776040,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1
                                                    2⤵
                                                      PID:3296
                                                  • C:\Windows\System32\CompPkgSrv.exe
                                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                    1⤵
                                                      PID:5888
                                                    • C:\Windows\System32\CompPkgSrv.exe
                                                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                      1⤵
                                                        PID:3636
                                                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                        1⤵
                                                        • Modifies Internet Explorer settings
                                                        • Modifies registry class
                                                        • Suspicious use of SetWindowsHookEx
                                                        PID:7220
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
                                                        1⤵
                                                        • Enumerates system info in registry
                                                        • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                                        PID:8048
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcedc746f8,0x7ffcedc74708,0x7ffcedc74718
                                                          2⤵
                                                          • Checks processor information in registry
                                                          • Enumerates system info in registry
                                                          PID:8156
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,15242808007048899315,7555747760476258363,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:2
                                                          2⤵
                                                            PID:1776
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,15242808007048899315,7555747760476258363,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
                                                            2⤵
                                                              PID:7500
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2180,15242808007048899315,7555747760476258363,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
                                                              2⤵
                                                                PID:7432
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,15242808007048899315,7555747760476258363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
                                                                2⤵
                                                                  PID:4828
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,15242808007048899315,7555747760476258363,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
                                                                  2⤵
                                                                    PID:6720
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,15242808007048899315,7555747760476258363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3764 /prefetch:1
                                                                    2⤵
                                                                      PID:3816
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,15242808007048899315,7555747760476258363,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 /prefetch:8
                                                                      2⤵
                                                                        PID:6996
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,15242808007048899315,7555747760476258363,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 /prefetch:8
                                                                        2⤵
                                                                          PID:1044
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,15242808007048899315,7555747760476258363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
                                                                          2⤵
                                                                            PID:324
                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,15242808007048899315,7555747760476258363,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
                                                                            2⤵
                                                                              PID:7732
                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2180,15242808007048899315,7555747760476258363,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5448 /prefetch:8
                                                                              2⤵
                                                                                PID:3812
                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,15242808007048899315,7555747760476258363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
                                                                                2⤵
                                                                                  PID:396
                                                                              • C:\Windows\System32\CompPkgSrv.exe
                                                                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                1⤵
                                                                                  PID:6564
                                                                                • C:\Windows\System32\CompPkgSrv.exe
                                                                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                  1⤵
                                                                                    PID:6440
                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe"
                                                                                    1⤵
                                                                                    • Executes dropped EXE
                                                                                    • Drops file in Program Files directory
                                                                                    PID:400
                                                                                  • C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                    "C:\Program Files\Mozilla Firefox\firefox.exe"
                                                                                    1⤵
                                                                                    • Executes dropped EXE
                                                                                    • Drops file in Program Files directory
                                                                                    PID:7760
                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
                                                                                    1⤵
                                                                                    • Enumerates system info in registry
                                                                                    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                                                                    PID:6368
                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcedc746f8,0x7ffcedc74708,0x7ffcedc74718
                                                                                      2⤵
                                                                                        PID:6952
                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,1175043275261708047,8963621450448643431,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
                                                                                        2⤵
                                                                                          PID:6432
                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,1175043275261708047,8963621450448643431,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
                                                                                          2⤵
                                                                                            PID:2116
                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,1175043275261708047,8963621450448643431,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2680 /prefetch:8
                                                                                            2⤵
                                                                                              PID:5792
                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,1175043275261708047,8963621450448643431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3560 /prefetch:1
                                                                                              2⤵
                                                                                                PID:7848
                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,1175043275261708047,8963621450448643431,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3608 /prefetch:1
                                                                                                2⤵
                                                                                                  PID:7884
                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,1175043275261708047,8963621450448643431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3112 /prefetch:1
                                                                                                  2⤵
                                                                                                    PID:4056
                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,1175043275261708047,8963621450448643431,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4900 /prefetch:1
                                                                                                    2⤵
                                                                                                      PID:3800
                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,1175043275261708047,8963621450448643431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
                                                                                                      2⤵
                                                                                                        PID:6256
                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,1175043275261708047,8963621450448643431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3788 /prefetch:1
                                                                                                        2⤵
                                                                                                          PID:6120
                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,1175043275261708047,8963621450448643431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4840 /prefetch:1
                                                                                                          2⤵
                                                                                                            PID:3636
                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,1175043275261708047,8963621450448643431,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3112 /prefetch:8
                                                                                                            2⤵
                                                                                                              PID:4928
                                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,1175043275261708047,8963621450448643431,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3112 /prefetch:8
                                                                                                              2⤵
                                                                                                                PID:3068
                                                                                                            • C:\Windows\System32\CompPkgSrv.exe
                                                                                                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                              1⤵
                                                                                                                PID:7400
                                                                                                              • C:\Windows\System32\CompPkgSrv.exe
                                                                                                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                                1⤵
                                                                                                                  PID:7692

                                                                                                                Network

                                                                                                                MITRE ATT&CK Enterprise v15

                                                                                                                Replay Monitor

                                                                                                                Loading Replay Monitor...

                                                                                                                Downloads

                                                                                                                • C:\GET_YOUR_FILES_BACK.txt
                                                                                                                  Filesize

                                                                                                                  1011B

                                                                                                                  MD5

                                                                                                                  d90d05a5fea9c28b3bf2b55f808c3a45

                                                                                                                  SHA1

                                                                                                                  7774c79c85b4401acfc56002f9e8a3e10e8a7b60

                                                                                                                  SHA256

                                                                                                                  8a9b224d68a718e7cd4da069a158408d9c71fb8ecc4e4a6581982d7a35b29cec

                                                                                                                  SHA512

                                                                                                                  783d830a0d75911da6878ea58f7191f1438a429e232c63db86e6f09a1bb390ec7ee72f10db1ee695177686cacab24c9e58f61e7d403d75dd9c817c592131170a

                                                                                                                  Download Submit

                                                                                                                • C:\Program Files\7-Zip\7-zip.chm.exe
                                                                                                                  Filesize

                                                                                                                  1.8MB

                                                                                                                  MD5

                                                                                                                  8f32fe0be342c4030bd1ba8ebf11d1b8

                                                                                                                  SHA1

                                                                                                                  5e7f2800f2a885f61b8edaabce27c9286f74beb6

                                                                                                                  SHA256

                                                                                                                  2da7ba984a247d4a27c3c89e634eaa0ddfee60b6f8ddea5cecb9a7bdea22087e

                                                                                                                  SHA512

                                                                                                                  d73b58c66f822d243bd0487a673fb43c654d1d27768f8ac52417dd4d450dcfbf2eee5ef2bdfad4f352785faeff747095b3a1a8a803c485b8f4b41a69a087e15d

                                                                                                                  Download Submit

                                                                                                                • C:\Users\Admin\AppData\ChickiMiki Design.exe
                                                                                                                  Filesize

                                                                                                                  18KB

                                                                                                                  MD5

                                                                                                                  37c874ea223a7bd53f628f04743374a4

                                                                                                                  SHA1

                                                                                                                  7c98ac2a90fdfea3eb50341a7945e3a0c7223313

                                                                                                                  SHA256

                                                                                                                  463b4b59650ab90bdbb6c5e1110e97106939a70d6cd81e1eec0dd7c5d4e6ca72

                                                                                                                  SHA512

                                                                                                                  f8f878265ce26943f69d89f29daa490a1d5c2b1edb84ace0a63084645b65317c5ed2cd6bfa114c0baaae22070c2e6109b23fb6425bc34b832f11dfc607758c22

                                                                                                                  Download Submit

                                                                                                                • C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx
                                                                                                                  Filesize

                                                                                                                  64KB

                                                                                                                  MD5

                                                                                                                  d2fb266b97caff2086bf0fa74eddb6b2

                                                                                                                  SHA1

                                                                                                                  2f0061ce9c51b5b4fbab76b37fc6a540be7f805d

                                                                                                                  SHA256

                                                                                                                  b09f68b61d9ff5a7c7c8b10eee9447d4813ee0e866346e629e788cd4adecb66a

                                                                                                                  SHA512

                                                                                                                  c3ba95a538c1d266beb83334af755c34ce642a4178ab0f2e5f7822fd6821d3b68862a8b58f167a9294e6d913b08c1054a69b5d7aec2efdb3cf9796ed84de21a8

                                                                                                                  Download Submit

                                                                                                                • C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
                                                                                                                  Filesize

                                                                                                                  4B

                                                                                                                  MD5

                                                                                                                  f49655f856acb8884cc0ace29216f511

                                                                                                                  SHA1

                                                                                                                  cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

                                                                                                                  SHA256

                                                                                                                  7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

                                                                                                                  SHA512

                                                                                                                  599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

                                                                                                                  Download Submit

                                                                                                                • C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val
                                                                                                                  Filesize

                                                                                                                  944B

                                                                                                                  MD5

                                                                                                                  6bd369f7c74a28194c991ed1404da30f

                                                                                                                  SHA1

                                                                                                                  0f8e3f8ab822c9374409fe399b6bfe5d68cbd643

                                                                                                                  SHA256

                                                                                                                  878947d0ec814fe7c343cdebc05eebf00eb14f3023bdb3809a559e17f399fe5d

                                                                                                                  SHA512

                                                                                                                  8fc5f073dc9fa1e1ae47c60a5f06e0a48709fd6a4302dffaa721858409e7bde64bc6856d3fb28891090516d1a7afc542579de287778b5755eafe75cc67d45d93

