Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    41s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    20/10/2024, 21:35

General

  • Target

    1d9f0e5240f25cc5c277a66e4c63597bce8c7c89821944b2cb42a8ece39167b6N.exe

  • Size

    88KB

  • MD5

    921a82bd0fe814e8c9a529e8c1d3ae40

  • SHA1

    7aabea2c09e17f31d3d5ce8b7134c25ecebcca97

  • SHA256

    1d9f0e5240f25cc5c277a66e4c63597bce8c7c89821944b2cb42a8ece39167b6

  • SHA512

    62600508aa8e687abb160bb2ffbe01f6dbe07598309c8a8e1c97d5ebe8d650db76d144d38c67ec1e045e918e22ed881b1be19c539d7e3699558181b1e7c28647

  • SSDEEP

    768:VEQospn+18nOeTmI2G1VT6lnKCJaLVgJITFzEJ+y0cdGinm1ZzdBoEb+:wF18nOebn+baL0wisoES

Malware Config

Signatures

  • Renames multiple (231) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Adds Run key to start application 2 TTPs 4 IoCs
  • Drops file in System32 directory 47 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 8 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Runs .reg file with regedit 6 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 28 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1d9f0e5240f25cc5c277a66e4c63597bce8c7c89821944b2cb42a8ece39167b6N.exe
    "C:\Users\Admin\AppData\Local\Temp\1d9f0e5240f25cc5c277a66e4c63597bce8c7c89821944b2cb42a8ece39167b6N.exe"
    1⤵
    • Adds Run key to start application
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2704
    • C:\Windows\SysWOW64\Regedit.exe
      Regedit.exe /s C:\Users\Admin\AppData\Local\Temp\1.reg
      2⤵
      • System Location Discovery: System Language Discovery
      • Runs .reg file with regedit
      PID:2700
    • C:\Windows\SysWOW64\Regedit.exe
      Regedit.exe /s C:\Users\Admin\AppData\Local\Temp\2.reg
      2⤵
      • System Location Discovery: System Language Discovery
      • Runs .reg file with regedit
      PID:2796
    • C:\Windows\SysWOW64\Regedit.exe
      Regedit.exe /s C:\Users\Admin\AppData\Local\Temp\3.reg
      2⤵
      • System Location Discovery: System Language Discovery
      • Runs .reg file with regedit
      PID:2692
    • C:\Windows\SysWOW64\Regedit.exe
      Regedit.exe /s C:\Users\Admin\AppData\Local\Temp\4.reg
      2⤵
      • System Location Discovery: System Language Discovery
      • Runs .reg file with regedit
      PID:2360
    • C:\Windows\SysWOW64\Regedit.exe
      Regedit.exe /s C:\Users\Admin\AppData\Local\Temp\5.reg
      2⤵
      • System Location Discovery: System Language Discovery
      • Runs .reg file with regedit
      PID:2892
    • C:\Windows\SysWOW64\Regedit.exe
      Regedit.exe /s C:\Users\Admin\AppData\Local\Temp\6.reg
      2⤵
      • System Location Discovery: System Language Discovery
      • Runs .reg file with regedit
      PID:2812
    • C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Windows\WinExec.exe.vbs"
      2⤵
      • Adds Run key to start application
      • Drops file in System32 directory
      • Drops file in Program Files directory
      • Drops file in Windows directory
      • System Location Discovery: System Language Discovery
      PID:2748

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\PROGRA~1\COMMON~1\MICROS~1\ink\en-US\boxed-delete.avi.exe

    Filesize

    88KB

    MD5

    921a82bd0fe814e8c9a529e8c1d3ae40

    SHA1

    7aabea2c09e17f31d3d5ce8b7134c25ecebcca97

    SHA256

    1d9f0e5240f25cc5c277a66e4c63597bce8c7c89821944b2cb42a8ece39167b6

    SHA512

    62600508aa8e687abb160bb2ffbe01f6dbe07598309c8a8e1c97d5ebe8d650db76d144d38c67ec1e045e918e22ed881b1be19c539d7e3699558181b1e7c28647

