3bf79f677d161f63a8b8a83a4ce8986f26eb33f5167ae106ba434320fe89a576

Resubmissions

02-10-2024 18:15

241002-wvyn9stdkb 8

02-10-2024 18:11

241002-ws2m5stclc 8

Analysis

max time kernel
125s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
02-10-2024 18:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

kdmapper.zip
Size

56KB
MD5

10ae42406981bdf7801505e05a6d438e
SHA1

b56e0b728b29f69c83a3614c515a76e621796efa
SHA256

3bf79f677d161f63a8b8a83a4ce8986f26eb33f5167ae106ba434320fe89a576
SHA512

665e6ff4552ecf312f7a87fd106e0a532b1675d67820ae6c4ce133f93329039ec821987c98dcce034f8ed1d55e55b01461505b54b3967c871145da5cca680fe8
SSDEEP

1536:aI8AQfrWxLSxwqqowVorpuISEpxIVsa07FCJ3jXJVm1DJNWlk:efyxLUwvorpHSEpxLaUFEzXfm0lk

Score

8^/10

persistence

Malware Config

Signatures

Sets service image path in registry 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\frAQBc8Wsa1xVPfv\ImagePath = "\\??\\C:\\Users\\Admin\\AppData\\Local\\Temp\\frAQBc8Wsa1xVPfv"	kdmapper.exe

Executes dropped EXE 1 IoCs

pid	Process
1268	kdmapper.exe

Suspicious behavior: LoadsDriver 1 IoCs

pid	Process
1268	kdmapper.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeRestorePrivilege	1368	7zG.exe
Token: 35	1368	7zG.exe
Token: SeSecurityPrivilege	1368	7zG.exe
Token: SeSecurityPrivilege	1368	7zG.exe
Token: SeLoadDriverPrivilege	1268	kdmapper.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1368	7zG.exe

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\kdmapper.zip
1⤵
PID:560

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=3364,i,8293235976513689021,7261015831736501466,262144 --variations-seed-version --mojo-platform-channel-handle=4332 /prefetch:8
1⤵
PID:3140

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2500

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\kdmapper\" -spe -an -ai#7zMap30480:74:7zEvent10485
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1368

C:\Users\Admin\Desktop\kdmapper\kdmapper.exe
"C:\Users\Admin\Desktop\kdmapper\kdmapper.exe" C:\Users\Admin\Desktop\kdmapper\leansdriverloool.sys
1⤵
- Sets service image path in registry
- Executes dropped EXE
- Suspicious behavior: LoadsDriver
- Suspicious use of AdjustPrivilegeToken
PID:1268

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\JavaDeployReg.log

Filesize
13KB

MD5
11673905677804804663306313dac479

SHA1
645662eb63c67cc28253e443856a0609c072cd0e

SHA256
330c360bc057690f5acfd9c4d71458b22c72a4f2f79853ebcfc761ef87b79de7

SHA512
d576a10d76f5e40e02cb79d20f1febdbae87999b85e7743a400841bd419bfe8a37d5a08c7e123bf8efeae930cc0b35e1623eb486be4abe13c8508052d6f5bac0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft .NET Framework 4.7.2 Setup_20240802_123722268.html

Filesize
93KB

MD5
d3afd08ec25ed2dc138ffb26580e5ee5

SHA1
41a64c17c3a548d7cda16d782c68ff550d52a76f

SHA256
719022ab1c329b1246cfbb087491f0a8bb1a2ed8ae0ec7337c380c786dad0c73

SHA512
95b269d9eaf6e854bbf241cd761d8865b5bbe7cdef5252b75fe6cb809843b7b679569cd58ce871bce774bee267e6b13955679237b5d70abdc45adcc15ddac7c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_6.0.27_(x64)_20240802123801.log

Filesize
15KB

MD5
74d1c805ed105fc23fbeefdaf8cd6621

SHA1
71a620304b51e02834c9369a243c235d325bc439

SHA256
5325beaae401115ce41ca3330bb1e13949e30acbbb629a6958759f26c804e132

SHA512
2bb6d08478d64a5ace6c47f317021ce0f6731a5ffa938a9760c8e49bc963ef8e660ba798263b97211fe88ed11f30cd69733a8f5da3336654aa873d893b3e00ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_6.0.27_(x64)_20240802123801_000_dotnet_runtime_6.0.27_win_x64.msi.log

Filesize
551KB

MD5
d05b31403af5d674f69447cdd950fd23

SHA1
eed59ce794e09e448340fd08853b5eade0b46927

SHA256
3263dec12269856604a77d7ad78e34d2649e0042f1b44938e516b53f6a0a3a65

SHA512
06e1f42b844fad6dcf68791c90cf88b7ce7ff8b7a4de468335dbde7d10cd9a246f5274578412befd3610df5bbe6635aa1ede146be3eb32be9c1bce0cd8dc3b22

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_6.0.27_(x64)_20240802123801_001_dotnet_hostfxr_6.0.27_win_x64.msi.log