                                                                                                                  Download Submit

                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                                  Filesize

                                                                                                                  152B

                                                                                                                  MD5

                                                                                                                  4dd2754d1bea40445984d65abee82b21

                                                                                                                  SHA1

                                                                                                                  4b6a5658bae9a784a370a115fbb4a12e92bd3390

                                                                                                                  SHA256

                                                                                                                  183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d

                                                                                                                  SHA512

                                                                                                                  92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

                                                                                                                  Download Submit

                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                                  Filesize

                                                                                                                  152B

                                                                                                                  MD5

                                                                                                                  ecf7ca53c80b5245e35839009d12f866

                                                                                                                  SHA1

                                                                                                                  a7af77cf31d410708ebd35a232a80bddfb0615bb

                                                                                                                  SHA256

                                                                                                                  882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687

                                                                                                                  SHA512

                                                                                                                  706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696

                                                                                                                  Download Submit

                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                                  Filesize

                                                                                                                  152B

                                                                                                                  MD5

                                                                                                                  a078fb69afcd2b551362f817ff88b752

                                                                                                                  SHA1

                                                                                                                  84fcb9a8772baca90d25c468047562a7fbbbfbfa

                                                                                                                  SHA256

                                                                                                                  f8ff681036f889051f2acbf41dc234b26335bcf3e4242ca8c24486b82cbf00b9

                                                                                                                  SHA512

                                                                                                                  4a32b4edcc1182f322ab733c83b30e9eb66d02bb12c82bace53277069450f046344ad572fe30576c086d842b0992f44f5dd72e9567d3e7ceca7d99c4df6e60a9

                                                                                                                  Download Submit

                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                                  Filesize

                                                                                                                  152B

                                                                                                                  MD5

                                                                                                                  8f47d84093a40164c7556f2d7ed5bd4f

                                                                                                                  SHA1

                                                                                                                  f784182415e013deecc93e8c53c84f9390036b1c

                                                                                                                  SHA256

                                                                                                                  00b771590d108b369ee11ee5cc3b437535a7e0b80b9badab5122e71ce17ba91c

                                                                                                                  SHA512

                                                                                                                  968af6d57ff6fa6d68f88c1bab14d23c739a7d2cdcecdb7030ee6e97d11a79095e148dfc244c19afd13ccfabbd34c22356bae541052143465d183962b57583c1

                                                                                                                  Download Submit

                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                                  Filesize

                                                                                                                  152B

                                                                                                                  MD5

                                                                                                                  a7bfa10861b5fbef1be1e59cad9b91ca

                                                                                                                  SHA1

                                                                                                                  4142b49d8fc1461d0391f72105bc7c6acd1869b2

                                                                                                                  SHA256

                                                                                                                  f0683202ff79b787fa3a6db145ddb43ffd01fab29459fc4b45bb5aa16948a54b

                                                                                                                  SHA512

                                                                                                                  b362eb9655c5e5db8fa122099bddfe154b6ec18703ea1c84eca7907d122486d017d8ea9da6fb1a42bdd78e14010c7df3a9f146eda007b4e4e54076ccbe41d614

                                                                                                                  Download Submit

                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\1c3de5b5-9fb8-4ace-8238-8737436952b9.tmp
                                                                                                                  Filesize

                                                                                                                  1B

                                                                                                                  MD5

                                                                                                                  5058f1af8388633f609cadb75a75dc9d

                                                                                                                  SHA1

                                                                                                                  3a52ce780950d4d969792a2559cd519d7ee8c727

                                                                                                                  SHA256

                                                                                                                  cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

                                                                                                                  SHA512

                                                                                                                  0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

                                                                                                                  Download Submit

                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                  Filesize

                                                                                                                  5KB

                                                                                                                  MD5

                                                                                                                  a6c3e308b4668d45955b2868a523d1b1

                                                                                                                  SHA1

                                                                                                                  aa8f6ecac769eb57039e6c7451ed84b5e21afd5d

                                                                                                                  SHA256

                                                                                                                  7e7555ae2164a05950050b95e4ca8caaa6708a2846424e4d404d13186a61bc33

                                                                                                                  SHA512

                                                                                                                  ef621f6bfc1d7f6a0ea7eba8107ad8be4e0754f8c17e20e8c10018e9786fae1011bd1d7c81b92ac8c032e8f2d667f38650642bffdb4cef01b4ee2e4c8402d631

                                                                                                                  Download Submit

                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                  Filesize

                                                                                                                  6KB

                                                                                                                  MD5

                                                                                                                  5961a4ad5f041f8713fa2b724d6138a9

                                                                                                                  SHA1

                                                                                                                  2bb096f09a886b829ca947204eea3cc3bd0f876e

                                                                                                                  SHA256

                                                                                                                  f7adf48c98ae4b5458fa1419fd92893c7212d8cea68e7281c239973cb72321d2

                                                                                                                  SHA512

                                                                                                                  9abe0577014e0a2ed1efd57393203989c61d3236f6c3d10acea77d01c7da9c7803ecb0f2c81c5ce9aa4a65a6b83388ccfb3fe713242b8a8acc2ff63d2d9fd452

                                                                                                                  Download Submit

                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                  Filesize

                                                                                                                  6KB

                                                                                                                  MD5

                                                                                                                  1e9a2a28469637ae8efb567263bda102

                                                                                                                  SHA1

                                                                                                                  d812e5cd2b03f355705f2bca269c38740688e2d9

                                                                                                                  SHA256

                                                                                                                  4fe91e2605609995844ce703d29063d04895edef128ac61b538213098db128e5

                                                                                                                  SHA512

                                                                                                                  3d241edc817a55890caa453d309b9724f49be9a4644753c5a9f5bce3cf6d575c274d26b3cdf41381a8f306b7d8b6ac1cdd20fe8c3eccaeaa3751d5928b97908a

                                                                                                                  Download Submit

                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                  Filesize

                                                                                                                  7KB

                                                                                                                  MD5

                                                                                                                  13773b926d31ee322aea3d70e8da2f00

                                                                                                                  SHA1

                                                                                                                  39bd89e00a3eb49156e27574981432a211685888

                                                                                                                  SHA256

                                                                                                                  d823faa1e52aeb54269ce74e9c8fb4d01bbb1f396aa221ab1ebe60855063a78a

                                                                                                                  SHA512

                                                                                                                  208ed5f560df157f5410cd7c0c2a12dadb75d38ae55e1b94d25841c37ad1ced029499ea01b4dda26df594a8eeba2f9f503d5d87a9e76d6a38698ede06aa9d6c7

                                                                                                                  Download Submit

                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                  Filesize

                                                                                                                  6KB

                                                                                                                  MD5

                                                                                                                  119727993a182c3423939a6e347e97bc

                                                                                                                  SHA1

                                                                                                                  901a4aad42edc0056e2d9ed8cb4b9b11be07c533

                                                                                                                  SHA256

                                                                                                                  554524200eaa29e9d22b2f6b32c2ceb09200708c9af593ff75255210f0bb5b8b

                                                                                                                  SHA512

                                                                                                                  c3ade93ee824f655f45c0313f34f20b49f33bac9af875e1fe7a17f73244444a055860179989747eaae55d3385cfdf24366f51ac1ed8709530ffe158f56ec7166

                                                                                                                  Download Submit

                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                  Filesize

                                                                                                                  6KB

                                                                                                                  MD5

                                                                                                                  23943430a0e697ace7ac8150492db05c

                                                                                                                  SHA1

                                                                                                                  3cbe35f57d4d6552425d5e6ae40eb418d872b5ae

                                                                                                                  SHA256

                                                                                                                  6ecd3b21bca7371537a3a2a093adfa3192c3931fcce7949bb0ef1a26a74c3b26

                                                                                                                  SHA512

                                                                                                                  ca88194d4ab01afeb4fbc9ea6d6e8d1ccc47a3e69be81aa61b5515e4f8ad478c6ac048b32bc3b2b46b9b3a1a37cf717d9667fa6fcb3537a725f022846489a45a

                                                                                                                  Download Submit

                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                  Filesize

                                                                                                                  6KB

                                                                                                                  MD5

                                                                                                                  0561a632002527d19662b0bdbb9970ac

                                                                                                                  SHA1

                                                                                                                  11320eafd2e6d30b897a8c93cefef4edfbf02632

                                                                                                                  SHA256

                                                                                                                  9888661536d2814599003202a9231f0b060fb019e1a131b4670bbeb957743383

                                                                                                                  SHA512

                                                                                                                  566dbd4baa9709da412e5b4640a6778936be150fd812fd03c6353a70864940593b541124a488d8aef2b1e3881bf3f806c23bf8428d37f57c5591a445c036e976