  • C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\css\currency.css.vbs

    Filesize

    19KB

    MD5

    74c6098c1ed97d023f2a5aa4d2258f16

    SHA1

    8b48301e20467aaf8c7655c397b5056247d2aa73

    SHA256

    78d729f5e9a3710e6ca3300589102d69e7b061bb744202db124fa3c05221840f

    SHA512

    6c7f6dd115ec15f119db233bbe2e133589a4d60643bc330fdba7c7c3722e8cc2fe99a6584f23935b60e093ef44e5ed5ba128f29ec87b7255b377002b9da5c7fe

  • C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\it-IT\css\cpu.css.vbs

    Filesize

    1KB

    MD5

    803a207b47faf90c505ae1652a581ffd

    SHA1

    bd5de7b5c8e9049c9250cb8859b39ab9cd25637f

    SHA256

    2efa8dfa785170498f0bd14dcc7415d31dc500086eca5393f69675149446039a

    SHA512

    6d12ed6eefae4802f5800def9321a6e85ef0d0bddbc4a1381b30ecb6089a5f6aaa6c9eea692d76656b087e09efcc032f35261dece316e4a16b1a6bb3f8da5807

  • C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\it-IT\css\calendar.css.vbs

    Filesize

    4KB

    MD5

    be7753ea9c0f2036f8d9cb803a0b6120

    SHA1

    f3c79f2e9136e24f3a86bb226298092e28cfdcc7

    SHA256

    e518d99125ee2af3f0528e8c8aa97de0e57e0f8aa9c725db19a85cbbecfd8b34

    SHA512

    bd44325c74aa23939f93049c6b20d7dd0214407be84ca08de2900a5cf80325c5a34f2c5d0573671c382a2a86023c8da6e2b836c3e826183179dddc3aef41620c

  • C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\css\clock.css.vbs

    Filesize

    674B

    MD5

    c3adf6a62f420d0926b817bc570bcac7

    SHA1

    5f2fdbe6e421079dadc1f3f15f61af894875fea9

    SHA256

    dca69ac4afb6fe543b7adbb2645bf3df57464383236fde6d82703106869a03f9

    SHA512

    f34ed769bfd01eb2fbfc05386f7ef587b3d208b68943f5c2fc10ef4a705e64aff99954450013b3e2e05699f51f8335749b820742f43d5153aa586817be51317f

  • C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\css\settings.css.vbs

    Filesize

    1KB

    MD5

    268edb3270b37d34dd8c51a14ef2d665

    SHA1

    886fc50e8f6fbbaa4fa00b39eeab79f99a9d4bbb

    SHA256

    369d24f49576471ead617d5a8f35c5ea5d059e0da840a28100a1a3fbc026af01

    SHA512

    e704d38d528b71f57d9c8f782f9fee0ac927c32e935d4d1ec4a821aaee7161c23db3ee7a858831d328acd4846cfaac6f3ef945c68721f595c12226180c29ab17

  • C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\js\clock.js.vbs

    Filesize

    17KB

    MD5

    c678c8640b7ebe2250d1590b6aa49ed3

    SHA1

    b72c9e3a34baf274af26a00f8ea33497475da334

    SHA256

    85959807a632f0791dc6074be606a46c17a13e95324a2e2e3aeec71336cbfc8b

    SHA512

    cfc4433f72f10c6424cbe6598d995f7c352f1994f1484b09a3105a167d8b2b802f47ba178ed3b071a930ba06e6e4e8d2cf401c1e276d4af33be3b0390d0709f7

  • C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\js\timeZones.js.vbs

    Filesize

    9KB

    MD5

    559ecfb98fc63d046fd6240d2b09df90

    SHA1

    1b36d4676afd5796aa37ed7750dd937e775e7108

    SHA256

    cc1b9a765f597e30df92e8958428dbd39694c52c70627b777008b70b00b37b86

    SHA512

    643fc3c22382931583ab5df72d95f5a40f54c08a61049583be009db32d0499bd6fe8e71772453e27911682539454598c0837aa284a02c4c8d6f2b7b7652d2c60