Filesize
95KB

MD5
bb02546ef9e777dde9e6bbb2eeb37e82

SHA1
1da3a3cf635537844770a2b6c3f523252bc410e5

SHA256
8d32a9ddd5033c5ff389a64d0a6a9d14d31f33d376b128edcafd03bb6fb664f8

SHA512
d3a83b5c444825a08d6f216542cd32f130c3f7b4fdb3fcd1fbf90b04a1be7d80c8ecf5847404bf80bb87696768b67addc618c4d73032a30af504aae5e3dc354e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_6.0.27_(x64)_20240802123801_002_dotnet_host_6.0.27_win_x64.msi.log

Filesize
105KB

MD5
3c0ca0203025c4c9b53331ecf9f39c55

SHA1
0a6990aa9d0ab4ac15fc5ca131efcd447a4e0323

SHA256
9e4ed9f860b15c6f12db0d821c1a2edab239bb4c4d817738b2a61a07ea30bd6b

SHA512
4a6e3bc2746c540872d1393ded4b7df3ca7643de1197032a6a978be090c9d012f8697e7e37999e3f289d1c495fee877eb0bb25c96a98010edc45e496cefba7fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_6.0.27_(x64)_20240802123801_003_windowsdesktop_runtime_6.0.27_win_x64.msi.log

Filesize
847KB

MD5
3d26c27f00490281b4a571b9ad658de6

SHA1
208f0127ec8847f73a45145c99f432deca37029f

SHA256
f5edc27811fd867e7e94aef868c7b377b7eff99d6c6c7dcdd913ffef67347426

SHA512
f7162bd9c2877489d773e400971c311c0c66830616c4d9d02a6e55b5173c82a8fcb50dd09c044d556871077d95a2a61702e67be2703cf0bed1c3a43ee295a49a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_7.0.16_(x64)_20240802123841.log

Filesize
15KB

MD5
f3e4f966dfaa6bb0c78a956ad9b98dd9

SHA1
bc3f836f9db7ee8457629f27e39bfdb362a4de01

SHA256
7a6f21727be1d0c61e3b72826c6281cc53e9fa04249c7c04e32335e41c00da36

SHA512
4ab04b235781a8aeecdbfca34647de57ecf8d31ee01a304e3cdb3d977bf40f60eef3e2c78598e6f0527b54017e0f8386b68a08ddc1c5c98f601f879af75c2385

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_7.0.16_(x64)_20240802123841_000_dotnet_runtime_7.0.16_win_x64.msi.log

Filesize
470KB

MD5
38a629a482f25f84e1d53ff09dde6187

SHA1
6c6e40b62cdba6bbd1b41c41180461532924cd52

SHA256
3f1308a4f9c2c3cd4226e6c7467b44c42abdf9e550386237bf08cd5bf2928046

SHA512
23f071030dd218a181522150e182939738a1ecb1c73986b9122f7daf3675a8dcddd83ae65ceb4d2c4e9714b07c40b3e53b2527e768b4790a486beee23a62176a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_7.0.16_(x64)_20240802123841_001_dotnet_hostfxr_7.0.16_win_x64.msi.log

Filesize
95KB

MD5
f93bd8f40e7d6a11f84194c9b8db375d

SHA1
5668437cd8e48cf438dcd4a612e7c3adc83cdf7e

SHA256
04ce60a9d0cce08f71fca4ac4b5eefda4cbc8e48bb0646632ae310cc2f0e0e8b

SHA512
19bef3d0157c0a6e195977228e7e9d45c608b744538607bf6408ad8af3faf10bf2524b6f954752d238828c4fdd154d963e502d62f3233cca4b60f5c6e2494cb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_7.0.16_(x64)_20240802123841_002_dotnet_host_7.0.16_win_x64.msi.log

Filesize
109KB

MD5
684d9910c4871c99f72757913fbb0e35

SHA1
5a06a2843b1d1214c5631c1e35a989415e6ac66f

SHA256
66a84088ff94432b544caee59612e232fd3a8ac32a5ee449cd21bf7ca867a588

SHA512
b23958766fc60685bd4b08eb10aea5fe7425f45430c37eea13d20b35d0140eac6b68591db3af5a0a2c555735b285f59f40620fb6fbbc3ea5b3f42c3af4f8b1c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_7.0.16_(x64)_20240802123841_003_windowsdesktop_runtime_7.0.16_win_x64.msi.log

Filesize
852KB

MD5
b88aafbc5b6458902f1388df2794079f

SHA1
480f8afdc4ba77b24cb9e838bb0c6ea999774788

SHA256
f64d7e93c57d6a3c9ea3801cce753133cbc8535c6784da40143bce185ffb54ab

SHA512
107db7697cf6f61f3ef6fbec4b655f1fd7a23419c637da5182d4bc69a847b7e350edbd6c7b188bcd2c7ac93b943568768f82b4dd90f737a4702203c2d157c036

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_8.0.2_(x64)_20240802123905.log