                                                                                                                  Download Submit

                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                  Filesize

                                                                                                                  1KB

                                                                                                                  MD5

                                                                                                                  41dcbdc888d2116f1991f68eca896fd5

                                                                                                                  SHA1

                                                                                                                  eb748250fb7df111515a585873cdfaaf0cfd6cc8

                                                                                                                  SHA256

                                                                                                                  9bc5c2cfbce619e44106d9f43b7b065cf741a4b7fa06ec74df2766292a2aabcb

                                                                                                                  SHA512

                                                                                                                  61a6b48cfe160b1bb52795a28c1344ceed69492d965bf8e9effb517b57c47f3dd708d656ea887c3d881a7fcf9e01e55f229c489463b7005301b5ae6ec7a20726

                                                                                                                  Download Submit

                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                  Filesize

                                                                                                                  1KB

                                                                                                                  MD5

                                                                                                                  041064247d01379adce0b5548cee1961

                                                                                                                  SHA1

                                                                                                                  dfd1c571f00c4909db619ce36a26f1b4dd92c7cb

                                                                                                                  SHA256

                                                                                                                  ef53900b94be0a129723b70f175383a3eb03b06935da6b91c50b686b877a7dee

                                                                                                                  SHA512

                                                                                                                  447983a74a57074c21ea883c118c3849bae4c9b716c51ad81c3402b91b9eb0107f22f1f543fc06bd15caf733acc06bb50c50dae184ace52a670c5df543671c66

                                                                                                                  Download Submit

                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5ad245.TMP
                                                                                                                  Filesize

                                                                                                                  534B

                                                                                                                  MD5

                                                                                                                  0e70daa8737f6414c829911ea003712b

                                                                                                                  SHA1

                                                                                                                  4f6e5508792a4e73f7e695f734e88737cc135228

                                                                                                                  SHA256

                                                                                                                  f611c5355243eddacc0f647b024c1ab51a0fee5da8704dccbd556e10a87b80eb

                                                                                                                  SHA512

                                                                                                                  bc32a59fdff4e1667adaaa39ff17950c9a27606a654bfaa70cf579459b3e470f47ac76e141bd0acf272b8cba4aa72c715521c6fe694788cacbea4d2eace8b7ca

                                                                                                                  Download Submit

                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                                                                  Filesize

                                                                                                                  16B

                                                                                                                  MD5

                                                                                                                  6752a1d65b201c13b62ea44016eb221f

                                                                                                                  SHA1

                                                                                                                  58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                                                                                  SHA256

                                                                                                                  0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                                                                                  SHA512

                                                                                                                  9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                                                                                  Download Submit

                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                                                                  Filesize

                                                                                                                  16B

                                                                                                                  MD5

                                                                                                                  589c49f8a8e18ec6998a7a30b4958ebc

                                                                                                                  SHA1

                                                                                                                  cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e

                                                                                                                  SHA256

                                                                                                                  26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8

                                                                                                                  SHA512

                                                                                                                  e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2

                                                                                                                  Download Submit

                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                                                                  Filesize

                                                                                                                  16B

                                                                                                                  MD5

                                                                                                                  aefd77f47fb84fae5ea194496b44c67a

                                                                                                                  SHA1

                                                                                                                  dcfbb6a5b8d05662c4858664f81693bb7f803b82

                                                                                                                  SHA256

                                                                                                                  4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

                                                                                                                  SHA512

                                                                                                                  b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

                                                                                                                  Download Submit

                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0
                                                                                                                  Filesize

                                                                                                                  44KB

                                                                                                                  MD5

                                                                                                                  b0fac50b0bb863bd28214084ff688f2d

                                                                                                                  SHA1

                                                                                                                  0d1bdc117e81e3638c08bbd4b1335638aeac4910

                                                                                                                  SHA256

                                                                                                                  e30047aa3ccdbe3b619c73d8fd89f9fe4f500f4dec2ce2d8be1a6c49379d1932

                                                                                                                  SHA512

                                                                                                                  698fc0c8e8410aa6d3a98c6292c41b47d3a1f6330527379a3473c209b4543bc32b29910687a46724641e082348a8b7f29085da6614abf437a793bbd4e77bf5cd

                                                                                                                  Download Submit

                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
                                                                                                                  Filesize

                                                                                                                  264KB

                                                                                                                  MD5

                                                                                                                  aee7c1c215db6ebb5d26dfcdba83988a

                                                                                                                  SHA1

                                                                                                                  d921a193c65fc7ef24559272fafd475f64744413

                                                                                                                  SHA256

                                                                                                                  88155969f085dc65c80460ffb1f504cd0d420436a466e5f24bfa02416f6428b9

                                                                                                                  SHA512

                                                                                                                  7e9b5040ba7745eedd3583e43a271845d2dad668d66929136d36b8a6ccd9926464a25342a27a0a26e1a333874c58130c22a65a3a5c87359d7955d9aa0074c0db

                                                                                                                  Download Submit

                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                  Filesize

                                                                                                                  10KB

                                                                                                                  MD5

                                                                                                                  8c171f01ccb9058df05a67843461d3b3

                                                                                                                  SHA1

                                                                                                                  a4134945249087d7cd60dabb7046902da992cfd7

                                                                                                                  SHA256

                                                                                                                  53c9f2c4260dc6447016002b4dc50431a2ac12bd96a3a2ca5dc643aff1fc8710

                                                                                                                  SHA512

                                                                                                                  35a1934ff3c510159d3d997bf3a0288c06d9d91feebdfd36af53805ae672881851fe2e07c28c18acfd9133f339ae84e46a632822724e6746e5077fc6848ba2a2

                                                                                                                  Download Submit

                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                  Filesize

                                                                                                                  10KB

                                                                                                                  MD5

                                                                                                                  f4846edccc1d68095592bca0ffb99040

                                                                                                                  SHA1

                                                                                                                  a06107192b4d9dafa935bc5a9e6f8745cff9cea8

                                                                                                                  SHA256

                                                                                                                  e6d91ad14d711d73c4629dd1ec0bb3cef5d16c9103dfecfd2bef19322a0f6bb0

                                                                                                                  SHA512

                                                                                                                  3b2a79069cde09693227a42409ad0e7a99358c40b5c1784bafe8e2f5796fb134b71b037f738ec5fa09912da667f461ded06fac9597c092c8cb025d3e896fcdb3

                                                                                                                  Download Submit

                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft_Corporation\HEUR-Trojan-Ransom.MSIL.A_Url_hyzi2c1yzof5lmdswpn0aowbvgq0vrgi\10.0.17134.1\ncl8f0dh.newcfg
                                                                                                                  Filesize

                                                                                                                  926B

                                                                                                                  MD5

                                                                                                                  aeef554f7bb401110b7c50c2f1a75abe

                                                                                                                  SHA1

                                                                                                                  a27900dc1f94186caaeffc21cb90d8d0db38122c

                                                                                                                  SHA256

                                                                                                                  fe13fc40951dea3c476fa603d87cf31c0e3c740ed37e28dd463db1b6a36a676c

                                                                                                                  SHA512

                                                                                                                  db1086b775daf0712814b5f73a67c1da099bd71a83794313643cd5dbb8fcebc2d4387427208cc7dbf2829758dab42c6a423ed7c34c3c71d82961dfa53a47e39c

                                                                                                                  Download Submit

                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft_Corporation\HEUR-Trojan-Ransom.MSIL.A_Url_hyzi2c1yzof5lmdswpn0aowbvgq0vrgi\10.0.17134.1\oscgelyv.newcfg
                                                                                                                  Filesize

                                                                                                                  564B

                                                                                                                  MD5

                                                                                                                  7da87c0a607285add8dddc26e8263d86

                                                                                                                  SHA1

                                                                                                                  93ae73e6915f4a1c11a40bbe23c09b72db3f502e

                                                                                                                  SHA256

                                                                                                                  f9ccb5c80fdbdce2490eb119b7885c3f19556d52cd8d2c0fe7a94801ac3a9799

                                                                                                                  SHA512

                                                                                                                  3db1d43d1a049c7b4338ee3aafe85ffd39e5401763bb271a5e8510716e53e10e743f821e79cd3d28564b39fa445edd1570c49b326da9eb3fa9ab8a0818ff7a0c

                                                                                                                  Download Submit

                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft_Corporation\HEUR-Trojan-Ransom.MSIL.A_Url_hyzi2c1yzof5lmdswpn0aowbvgq0vrgi\10.0.17134.1\user.config
                                                                                                                  Filesize

                                                                                                                  808B

                                                                                                                  MD5

                                                                                                                  8e9ad862b6889e10924f38d947c3d32c

                                                                                                                  SHA1

                                                                                                                  8dc1babaa126ae32f1ff5a9c1d08c259ecafbd70

                                                                                                                  SHA256

                                                                                                                  a4c828fd03725bf3ebbf4c4adbe40b5bfe70442cf89aced31cebedb4965cb749

                                                                                                                  SHA512

                                                                                                                  400883a5b7f5eeef2d1f38e3d91f64ffe96686c0d4ef0f81de8bd8a03f591e10835512426a831386f6c8a0cda8c6aca546eda34c37dee01791ea14af1fa8c385

                                                                                                                  Download Submit

                                                                                                                • C:\Users\Admin\AppData\Local\Temp\RarSFX0\c.exe
                                                                                                                  Filesize