  • C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\currency.js.vbs

    Filesize

    65KB

    MD5

    39053b6853da8972a05020728ec0df10

    SHA1

    7369fa28da358f3843d3ebcd7d2a39ded05574c7

    SHA256

    66cc94d33f120a2ca1ab63708d767b471b7dfa1c4c483d795f191fc5d7a52fc2

    SHA512

    59a7bc1a71ee1ba444110cc16aa9de98f01dffbee014842e5bca1126a63c56d1cb80e57f91cb304eb53bfdbb531e2217a365d01f04a6310b786ac53fac7849dd

  • C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\init.js.vbs

    Filesize

    724B

    MD5

    9a9229799041e3654635f805aacc31ff

    SHA1

    99decfd163cb4f113b65e0f2729442297bdbe48e

    SHA256

    f95ddb7fd27e5d834242cbdb1de8ed6c0005311c585d1988c3e48750b392b2a3

    SHA512

    12a850170ced59d991c2756b3fc0bee5ddc16366d46eef11f9a522de08bb0017ea2354e4d6c747208ce65cf12e69bc1ba685609472e7516657aa978faa567ab0

  • C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\library.js.vbs

    Filesize

    5KB

    MD5

    82e7206c004e0d793f27ca6fe1b68eb7

    SHA1

    e201cdac02106be9b1330d8f9b6d8ff01a42e0b2

    SHA256

    03f503f7abc328db6ea8254291c92575e6557d9496d33e20b08b8a4190080e6b

    SHA512

    4aa219a31e824c0fc41f01efeb3dd94486c2f0008bbd0a6495e66beb45cfccd0f1bf04d71bbf3d85397ad097a1a9d6a0e49df1f493ee777ec1961bfbe82b32ee

  • C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\service.js.vbs

    Filesize

    7KB

    MD5

    32830f3441431dfe48864af66de41c15

    SHA1

    23338b2bbcb6ca77ff0515869722080e07f42150

    SHA256

    726b42ee090b8f9ac70cc5408d27d2547065c7a47f120da9a9a83128011c1c06

    SHA512

    755abec7e7159e0d73131193b485c84325bb0bfedf8341cb54aeaad720b2631e069699d31b0adb8a5075c938715d9ec7a54f8afe3f4ab06106dd75cf3f8280c0

  • C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\css\picturePuzzle.css.vbs

    Filesize

    4KB

    MD5

    3685e6048c0c3e291328a942f63b471c

    SHA1

    960932c8479f7c460c728bfa64a1525c703754f4

    SHA256

    1b6bc2a2b8c2d4a41df28ff65d34d80542c5d531cb6f9933f5f833f0eba43a27

    SHA512

    c5e1b181c9de1437a1c7678cb8effce6a8d4e3372d438cc312ef4f2efbc7864499d513def72f1e7711a2e5ca70f0a58d7d5a09f7aee5012b6d4aa20abe209f94

  • C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\css\settings.css.vbs

    Filesize

    5KB

    MD5

    951cf41e8d54d9346e0a03a723e549c1

    SHA1

    0f368f110bc160ae85a77ac687454b951d6d7090

    SHA256

    6c722a469a4afa79506b654f37cb7bf392290868b3f8a1e9b0afda003ec1ea64

    SHA512

    f890322609ab186086d4f433a808c77a9a46313fef28dcd77a9189039e12d0de41fcc2315a65cf00f2e8a437a0a63a038fbb53f04f5ca9b922832f23c48e5eb6

  • C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\css\RSSFeeds.css.vbs

    Filesize

    2KB

    MD5

    fa877766d79d2feaae9c46f1cd6505b2

    SHA1

    25fc2079abe4a05666398092e7bdbd642428c44c

    SHA256

    35c48772d44ee208b4ab05d90465f58c4d5f8a9c0fc88a62ff69f07b2d0dee06

    SHA512

    4421309df73c12898488c0ffdf0c2548c11868901afd61ca95e55c0bb4c2b35d72093850a04183d5644cfc6bfafa2227fbcf83235290da6b5128e44a85aaf99c