Filesize
15KB

MD5
a995362eb2d93ae57c6bcd1e753c8fea

SHA1
154b0ad9f77de242c48746acc5338e08c1b74a9a

SHA256
619b5fdf3d5678a141cbcdaf9066ac22728b095e65e613f263722e7b51570233

SHA512
c692903b9022ec83d96b5a9e72927288fad39210ed58bcf3048046dd8228df99d2b9606086ed0c043f58a7db528bb736028aca4b3db28f6fc0f746f2110ee3c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_8.0.2_(x64)_20240802123905_000_dotnet_runtime_8.0.2_win_x64.msi.log

Filesize
469KB

MD5
55f099cea0ef1e8a1d24e4529e1864d5

SHA1
6b7b66e423d439720867137db13d316feadf6448

SHA256
a81343deb2a725d24493448f1d2679b281990fc64b71f9050ca1b8fa03512b8c

SHA512
57995b2a8653f02133143a209e1e5d67e3bc1666a7c3c21e08e8c5fd0f7df8f9c35d11086037e9a086c12a55adcbad1e63d9c5648d4ba226b5ab270051d41464

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_8.0.2_(x64)_20240802123905_001_dotnet_hostfxr_8.0.2_win_x64.msi.log

Filesize
95KB

MD5
12eb16bf0cef257fff8bd360a1228eeb

SHA1
20556a82adf852ef9b3708736acd5cb0435e3504

SHA256
313ed4a4aaf2a96313fae7d2cf84e4456f5706d3075123df621aed542974e783

SHA512
81453240e65ca042dc9a004da20a017b32b9cd24d84559f10d2a74b7c7d5a56241d26e526d5fb7037b39c004aa27ce36f0b011b75b01b075edeb0e18567c9937

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_8.0.2_(x64)_20240802123905_002_dotnet_host_8.0.2_win_x64.msi.log

Filesize
109KB

MD5
925b8a497bde1d379bc78024e8f11948

SHA1
cff67aabece74d37f5f1895554a52aa5ae145947

SHA256
cbb39fa9a0d8822ece28779eda383f157ea1190861fc8ba8d4c6c09c256119d2

SHA512
eb1783a92677b6d270f75425238e3d52b552188bd5fb9153a259516def8a5534e8094722a1f5fefdddd3121406395893f75b389e40fcf8e981b95ff477c93aa1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft_Windows_Desktop_Runtime_-_8.0.2_(x64)_20240802123905_003_windowsdesktop_runtime_8.0.2_win_x64.msi.log

Filesize
846KB

MD5
e11cbde7fd33a1a884aa82081ac85fcb

SHA1
1782507b3b9e81be5ace1bcce866154113f9dc32

SHA256
a5e3185559b57dff77415b4d5a79a6d0b8622866b1aae29d5ce199764c5c0b1d

SHA512
885ebfc0c59ee444b0c45ab55e38bccf9d6b23f3e7474f12f50e2af919a1d3b77f37a40723df1fa2ef33e01239a0f61cb4ffbd92023b47290c8babf95786b27a

Download Submit
C:\Users\Admin\AppData\Local\Temp\chrome_installer.log

Filesize
6KB

MD5
c92d0170b77f33343e3ed9de6505471c

SHA1
70f36e72206341c9434f85663d031eb62e9cc8be

SHA256
c96dfce35d6b47d9589a67b4589e4948799635293dcb80f2edcf22b1cf08539d

SHA512
9c40f1948a39d03d1fed0869729e5c2e40aa245b43f844eab4804a19d6cd36d891099258ac737059e1dc409d68dd6e737c49174fc94498f9f9145f233b9bf8da

Download Submit
C:\Users\Admin\AppData\Local\Temp\cv_debug.log

Filesize
690B

MD5
8172dec77ab11fd3737e3e044a1dd815

SHA1
a6ed58685c752af84bc9a24adf2c11f098a3b43f

SHA256
ec95e49bfec6ab61ff6ea196f0c21d5360b096abf0bad9fd568ea89158490b20

SHA512
ff509d91797a9f0b3b4952da89f0ccbe1aba1bc4cdf2c21b3ac485261ba0997830a40813cbab603dde2615f2440130379369184dbeb3dda56fb3a56070414dbe

Download Submit
C:\Users\Admin\AppData\Local\Temp\dd_NDP472-KB4054530-x86-x64-AllOS-ENU_decompression_log.txt

Filesize
1KB

MD5
9f5c79a37fd34b8ca2fac68b86c3483a

SHA1
12299db6b4c0133c28434f35fb88c920b9c22dd7

SHA256
a919dbdbb66ff722ee32fb642d4ab99c0569850ac96ee4b771344a034836ef15

SHA512
cb0dc4c78715ad45ceca7d9aa8cf3972b007e27dedcfb08a68c09dc0b4a468b91cbd39ca2913c1a05394c72518bbf1429f8663cd98ab210e85729b6e2f8cae0d