                                                                                                                  22KB

                                                                                                                  MD5

                                                                                                                  a18c062bb0ce203fdff331c992de269c

                                                                                                                  SHA1

                                                                                                                  eae83f7e1ad214972defb84c43ea036fc6d5115e

                                                                                                                  SHA256

                                                                                                                  c097471fea6d03ff188f977d3ace14128fc5db56ec813e555bf3ac8d20e88b7b

                                                                                                                  SHA512

                                                                                                                  977fc4d1d72d742c3776233d15245f3e5dead9995b8d7a95c2f0235f42ee7ef4472fd384d24cda1d6ea266c220a25b1a695bbe50edcf289583da9763055a7a12

                                                                                                                  Download Submit

                                                                                                                • C:\Users\Admin\AppData\Local\Temp\_MEI41642\_socket.pyd
                                                                                                                  Filesize

                                                                                                                  50KB

                                                                                                                  MD5

                                                                                                                  542726bb334376b4ee0b20cb19853cbb

                                                                                                                  SHA1

                                                                                                                  66f88bffce320371e208b5993313b1d84e234dbf

                                                                                                                  SHA256

                                                                                                                  ed53d4157e38ff8aec102a87ff7e2d6879b36eeffd301726047f7517243ab279

                                                                                                                  SHA512

                                                                                                                  3bc38057f2a202808ef42f666bf1e008bebcfce41d8942b9d8dc006ea53fc8e76df012638dc5b6bf5c1a4c6175b2197308674e90cabe38711c4bfae95f0a1613

                                                                                                                  Download Submit

                                                                                                                • C:\Users\Admin\AppData\Local\Temp\_MEI41642\_ssl.pyd
                                                                                                                  Filesize

                                                                                                                  2.0MB

                                                                                                                  MD5

                                                                                                                  1b4639e2970bc4a12e0715f161c26e15

                                                                                                                  SHA1

                                                                                                                  69c9f8152410380ae4e2465d1711c6d577f7da96

                                                                                                                  SHA256

                                                                                                                  260f8ab785e3b22c241d578a5442ff287b1bf13a886b077a105f0e85d1c3a774

                                                                                                                  SHA512

                                                                                                                  2f7d9e7af93f2916978cdc90bc2553f92b7a6b8097c3c7a4247e1eb06f5c94d63ca037489d67fa8680825c1813df94f21670ae53a9fb8605d2d45ed306ce4991

                                                                                                                  Download Submit

                                                                                                                • C:\Users\Admin\AppData\Local\Temp\_MEI41642\backdoor.exe.manifest
                                                                                                                  Filesize

                                                                                                                  1KB

                                                                                                                  MD5

                                                                                                                  5d3d187f76000b0e613abbf378c6c410

                                                                                                                  SHA1

                                                                                                                  45dd9addadc5bd8815b995197ebc92bacece814e

                                                                                                                  SHA256

                                                                                                                  f63a06eba4440c421cc75855fee87d32f2810ffb5ab8bb33c72d7d3da56afaeb

                                                                                                                  SHA512

                                                                                                                  0459610a779312fc6ae6f03132653f03958c64c02cae6b2eed95678a857c8097c1b1ea1d2f9b54fd39b1cc1e01dbbd9ffa346581cd332f29f2aa0ab162efcc7c

                                                                                                                  Download Submit

                                                                                                                • C:\Users\Admin\AppData\Local\Temp\_MEI41642\python27.dll
                                                                                                                  Filesize

                                                                                                                  3.3MB

                                                                                                                  MD5

                                                                                                                  838972583b872f2c503ec88f3cdf55c7

                                                                                                                  SHA1

                                                                                                                  1e594b264f2ce7a4d621aef2bb7bc65343799b34

                                                                                                                  SHA256

                                                                                                                  fe55c3ad1e217ada3a1938f3f1fc7ad2d60e2e9fdf02ef751d6d0d2471350301

                                                                                                                  SHA512

                                                                                                                  66dfd0671844674e5d8052be4b203617e0538dddd4d2c87159d3bce7f4cf6759248169c9dc444f472bed33b3bc5a005e664353fe194860e78762a36b8e0ce338

                                                                                                                  Download Submit

                                                                                                                • C:\Users\Admin\AppData\Local\Temp\_MEI41~1\bz2.pyd
                                                                                                                  Filesize

                                                                                                                  90KB

                                                                                                                  MD5

                                                                                                                  f42a2fe6bb38e14cc0282ff85dbc8366

                                                                                                                  SHA1

                                                                                                                  2a83aa37c7820e027f500579be86374a394a8ae1

                                                                                                                  SHA256

                                                                                                                  72411f5d024cf86753ef40cbeacf564fb71410760035360f2c89932594082f5c

                                                                                                                  SHA512

                                                                                                                  9c57be42d93af4ec10cdb84006b4a1c598485aefad8e93f6d0e3c9ab13298aa7514dbb8d7e1daf9c0d901b0224ecf8c3714961bddbdafed94aa7f9aa557293e8

                                                                                                                  Download Submit

                                                                                                                • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_w013rfqk.5rt.ps1
                                                                                                                  Filesize

                                                                                                                  60B

                                                                                                                  MD5

                                                                                                                  d17fe0a3f47be24a6453e9ef58c94641

                                                                                                                  SHA1

                                                                                                                  6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                                                                                  SHA256

                                                                                                                  96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                                                                                  SHA512

                                                                                                                  5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                                                                                  Download Submit

                                                                                                                • C:\Users\Admin\AppData\Local\Temp\zbhnd.exe
                                                                                                                  Filesize

                                                                                                                  52KB

                                                                                                                  MD5

                                                                                                                  673e2a417475831d1aba63a2d77b1780

                                                                                                                  SHA1

                                                                                                                  336c1294113bf68e6a0018729b9f304d0ec80e54

                                                                                                                  SHA256

                                                                                                                  70dd320aaa397a3fd02dabc786d6c2b715754bb31a0c45ec1e338f135de91320

                                                                                                                  SHA512

                                                                                                                  dfc00b0d9af7736ddc71871006766b630aa5b7bde1e2cbcb1842cc6d48a2bec53e171dd91c0ce281810a1b5efc5dbf5bf61160683a1df19d09d99f47051dd692

                                                                                                                  Download Submit

                                                                                                                • C:\Users\Admin\AppData\Roaming\Cntrlphse.exe
                                                                                                                  Filesize

                                                                                                                  1.0MB

                                                                                                                  MD5

                                                                                                                  9c0b36c4e2475f9351a38b5cde98dcf6

                                                                                                                  SHA1

                                                                                                                  ed7da91f04af98e43fd86be1bbe13ad6a3eba765

                                                                                                                  SHA256

                                                                                                                  0553a45649cd95b0da3c3b57bd9ae7b0419612f1915905b46709c13a4b23f7c3

                                                                                                                  SHA512

                                                                                                                  9faa539c348a014a24af80e6572ec8972e0ed5cb6a1f026cdf5a56335fb802951c181dc04f9fbc6662ee6ebd1423673a2a9c9ec05ced590a23dd771e33f7230d

                                                                                                                  Download Submit

                                                                                                                • C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1194130065-3471212556-1656947724-1000\7e1c2faf6a5692aa96a780da183cd4d0_a53bb4ca-6113-48bb-9609-441860fdd0d7
                                                                                                                  Filesize

                                                                                                                  3KB

                                                                                                                  MD5

                                                                                                                  1a9f6d593f1d125c46f25dfbd8f5a113

                                                                                                                  SHA1

                                                                                                                  52b65d65f3e96fa80c8e99c3932afd8906a3c689

                                                                                                                  SHA256

                                                                                                                  3ec8577188e9bf641548629d689ced3b088ff434457415edbbfc7a6fb59d80bb

                                                                                                                  SHA512

                                                                                                                  553e92a5a76d6ef875473228b307f7911700752f5d491b8ea4f0af2f9edb878ebdfd86928d43771fa5b0e3ad287bc13b53299e40b0a17e2b24ba60bb0fb25068

                                                                                                                  Download Submit

                                                                                                                • C:\Users\Admin\DEsktop\00476\HEUR-Trojan-Ransom.Win32.Agent.pef-0d612a4cb723da27d89d54602bfb83a1d7067c4b1315604b1cc22734cae8f3ff.exe
                                                                                                                  Filesize

                                                                                                                  101KB

                                                                                                                  MD5

                                                                                                                  a2c3e21b413d84fd8b1042f7406c1e85

                                                                                                                  SHA1

                                                                                                                  dc7649c6893a64371cf991523a62de36b5dd991e

                                                                                                                  SHA256

                                                                                                                  0d612a4cb723da27d89d54602bfb83a1d7067c4b1315604b1cc22734cae8f3ff

                                                                                                                  SHA512

                                                                                                                  53ba022a28670728c0134f60bc3b784069ae956d047a68779ce06a9aff4ee5839d1ba3513416ed0c22e4d218f8b7aa8df3b551b2b5ead4056e39c93ff08f27be

                                                                                                                  Download Submit

                                                                                                                • C:\Users\Admin\DEsktop\00476\HEUR-Trojan-Ransom.Win32.GandCrypt.pef-cc7943a212fbd7fa64825ca9255387e28a2666e9da1a6d5ad1929ad3f8ec8087.exe
                                                                                                                  Filesize