  • C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\css\flyout.css.vbs

    Filesize

    2KB

    MD5

    608c9d26a0d386740680c2c528e4502d

    SHA1

    26dc38aa68ffaac44c4c857fe4945711586a413e

    SHA256

    1b56a2be7fe8ab87c1b3afbd25004f2d2c78dda085e139eb9569f5c69caf3e3b

    SHA512

    6d44d09ea92de4e3fff9a013d8108a6d8c8022671f6f46614e70dccce6fc60a505a769e0c53a7389409c31e4809fa3a024f1c59029049e08234e6f743cb5a669

  • C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\css\settings.css.vbs

    Filesize

    1KB

    MD5

    ad04cf0eae2cec98e3ed5ac72661b6ca

    SHA1

    0e5592d01682c718fd8d7ce8015655173d3c68b1

    SHA256

    6024c313590c3b875226a4dffc5f25864b5653d73feb274f24448fa6a04eaf20

    SHA512

    63cb5a8663f750ce185445d2e5dc8307589a256f186b02a61342098a4c27e1d3f703cb2f02d612d29f368da31415892859d2bcc276b5d9e79ad13a1bb7602581

  • C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\js\settings.js.vbs

    Filesize

    5KB

    MD5

    76c21b1cafda64f4e330b536ca45adb3

    SHA1

    f28e6dc46f91f2bd50945ca6529402bbdd65b3c4

    SHA256

    9d5057a6f8e28d3beb006980e365322ce5a06da71c9b765d0deb51343ef02610

    SHA512

    3f84e2116e7ead66f2eaca9d3669c8f20f293f064b1a4208e4c5b1b292d3282212813e4dde12a75c56e66d1e75d319e589dd30c005b410c073f4499fdc5f3850

  • C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\css\settings.css.vbs

    Filesize

    1KB

    MD5

    fa8af3188c7c890d86fdcb10d4fbf62c

    SHA1

    0ba8343b35f0896040db086f04bc07cf408c1e28

    SHA256

    f14a541a9130f3bd0d6d4c4d351a87ed5298596afece3e3ec2390bbae063e65f

    SHA512

    3a933eb3ad69e3a18bb0b04bc1759067318cd8f8d09b4ad765e65a3d72eb03ed9069483279380f73b105cf4181f87a2b0eace70b1519ddea21954f69f6c98f64

  • C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\css\slideShow.css.vbs

    Filesize

    4KB

    MD5

    f4ab06a44f9c0767574204ddd6cd54bf

    SHA1

    727d94b66abc9e7d5f2d5605b398f9d04bd6bc57

    SHA256

    0af3484552719a12be64d09519d7758b76402769a7bffe2c1b6b22b9ff733139

    SHA512

    7f80cf7b95d23e1267d198854896e0f3ebe88c1eddd62db0c90baf98f6ee3b7c8723172ffd3f0a6a6612c27108ae00862b1c480734d89dac7d0dc3dc44e227e8

  • C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\css\localizedSettings.css.vbs

    Filesize

    974B

    MD5

    455e12b1a2bbfa973487f35e2c4d476f

    SHA1

    717c46c371efc1e70f19d32fce4347ff463a4242

    SHA256

    d3d9bb5c378d5a522afa38f53f8f2989b3eff089d68e14e2a70049a1af4ad29f

    SHA512

    15b27dea0aac91e7a1af7f836b0f7d1543519a241c4b99e90adf3d594a8ba5eb3118cf4b47c11c64f919f4b59925a77079f2251252f3a34cbe4a97eeed80a5f9

  • C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\css\settings.css.vbs

    Filesize

    9KB

    MD5

    5008235df64e2f496caced691259c065

    SHA1

    af5ef7c4420e1d3e3a1a022a93f4dd7641caf705

    SHA256

    9263644146ea6f60654204d06d179a428c6023e4af8a3cf1794034b2819df9ae

    SHA512

    cdac548d0f4acbdc04ac5d5a0071c1d4791616a513dca3f4131257de1e1e82a872c1487454613dd04103a50a1458944dbb06d6f82a150b723722630eb0eeb2c3