Download Submit
C:\Users\Admin\AppData\Local\Temp\dd_vcredistMSI2C30.txt

Filesize
428KB

MD5
857132d3406d24138e96f17f4ac4f17c

SHA1
c53c4480904873423edeed095e50979fdfb3dcd1

SHA256
c34fd75f9d492b7ac25e2519d43bb19daccf3077111bf77d80e5323f2266d5b8

SHA512
383e4ce2927f19da484a3ff72790dbd5e6c8456ad3d0a3cb174a36cef013334d61c0824b723fe37443930848161672a4a218b8e0de7d1c729675a0d5b147a671

Download Submit
C:\Users\Admin\AppData\Local\Temp\dd_vcredistMSI2C54.txt

Filesize
416KB

MD5
5f205d0f50f2f7a1535792dee323f43a

SHA1
d6bbf665577645641bf6a239ff62d5a33438ed65

SHA256
4d63bdadbcc158860a9abe96d9cb40529461aa19c975b00feb27604f0d843531

SHA512
f18a9481a2ca4a95c67710d034a944bd8ee79838abf4cc940cbdb18c7746390bd430c8d90285a7952f41ad7fc0daa2381335e0cb1449aab2a736b492ffd06e58

Download Submit
C:\Users\Admin\AppData\Local\Temp\dd_vcredistUI2C30.txt

Filesize
11KB

MD5
04998b3eceb886c2291647ec3deacc06

SHA1
d965735096bf7ee51b575b0d1fce16db86fa1107

SHA256
79c99f3fc7f318801856f32b4c47f368bf58f1cac800bb905898bfa4e4af369c

SHA512
ef4c0fc62f33578aee4fff1561f4f9e6b40d3bdae29b6939052d23cf56d6c8ef0c2c6ed8e4238c57b6a727f7992c293bb776e7788d3196835dad413acb009eb7

Download Submit
C:\Users\Admin\AppData\Local\Temp\dd_vcredistUI2C54.txt

Filesize
11KB

MD5
78a88b2997a847390c6d7d7125dd980d

SHA1
5bee07c760589849fca6694c76cf3407490a1028

SHA256
9882e57eb2f5d9b658c886ac0636a49c0f9f7909c52512625dd271d11dfb0a34

SHA512
9f92bfccc5d9d1fdfb2c25d12e2f90c7d01b9ccfe1f94ac00b459318f050ce1122f14c06a56cd410cb70e084d06cde4258a90ad6a774062e65af10840bf8da5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\jawshtml.html

Filesize
13B

MD5
b2a4bc176e9f29b0c439ef9a53a62a1a

SHA1
1ae520cbbf7e14af867232784194366b3d1c3f34

SHA256
7b4f72a40bd21934680f085afe8a30bf85acff1a8365af43102025c4ccf52b73

SHA512
e04b85d8d45d43479abbbe34f57265b64d1d325753ec3d2ecadb5f83fa5822b1d999b39571801ca39fa32e4a0a7caab073ccd003007e5b86dac7b1c892a5de3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\jusched.log

Filesize
163KB

MD5
5945ca9f8cdd29894b3f735b7cf2fbc6

SHA1
cb6e4b18dd6b5884ec2fffb47472bd2dfd50e374

SHA256
9d962ffe148f5a974ec51413b5aa6906d382e452a06a73c2998f840355b62ad6

SHA512
2a9b9aaaabe7a69a56bf86fcfa5a5e1d95c7504cc6b498c71716127ae069249a6889a188d0be606ded4f9978ca5fc23afa249755d411d12ac33b82e8f9461c6a

Download Submit
C:\Users\Admin\AppData\Local\Temp\msedge_installer.log

Filesize
8KB

MD5
ea872e4efa32c40df085455b65db5527

SHA1
3681b107f002ae6b840c2cbf885926ec1fa5f090

SHA256
d2042bac15d97c7ce612896c1f6508f9447e2573bdc93edbed2f6dbf5c06ebe4

SHA512
2d61905d51bb7690815b5fe377c423fb44bdf229d64cc6bf2d21106e5f0890ab922ed4b8117866545714c174a0bfdbf7452437ec22b92460b1f783e93838beba

Download Submit
C:\Users\Admin\Desktop\BackupRemove.tif

Filesize
480KB

MD5
e063a4159b415f29193479fb5d715391

SHA1
992e6183177703b507ab71ec067dcbd21b24f828

SHA256
1af7e97f19601d243623daf5b22c6c3be9747c9a0f9f7ffd98c9e887ec88935d

SHA512
9d338960156ce644d5eacb5f352585a04b9ceba7aa6be0695f45c21bec9a02eea7e98d327a92f92e6c7691c12640eb3e8be5b8558e20daa6f892010573077213

Download Submit
C:\Users\Admin\Desktop\ClearMove.mhtml

Filesize
606KB

MD5
ad6f2e17b29905d7c1e105939b2d55b8

SHA1
36da83b27d73780e646a941ccbad96d80c2d43ed

SHA256
41a855d2ef7ec911eb02f9aa4feef555ea8622dae6621fb893de288a3787d69c

SHA512
8e52137fdacaf969a27995b8d159eba2d138f23266ed48b68b47083d73d83a36796641ac5e4bfc8e21f11f5cdda9efb1a222c29cc289bc327cc5b7f2c53139e2