                                                                                                                  89KB

                                                                                                                  MD5

                                                                                                                  dc388a09ad16fcbc7c55ee04f2a087f0

                                                                                                                  SHA1

                                                                                                                  8c4127428441d6bec292889e5bbc9cb5a18ae70d

                                                                                                                  SHA256

                                                                                                                  cc7943a212fbd7fa64825ca9255387e28a2666e9da1a6d5ad1929ad3f8ec8087

                                                                                                                  SHA512

                                                                                                                  ced9e20a6d5488fef2800d9174775815d023013ab8cde2b44707f413fd0a7dfd3832a2fae64e6ab142adc7fa899ff689c65fb5d022184a5db9b3c902414613df

                                                                                                                  Download Submit

                                                                                                                • C:\Users\Admin\Desktop\00476\HEUR-Trojan-Ransom.MSIL.Agent.gen-40a1c3ab6869ce4fc5237f521cae6d9dd97287627c9283d6b5bcbf02b946b277.exe
                                                                                                                  Filesize

                                                                                                                  319KB

                                                                                                                  MD5

                                                                                                                  3f37958d8846628731b5e49d2c525bd9

                                                                                                                  SHA1

                                                                                                                  d8e48e6d355c62a76dfa557c86efbe0cca9133dc

                                                                                                                  SHA256

                                                                                                                  40a1c3ab6869ce4fc5237f521cae6d9dd97287627c9283d6b5bcbf02b946b277

                                                                                                                  SHA512

                                                                                                                  880ffadae42902ba36d4536f04ba11aff7041972e00f7e6c370a72bacfe1e6ded220da739900b707a557de049d53a4013344560eb6d199e5dcb3bd998ff2c8d3

                                                                                                                  Download Submit

                                                                                                                • C:\Users\Admin\Desktop\00476\HEUR-Trojan-Ransom.MSIL.Agent.gen-7298275ad4bcdad520077fb9464e9777591522c840d76e9fc3a34aa17b4403b2.exe
                                                                                                                  Filesize

                                                                                                                  228KB

                                                                                                                  MD5

                                                                                                                  3af5a7b50dd8f9fa3fa858f445623c39

                                                                                                                  SHA1

                                                                                                                  0d0deb521578ec8618111257615108acf109b4fa

                                                                                                                  SHA256

                                                                                                                  7298275ad4bcdad520077fb9464e9777591522c840d76e9fc3a34aa17b4403b2

                                                                                                                  SHA512

                                                                                                                  0630f2d4c6f40bf4cea157d877a2e54a6ef4c5fae3ca1d9e63d219aab30566ad8071f0f03b01c936cd05eb25f348e5eb494e599d3c68bca1ec52ac76f753319a

                                                                                                                  Download Submit

                                                                                                                • C:\Users\Admin\Desktop\00476\HEUR-Trojan-Ransom.MSIL.Agent.gen-d43d393a57eba94438dc27c4a06940ff705d6cfc3327ee3a45480797b7f40b63.exe
                                                                                                                  Filesize

                                                                                                                  76KB

                                                                                                                  MD5

                                                                                                                  665aab2ffae2eeeee8eb847e9bb69ebc

                                                                                                                  SHA1

                                                                                                                  8864a2662cbc6b09a557109111bd8b7d59d32b02

                                                                                                                  SHA256

                                                                                                                  d43d393a57eba94438dc27c4a06940ff705d6cfc3327ee3a45480797b7f40b63

                                                                                                                  SHA512

                                                                                                                  db56810f077a1a2fa8e41420c85e4b17287d4cf5616a4d8f59a2d2cb3e5cbb5becc28b4a956f13b1c13446c878d506154aa3db1df1f942dbe22704c9420ce9c5

                                                                                                                  Download Submit

                                                                                                                • C:\Users\Admin\Desktop\00476\HEUR-Trojan-Ransom.MSIL.Blocker.gen-5c500d5168113c41bb7816036f3241446f1d0d869cedf78ce1442939db113766.exe
                                                                                                                  Filesize

                                                                                                                  1.6MB

                                                                                                                  MD5

                                                                                                                  d962d419315bba0ebc87e52ac07525f7

                                                                                                                  SHA1

                                                                                                                  6a42f7b6bde962cb6c091855de71ea5009252e59

                                                                                                                  SHA256

                                                                                                                  5c500d5168113c41bb7816036f3241446f1d0d869cedf78ce1442939db113766

                                                                                                                  SHA512

                                                                                                                  53ebca83801b71e10832e87e203d1588f581fd3313b4d5070fb8c7ddb7361e6abd9620ba2624b689e5fc5f1c0c12ac1adf090bbe13327851f8a25f668722615f

                                                                                                                  Download Submit

                                                                                                                • C:\Users\Admin\Desktop\00476\HEUR-Trojan-Ransom.MSIL.Encoder.gen-cc58ef77008f989fa8ccdb4d489be6633c4c2cace8f800dbdb6397b6a90b2366.exe
                                                                                                                  Filesize

                                                                                                                  183KB

                                                                                                                  MD5

                                                                                                                  c3e3c86fde3bcd274d6ab8b34b317dcd

                                                                                                                  SHA1

                                                                                                                  3b8b97d4859df70429f616dda2ff97fc3100860d

                                                                                                                  SHA256

                                                                                                                  cc58ef77008f989fa8ccdb4d489be6633c4c2cace8f800dbdb6397b6a90b2366

                                                                                                                  SHA512

                                                                                                                  25bef0a7edd508fb77b2852c1f9db4e4ccdc0ff40aa6201fc5210dcb4aaa97fc0e76a19e27331e1040e5821edfaf95aa18fca60ad33211fdc6c303c3defdcc25

                                                                                                                  Download Submit

                                                                                                                • C:\Users\Admin\Desktop\00476\HEUR-Trojan-Ransom.MSIL.PolyRansom.gen-ded2b5c541c8bc976318035e5d339b055d3f14cdbc70b496e4e40ce2b2f2f2d6.exe
                                                                                                                  Filesize

                                                                                                                  3.8MB

                                                                                                                  MD5

                                                                                                                  9ea73eb6b9b9bc5fb7ba8bbef5511eb5

                                                                                                                  SHA1

                                                                                                                  100bc3545d192cdfd5952650c9ad14899562c322

                                                                                                                  SHA256

                                                                                                                  ded2b5c541c8bc976318035e5d339b055d3f14cdbc70b496e4e40ce2b2f2f2d6

                                                                                                                  SHA512

                                                                                                                  a1e0df81d5737834cbcc1dde888f5aca4e1f21fbfa2d6b10782e221a44dadf5d63f8ffcfec44f924ea4a6545730d53d83da35910ec01b6746b1aaaf51733b1e3

                                                                                                                  Download Submit

                                                                                                                • C:\Users\Admin\Desktop\00476\HEUR-Trojan-Ransom.Win32.Blocker.pef-d21200eaa45fdfb70c681802a1b2a8a72135984fdcc5363d2f8aaa04b3059823.exe
                                                                                                                  Filesize

                                                                                                                  52KB

                                                                                                                  MD5

                                                                                                                  dc8225b874f6f79023eecede84591549

                                                                                                                  SHA1

                                                                                                                  6ac8b72bab5c4849238efbc1eb763a07801b90dd

                                                                                                                  SHA256

                                                                                                                  d21200eaa45fdfb70c681802a1b2a8a72135984fdcc5363d2f8aaa04b3059823

                                                                                                                  SHA512

                                                                                                                  ce54ead3f6b5ab062a7ff4390b36e1ae043d4196780121372bc11343aa23885bb624593109261bbf95cb1c477d4d7dbaf50bd0e7456386d22825c52441a9a006

                                                                                                                  Download Submit

                                                                                                                • C:\Users\Admin\Desktop\00476\HEUR-Trojan-Ransom.Win32.Blocker.vho-9c510fb052fc192f3413070c98441380e5acedf9d68956a7b5d33e7a9a28757a.exe
                                                                                                                  Filesize

                                                                                                                  4.4MB

                                                                                                                  MD5

                                                                                                                  4a6651681f59dfa4a1a228a6d92a62cb

                                                                                                                  SHA1

                                                                                                                  5a95d72ec83668992837fb1bffb0d96a90f23ea0

                                                                                                                  SHA256

                                                                                                                  9c510fb052fc192f3413070c98441380e5acedf9d68956a7b5d33e7a9a28757a

                                                                                                                  SHA512

                                                                                                                  be93f6d97f980c8d85f98d4fd6e07333d987a02305d56f4c1a6a40b099fad3e95cf24afb1f6dc7c4b25b3d467183e18f0289772f3068f24b57048cd16a725951

                                                                                                                  Download Submit

                                                                                                                • C:\Users\Admin\Desktop\00476\HEUR-Trojan-Ransom.Win32.Crypmodadv.vho-f2568e132b3fedc231ea1c120bdcb294eb449a8ee6374b71baf071721ab10e2d.exe
                                                                                                                  Filesize