  • C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\css\weather.css.vbs

    Filesize

    24KB

    MD5

    feb1c5d1501cce2cd5dc52cfb10f0e9a

    SHA1

    b9038ceea201231e82d6c645f17f44089c21f161

    SHA256

    cb9a61101d99305ab26956610385093d790bd0c2145ead3a51212fa72a214a7c

    SHA512

    ec6b29fdd28b2691adf905a682834bb3ffa82d2da4ce2557d61b593145a9aeeb94799528b907c1942932b06a002a20eb1fe578659db1e4f2123bcc19cc4c34a9

  • C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\highDpiImageSwap.js.vbs

    Filesize

    1KB

    MD5

    ef9d56e80f446dc32e5838cfbc181dd6

    SHA1

    84162ef02f261fd3d5c32e6f8ba75d0d6e1b6ef1

    SHA256

    881d05322d7d06a5c2042256e2bc44cdc1dba02c984b839d55122e10cb26e147

    SHA512

    0a40aebf8cd4ad1d26ebc1b6bc70057cf4db538b302d58f49c19a597f013c91640697224196aea21ee7b673300720b90ec1788d8b65bb352d62b07d4a5aceeb6

  • C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\library.js.vbs

    Filesize

    42KB

    MD5

    fdb05ac511bb912ac9d92b046d8b36d0

    SHA1

    9826dd418a39f46d2b42752ea9757da2d6378dea

    SHA256

    d13efba10d58e54ce40add2c891cc083f018ccf5dc0531ddbdaeb9a607e8a20d

    SHA512

    b476f807e07d6d103bd0ff0218a49e8e5286fdc86436b6338b52a583dd1910ec21d96ce3e579fcfe035484bf3adedb26059c861d4567ad1e8a1dbdbc114b4d67

  • C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\localizedStrings.js.vbs

    Filesize

    14KB

    MD5

    3d03fea624afad52cca52905dabccb10

    SHA1

    f5f5e17df6b24032509c74ed1fe932e93b9412d9

    SHA256

    135098ee180cd12c8d7127ec361ff980b354aa02d7f8a6c3e184543a8a54907a

    SHA512

    a7e14d73ed52d53d34ceecb18d9b0f9ef8f80bd3d48e2f0cee3d130e771909ececd96d2afaf2ebf4d656805e8acfb2954b99bd3e03c9eeeb101a983d8de946ec

  • C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\settings.js.vbs

    Filesize

    56KB

    MD5

    023b5c1b5b1f0af894b829a5466f9748

    SHA1

    24fbd393795fda1499f891713f1b7153f560e37b

    SHA256

    4d005737e6e9df58bf2124f30c4dbdce0ae557ff7333bfd5d70002ade7a6c328

    SHA512

    473a405ba5bb0cfb0a16d766d0ce76b7e4787901f79efb74cb44fcc203b5b04245d38e3aa5f3a400fee41609bbea2a48056e60363fad7a5ea00aa761eca0ebf9

  • C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\weather.js.vbs

    Filesize

    132KB

    MD5

    a805ed462ad9a81a3e8b8e0422f781cc

    SHA1

    025635fe06812ba52ba417e6e1dd880500aba193

    SHA256

    bdb4f2a048cad27aa3aa4d53741626eeff3919b0d80bd5ab90c3ec638b78e87c

    SHA512

    980753cced19520c04a0a2afe1278d92bfad6460274e91c24dad214df39ff8d45a5cf2953765ebd8a86188de7a6961acd767360aeee022987baa224aa068525a

  • C:\Users\Admin\AppData\Local\Temp\1.reg

    Filesize

    169B

    MD5

    1b8aa9c4579e695f722c7efeb62b1ceb

    SHA1

    efd42acaefecbabbad2712c61b499c86cf587ed9

    SHA256

    6f5d42baf0d55a215ee384479a8881e8781eb4302893abc85ae8b2219dbfc87e

    SHA512

    85947a9a2c9aa0eeb2b13f1e1dfd8cee0c3c584ecadfde981ca8c6876afcf4b493872520138b0f172ab5875e2a655a9e2880cb72b9ed7bcf205b9fb8d7a6473d