Download Submit
C:\Users\Admin\Desktop\CompareTest.WTV

Filesize
585KB

MD5
acc4e4a27da55cb6df92cd9b64254376

SHA1
eded86d0ac551adf6d3c8f24a60d6f3a755ee268

SHA256
4bb371a1f4d384d9167bbf2f9525fc4327f38b745cefbf1baf61cb38388d6085

SHA512
10a6bc630fba159b93d3c5a56e362a6752774b7de530a833a1c4f6b8dab9f4f6a99690e8a026fcd466ea9f6ac027fd3defbaae9147d3dfbe8526ae9dbac33d39

Download Submit
C:\Users\Admin\Desktop\CompletePublish.docx

Filesize
12KB

MD5
587c72920ab7079549f2dfc5f5e92c29

SHA1
1361e0656053d22e5b7405fda6d73096e91fabe5

SHA256
7d4d7b53bac26c29b4ff21d614ac6112f549d9e1017bf9c2ce65075ad54ade6f

SHA512
4b5cb610e6b52ecdc4b830e93d1c0a8e2772aa90c3a0a2df6c28834ac6b082215b21d6f9a8ece73fd46be00857ce2bade046561df4d71fad9ba75bde155c53e3

Download Submit
C:\Users\Admin\Desktop\ConvertToRemove.wmv

Filesize
710KB

MD5
32899cb9d62396eee63fcff127c120f4

SHA1
639ca9406d838e0b98aa4fb16e3686354ff1706d

SHA256
a99f834c41b27ed667c7eb92d4f1184d1392e3b683cfee480ec0e9bc8e92e317

SHA512
59adce6376bba23fa4bced69ff0f88d5e683a47df97b2abfbfe08c6bd3f13a34da35f1a165a8b78a10ac1b57c7ef4198fb684db3f2a2d60ba0dad369581bac39

Download Submit
C:\Users\Admin\Desktop\ExitDebug.bmp

Filesize
626KB

MD5
99a2f8ba7264933185c8aee369dfda15

SHA1
a9520ecfb92ea89b3432a8471b92128e49ce4480

SHA256
b348698fca9263c51428990503332e9a47efc9bcfc4e7aa5a45ce1c267ce3bf8

SHA512
30d56c86bcfaa3e23c0f3429e9bb2832ebad9077291c3b2cf44466f57e4a97e7d55880d88ed7e7f351da008e682d36285eeaf716c632e6741ac5299c105601f5

Download Submit
C:\Users\Admin\Desktop\ExitUnregister.docx

Filesize
12KB

MD5
a5467046486de37cee50d06a642709ba

SHA1
2a64607d5708e2d0d9199d165ace9d318baf4bd6

SHA256
448528f33264a0dd732bbe7a297adf58b4a85ef38024817136b8fb018f5dbe44

SHA512
23e7920d6f3049c23c9b021599bae6ff57a390736071928660f783cca788b1f4def790052be7a27c18fcdd203ec287266e5f2f81159b5fab356a4e8d68b916ec

Download Submit
C:\Users\Admin\Desktop\ExpandUnpublish.wmv

Filesize
334KB

MD5
4a2b47e4bc8f558ba1d866c3eb33fc0b

SHA1
5ee7373d35bc7d9b6aa8c9b4c0cf59460c076902

SHA256
851b179c6cb1ff465e04b9dfa38f452651e37902520de3d027f7d506b9380f8e

SHA512
68ebef9c88f5261c95e121c7cc5e841371f9d56459f3eadfab11f84c39beb91b3b2efcdf3a152544e70cb2039ddf6c6942e4732c08e3bca578fae2a243dbe930

Download Submit
C:\Users\Admin\Desktop\FindInstall.mp2

Filesize
438KB

MD5
a90c2fdc3bb01fab7f6d56ed9b22044b

SHA1
d69464274412d1ade7a502bff30125fbb5bb180f

SHA256
480d556302c5a9e3ce56b835c0852c4414e04d86b5dc52d7f64de8dcf70d962a

SHA512
9998c7c7a1b431a372a7712d689dfcb58725a97aab8bcf7dd3edc3a70f556d96acb1eaf9d4df13988817ca1588124630646336eeb7c767d72904cbe4893f962d

Download Submit
C:\Users\Admin\Desktop\GroupRequest.exe

Filesize
731KB

MD5
17e345082bc2b2a58d2702aced63d894

SHA1
33e2268768ef128a559b609608ee7dce39068c90

SHA256
0bc8fdd6e09ef92e13fb79d4a75cb4bfca7a318bcbb929c0163b073598ccebe7

SHA512
1686951a1007b4d2d09b935a75837751a4b366b48c70cbe44f4e3e7481c2200084939401c4320c16562b4971b0ea19a21e994911629056d502ac120242571172