                                                                                                                  1.8MB

                                                                                                                  MD5

                                                                                                                  153c5b9bb7590a23c6a75259c5dd70f3

                                                                                                                  SHA1

                                                                                                                  e82069d4144e069b94ba51ec490e5a1cb9996286

                                                                                                                  SHA256

                                                                                                                  f2568e132b3fedc231ea1c120bdcb294eb449a8ee6374b71baf071721ab10e2d

                                                                                                                  SHA512

                                                                                                                  e46f86dde80e23bf6b306a7c9c9b439e36923811511c0c895b3a0956c0f1db66fba8855b03c8b8f71fb26e2d2033e35f7759a94634b0848f11258fcf7c385b82

                                                                                                                  Download Submit

                                                                                                                • C:\Users\Admin\Desktop\00476\HEUR-Trojan-Ransom.Win32.Cryptoff.vho-fe3cd19a757f7223bc2d49bbeb8c06dba44709dc12f60df6beb6ba29f0f60693.exe
                                                                                                                  Filesize

                                                                                                                  130KB

                                                                                                                  MD5

                                                                                                                  c99e9d01743ad7e080344003b8f6b6b1

                                                                                                                  SHA1

                                                                                                                  2b878de1c39aeadda71ebbd9b591a9190955c804

                                                                                                                  SHA256

                                                                                                                  fe3cd19a757f7223bc2d49bbeb8c06dba44709dc12f60df6beb6ba29f0f60693

                                                                                                                  SHA512

                                                                                                                  4ae96dbe25cf2fd5c016c78d19cb442a8e94cd28df746f6b0b09681f5b30ae9676005e920d760ac985c10021d3c15b030249756927330692238f5c2109e446de

                                                                                                                  Download Submit

                                                                                                                • C:\Users\Admin\Desktop\00476\HEUR-Trojan-Ransom.Win32.Cryptor.gen-eb1d63ef65c7f04d361a4547c8601b8fa801fe47f7348fe84bca77e415eb7cf7.exe
                                                                                                                  Filesize

                                                                                                                  921KB

                                                                                                                  MD5

                                                                                                                  6e98d5dd95d00369316ba548e3c625b3

                                                                                                                  SHA1

                                                                                                                  d98da136d22d8e06079a1ce991aa3fc2d95bf186

                                                                                                                  SHA256

                                                                                                                  eb1d63ef65c7f04d361a4547c8601b8fa801fe47f7348fe84bca77e415eb7cf7

                                                                                                                  SHA512

                                                                                                                  8da6ba5ece6e76be8551b964b6e3c4ff77ddab56d35d1347ed5304a36f82acf398a348d97c81d4d41178de86cc2bde55671587428c465c46d65d9fd578158792

                                                                                                                  Download Submit

                                                                                                                • C:\Users\Admin\Desktop\00476\HEUR-Trojan-Ransom.Win32.Generic-2d8ede0c1adfd042a2ece2482244275f62db138692f24187a652995fbf245a32.exe
                                                                                                                  Filesize

                                                                                                                  260KB

                                                                                                                  MD5

                                                                                                                  c834ff9a9b14b3d123e9d38077c0fff2

                                                                                                                  SHA1

                                                                                                                  ee076f70629a1601fa59aa208b2cf0fedb7966df

                                                                                                                  SHA256

                                                                                                                  2cb3b699ed772a85ef255127e1f27a7e1082f41d883c6dcfb47f92188b9642f6

                                                                                                                  SHA512

                                                                                                                  bae016dae87cdbc2f8d9f1342e63f010ac9d8527c441c319847fb40d377041fdea8a249730ad7f7a171d6ba7646e14165eebde91663c8b189cf2be206a5fba6a

                                                                                                                  Download Submit

                                                                                                                • C:\Users\Admin\Desktop\00476\read_it.txt
                                                                                                                  Filesize

                                                                                                                  965B

                                                                                                                  MD5

                                                                                                                  b8a00798dd2fa9a47675c6b066ec8306

                                                                                                                  SHA1

                                                                                                                  b63321cc77488b4a7c2b39437a90f22c84421e85

                                                                                                                  SHA256

                                                                                                                  a8b2ba39a129d6e5d64809a774131b7171cf63c9b9b7a4bbd429cfc67e26e57a

                                                                                                                  SHA512

                                                                                                                  c16b6e5bd0e71f26ca0177da72356e95940c8497b774d5ae7c0e26565431a62e12a35ec832491f836707892fce32a748139389dbbfdf3a6a0dd9af068f799a31

                                                                                                                  Download Submit

                                                                                                                • C:\Users\Admin\Desktop\AddMove.xlsx.chickedmik
                                                                                                                  Filesize

                                                                                                                  10KB

                                                                                                                  MD5

                                                                                                                  b94d78a46a60357c7b01da2f1f1c62fd

                                                                                                                  SHA1

                                                                                                                  866b794f0a05464807d06db9c700d0f2065ea26d

                                                                                                                  SHA256

                                                                                                                  9f1bd3e80cf6d297fcd9716403eb8eae372965226817fad305bef4e23f9f0851

                                                                                                                  SHA512

                                                                                                                  5e2def37ab65cb504c7b6b3f34c45976b2a1eb24fa7e4093bb31fec913a0f7bb2847df89021c9b2e43ee1317e08687ed1826bd652d91724891e1a62169dcffdb

                                                                                                                  Download Submit

                                                                                                                • C:\Users\Admin\Desktop\CheckpointInstall.vssx.chickedmik
                                                                                                                  Filesize

                                                                                                                  519KB

                                                                                                                  MD5

                                                                                                                  d558c0805508c586500ba5f000584c45

                                                                                                                  SHA1

                                                                                                                  b293b35229164469cd9778b875657f59c1e681f0

                                                                                                                  SHA256

                                                                                                                  c99d3142dcf7234edd344408d481d487fb979f7c5d1c97697b1f782989faea3e

                                                                                                                  SHA512

                                                                                                                  1aa2aaa6bdf1fb3151de9595fb93540ff5ea875ea43a79e7afbb1d225384ff1fb1ac3d8e39c0fed8e92ca00ac89004dbf52d83160b33ec146b0ea2a4886ad9a6

                                                                                                                  Download Submit

                                                                                                                • C:\Users\Admin\Desktop\ConnectUpdate.dot.chickedmik
                                                                                                                  Filesize

                                                                                                                  548KB

                                                                                                                  MD5

                                                                                                                  aec1788704890c302d966867ba140128

                                                                                                                  SHA1

                                                                                                                  266b5522bf41f94a1e7fd938d064314f80503516

                                                                                                                  SHA256

                                                                                                                  390e852b5ea6c86fc680bb2d4e11c118b09ef0957fb1af89c29fdaf0ae480427

                                                                                                                  SHA512

                                                                                                                  b48c701c5905791c10e94362d67335fa280aa55b7d99cf548fbea039e7d357fe91eac9edb4eedbb1e42e249f084831263c5596ade279ddbdadba965dd570d418

                                                                                                                  Download Submit

                                                                                                                • C:\Users\Admin\Desktop\ExportSuspend.cfg.chickedmik
                                                                                                                  Filesize

                                                                                                                  833KB

                                                                                                                  MD5

                                                                                                                  2d6113d603aaa158f7c1f6906f458cfd

                                                                                                                  SHA1

                                                                                                                  261723cbceb44ad96dde0d4670e4261c5824313d

                                                                                                                  SHA256

                                                                                                                  6cd5266839830eade5acf595d66faa345907cd1db0804844d4fb177420bbdb8b

                                                                                                                  SHA512

                                                                                                                  ae899489f9f143c85a442660b75f6fa5065de6fdf1959379f4cdc756aceafc515b6f8a8c69210abaa7ca36329072fd09f77fc13aedd610abbfd69c54e6e92be4

                                                                                                                  Download Submit

                                                                                                                • C:\Users\Admin\Desktop\GroupExport.xlsx.chickedmik
                                                                                                                  Filesize

                                                                                                                  14KB

                                                                                                                  MD5

                                                                                                                  cec8ef3a0caef451b4987e56e5847c21

                                                                                                                  SHA1

                                                                                                                  e115ce0298bebd7284f7a27f83e1d5190a79e5fd

                                                                                                                  SHA256

                                                                                                                  f60f2958d136a6bdfad31c1d9e851d6568d59c22f54478d5b50573efc60efc6e

                                                                                                                  SHA512

                                                                                                                  c0a81f9ac75bf78bd0861158b9604572e7420a2effc1158d611dd7f7bd48156ecb03b566f4e92559af4431e7e14458e71f87ef0270b389b73099d1a2dd01c1b0

                                                                                                                  Download Submit

                                                                                                                • C:\Users\Admin\Desktop\ImportInvoke.wmf.chickedmik
                                                                                                                  Filesize

                                                                                                                  562KB

                                                                                                                  MD5

                                                                                                                  dd4d9a2f0a4d32100640f81501550a84

                                                                                                                  SHA1

                                                                                                                  ae1a525510e801daaf6c65973fa965de8a92e42a

                                                                                                                  SHA256

                                                                                                                  4ca6250e9fa55509c7d683e1fc91d677e367908a29e3016c4b37a4122300842d

                                                                                                                  SHA512

                                                                                                                  3b231fd07af4f25e3062e4ee2bd5dbb593803262144723db769db58837098f7f73cd14cfeaa3d1544a1ca70425fec593e44e75f4d0e5cc80c9afaaf104f4a9fa