  • C:\Users\Admin\AppData\Local\Temp\2.reg

    Filesize

    170B

    MD5

    3cf886f68272009e51bf760ff02f2fd1

    SHA1

    1c8d1db4f21738cf3345a5f8934920282d8aaf27

    SHA256

    69a21a0cd503689fc61f0aef1803a4addf742ca55e6c1c60595a3dc435eb275c

    SHA512

    c98169b4e3ad37339b6e465c436c8f67413e6c2ea32a1ce44c75ee6d39947b3ac9ac3e8ee06cda962e22484c1fe52f5242f197155975ab94c15ad8700392fe2f

  • C:\Users\Admin\AppData\Local\Temp\3.reg

    Filesize

    175B

    MD5

    c0a6a61f9509d470195892991d17f51f

    SHA1

    db566bf2c08894eaf3032e7c0aff68d01d99b382

    SHA256

    ad94ca231b24a4d7cd6f34fd009e8eddf9d09114fbfd7bab287c2e88479ad700

    SHA512

    93680d6353ead2899c6070deeef60d57ec67323bad090fcae2b9c47e0748640345379ed4607646068772e11487f1915851809de0245a29263a50dd0755ccfb69

  • C:\Users\Admin\AppData\Local\Temp\4.reg

    Filesize

    139B

    MD5

    7ff9ca1a78edea205480a199f18c3c52

    SHA1

    39ce114f5ce61f5de55485d953d7194e377f80ad

    SHA256

    bf70e43d27eb1e179e22f22721060a162d28f202ffaa09848d68bb36d15e1dcb

    SHA512

    80b89528a49716d1215da373a8d84c68c2acf29ff085f3a8694f4d3294f16e7238e3f41c63eae481596de58f772dbfe8ef10f300cc58c75eb748c195364e1c94

  • C:\Users\Admin\AppData\Local\Temp\5.reg

    Filesize

    140B

    MD5

    3e3b711f00fddb7bd82e6ca38be79af9

    SHA1

    a3c9ee6e8e8d9617c3814c9f3f31c50a2ca80e42

    SHA256

    776c84a44d9c7da404aae26d8238b242b4ec8a49c66bddf564104fec4e126acf

    SHA512

    c403865f368333a1f849c5ae379c36fdc8f96bc8e235d8e5680d1866d65ba4eeed402292aeb8f8ed7891a91081db8b1721bc3647e7e07b74f3590ebe5c44e8b2

  • C:\Users\Admin\AppData\Local\Temp\6.reg

    Filesize

    145B

    MD5

    605e06f594a02d384a023169fd6da5e6

    SHA1

    c61c8ab826851d808ee55fbc90073da44c1efa99

    SHA256

    92f0a278cf25a44853b5af65f54f29cb62c4c3c1cf9d368e4ac90f70f0d79a28

    SHA512

    fc5be0eccb6100c1280f351b53dd39930f2731751d67d253d2623029f49f0d9f931b43b3e2072ad11c7db2b944b579d03ef761801dae02d240ac7c8d643cf79d

  • C:\Windows\WinExec.exe.vbs

    Filesize

    215KB

    MD5

    812f70c55c6a5aa67da09aa894f5d7a9

    SHA1

    e7ffdcd9add563f873a9c859ea63f9984ab87717

    SHA256

    2eef0b78a9fbe606a269a80530dc60ea6a64172787bffcdbb12dfc869f577923

    SHA512

    a737e7552fc388df400cc84cf01201781ac58b0943efbc925ab6df922eef272ec7a2871e4c77485520f132d408d254fd3c91bf4f34eef7198411e388b1ac04ae

  • memory/2704-0-0x0000000000400000-0x0000000000417000-memory.dmp

    Filesize

    92KB