Download Submit
C:\Users\Admin\Desktop\InvokeConvert.mpg

Filesize
376KB

MD5
4e8877b6c344fc67b41a7c03928adf12

SHA1
9651990eed50dbad0e6a27f7528f5d5fc9f0a589

SHA256
bd462961a667ae96727162ce83306f880ac0f6091527b31b41a9f1761d388158

SHA512
a45fcce8749c25f6edd3bd75077ac376f163d289473f1eb2b3c2a1c61110d46e2f28b74698a46724e77e5bc72b709d2db249cdba5da1a80d1ca80302eeed246a

Download Submit
C:\Users\Admin\Desktop\JoinReset.nfo

Filesize
522KB

MD5
4ec99dfa28998bc340b076cce3b4ce30

SHA1
ca95a351824e82cc127c26cf95ef4c38979c955e

SHA256
542df48e69a68ab9e6cc8ca1b7d61fea83c953446a65d6347a25f16a78c19d7e

SHA512
2116c36e17d71a3992ab18fab2bdc51c90ce4035dd2fd8e4505fd9cd1512a13cd5686f7fbeba4f90e6e8565bd18a135956c9e63c6610be72fdb1eb84b578bbcd

Download Submit
C:\Users\Admin\Desktop\LockConvert.css

Filesize
794KB

MD5
3c6a212347c8a065907832adb1811414

SHA1
2761be281a796ce6c34670d12d8d8055b9ce06dd

SHA256
96f18af72d3c963e711d616f6c4ea366a39ce3cbdf330e06a2ef9fa5a8b80b54

SHA512
281bf62fb35e46aa4b672810d19c5dcce4a36064b4e87d6a72fb4566ecd9c48adbdac80e231093338e1ca8026f509fcc4bd6cd3704095219caca0b1081cadb8b

Download Submit
C:\Users\Admin\Desktop\MergeUndo.ico

Filesize
459KB

MD5
afc40b3e4a49690a445e0ed7eefc38fc

SHA1
9ebdcaa7221cfbdcd396a317ea946198bfe058a4

SHA256
5ace3cc2b1e4665f264479ec384b6d428af4153367987fbbcf85aa00cc431fb1

SHA512
c9100fee19eefa593e9daf3a5c7261dd3d8948c14291cf237671df6d3a6ba1b183a560c93c9c870c306c990f91f4e214b846a2a5a75fdae9194c0f719ab4e855

Download Submit
C:\Users\Admin\Desktop\Microsoft Edge.lnk

Filesize
2KB

MD5
30a75a3c38da9883bdd7c900f368943e

SHA1
ed3b9a78d097d6d060f260f8e69522ea6a31b471

SHA256
6e3b5c5cfc24cfd5ede1021e767e02eadba372bd55f01982ec0561f35b2c3aa9

SHA512
c7e7ebb688dc5b7b215ef3a12da18637ea0cb49208a02526b35601a33b8419b8441ac062a9632b952177e32032c75c463e28b806bb17cd47e54fa41e3766d003

Download Submit
C:\Users\Admin\Desktop\MountTrace.sql

Filesize
647KB

MD5
54ac3045c2e3d213c8e9fc326064c448

SHA1
f9f06a24a288d86f1c224d8ee12c0bcba19c6a16

SHA256
03b6d070fa368ca57e5d273ae0dc4d86825d50308a904921157a1b19b14eea3f

SHA512
23d4c656e728d546ad1bce613719f52be0cfbacc927994387b6c20b6b90e3b42098293734e85166b2cce6a92be09d816b26637e2850d8442c3302cfac70cff3b

Download Submit
C:\Users\Admin\Desktop\MountUse.snd

Filesize
313KB

MD5
4f7c5f63ff4e8f2e8adef2fe30257e94

SHA1
a17d690e34b6e05f0bc900b9e420890516399f30

SHA256
08419e45d9f0029a09f62868fd358004000ba0de06180c6c4638e222db963a10

SHA512
25f9efa0bc4995279827b6113d6a5f4f74e0f91172e291effb6226942b394e9068f4e283f4be6abe2795c635071061799225b1d6499bfdb0c491b8bf1ba3e3d2

Download Submit
C:\Users\Admin\Desktop\NewGet.3gpp

Filesize
689KB

MD5
a3607695089d855d9791c5b00a058005

SHA1
27b3e00ce32971e5011a662c4b6239d2fd223add

SHA256
80b8c3233c0f9c1e46caf1b540f25f3c634fa7057bd59bc01ba8a2eded26a6ea

SHA512
eef66af6e6796a20c5e07535c52ea85d95fbba1328c61fea27898775d189a769d4e7cdca9ca08e5d2b6b0a7585729e24245deff84ab7664a20dfca09ec7a6638

Download Submit
C:\Users\Admin\Desktop\PopSelect.bat

Filesize
397KB

MD5
de4bdf2988226e4cb271d322ac1aedbe

SHA1
f5267e839d5f65b46a9dade013687992ce942e3b

SHA256
90492de0a40e801cad33d2a184ee74a0dd873016ab087ef2f19adfcb39d0d391

SHA512
565078a75865e205996c6ec1e765237449bb114cb912fce0dd441f03c8210799fddd6f89ad7eaf104f2405234f2d36c67ef72f4e6d91db2a51c232bcd9128112