                                                                                                                  Download Submit

                                                                                                                • C:\Users\Admin\Desktop\JoinEdit.dib.chickedmik
                                                                                                                  Filesize

                                                                                                                  329KB

                                                                                                                  MD5

                                                                                                                  0f1bd8926f8f32c4f23ed5714adca85c

                                                                                                                  SHA1

                                                                                                                  202acc2eec81db3e4ae7bd7fc27e04ee122d9de3

                                                                                                                  SHA256

                                                                                                                  23f2f257dfb6b6c6feefb25eee200ddc1ab908b45ee9c1520775412ecbf52777

                                                                                                                  SHA512

                                                                                                                  a6bc5ef4601b44b30c8f36c0053c57541cac2a8eec5d165de65c53cf8843110a124b1364f67bab7d397871867096ed62d3637ab57fe898cb380ae43e3e7ce2b2

                                                                                                                  Download Submit

                                                                                                                • C:\Users\Admin\Desktop\JoinOptimize.ttf.chickedmik
                                                                                                                  Filesize

                                                                                                                  256KB

                                                                                                                  MD5

                                                                                                                  47e951728d7ad96cba0034c37e159aad

                                                                                                                  SHA1

                                                                                                                  467a1d26420337cf78f78c9c71790a724ef5c6a6

                                                                                                                  SHA256

                                                                                                                  45133150afe6f50c0191d8e5cb50fd1bf6a1b06709c17e575fe25c91b955c002

                                                                                                                  SHA512

                                                                                                                  c9035252d57c61fe25a2c42950730bbbdf1596ca9d16db316e1ffbb52305d98965ebf143a408daad64c7421a77c4de0b2b3049af72cec4b71efa8259661dacf4

                                                                                                                  Download Submit

                                                                                                                • C:\Users\Admin\Desktop\LimitOptimize.MOD.chickedmik
                                                                                                                  Filesize

                                                                                                                  416KB

                                                                                                                  MD5

                                                                                                                  64875997c3eb0076ffba138fdea273b6

                                                                                                                  SHA1

                                                                                                                  dbf28dc9c0ad57e7d2b828b24ca8f3b5acc217fa

                                                                                                                  SHA256

                                                                                                                  d14f5f150508318c3e4bb8c1103e3001ef67f2c151ea39d7442e3dc2786caa9e

                                                                                                                  SHA512

                                                                                                                  b6c1369af30947121ee136e77367c583246f12f3e0681408f1faba8ecf1ddcbf883c4ae8e582f202f276a2c4fedc6d8f9eeebe56f91b3cb88fd9404c908930df

                                                                                                                  Download Submit

                                                                                                                • C:\Users\Admin\Desktop\MeasureImport.vbe.chickedmik
                                                                                                                  Filesize

                                                                                                                  314KB

                                                                                                                  MD5

                                                                                                                  82df88306ac8a4af2d298ece500bf271

                                                                                                                  SHA1

                                                                                                                  fa2f8c7c55d159294622f849303fcc16596b0aee

                                                                                                                  SHA256

                                                                                                                  0cdb39e281e037db607e43b13c075db4adbccd008c630ab052d4044ea5fb52a1

                                                                                                                  SHA512

                                                                                                                  132d6ab62824b7fae8461bb6d74b46a56d6cc6f90fb892bb3730eeca846ff826205f8c6139e5c1e6fe0af85f5657de534d659a01e11fd74d3af00526a01af87d

                                                                                                                  Download Submit

                                                                                                                • C:\Users\Admin\Desktop\MeasureStart.dwg.chickedmik
                                                                                                                  Filesize

                                                                                                                  387KB

                                                                                                                  MD5

                                                                                                                  e484d316af296c2370603abe5553bb91

                                                                                                                  SHA1

                                                                                                                  d4cfd4c554faa99d7198383937ecd17895e2ec7f

                                                                                                                  SHA256

                                                                                                                  69c4fe867786f6326809c2be4bc0ada57ea188e9454f29bd7e8747f538001d7e

                                                                                                                  SHA512

                                                                                                                  effacb48ee7e564b851cf0216bca65110530998537288e304309efe2b714aa310ce38ea2c7f94fcada5c38a2b1829e9ac19d4ff9e5c71724acad989d09754ec4

                                                                                                                  Download Submit

                                                                                                                • C:\Users\Admin\Desktop\Microsoft Edge.lnk.chickedmik
                                                                                                                  Filesize

                                                                                                                  2KB

                                                                                                                  MD5

                                                                                                                  e445b1bfbf2371f4a31d45f36799f6f5

                                                                                                                  SHA1

                                                                                                                  34ece4ffca6649cdb6324d4aeb1296f076866889

                                                                                                                  SHA256

                                                                                                                  0463e97e841b8799143af90881f010c591da707067e47f8945a6186d517757f5

                                                                                                                  SHA512

                                                                                                                  3b90628821ad279b8a29d7be93bfbae40536da8633a454e3c49919f4859f19a9b7f8d25d84321d25b78e95c6cd5476406f5cc6d31703284e44310e2d06d3b444

                                                                                                                  Download Submit

                                                                                                                • C:\Users\Admin\Desktop\MountClose.wmv.chickedmik
                                                                                                                  Filesize

                                                                                                                  212KB

                                                                                                                  MD5

                                                                                                                  7c78405d22de63134dc18b0339eccd93

                                                                                                                  SHA1

                                                                                                                  77f65d9e6e424bfdd4d19d2338ba39ffbc89f71d

                                                                                                                  SHA256

                                                                                                                  4355e0c95819f47ad7d8143bc91a080d453bc0aa25d9922f164184cfde1bc3f4

                                                                                                                  SHA512

                                                                                                                  c49dc490b2db71938b2fa6c8c54b7c29d4d7dc33e35c712af1e4fb106e4b04d94e78b5ea9474d7171fadef18c577d3d383206540cbe218bce2be80ed1ab511d1

                                                                                                                  Download Submit

                                                                                                                • C:\Users\Admin\Desktop\PopUndo.vbe.chickedmik
                                                                                                                  Filesize

                                                                                                                  358KB

                                                                                                                  MD5

                                                                                                                  c9f2bb9f100db181a54480a145b3d689

                                                                                                                  SHA1

                                                                                                                  1badfda5ee70b12cca02a6a10e3ab5b9685af865

                                                                                                                  SHA256

                                                                                                                  aa4bc9607c6734eb0644140b519d054bb20ad3ef1ccd9f7380ac2ce777de845b

                                                                                                                  SHA512

                                                                                                                  7cfc057d965f83a1631e985fad50307a8f8bc768329e5a1568b3318991173e6e5940f4e135c7b70461e5f6adc0861f4082ce456bf312abe9ff9c9aab0884261f

                                                                                                                  Download Submit

                                                                                                                • C:\Users\Admin\Desktop\PushSplit.aif.chickedmik
                                                                                                                  Filesize

                                                                                                                  343KB

                                                                                                                  MD5

                                                                                                                  fcd8526b2ddc2cc743a197ca8c557e84

                                                                                                                  SHA1

                                                                                                                  1d8aba7b31fb489731f22387e8b56c922b485218

                                                                                                                  SHA256

                                                                                                                  413a0ec678a7139b30d2f471b6a72fa50029c228f9e7766946ee8b097e985719

                                                                                                                  SHA512

                                                                                                                  5d96ad062e69065f35c4b71a6f2635572ab057c09a04648ba9f6e4a159a33ca3de3314205d3ea704586f645d4e2a3b11ee7f02afff1cee15cf04845eb5089430

                                                                                                                  Download Submit

                                                                                                                • C:\Users\Admin\Desktop\RegisterBackup.mpv2.chickedmik
                                                                                                                  Filesize

                                                                                                                  431KB

                                                                                                                  MD5

                                                                                                                  35ddd66655b7dd3d2353eb3869b43f67

                                                                                                                  SHA1

                                                                                                                  3d7b618fe0724f04971bf92c837943f1508f5f4e

                                                                                                                  SHA256

                                                                                                                  0ad66fd427322f986a7b891c237415d4cb3a6432f1062d59ac758f36de057c85

                                                                                                                  SHA512

                                                                                                                  cf01e539fdce6de518cbb781eae53ce7258aa8de7c0faeea74a8ad0628759fe11f608fe20f594d36cbce846d61d54a7c4df8724b185409d0d1bce84ee7f885fd

                                                                                                                  Download Submit

                                                                                                                • C:\Users\Admin\Desktop\RegisterUnregister.mpeg3.chickedmik
                                                                                                                  Filesize

                                                                                                                  241KB

                                                                                                                  MD5

                                                                                                                  9dc595c7930adaefcc0eb36f4851264f

                                                                                                                  SHA1

                                                                                                                  c33691b47b5af290d71fc7a21b08dbd35ffa365c

                                                                                                                  SHA256

                                                                                                                  9c7658b047cbf86d524a2bb095da773822526f958f7766606ea1ad8ed9f9d14e

                                                                                                                  SHA512

                                                                                                                  599a845b01d232441bfc0af4761432a6622f317b8ba753ab8e4df76ef4ea7e5c7e8b57f814a1211b384b07f844f52ee07f2ea583478efe5fb193497844d9da7c

                                                                                                                  Download Submit

                                                                                                                • C:\Users\Admin\Documents\OneNote Notebooks\GET_YOUR_FILES_BACK.txt
                                                                                                                  Filesize

                                                                                                                  1KB

                                                                                                                  MD5

                                                                                                                  83bd141137c030b53d47984db2a760b0

                                                                                                                  SHA1

                                                                                                                  0cf203e27596b881fd771791b142359d20c8bb4d

                                                                                                                  SHA256

                                                                                                                  91ae1beb8b14086d175f98e865cab5f56110bfb2188f28e7d5f03ae244073ce0

                                                                                                                  SHA512

                                                                                                                  c3a5ae58dd34bf5da64971c3c38f7d463c5ef86b7e068fea53615c9c28dae8cd009ad36b31e05cd81ff9434966649202bc78cc2bb83c189911abcb68509cbc2e

                                                                                                                  Download Submit

                                                                                                                • F:\$RECYCLE.BIN\README.txt
                                                                                                                  Filesize

                                                                                                                  1KB

                                                                                                                  MD5

                                                                                                                  a37cedf67a012117b57ade1229415b45

                                                                                                                  SHA1

                                                                                                                  a0ee65b70bf3199db296e13e8334ecee41b36102

                                                                                                                  SHA256

                                                                                                                  d47fc0d58b366cc3994dd776bf78753e06420830790e3885e59c41dd8c32a21a

                                                                                                                  SHA512

                                                                                                                  901cc83085087277d701dc0b4768a84c051afa7a8648d5341eb0711fba4903503cd5aea9ad71fbbf082224b0757687b112db68239c2273cfef4491ba84241146

                                                                                                                  Download Submit

                                                                                                                • memory/928-243-0x0000000000400000-0x0000000000409000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  36KB

                                                                                                                  Download

                                                                                                                • memory/928-297-0x0000000000400000-0x0000000000409000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  36KB

                                                                                                                  Download

                                                                                                                • memory/1216-223-0x0000000000790000-0x0000000000B5A000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  3.8MB

                                                                                                                  Download

                                                                                                                • memory/1448-232-0x00000000009D0000-0x00000000009DC000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  48KB

                                                                                                                  Download

                                                                                                                • memory/2356-157-0x000001D83C860000-0x000001D83C882000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  136KB

                                                                                                                  Download

                                                                                                                • memory/2356-168-0x000001D83D8A0000-0x000001D83D916000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  472KB

                                                                                                                  Download

                                                                                                                • memory/2356-167-0x000001D83D7D0000-0x000001D83D814000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  272KB

                                                                                                                  Download

                                                                                                                • memory/3012-191-0x0000000000E10000-0x0000000000E44000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  208KB

                                                                                                                  Download

                                                                                                                • memory/3036-139-0x000001C0E7380000-0x000001C0E7381000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  4KB

                                                                                                                  Download

                                                                                                                • memory/3036-130-0x000001C0E7380000-0x000001C0E7381000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  4KB

                                                                                                                  Download

                                                                                                                • memory/3036-136-0x000001C0E7380000-0x000001C0E7381000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  4KB

                                                                                                                  Download

                                                                                                                • memory/3036-134-0x000001C0E7380000-0x000001C0E7381000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  4KB

                                                                                                                  Download

                                                                                                                • memory/3036-138-0x000001C0E7380000-0x000001C0E7381000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  4KB

                                                                                                                  Download

                                                                                                                • memory/3036-137-0x000001C0E7380000-0x000001C0E7381000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  4KB

                                                                                                                  Download

                                                                                                                • memory/3036-140-0x000001C0E7380000-0x000001C0E7381000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  4KB

                                                                                                                  Download

                                                                                                                • memory/3036-128-0x000001C0E7380000-0x000001C0E7381000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  4KB

                                                                                                                  Download

                                                                                                                • memory/3036-129-0x000001C0E7380000-0x000001C0E7381000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  4KB

                                                                                                                  Download

                                                                                                                • memory/3036-135-0x000001C0E7380000-0x000001C0E7381000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  4KB

                                                                                                                  Download

                                                                                                                • memory/3180-15593-0x0000000000400000-0x00000000005BB000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  1.7MB

                                                                                                                  Download

                                                                                                                • memory/3180-254-0x0000000000400000-0x00000000005BB000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  1.7MB

                                                                                                                  Download

                                                                                                                • memory/3180-1010-0x0000000000400000-0x00000000005BB000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  1.7MB

                                                                                                                  Download

                                                                                                                • memory/3396-211-0x0000000007410000-0x0000000007476000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  408KB

                                                                                                                  Download

                                                                                                                • memory/3396-186-0x0000000004EA0000-0x0000000005444000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  5.6MB

                                                                                                                  Download

                                                                                                                • memory/3396-188-0x0000000004990000-0x0000000004A22000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  584KB

                                                                                                                  Download

                                                                                                                • memory/3396-183-0x0000000000040000-0x000000000005A000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  104KB

                                                                                                                  Download

                                                                                                                • memory/3396-194-0x0000000004920000-0x000000000492A000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  40KB

                                                                                                                  Download

                                                                                                                • memory/3628-863-0x0000000000400000-0x000000000041DF08-memory.dmp

                                                                                                                  Filesize

                                                                                                                  119KB

                                                                                                                  Download

                                                                                                                • memory/3940-868-0x0000000000400000-0x0000000000409000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  36KB

                                                                                                                  Download

                                                                                                                • memory/4164-253-0x00007FF77AEB0000-0x00007FF77AF17000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  412KB

                                                                                                                  Download

                                                                                                                • memory/4164-1602-0x00007FF77AEB0000-0x00007FF77AF17000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  412KB

                                                                                                                  Download

                                                                                                                • memory/4164-864-0x00007FF77AEB0000-0x00007FF77AF17000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  412KB

                                                                                                                  Download

                                                                                                                • memory/4576-1596-0x00007FF77AEB0000-0x00007FF77AF17000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  412KB

                                                                                                                  Download

                                                                                                                • memory/4576-265-0x00007FF77AEB0000-0x00007FF77AF17000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  412KB

                                                                                                                  Download

                                                                                                                • memory/4576-865-0x00007FF77AEB0000-0x00007FF77AF17000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  412KB

                                                                                                                  Download

                                                                                                                • memory/5960-1101-0x0000000000D50000-0x0000000000D5A000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  40KB

                                                                                                                  Download

                                                                                                                • memory/7188-848-0x0000000000400000-0x0000000000418000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  96KB

                                                                                                                  Download

                                                                                                                • memory/7188-930-0x0000000000400000-0x0000000000418000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  96KB

                                                                                                                  Download

                                                                                                                • memory/7188-12587-0x0000000000400000-0x0000000000418000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  96KB

                                                                                                                  Download

                                                                                                                • memory/7188-10754-0x0000000000400000-0x0000000000418000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  96KB

                                                                                                                  Download

                                                                                                                • memory/7188-8160-0x0000000000400000-0x0000000000418000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  96KB

                                                                                                                  Download

                                                                                                                • memory/7188-5976-0x0000000000400000-0x0000000000418000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  96KB

                                                                                                                  Download

                                                                                                                • memory/7188-4031-0x0000000000400000-0x0000000000418000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  96KB

                                                                                                                  Download

                                                                                                                • memory/7188-2530-0x0000000000400000-0x0000000000418000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  96KB

                                                                                                                  Download

                                                                                                                • memory/7188-1605-0x0000000000400000-0x0000000000418000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  96KB

                                                                                                                  Download

                                                                                                                • memory/7188-862-0x0000000000400000-0x0000000000418000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  96KB

                                                                                                                  Download

                                                                                                                • memory/7188-861-0x0000000000400000-0x0000000000418000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  96KB

                                                                                                                  Download

                                                                                                                • memory/7188-12632-0x0000000000400000-0x0000000000418000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  96KB

                                                                                                                  Download

                                                                                                                • memory/7188-931-0x000000005F000000-0x000000005F011000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  68KB

                                                                                                                  Download

                                                                                                                • memory/7352-945-0x0000000006950000-0x000000000699C000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  304KB

                                                                                                                  Download

                                                                                                                • memory/7352-942-0x0000000006830000-0x000000000684E000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  120KB

                                                                                                                  Download

                                                                                                                • memory/7352-912-0x00000000059A0000-0x00000000059C2000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  136KB

                                                                                                                  Download

                                                                                                                • memory/7352-913-0x0000000006300000-0x0000000006366000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  408KB

                                                                                                                  Download

                                                                                                                • memory/7352-914-0x00000000063E0000-0x0000000006734000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  3.3MB

                                                                                                                  Download

                                                                                                                • memory/7352-886-0x0000000003260000-0x0000000003296000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  216KB

                                                                                                                  Download

                                                                                                                • memory/7352-891-0x0000000005A10000-0x0000000006038000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  6.2MB

                                                                                                                  Download

                                                                                                                • memory/7352-990-0x0000000007E70000-0x00000000084EA000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  6.5MB

                                                                                                                  Download

                                                                                                                • memory/7352-991-0x0000000006D90000-0x0000000006DAA000-memory.dmp

                                                                                                                  Filesize

                                                                                                                  104KB

                                                                                                                  Download