Download Submit
C:\Users\Admin\Desktop\ResolveInvoke.vsx

Filesize
501KB

MD5
57198055fa58a2efb2fa14a30af45287

SHA1
7bd461ef0e073b4dd89f704c06d47f9bf4f2982c

SHA256
4f0eb569ed89fb8c0e536774d87ddf695e35f93b46f0ffdc3f776ea69e98f4d3

SHA512
e279cc0964a3e2898f4ebb690d9b1cbfc9c9f3738c13c9460d016634eb333e93da97649d242813aadeaf5d7ce8daf33b1819c224ff794f3100f8c6eb91375b01

Download Submit
C:\Users\Admin\Desktop\RestoreUndo.xls

Filesize
815KB

MD5
f03c2f02ad2ac7cbb925eee40c4ad999

SHA1
b3130703b1eb0d81fef433a2470de2ca5f305887

SHA256
becfe9222a1827d27bf0c3181c0305c6e941c205f0deb83c81e13cfe2e0cd417

SHA512
29aeae04686f842d336459d8d5c37623ab66b26ecb3b36fb5a9d733fd8ac48a0a0e16937602da87fe326a9ea982bab123953d3abd666cb0035964507769a5afa

Download Submit
C:\Users\Admin\Desktop\SaveExport.eprtx

Filesize
668KB

MD5
effc1ad92a0f2cef92d043b0e5d23bbc

SHA1
63f42322886ec5bacfe7809fe2029e3f262531de

SHA256
d2d72d5afa83759f08b2bb94f4838eb9d11132eb8b5dbdf2704427159377f363

SHA512
522ad4c5fdb993285862fecdcf9c61c98b83cb113c2d707f54370841b2c037a8038f202082821a1cf0886130d0a8e181e7aefc4b20dea774a38b2e5dd9ec3069

Download Submit
C:\Users\Admin\Desktop\SetEnter.vstm

Filesize
835KB

MD5
d57029924761650bcf216c76d6f488ff

SHA1
6cfe866055d72a1865e7075d4f9798f420d8b950

SHA256
268f08847ea23a8041483175b0b8c116ca5e6c0803817c5403e9ca0d07e39447

SHA512
93f54d9bde9a641a0e80fd78cc754d362727895ce94c86ad8e2e440ed8eab9d64a8ced8b49a3326fa41446d06bd5460dc07a8685e2d575c4b675b2d6e4f3c9cc

Download Submit
C:\Users\Admin\Desktop\SubmitPush.m1v

Filesize
752KB

MD5
bd6de25ec9311c69d32dd4876ccfddf4

SHA1
81e0fb4d1ac40976b5fa21c6073fb174bc1bf048

SHA256
3d0026ac21bbadab107fd33f24ca0a234fc5bfd35913b54626044596ac7aeef0

SHA512
869b2b743d6ea937df8af68cc1dce2aed7d94ed1b1f15a38c3f561f648fc20fb954c8af243923ddedd9f6bf900a4e76120b6d198acecb50fd0442dad642fd68b

Download Submit
C:\Users\Admin\Desktop\SubmitUse.xlt

Filesize
417KB

MD5
5f9d9ad09011e5a9d1f892b6c800e68d

SHA1
ae6c28082df1e18066d10167da84f42377df897f

SHA256
9924c6a1243f6181c226358c4dabf5045a4aeefc24eb4f15287b6a0f2fcc9d72

SHA512
a97c9321298920bbfa4ea2093197016b1e3d2c28cfdac328935bd2b4be4e1ef33c22bea2315e4b2529fb7202c844172750e5e9be0101fdb9d21238821a78a90f

Download Submit
C:\Users\Admin\Desktop\SuspendResume.emz

Filesize
1.1MB

MD5
18a3887d271210131e0eba42eddda1cb

SHA1
5c435d8fdb461bd88139a4f6e0aa450e20a72002

SHA256
30f5ff15eee7af440b2f3b2586051b8b3f69fe6582cd0acc144dce2b11f74de0

SHA512
8dacbe5eec750f37d8159e5d43997835524f272f60cd7abf9031c94b3ae47a12ce7552e8352a1b6337f8e532a72cb5fd95068bbe63770472311022abba2130f9

Download Submit
C:\Users\Admin\Desktop\UndoExit.aif

Filesize
292KB

MD5
ff5cf6af9aa824aed29795553b2f0253

SHA1
0e17d4fd83af13c9b77830d4f51fa01a4e37f9ef

SHA256
fd43754325bfcc3a8713b460205975159a0cf7ac3e6cb85a4160b9956be71f27

SHA512
dd3611b6eacb1719ae61805b4fd073dab077bd35a212bee46bbeaf975d2546648ad46ef71d198831ffd60080fe071f70cf9861e950da0c8a8cef020796434185

Download Submit
C:\Users\Admin\Desktop\UnlockMerge.css

Filesize
355KB

MD5
43a20fe4aaac451f0e51a0259e3a4949

SHA1
27580cfdda59d7f23592dceb54ba9287e8fa70d7

SHA256
77bb9971c6884c18b2c04615a06efe48126e4ccba1b60cd38a6b68af233e5aae

SHA512
e8d2ca2bb7cd51db449ad347f1d6974e7a32e8f6625a457d26a52bab8dcd0631b440905a1e1afcdc7f0ecd7ecf485434dc8138f586e1fc30e578cab96a169cc1

Download Submit
C:\Users\Admin\Desktop\UnlockRestore.3gp

Filesize
564KB

MD5
c12018e54df4ebc647b03d49b3d140e0

SHA1
f0e3e54813b0eff7b1abd4f29458ba2056380be1

SHA256
ee3b41c7ea15dd4c959c0d81aa41b04789bbb0c8159b5ea608802e52c29309d8

SHA512
43c24b18c943cc71537bd0df8424e8c3b47fc01c983a4e1dbc1f1b0a6702d925f5a88cd25753400a01fcb1d098df00c5c77ffa8476e4ae870dadc597515cd826

Download Submit
C:\Users\Admin\Desktop\UpdateOptimize.snd

Filesize
773KB

MD5
9d8dae271a836981844867baee03eba8

SHA1
32d7c10bae79724cd88ff8705051eb443a2e0117

SHA256
58713dba2419e40dbba064bc753a3590496776b6c71511bc09e54bdd8259916c

SHA512
74def4a80e006b89573663b3124d0b546b30c4b48d1d4858322ca4bf5282ae533347969354f851328dbaff47fbb52662656b7da2cd2f872f2a02d230c1cc3cd6

Download Submit
C:\Users\Admin\Desktop\UseWatch.xsl

Filesize
543KB

MD5
43bf076c547735a1e2736292bd6e6823

SHA1
a3c28d27f2270d849710ac131b3a6f98e8d66a31

SHA256
dcd593d88edabaca3725c8c7e54e34cd88da44baff6720e68e6978c5df3bda2f

SHA512
7a851e3e77d5f40fb850775b1161dfb615be02f9b83a0aa34acb15169cc1b443636873bbeac5290c60469c719a542a8829b21e19cff3b464ae2dfce9d6f8a95e

Download Submit
C:\Users\Admin\Desktop\WriteUnpublish.xlsx

Filesize
11KB

MD5
81567e70b48b7e6fa3f7acf7501010cf

SHA1
87f6c2f8fe21809a666eb8d413d2c5e64aadea30

SHA256
72a9dd35e95610a8d5242e714434c6e0848f5f99cf557469849327bff0857ef7

SHA512
e0b6fab3abfbd4394d51db295533a23eafc389e76d0d92764daa8e8c094e7168d0e63be13ee948a47417e4e08808a479c8b50de351720acd34d59ec0bc45c876

Download Submit
C:\Users\Public\Desktop\Acrobat Reader DC.lnk

Filesize
2KB

MD5
090481b070a51870de9a6232e4552341

SHA1
3b26a831df310e5717d24aabbeefa9335105924b

SHA256
af42ddfa45cc63c4ae89eb833728452bcbe97c5a6fa76f1d75a160b7ecfa6e04

SHA512
9ab50126417e12fd195019b6ba75d3783141847a34712d9444cfcfbbc7e1ae1eff31871421e988342b73fe21f1404bd37ca4e53815ebb9213f931aaa78adb90d

Download Submit
C:\Users\Public\Desktop\Firefox.lnk

Filesize
1000B

MD5
133d4ad33bcbd6f1db500a37e7ce2b6e

SHA1
c70d302a1372268f2e8c5d581dc4d2a2f4a6239f

SHA256
f8ae9f7cdca0d02a9038f32575fff82be43598cb311b77b5c69f60a07a33759e

SHA512
d8366c2780742b78f53d06564382aff3b480430129584da8e140b32afc90d05ff4374800a145d4e030339efe6fbc3089c672692504d6492c961eae0c5e1e62e7

Download Submit
C:\Users\Public\Desktop\Google Chrome.lnk

Filesize
2KB

MD5
806059e65eb17da6fc1ba3fbad795fd9

SHA1
aea69b4004e65c16d366574ea618cc7102946e10

SHA256
707844dc7b14174174ea0b9a6a99db817052b5120b8462eb665bb462333ec9f2

SHA512
f95d30631f9c88b4f19a61aa77872150bb77d8160ec38e2e3afd0b62a39cfd69a5384b807364d269a28f9205634bc9e7501685d34e8339d05834977c39638600

Download Submit
C:\Users\Public\Desktop\VLC media player.lnk

Filesize
923B

MD5
7ee66f82fe477434726f35a9b55b3d62

SHA1
55ec3a5373a25922aa789dac0ab938865071d2e4

SHA256
e9e47641c0be9a5fe87e37522a32d9a710228074a44d992cd4fd890f90d862f4

SHA512
8baf2c90da058f3d5591cdeca94fdac65de386ce6fe0a62d48319f341b25bf21132fe7d9938c8aa87e2285861991f9ee05af79259e1bd80a8afaaf74b22af483

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads