Overview

overview

10

Static

static

1

RNSM00388.7z

windows10-2004-x64

10

Analysis

  • max time kernel
    65s
  • max time network
    128s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03-11-2024 21:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    RNSM00388.7z

  • Size

    6.1MB

  • MD5

    5c24572784edd8136e2400edd909d57e

  • SHA1

    3b1ebada7ce5ca40be7dfc260dda8658cd72a283

  • SHA256

    4b7646416a706123783e3dae3173fdf81b46d800b4e7cc273aee598d403ca7c9

  • SHA512

    abde7869c364864ed33b747f64faca83405ff1a414a2526bebb77fa9b77efbaf19fd9045811fff00b2f950d9c72447a8f066aec558cc11aa28c904b47dc3be7c

  • SSDEEP

    98304:MG29y5gDpqmSjqdv5p5iBliJClA9DSeOwOQMUfJATay6YMwqxcRTKOBL5K22t+jr:MGVLiPpABlTlUa7VYSTcYmcRTBOxp6

Score
10/10
agentteslaavaddoncrimsonratgandcrabnetwalkerremcosusgbackdoordefense_evasiondiscoveryexecutionimpactkeyloggerransomwareratspywarestealertrojanupx

Malware Config

Extracted

Family

agenttesla

Credentials

  • Protocol:     smtp
  • Host:
    us2.smtp.mailhostbox.com
  • Port:
    587
  • Username:
    [email protected]
  • Password:
    22june1969

Extracted

Family

crimsonrat

C2

209.127.16.126

Extracted

Path

C:\Program Files\11671-Readme.txt

Family

netwalker

Ransom Note
Hi! Your files are encrypted. All encrypted files for this computer has extension: .11671 -- If for some reason you read this text before the encryption ended, this can be understood by the fact that the computer slows down, and your heart rate has increased due to the ability to turn it off, then we recommend that you move away from the computer and accept that you have been compromised, rebooting/shutdown will cause you to lose files without the possibility of recovery and even god will not be able to help you, it could be files on the network belonging to other users, sure you want to take that responsibility? -- Our encryption algorithms are very strong and your files are very well protected, you can't hope to recover them without our help. The only way to get your files back is to cooperate with us and get the decrypter program. Do not try to recover your files without a decrypt program, you may damage them and then they will be impossible to recover. We advise you to contact us as soon as possible, otherwise there is a possibility that your files will never be returned. For us this is just business and to prove to you our seriousness, we will decrypt you some files for free, but we will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision. Contact us: [email protected] [email protected] Don't forget to include your code in the email: {code_a35f346f_11671: 2jRU0pcmREG5zy309l9IlKEy87FC4DGr56G/8weibvl0ahWbQm 0hRY7bUjpHsg97m6DwRcmMZOUUDWK0f8veR8RLqvs5BdEKbzRf o/0zHssjCUamlMm423VcA3SJHz1hvXGQ9CGQs0bAFSPLKb6i99 M8T84DIIQVKgecZWg0jzhxCURO/SpDThiGzWd2TbOvJySAPjB8 FXXAtwdPt66ZJs8JkEb3+a/V/QL4pz7Xl1K7g8cHzC4wLhrQm2 98QFfu8MHbTb0j/8kkCqm3kVPLp6TWw9I=}

Extracted

Path

C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\D874D8-Readme.txt

Family

netwalker

Ransom Note
Hi! Your files are encrypted by Netwalker. All encrypted files for this computer has extension: .d874d8 -- If for some reason you read this text before the encryption ended, this can be understood by the fact that the computer slows down, and your heart rate has increased due to the ability to turn it off, then we recommend that you move away from the computer and accept that you have been compromised. Rebooting/shutdown will cause you to lose files without the possibility of recovery. -- Our encryption algorithms are very strong and your files are very well protected, the only way to get your files back is to cooperate with us and get the decrypter program. Do not try to recover your files without a decrypter program, you may damage them and then they will be impossible to recover. For us this is just business and to prove to you our seriousness, we will decrypt you one file for free. Just open our website, upload the encrypted file and get the decrypted file for free. -- Steps to get access on our website: 1.Download and install tor-browser: https://torproject.org/ 2.Open our website: pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion If the website is not available, open another one: rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion 3.Put your personal code in the input form: {code_d874d8: lKqXLsxaxAnRByhM2hFi+7DOzV+QrRRwLRdampnEypIGNfYUdv 2ItqQeZ7Di+RAAwYGyPwXSfpPLPrJuYpYazi3z5hFZw/Bqmifa dC+tAxNqpVTEhcFJtiKeKr33iS7UcXIBnfRklCWDWqYA+2xo9m bGutdEf4k3Jd31VSRpLVYl6YjdH05B7KFxXD8nkVUNHsGxmzHr iPkynj7s6le0LXzWD6Aj0Odp5j24q2cKxqg+BRJeedH8mZA4A2 iJc5o7vV+9pL+xRaG1cK5p5jd8DwzTubqjCk1OtA==}
URLs

http://pb36hu4spl6cyjdfhing7h3pw6dhpk32ifemawkujj4gp33ejzdq3did.onion

http://rnfdsgm6wb6j6su5txkekw4u4y47kp2eatvu7d6xhyn5cs4lt4pdrqqd.onion

Extracted

Family

remcos

Version

2.3.0 Pro

Botnet

USG

C2

ddns.njegidi888.xyz:4219

Attributes
  • audio_folder

    MicRecords

  • audio_path

    %AppData%

  • audio_record_time

    5

  • connect_delay

    0

  • connect_interval

    3

  • copy_file

    remcos.exe

  • copy_folder

    remcos

  • delete_file

    false

  • hide_file

    false

  • hide_keylog_file

    true

  • install_flag

    false

  • install_path

    %AppData%

  • keylog_crypt

    true

  • keylog_file

    logged.dat

  • keylog_flag

    false

  • keylog_path

    %AppData%

  • mouse_option

    false

  • mutex

    ttiiurrbebebebebebeeeeet-I3YJ6F

  • screenshot_crypt

    false

  • screenshot_flag

    false

  • screenshot_folder

    Screenshots

  • screenshot_path

    %AppData%

  • screenshot_time

    10

  • startup_value

    remcos

  • take_screenshot_option

    false

  • take_screenshot_time

    5

  • take_screenshot_title

    wikipedia;solitaire;

Signatures

  • AgentTesla

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    keyloggertrojanstealerspywareagenttesla
  • Agenttesla family
    agenttesla
  • Avaddon

    Ransomware-as-a-service first released in June 2020 and currently expanding its userbase among criminal actors.

    ransomwareavaddon
  • Avaddon family
    avaddon
  • Avaddon payload 1 IoCs
  • CrimsonRAT main payload 1 IoCs
  • CrimsonRat

    Crimson RAT is a malware linked to a Pakistani-linked threat actor.

    ratcrimsonrat
  • Crimsonrat family
    crimsonrat
  • Detected Netwalker Ransomware 1 IoCs

    Detected unpacked Netwalker executable.

  • GandCrab payload 2 IoCs
  • Gandcrab

    Gandcrab is a Trojan horse that encrypts files on a computer.

    ransomwarebackdoorgandcrab
  • Gandcrab family
    gandcrab
  • Netwalker Ransomware

    Ransomware family with multiple versions. Also known as MailTo.

    ransomwarenetwalker
  • Netwalker family
    netwalker
  • Remcos

    Remcos is a closed-source remote control and surveillance software.

    ratremcos
  • Remcos family
    remcos
  • AgentTesla payload 1 IoCs
  • Deletes shadow copies 3 TTPs

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution
  • Downloads MZ/PE file
  • Executes dropped EXE 3 IoCs
  • Uses the VBS compiler for execution 1 TTPs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 6 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Interacts with shadow copies 3 TTPs 1 IoCs

    Shadow copies are often targeted by ransomware to inhibit system recovery.

    ransomware
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 13 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Program Files\7-Zip\7zFM.exe
    "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\RNSM00388.7z"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:3980
  • C:\Windows\system32\taskmgr.exe
    "C:\Windows\system32\taskmgr.exe" /4
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4396
    • C:\Windows\system32\taskmgr.exe
      "C:\Windows\system32\taskmgr.exe" /1
      2⤵
      • Checks SCSI registry key(s)
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:3588
  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4608
    • C:\Windows\system32\cmd.exe
      "C:\Windows\system32\cmd.exe"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2564
      • C:\Users\Admin\Desktop\00388\HEUR-Trojan-Ransom.MSIL.Foreign.gen-1bf6dc9af6dd730120f598d02f139f5a7776993afe29679f83a3d2fda3599736.exe
        HEUR-Trojan-Ransom.MSIL.Foreign.gen-1bf6dc9af6dd730120f598d02f139f5a7776993afe29679f83a3d2fda3599736.exe
        3⤵
        • Executes dropped EXE
        PID:5108
        • C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
          "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\Documents\HEUR-Trojan-Ransom.MSIL.Foreign.gen-1bf6dc9af6dd730120f598d02f139f5a7776993afe29679f83a3d2fda3599736-03-.pdf"
          4⤵
            PID:3028
          • C:\ProgramData\Hanthavra\rnthiavesa.exe
            "C:\ProgramData\Hanthavra\rnthiavesa.exe"
            4⤵
              PID:764
          • C:\Users\Admin\Desktop\00388\HEUR-Trojan-Ransom.Win32.Agent.gen-57558bdab2008feb661e223e24dd1e437556bcab3c5f5a50cb5f0a640050ae0e.exe
            HEUR-Trojan-Ransom.Win32.Agent.gen-57558bdab2008feb661e223e24dd1e437556bcab3c5f5a50cb5f0a640050ae0e.exe
            3⤵
            • Executes dropped EXE
            PID:1928
            • C:\Windows\SysWOW64\cmd.exe
              "C:\Windows\system32\cmd.exe" /C copy /V /Y "C:\Users\Admin\Desktop\00388\HEUR-Trojan-Ransom.Win32.Agent.gen-57558bdab2008feb661e223e24dd1e437556bcab3c5f5a50cb5f0a640050ae0e.exe" "C:\Users\Admin\Desktop\00388\NW95OAEp.exe"
              4⤵
                PID:3924
              • C:\Users\Admin\Desktop\00388\NW95OAEp.exe
                "C:\Users\Admin\Desktop\00388\NW95OAEp.exe" -n
                4⤵
                  PID:1692
              • C:\Users\Admin\Desktop\00388\HEUR-Trojan-Ransom.Win32.Avaddon.gen-48689c986eb553e6a7aeba973501b9660cb1418d4ec3ba9d0511f82799d1422c.exe
                HEUR-Trojan-Ransom.Win32.Avaddon.gen-48689c986eb553e6a7aeba973501b9660cb1418d4ec3ba9d0511f82799d1422c.exe
                3⤵
                • Executes dropped EXE
                • System Location Discovery: System Language Discovery
                PID:3900
                • C:\Windows\SysWOW64\Wbem\wmic.exe
                  wmic.exe SHADOWCOPY /nointeractive
                  4⤵
                    PID:3668
                  • C:\Windows\SysWOW64\Wbem\wmic.exe
                    wmic.exe SHADOWCOPY /nointeractive
                    4⤵
                      PID:5164
                    • C:\Windows\SysWOW64\Wbem\wmic.exe
                      wmic.exe SHADOWCOPY /nointeractive
                      4⤵
                        PID:5708
                    • C:\Users\Admin\Desktop\00388\HEUR-Trojan-Ransom.Win32.Convagent.gen-096d66e5982a15e1c1a9c795bae8a0b360ac5b95c44df978f00eb1645f8f1015.exe
                      HEUR-Trojan-Ransom.Win32.Convagent.gen-096d66e5982a15e1c1a9c795bae8a0b360ac5b95c44df978f00eb1645f8f1015.exe
                      3⤵
                        PID:1096
                        • C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                          "C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"
                          4⤵
                            PID:2616
                          • C:\Windows\SysWOW64\cmd.exe
                            "C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\Desktop\00388\HEUR-Trojan-Ransom.Win32.Convagent.gen-096d66e5982a15e1c1a9c795bae8a0b360ac5b95c44df978f00eb1645f8f1015.exe"
                            4⤵
                              PID:1044
                              • C:\Windows\SysWOW64\choice.exe
                                choice /C Y /N /D Y /T 3
                                5⤵
                                  PID:4828
                            • C:\Users\Admin\Desktop\00388\HEUR-Trojan-Ransom.Win32.Crypmod.gen-0d0ed90929351c08c47dbd7541073d037240718c4a2fd63c09d2377090d4cd7a.exe
                              HEUR-Trojan-Ransom.Win32.Crypmod.gen-0d0ed90929351c08c47dbd7541073d037240718c4a2fd63c09d2377090d4cd7a.exe
                              3⤵
                                PID:1864
                                • C:\Windows\system32\vssadmin.exe
                                  C:\Windows\system32\vssadmin.exe delete shadows /all /quiet
                                  4⤵
                                  • Interacts with shadow copies
                                  PID:4824
                              • C:\Users\Admin\Desktop\00388\HEUR-Trojan-Ransom.Win32.Cryptor.gen-0cf36731f5b8651d53fc651607c3fccac24b631c08dca4493d8e07d2fbff1db3.exe
                                HEUR-Trojan-Ransom.Win32.Cryptor.gen-0cf36731f5b8651d53fc651607c3fccac24b631c08dca4493d8e07d2fbff1db3.exe
                                3⤵
                                  PID:5084
                                  • C:\Windows\SysWOW64\net.exe
                                    "C:\Windows\System32\net.exe" stop "spooler" /y
                                    4⤵
                                      PID:4220
                                      • C:\Windows\SysWOW64\net1.exe
                                        C:\Windows\system32\net1 stop "spooler" /y
                                        5⤵
                                          PID:4908
                                      • C:\Windows\SysWOW64\net.exe
                                        "C:\Windows\System32\net.exe" stop "audioendpointbuilder" /y
                                        4⤵
                                          PID:288
                                          • C:\Windows\SysWOW64\net1.exe
                                            C:\Windows\system32\net1 stop "audioendpointbuilder" /y
                                            5⤵
                                              PID:3184
                                          • C:\Windows\SysWOW64\net.exe
                                            "C:\Windows\System32\net.exe" stop "samss" /y
                                            4⤵
                                              PID:4732
                                              • C:\Windows\SysWOW64\net1.exe
                                                C:\Windows\system32\net1 stop "samss" /y
                                                5⤵
                                                  PID:5152
                                            • C:\Users\Admin\Desktop\00388\HEUR-Trojan-Ransom.Win32.Encoder.gen-bd4201d94f345690197a18abc380b3405cbbfcef9e4bd6df2569615678be8e94.exe
                                              HEUR-Trojan-Ransom.Win32.Encoder.gen-bd4201d94f345690197a18abc380b3405cbbfcef9e4bd6df2569615678be8e94.exe
                                              3⤵
                                                PID:3048
                                              • C:\Users\Admin\Desktop\00388\HEUR-Trojan-Ransom.Win32.Foreign.gen-e325f5b718e1696f24422d2c97c029bffa1b1030a38720a2adb393b683cf8466.exe
                                                HEUR-Trojan-Ransom.Win32.Foreign.gen-e325f5b718e1696f24422d2c97c029bffa1b1030a38720a2adb393b683cf8466.exe
                                                3⤵
                                                  PID:3076
                                                  • C:\Users\Admin\Desktop\00388\HEUR-Trojan-Ransom.Win32.Foreign.gen-e325f5b718e1696f24422d2c97c029bffa1b1030a38720a2adb393b683cf8466.exe
                                                    HEUR-Trojan-Ransom.Win32.Foreign.gen-e325f5b718e1696f24422d2c97c029bffa1b1030a38720a2adb393b683cf8466.exe
                                                    4⤵
                                                      PID:5884
                                                  • C:\Users\Admin\Desktop\00388\HEUR-Trojan-Ransom.Win32.GandCrypt.gen-84acc2460064e9c30208185cb7db162cd05bf5caa091c5586ffc9a479ee5f884.exe
                                                    HEUR-Trojan-Ransom.Win32.GandCrypt.gen-84acc2460064e9c30208185cb7db162cd05bf5caa091c5586ffc9a479ee5f884.exe
                                                    3⤵
                                                      PID:2868
                                                      • C:\Windows\SysWOW64\WerFault.exe
                                                        C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 488
                                                        4⤵
                                                        • Program crash
                                                        PID:5852
                                                    • C:\Users\Admin\Desktop\00388\HEUR-Trojan-Ransom.Win32.Mailto.vho-b587d049e9fae11f4fe70d5f6c9007f99483f683ee55217110094206bd6a92f2.exe
                                                      HEUR-Trojan-Ransom.Win32.Mailto.vho-b587d049e9fae11f4fe70d5f6c9007f99483f683ee55217110094206bd6a92f2.exe
                                                      3⤵
                                                        PID:4360
                                                      • C:\Users\Admin\Desktop\00388\HEUR-Trojan-Ransom.Win32.MyxaH.gen-44b2a6748bfe73b0e4515854def74fbd816ffa56842e3b544438cb34a249a41c.exe
                                                        HEUR-Trojan-Ransom.Win32.MyxaH.gen-44b2a6748bfe73b0e4515854def74fbd816ffa56842e3b544438cb34a249a41c.exe
                                                        3⤵
                                                          PID:5488
                                                        • C:\Users\Admin\Desktop\00388\HEUR-Trojan-Ransom.Win32.Rack.gen-801384c781c364acdc61e60e5b120359cb4617a42da8155123f3a0381a56495a.exe
                                                          HEUR-Trojan-Ransom.Win32.Rack.gen-801384c781c364acdc61e60e5b120359cb4617a42da8155123f3a0381a56495a.exe
                                                          3⤵
                                                            PID:5768
                                                          • C:\Users\Admin\Desktop\00388\HEUR-Trojan-Ransom.Win32.Rack.vho-bfd8ccba405dc5a5cd9a36cff3043cb8ceb98eb3ef764fa8afffb32bcb6a139c.exe
                                                            HEUR-Trojan-Ransom.Win32.Rack.vho-bfd8ccba405dc5a5cd9a36cff3043cb8ceb98eb3ef764fa8afffb32bcb6a139c.exe
                                                            3⤵
                                                              PID:8444
                                                            • C:\Users\Admin\Desktop\00388\HEUR-Trojan-Ransom.Win32.RagnarLocker.gen-dd5d4cf9422b6e4514d49a3ec542cffb682be8a24079010cda689afbb44ac0f4.exe
                                                              HEUR-Trojan-Ransom.Win32.RagnarLocker.gen-dd5d4cf9422b6e4514d49a3ec542cffb682be8a24079010cda689afbb44ac0f4.exe
                                                              3⤵
                                                                PID:5624
                                                              • C:\Users\Admin\Desktop\00388\HEUR-Trojan-Ransom.Win32.SageCrypt.vho-594af48b4da21f654d0ceadede4257865f96d9ae3b1f2ef4a96298a9385c7b2c.exe
                                                                HEUR-Trojan-Ransom.Win32.SageCrypt.vho-594af48b4da21f654d0ceadede4257865f96d9ae3b1f2ef4a96298a9385c7b2c.exe
                                                                3⤵
                                                                  PID:7924
                                                                • C:\Users\Admin\Desktop\00388\Trojan-Ransom.Win32.Agent.awyt-969ca1f1cd74be7951552e6d03ee91abda18255b1761dfd46e049737ab0db12d.exe
                                                                  Trojan-Ransom.Win32.Agent.awyt-969ca1f1cd74be7951552e6d03ee91abda18255b1761dfd46e049737ab0db12d.exe
                                                                  3⤵
                                                                    PID:12372
                                                                  • C:\Users\Admin\Desktop\00388\Trojan-Ransom.Win32.Bitcovar.oq-3d965f4ae06812e9b204725e2e112e39ed0f6a817000b539c559a41befabcb04.exe
                                                                    Trojan-Ransom.Win32.Bitcovar.oq-3d965f4ae06812e9b204725e2e112e39ed0f6a817000b539c559a41befabcb04.exe
                                                                    3⤵
                                                                      PID:17540
                                                                    • C:\Users\Admin\Desktop\00388\Trojan-Ransom.Win32.Blocker.lckf-7a615c35aed820ceef287f62248d2433ad52f7099cb759f2826dffa560e47bfd.exe
                                                                      Trojan-Ransom.Win32.Blocker.lckf-7a615c35aed820ceef287f62248d2433ad52f7099cb759f2826dffa560e47bfd.exe
                                                                      3⤵
                                                                        PID:11120
                                                                  • C:\Windows\system32\vssvc.exe
                                                                    C:\Windows\system32\vssvc.exe
                                                                    1⤵
                                                                      PID:2108
                                                                    • C:\Windows\SysWOW64\WerFault.exe
                                                                      C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 2868 -ip 2868
                                                                      1⤵
                                                                        PID:5736
                                                                      • C:\Windows\SysWOW64\WerFault.exe
                                                                        C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 3900 -ip 3900
                                                                        1⤵
                                                                          PID:7744
                                                                        • C:\Windows\SysWOW64\WerFault.exe
                                                                          C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 3900 -ip 3900
                                                                          1⤵
                                                                            PID:10216
                                                                          • C:\Windows\SysWOW64\WerFault.exe
                                                                            C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 8444 -ip 8444
                                                                            1⤵
                                                                              PID:18088

                                                                            Network

                                                                            MITRE ATT&CK Enterprise v15

                                                                            Replay Monitor

                                                                            Loading Replay Monitor...

                                                                            Downloads

                                                                            • C:\Program Files\11671-Readme.txt
                                                                              Filesize

                                                                              1KB

                                                                              MD5

                                                                              45f75555912457e2a235af98ab585e07

                                                                              SHA1

                                                                              cdb5cf1436700b4d8f7484be74018cd64b646db7

                                                                              SHA256

                                                                              1382cd16538b859ca69b5dec844fb878eba212be332d986752d6a7f38ae81c1a

                                                                              SHA512

                                                                              13cab6f2828a72a33a6121a0a7235e09f58ad50ce2df5c8f015df5528e71c7248b76bc80a624ea3535bddcd3e1fe3fbcf9618763349f93fb9dcae9d1d8267964

                                                                              Download Submit

                                                                            • C:\Program Files\AddPush.au3.mailto[[email protected]].11671
                                                                              Filesize

                                                                              934KB

                                                                              MD5

                                                                              ac72dea94012f5d252c6de80172d27ca

                                                                              SHA1

                                                                              190bb8e7283faee7dca8df021dd49fcd233d4359

                                                                              SHA256

                                                                              3bf3d212fd5735d4bd9df0028ada02b6d242fa5437535a5116fb3708e18627c6

                                                                              SHA512

                                                                              416f5ef3c576cac4fb026ae0014c2d80d4f4fcbd7550615a177c5bffde4b4f88ecf185518bbedbdb44820de710a88536ba668ac082a5f7880a835565c73a0f84

                                                                              Download Submit

                                                                            • C:\Program Files\ClosePing.rtf.mailto[[email protected]].11671
                                                                              Filesize

                                                                              1.3MB

                                                                              MD5

                                                                              1691479e6434ce56c37ae0bcf8f6374e

                                                                              SHA1

                                                                              a2e2b3711813f0aa5d42045987ee7e5da9b3fd96

                                                                              SHA256

                                                                              032202534acb1f544a811230b1c215b68b72362c53b464637dde1086c76f9a91

                                                                              SHA512

                                                                              6410ebde39569b81b47ac95e87907f0c0928baf0aeb8f178ca2a176ff6087b9cb65e6d2c04322eb2bea2027a8c3534577a562f505bf04670243dcebfa39e879d

                                                                              Download Submit

                                                                            • C:\Program Files\ConfirmBlock.js.mailto[[email protected]].11671
                                                                              Filesize

                                                                              693KB

                                                                              MD5

                                                                              3c33d8518cacb445329d8536ea3daa0e

                                                                              SHA1

                                                                              b9def95635ec94c3c4d1244c84e78282aef5bdae

                                                                              SHA256

                                                                              4dff97fe04a900f9e99c25250212c6baf2720160dd352fecf5d4e929fb2d2049

                                                                              SHA512

                                                                              2878103ca309a6ba0994c18ddaed0d496c72c39d73656625da749829728083163822c4253c54acbebb6f975d2653634a1093a3a0a962c9418c7cfae2e80a9775

                                                                              Download Submit

                                                                            • C:\ProgramData\Hanthavra\rnthiavesa.exe
                                                                              Filesize

                                                                              9.6MB

                                                                              MD5

                                                                              93e588df26c62a47d3564e58ec988368

                                                                              SHA1

                                                                              fcd11555531f636245d4c03f151dceb62ba72f6e

                                                                              SHA256

                                                                              6cecd33e717c607ce578942e35c020d7571a7db67ce9270f9dcff30018a666cc

                                                                              SHA512

                                                                              0f1f527eed767036dd6323fb5bfbf3e83fc7c2ef842c6d297742d536f8b1ae5b0b54a8ef83fe26f42916656feb0752badb6a39e63067a7dc6fe3e0797738a8ef

                                                                              Download Submit

                                                                            • C:\ProgramData\Hanthavra\zip\vatdram.zip
                                                                              Filesize

                                                                              55KB

                                                                              MD5

                                                                              e9615838e1426d223352d6fd40bf5032

                                                                              SHA1

                                                                              efba70393288d4999975fdd659a8826891e013a3

                                                                              SHA256

                                                                              562d2069849a7858f8e09e21064a21dc3b148033160cf4b417aad77a119d9c52

                                                                              SHA512

                                                                              99449c40d145831110bfee8dfa5dbdf959e4e62a98c35bbbb99eed991cfb4a37a7c693bb7aed0abb90212ead15c8876301629866bb03f2184a1471a938175fc0

                                                                              Download Submit

                                                                            • C:\ProgramData\Microsoft\ClickToRun\MachineData\Catalog\Packages\{9AC08E99-230B-47E8-9721-4577B7F124EA}\{1A8308C7-90D1-4200-B16E-646F163A08E8}\Manifest.xml
                                                                              Filesize

                                                                              3.3MB

                                                                              MD5

                                                                              dab4ebb2fb69040e997357ba0f7df92a

                                                                              SHA1

                                                                              04980407d32b8a1d3bd2144dd6b058172f8fb441

                                                                              SHA256

                                                                              209ef8f8df19042ae45ee08775a90588913201bd4356a790d037d12be79e3017

                                                                              SHA512

                                                                              9f838a98913b4a5a8f3124e6e547a6510758bd7a71905a8c5466c5ab4de46a2a591fc4d4cf1728eeecd61f65939a9e1b5ad06a4c40b055d14eb6b7641431357f

                                                                              Download Submit

                                                                            • C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\D874D8-Readme.txt
                                                                              Filesize

                                                                              1KB

                                                                              MD5

                                                                              b558907b84a78f0ed2210bd0125dfe34

                                                                              SHA1

                                                                              f93153f6e01e5cb9e249ea13b4f77d0ee0367f2b

                                                                              SHA256

                                                                              4dd3c9c216581c29075846820cd8969c5bf0a0ceebc454c44824ed4ac7178ff7

                                                                              SHA512

                                                                              1374018480279d008dadb692c4344ee55dcf2542a994526d4c91eef358ce57e958b2c93637cfc8608d007c8070509788bf22b983df25a915d28082ba3c5d791f

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr65536.dat
                                                                              Filesize

                                                                              213KB

                                                                              MD5

                                                                              2dd23e8f536f0f931037a946899f8963

                                                                              SHA1

                                                                              fd176556c517bc98a8991a4c2973e1bcdae69a35

                                                                              SHA256

                                                                              cfc29e373150ab2ddab9ec9963355b07ceea6566b556b790b459ec0e36789a46

                                                                              SHA512

                                                                              d647ea923501bca2e20a2d964489b5b0381ed516bb8527cfd925793024386b92279d247b71a11bf8e2142138965b20c80a84b8ab1fcc0d045ba2403b43842dca

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx
                                                                              Filesize

                                                                              64KB

                                                                              MD5

                                                                              d2fb266b97caff2086bf0fa74eddb6b2

                                                                              SHA1

                                                                              2f0061ce9c51b5b4fbab76b37fc6a540be7f805d

                                                                              SHA256

                                                                              b09f68b61d9ff5a7c7c8b10eee9447d4813ee0e866346e629e788cd4adecb66a

                                                                              SHA512

                                                                              c3ba95a538c1d266beb83334af755c34ce642a4178ab0f2e5f7822fd6821d3b68862a8b58f167a9294e6d913b08c1054a69b5d7aec2efdb3cf9796ed84de21a8

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
                                                                              Filesize

                                                                              4B

                                                                              MD5

                                                                              22d47fde80501801656894bc91506aa6

                                                                              SHA1

                                                                              c5550f5450eca9b24416c56d722b7a6d7d63bfb4

                                                                              SHA256

                                                                              326410334921c9a003ca819820b2f26e6a31201d54a4b7dec0cf621756e46a94

                                                                              SHA512

                                                                              8abc97b035bc4a660184b1fd51ef190fc620d4017821d5e9ced6aee82fdc720be05eb412b606c4dcf2edbe354c370609bfc6ea8b5e14b6a26122f37ea5ffc6d2

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val
                                                                              Filesize

                                                                              944B

                                                                              MD5

                                                                              6bd369f7c74a28194c991ed1404da30f

                                                                              SHA1

                                                                              0f8e3f8ab822c9374409fe399b6bfe5d68cbd643

                                                                              SHA256

                                                                              878947d0ec814fe7c343cdebc05eebf00eb14f3023bdb3809a559e17f399fe5d

                                                                              SHA512

                                                                              8fc5f073dc9fa1e1ae47c60a5f06e0a48709fd6a4302dffaa721858409e7bde64bc6856d3fb28891090516d1a7afc542579de287778b5755eafe75cc67d45d93

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_q3mjtmig.jfq.ps1
                                                                              Filesize

                                                                              60B

                                                                              MD5

                                                                              d17fe0a3f47be24a6453e9ef58c94641

                                                                              SHA1

                                                                              6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                                              SHA256

                                                                              96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                                              SHA512

                                                                              5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Local\Temp\nstC0AC.tmp\INetC.dll
                                                                              Filesize

                                                                              24KB

                                                                              MD5

                                                                              640bff73a5f8e37b202d911e4749b2e9

                                                                              SHA1

                                                                              9588dd7561ab7de3bca392b084bec91f3521c879

                                                                              SHA256

                                                                              c1e568e25ec111184deb1b87cfda4bfec529b1abeab39b66539d998012f33502

                                                                              SHA512

                                                                              39c6c358e2b480c8cbebcc1da683924c8092fb2947f2da4a8df1b0dc1fdda61003d91d12232a436ec88ff4e0995b7f6ee8c6efbdca935eaa984001f7a72fea0a

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_store
                                                                              Filesize

                                                                              10KB

                                                                              MD5

                                                                              543ce4945fe59b2eeb290868fc491fa9

                                                                              SHA1

                                                                              1953bddc5807dbae0eaec093a9df0cff59c48b3c

                                                                              SHA256

                                                                              135f161c459c6b53a40c363f1dc90edf5ea21521aecb6db53935c876c1785235

                                                                              SHA512

                                                                              dfb321ff8b88659b3cba88187e7addde16cfdecd8c43776d5121f467bc1fac5697b57abe7096992a4b41a604512e13738a505b8a556ce41365ae426230772f0b

                                                                              Download Submit

                                                                            • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_storei
                                                                              Filesize

                                                                              23KB

                                                                              MD5

                                                                              d4be0962d61437880f3ec407a4d7a436

                                                                              SHA1

                                                                              03dc758720f2e184898fc4ca84abab8088e1a03b

                                                                              SHA256

                                                                              9e5396842fd55ebf6c916efd2339b5360be213e5933a69dc6c38c871269a2dcc

                                                                              SHA512

                                                                              aa8a82922a310bea86b745423d65bc3aaadfe7f1e924d8b36b31f90b509bc86476c5f8d413b62f169cae0e747a2f573308314022cd392a7a000b35c536e8ba6d

                                                                              Download Submit

                                                                            • C:\Users\Admin\Desktop\00388\HEUR-Trojan-Ransom.MSIL.Foreign.gen-1bf6dc9af6dd730120f598d02f139f5a7776993afe29679f83a3d2fda3599736.exe
                                                                              Filesize

                                                                              687KB

                                                                              MD5

                                                                              41120771530675f31125936f630d7a67

                                                                              SHA1

                                                                              9f55015e9bfbb65f0a5b2ad8deaea1df67660fec

                                                                              SHA256

                                                                              1bf6dc9af6dd730120f598d02f139f5a7776993afe29679f83a3d2fda3599736

                                                                              SHA512

                                                                              62c4c55cf8b9c987c064300210ce746242565d4e3b0ff0008cbcf5fac4668e4cc14d007caa697dcb3774fb1ec679646cb4bff3f012ef0e104870277fcd5f7e58

                                                                              Download Submit

                                                                            • C:\Users\Admin\Desktop\00388\HEUR-Trojan-Ransom.Win32.Agent.gen-57558bdab2008feb661e223e24dd1e437556bcab3c5f5a50cb5f0a640050ae0e.exe
                                                                              Filesize

                                                                              1.2MB

                                                                              MD5

                                                                              44efccc6dc37d85446f50934c8f83f04

                                                                              SHA1

                                                                              afb5c1739ae1fc2227164fa54a984de45adb4c87

                                                                              SHA256

                                                                              57558bdab2008feb661e223e24dd1e437556bcab3c5f5a50cb5f0a640050ae0e

                                                                              SHA512

                                                                              def1d31c0e7b8e98e117e7fca257a00624c567632dafd1c6677f53c60ff3596831c53c79d9b8e536d4da2d3a796b37ed8498caa3eb63f0292ce4c69e5e267b79

                                                                              Download Submit

                                                                            • C:\Users\Admin\Desktop\00388\HEUR-Trojan-Ransom.Win32.Avaddon.gen-48689c986eb553e6a7aeba973501b9660cb1418d4ec3ba9d0511f82799d1422c.exe
                                                                              Filesize

                                                                              645KB

                                                                              MD5

                                                                              79cdf459683c39e9704a37a6be9bc877

                                                                              SHA1

                                                                              450d4f351c3dd168e313b309da4bd8a817453d1d

                                                                              SHA256

                                                                              48689c986eb553e6a7aeba973501b9660cb1418d4ec3ba9d0511f82799d1422c

                                                                              SHA512

                                                                              2cc3f164e92650c4d4aed7012da7d303d24cdc63565ed744a28cb6d59465189233a128a01f4b807aa972057e0d0d98742c5ca9b41a67bf59f0f115de30eb6bd4

                                                                              Download Submit

                                                                            • C:\Users\Admin\Desktop\00388\HEUR-Trojan-Ransom.Win32.Convagent.gen-096d66e5982a15e1c1a9c795bae8a0b360ac5b95c44df978f00eb1645f8f1015.exe
                                                                              Filesize

                                                                              446KB

                                                                              MD5

                                                                              6791daf81304df6707b24d58f01fed78

                                                                              SHA1

                                                                              af079771d8ef275b766da7738e9c6ad3463b4d9a

                                                                              SHA256

                                                                              096d66e5982a15e1c1a9c795bae8a0b360ac5b95c44df978f00eb1645f8f1015

                                                                              SHA512

                                                                              0300e303c7003ada85924c33ccc4bb69027fb347448c79b11898355325d18459d846af29f4a51bc6eaae17fd5f9c468dc71105a5a2b3de5d84c1825e5a0c3fa3

                                                                              Download Submit

                                                                            • C:\Users\Admin\Desktop\00388\HEUR-Trojan-Ransom.Win32.Crypmod.gen-0d0ed90929351c08c47dbd7541073d037240718c4a2fd63c09d2377090d4cd7a.exe
                                                                              Filesize

                                                                              69KB

                                                                              MD5

                                                                              63eb7712d7c9d495e8a6be937bdb1960

                                                                              SHA1

                                                                              1897bcfc7f3d4a36bdd29da61e87ba00812dca24

                                                                              SHA256

                                                                              0d0ed90929351c08c47dbd7541073d037240718c4a2fd63c09d2377090d4cd7a

                                                                              SHA512

                                                                              049a2dc1c544a89673bcdca985ad1e42f168f65ff73267e2e0ac30ae992a8b21d375afb35882b512edc335bfdf44174fdbbf03b3451d5b2d405eceafd3e05497

                                                                              Download Submit

                                                                            • C:\Users\Admin\Desktop\00388\HEUR-Trojan-Ransom.Win32.Cryptor.gen-0cf36731f5b8651d53fc651607c3fccac24b631c08dca4493d8e07d2fbff1db3.exe
                                                                              Filesize

                                                                              167KB

                                                                              MD5

                                                                              2209710b3ba686e5cbd8716df05c5174

                                                                              SHA1

                                                                              31675cb6cd22911f1e343b046f7b27219e55dadc

                                                                              SHA256

                                                                              0cf36731f5b8651d53fc651607c3fccac24b631c08dca4493d8e07d2fbff1db3

                                                                              SHA512

                                                                              0abfe5bc5fc7ce050658fb007361994d7df53844c1bbb7f176ee06de1f5fda8d87a93f46800ac33092763d181dd97fa89a987b350d9aa372550b67ca10413e27

                                                                              Download Submit

                                                                            • C:\Users\Admin\Desktop\00388\HEUR-Trojan-Ransom.Win32.Encoder.gen-bd4201d94f345690197a18abc380b3405cbbfcef9e4bd6df2569615678be8e94.exe
                                                                              Filesize

                                                                              96KB

                                                                              MD5

                                                                              24703dcfd3f26bc17d9d6a37ffb38b66

                                                                              SHA1

                                                                              dcfd8659283f207a694b8f4caf9d561b00de517e

                                                                              SHA256

                                                                              bd4201d94f345690197a18abc380b3405cbbfcef9e4bd6df2569615678be8e94

                                                                              SHA512

                                                                              c270d38626350eb0f0ac9e42ece1ae8fb0d39b68238f4c9913418a8e715bff6e4338b7f40b42e7ccfed3eb538000e72e53a2537a19f791eb341464cc55342805

                                                                              Download Submit

                                                                            • C:\Users\Admin\Desktop\00388\HEUR-Trojan-Ransom.Win32.GandCrypt.gen-84acc2460064e9c30208185cb7db162cd05bf5caa091c5586ffc9a479ee5f884.exe
                                                                              Filesize

                                                                              250KB

                                                                              MD5

                                                                              6d239b9d85f5278ccfaf09ee514e2fa2

                                                                              SHA1

                                                                              6d270d6d86a7d9580eeaf394ed74825d27c6aa24

                                                                              SHA256

                                                                              84acc2460064e9c30208185cb7db162cd05bf5caa091c5586ffc9a479ee5f884

                                                                              SHA512

                                                                              61bb3c73badee9b671040fa7840a1afad3bdc36a4c812bb845ceee64f067782d69ff650c44e43069bb42b8b0ebe272b9cce70abddd122c2878ad7dd7eb6a405c

                                                                              Download Submit

                                                                            • C:\Users\Admin\Desktop\00388\HEUR-Trojan-Ransom.Win32.Mailto.vho-b587d049e9fae11f4fe70d5f6c9007f99483f683ee55217110094206bd6a92f2.exe
                                                                              Filesize

                                                                              148KB

                                                                              MD5

                                                                              291e1ce9cd3ea77fb64937d3212e8ef6

                                                                              SHA1

                                                                              68fd5b77f7e6824545664a620a62de630948e4b0

                                                                              SHA256

                                                                              b587d049e9fae11f4fe70d5f6c9007f99483f683ee55217110094206bd6a92f2

                                                                              SHA512

                                                                              a63ef33ee1fa00e0bf9e395a9f3ed8793b1dcc1b90a1bf5e7d8dcae5e9fb28cb28eaf0c658883d66566a0eef6986e7377147ed26310d2e3e79d71e223cae1633

                                                                              Download Submit

                                                                            • C:\Users\Admin\Desktop\00388\HEUR-Trojan-Ransom.Win32.MyxaH.gen-44b2a6748bfe73b0e4515854def74fbd816ffa56842e3b544438cb34a249a41c.exe
                                                                              Filesize

                                                                              305KB

                                                                              MD5

                                                                              35ab40a0ae3dacdb534c0d48ac92e207

                                                                              SHA1

                                                                              0146da3db52bb4b87274c49afbae69928c38b47c

                                                                              SHA256

                                                                              44b2a6748bfe73b0e4515854def74fbd816ffa56842e3b544438cb34a249a41c

                                                                              SHA512

                                                                              b293e99d9af594068466e15ca7c6906ee5e65fb12d9da57056744a47c2be06f464ba8c599ba5a58ec4c86859c99cbdf27274c738044e7b83baaa81b905ab37de

                                                                              Download Submit

                                                                            • C:\Users\Admin\Desktop\00388\HEUR-Trojan-Ransom.Win32.RagnarLocker.gen-dd5d4cf9422b6e4514d49a3ec542cffb682be8a24079010cda689afbb44ac0f4.exe
                                                                              Filesize

                                                                              48KB

                                                                              MD5

                                                                              1ee5456c1226affd7b72bcdf3db443b7

                                                                              SHA1

                                                                              e22344a92c91b567a6cba7eb66686c438d479462

                                                                              SHA256

                                                                              dd5d4cf9422b6e4514d49a3ec542cffb682be8a24079010cda689afbb44ac0f4

                                                                              SHA512

                                                                              326e647615cab28c2a9e065ad628059b739d207a319c6631f9ed57a97548c67565c096d7227a6dc880484b65013977e95dd25e3ec8258c5e43c4567f0d86af00

                                                                              Download Submit

                                                                            • C:\Users\Admin\Documents\HEUR-Trojan-Ransom.MSIL.Foreign.gen-1bf6dc9af6dd730120f598d02f139f5a7776993afe29679f83a3d2fda3599736-03-.pdf
                                                                              Filesize

                                                                              473KB

                                                                              MD5

                                                                              a96410ba91ef5bd64dbce071231038c2

                                                                              SHA1

                                                                              93c8ad8b0fee63f0e32bf8ddd88eae16c9d79457

                                                                              SHA256

                                                                              6e586f96cfb66b2f05d27cdded7086563c62f9c32ba46c3273a22ec3a5bb23ff

                                                                              SHA512

                                                                              6b97e6e42e4bdaa752334814153d5b4639388e4c6832be77ae562ce86fb4ef5e35c88ea3966a0560c664af8be191f9cc29a4ad7d12e5fa41c894cca4b404d58a

                                                                              Download Submit

                                                                            • C:\vcredist2010_x64.log-MSI_vc_red.msi.txt.mailto[[email protected]].11671
                                                                              Filesize

                                                                              380KB

                                                                              MD5

                                                                              19bff51a9acd9797db7349cf2ed18a66

                                                                              SHA1

                                                                              89d0c7547d5ede2f5a1567f63cb12df85c613a0a

                                                                              SHA256

                                                                              86a3323618e9813f52f488de64fea52f4dceeb547068ba1027dce45c3459c9b0

                                                                              SHA512

                                                                              ded4a32a66a8850f5fe36c77f947c41aa2a87efba57679af07a006443979914458869d7384683c9b33b0d3347217f140c7797ebc2e5a5e04a9b9a5d3d51790ed

                                                                              Download Submit

                                                                            • C:\vcredist2010_x64.log.html.mailto[[email protected]].11671
                                                                              Filesize

                                                                              86KB

                                                                              MD5

                                                                              b7cc0cde984ef5e70a99e3a7cb822ca2

                                                                              SHA1

                                                                              d05051320dc1faa7d5237d51db1fc9094550ccce

                                                                              SHA256

                                                                              c4962654d546d49f7118f937e7e280bb44f602fdd66faaf6613cf4d95fc8866b

                                                                              SHA512

                                                                              a4300048dc0a463578ce1c95fc3bc4a111ce50d5734e18900cacbb50d72daf752facb57998acd9d2c2f8b0b4770759cf8ee97c9336eec2e9f8663a851b6c2106

                                                                              Download Submit

                                                                            • C:\vcredist2010_x86.log-MSI_vc_red.msi.txt.mailto[[email protected]].11671
                                                                              Filesize

                                                                              395KB

                                                                              MD5

                                                                              8bd96288245ca4f4c85d2ef1846634f0

                                                                              SHA1

                                                                              d78dc52295bbfaa492e361e70a57cbc27d6d3a43

                                                                              SHA256

                                                                              7a882df89742c0e48fc2e3039dd6359c2e9dcef359efdf2881856824d5ac8956

                                                                              SHA512

                                                                              9039dcb86fb45fca430c3f822d3afe2b4b8c850011fa8d1805811719a840dc56afc9414a4a550f05056b2e69c407a73c38b6fd27082b774419b7cbb7f6516ec7

                                                                              Download Submit

                                                                            • C:\vcredist2010_x86.log.html.mailto[[email protected]].11671
                                                                              Filesize

                                                                              81KB

                                                                              MD5

                                                                              e82456232d74b21b7f5d7ea8f54960a2

                                                                              SHA1

                                                                              6b39ee1028636a669797b38a4cbda736221d46f1

                                                                              SHA256

                                                                              d4c91448fd63c4e47e95a41b514fbdf495d1e770707148ac023dfacfae1780c2

                                                                              SHA512

                                                                              b15a66796fa065a7632e595c68aaa9bf340d6b4ceaedb7f830a1c211336b80f29bec20865a50ccb73482a8588fbdb5fb643ff4e594a26a354460e653c3243544

                                                                              Download Submit

                                                                            • C:\vcredist2012_x64_0_vcRuntimeMinimum_x64.log.mailto[[email protected]].11671
                                                                              Filesize

                                                                              168KB

                                                                              MD5

                                                                              e39779bba3840fe255d9ca81326da562

                                                                              SHA1

                                                                              2933eb9d4d0576ba7c9b4c7678c094353d1c9503

                                                                              SHA256

                                                                              065b12bdb5310ff09f97f3627de360cf79c54ecbf896087903b8e302d31126ed

                                                                              SHA512

                                                                              656026f63d81e39beb401c60050cd502b9bcfb077cf75abf07e86c66744e8eabf7f0a938c3685f1ba76e76455e3897c8d37cd5466d483df0be64c6fc2b3d2946

                                                                              Download Submit

                                                                            • C:\vcredist2012_x64_1_vcRuntimeAdditional_x64.log.mailto[[email protected]].11671
                                                                              Filesize

                                                                              195KB

                                                                              MD5

                                                                              f77be2cabdc6a5ba780920faa667f217

                                                                              SHA1

                                                                              0b80ce81a9abde1cedf66640c53a37a253e98bdb

                                                                              SHA256

                                                                              20d74eef4463329e2cbc51eb7ae7828363e7f4fff57f1bd3051b4c3540fd7ee4

                                                                              SHA512

                                                                              c9bd9fef247e16d75a085f8e5c02edfde9d3c52c80201e22c294ea9ce4f0b7a35a0fac02771db621521030807ac0d790cec0d3f079798ab7bdc972ae351adea9

                                                                              Download Submit

                                                                            • C:\vcredist2012_x86_0_vcRuntimeMinimum_x86.log.mailto[[email protected]].11671
                                                                              Filesize

                                                                              171KB

                                                                              MD5

                                                                              70550ef46641b27aa980d36f87a8717f

                                                                              SHA1

                                                                              9c481c5961b9002d984786f7b40db5016ccf698d

                                                                              SHA256

                                                                              623eed2733244734a8a826f0c4ba6c549ef2c4fb17df491227ebe26e78208b1a

                                                                              SHA512

                                                                              5850434b35328d5c8e42df96a005d8ae5e6ca7c53f24d537965be80ab88b95f90b25e01d60a3b77e129be1ebb8745b9c67d0a0f10fcb697843736d209a6e3b33

                                                                              Download Submit

                                                                            • C:\vcredist2012_x86_1_vcRuntimeAdditional_x86.log.mailto[[email protected]].11671
                                                                              Filesize

                                                                              209KB

                                                                              MD5

                                                                              515e2648062940dd6d224e6e76d88dde

                                                                              SHA1

                                                                              c1e3e66eb162ec495df792269eef371d289c747a

                                                                              SHA256

                                                                              cf30984ea5379f5411a7d23371c9cbfe1627177c520bcd7a10c6b4b6d21611c5

                                                                              SHA512

                                                                              8f59bd20a91f6e6b6e37805e90dbc010b14ff25693fc55ba4b7fef1be9cf64de172a300aa2541339de3c51914e1b9ce6a30d7d164c264907618241aa3275dc8f

                                                                              Download Submit

                                                                            • C:\vcredist2013_x64_000_vcRuntimeMinimum_x64.log.mailto[[email protected]].11671
                                                                              Filesize

                                                                              171KB

                                                                              MD5

                                                                              310f87b2826106038dcc7c81685e9c15

                                                                              SHA1

                                                                              de8722d4ff412f503f6094ed5b2e622a308c1b55

                                                                              SHA256

                                                                              b20696e7c2d65acc9cff62c96edaead9651889de61a70dda01e1be61a25161da

                                                                              SHA512

                                                                              1a290d96f6497dbc24a3356036845824f0d2ba51ee3767b5ed804d3303657803a8033cc9a8cb505747ddc748c09becdecc9d15d45d04fb735f79bd38754cdc42

                                                                              Download Submit

                                                                            • C:\vcredist2013_x64_001_vcRuntimeAdditional_x64.log.mailto[[email protected]].11671
                                                                              Filesize

                                                                              191KB

                                                                              MD5

                                                                              06bb0fc6e1462ceefbfdeb18db43d5cd

                                                                              SHA1

                                                                              e8566e8329540d9d7b95ec69ee0cb7162f2ea1ee

                                                                              SHA256

                                                                              05d1699f3f58b6ee7935e4e02fd9eeb7f0305c11f9c8cbc10f597758dc6ff521

                                                                              SHA512

                                                                              8bb7fd1d8fa9c90f3813db44669c9228ef1333eec8adcb8dfe5b1377409f6d4c4ea828fa88d2c5c16229943a83db58af127a4a6dfc721a7d75c01c77ca88794b

                                                                              Download Submit

                                                                            • C:\vcredist2013_x86_000_vcRuntimeMinimum_x86.log.mailto[[email protected]].11671
                                                                              Filesize

                                                                              171KB

                                                                              MD5

                                                                              804ff5b2326237ce66c57aedb292320e

                                                                              SHA1

                                                                              0ac66715fe40ebfe0451f71a4aa3634d471c695f

                                                                              SHA256

                                                                              b752819da6e3ab554f948f2fd3c673ab0b631b91d6250b018bae8265166a8773

                                                                              SHA512

                                                                              82886da3917c9846a1505cbe45634d8b2583a1a535289ed2fccde26854871a8cc2126037801ad1bcf26094b06c2242bfb3e139ec902b1017de01cc369cea7bcb

                                                                              Download Submit

                                                                            • C:\vcredist2013_x86_001_vcRuntimeAdditional_x86.log.mailto[[email protected]].11671
                                                                              Filesize

                                                                              199KB

                                                                              MD5

                                                                              58f606d9c6ba227979b3209c863385fd

                                                                              SHA1

                                                                              295980222f84958c82a0613c1f6c53689d210e05

                                                                              SHA256

                                                                              1c9ab9977fe2198809f49c18eac0381edc8f16e3978952955bdc0411a3db4647

                                                                              SHA512

                                                                              9fe1e2e4c39e016106f5ab91ac85ea4542c67aa53d88dea6578038e5f1e32bb428fc42a49f69d5c3daa525f4ebfa0589008d571b1c09e363847255e7068c79d4

                                                                              Download Submit

                                                                            • C:\vcredist2022_x64_000_vcRuntimeMinimum_x64.log.mailto[[email protected]].11671
                                                                              Filesize

                                                                              124KB

                                                                              MD5

                                                                              c8cf6e6b92d8ffc977b4f7b8f4ed9913

                                                                              SHA1

                                                                              6a5a4b1ef80b5511350c2c50cc42c6f9922ea64e

                                                                              SHA256

                                                                              5cc5f759e3dfd85435cbc684447d8c92ff54c8d75e8113da1e9ca24d9ee3a3eb

                                                                              SHA512

                                                                              06efbdc67877d8dd9cfb1cccb903cf50a0d95bb378d0b1f4f6f8f387b40ce2c64d0bd3b7f41f524af04422548a4f63041cc2e3284eb2e339047c01ccef20b334

                                                                              Download Submit

                                                                            • C:\vcredist2022_x64_001_vcRuntimeAdditional_x64.log.mailto[[email protected]].11671
                                                                              Filesize

                                                                              130KB

                                                                              MD5

                                                                              e07253c810bba98166020d8090ce020a

                                                                              SHA1

                                                                              cd2245bd0273c66a6080eb39f78b5e238376a131

                                                                              SHA256

                                                                              d1d0e2c944e88830fa45ea9ff25b66cf4d57c608b481915c51f39054c332d49e

                                                                              SHA512

                                                                              2b0b216cc9ca774dd412e8df228138099b1ec94eee375308570fbb0c6d4a0297adea215fffa4143586d368dbf2830a165f5dc5222b6e1e8a28a9678b8b3b6619

                                                                              Download Submit

                                                                            • C:\vcredist2022_x86_000_vcRuntimeMinimum_x86.log.mailto[[email protected]].11671
                                                                              Filesize

                                                                              124KB

                                                                              MD5

                                                                              a562fdb593260b638ada3dfb51d31c92

                                                                              SHA1

                                                                              6f9ecfeeadbed8b2981d8fd01ef1dcfff0b26b0b

                                                                              SHA256

                                                                              2fda1dce58d8c25de6de04f531874f36e4030ed9096982dc97367e772a1b28c3

                                                                              SHA512

                                                                              3e1e618d6b8a35ef801edaf88a288c445427054d36438ce445f78ab211f2a385807d8b6100fe03f98bb5d1ccbc2154f01d520b34a15ca7801250ed9b2f92a30f

                                                                              Download Submit

                                                                            • C:\vcredist2022_x86_001_vcRuntimeAdditional_x86.log.mailto[[email protected]].11671
                                                                              Filesize

                                                                              136KB

                                                                              MD5

                                                                              46561cae4872f991fabb027ab323157b

                                                                              SHA1

                                                                              af8b0aec5a82678d92b17f0e565453f71d9d44f5

                                                                              SHA256

                                                                              3b30ab3349370a11b45cc50af5faf2af4b7194d8fb9c5f09c3670314ba79500f

                                                                              SHA512

                                                                              b03a0ee1120399894f3e5a7145eb5b78164f98b448f2cc4729ad3b2544868375350988b7916aecc9352a54acfa2697661e1353c0c9e5075988313ac4efa17255

                                                                              Download Submit

                                                                            • \??\c:\users\admin\desktop\00388\heur-trojan-ransom.win32.foreign.gen-e325f5b718e1696f24422d2c97c029bffa1b1030a38720a2adb393b683cf8466.exe
                                                                              Filesize

                                                                              796KB

                                                                              MD5

                                                                              3df42511034cb9c44da3b259909e82f0

                                                                              SHA1

                                                                              656c084c98903103860eb180afd250d4101e6517

                                                                              SHA256

                                                                              e325f5b718e1696f24422d2c97c029bffa1b1030a38720a2adb393b683cf8466

                                                                              SHA512

                                                                              dc20250d55f5cd390faf6d6eb7ec0933064bc9eb3fa39cc925639f820c935907689e0432db9e5d26d041c87ac39502d5ee7fee945736fc83cafc6b2b568b8876

                                                                              Download Submit

                                                                            • \??\c:\users\admin\desktop\00388\heur-trojan-ransom.win32.rack.gen-801384c781c364acdc61e60e5b120359cb4617a42da8155123f3a0381a56495a.exe
                                                                              Filesize

                                                                              142KB

                                                                              MD5

                                                                              88e86bec16a339b6eb5ede18f383ffd9

                                                                              SHA1

                                                                              91e79df0e7b60a9f58f068f5eacb1e1b32419e40

                                                                              SHA256

                                                                              801384c781c364acdc61e60e5b120359cb4617a42da8155123f3a0381a56495a

                                                                              SHA512

                                                                              3cd8291b6ed8ed94b3c523ef43fd31b155f62547dadf2d4810d06696af5e616aa5f454dd3a0cfa9ff6025890dcd4998966a539257158f43da764b7ff767dfd93

                                                                              Download Submit

                                                                            • \??\c:\users\admin\desktop\00388\heur-trojan-ransom.win32.rack.vho-bfd8ccba405dc5a5cd9a36cff3043cb8ceb98eb3ef764fa8afffb32bcb6a139c.exe
                                                                              Filesize

                                                                              173KB

                                                                              MD5

                                                                              9e34acb7ad22cc3d5316f6ce7994ffa5

                                                                              SHA1

                                                                              0567c6a7eade7f89a284a0988b69b2a9f73de9bb

                                                                              SHA256

                                                                              bfd8ccba405dc5a5cd9a36cff3043cb8ceb98eb3ef764fa8afffb32bcb6a139c

                                                                              SHA512

                                                                              fe1212819bc9bbadde1b39a6d981a9def030989bdc98f15ad5e3e5429fb51b771b561ec29d034cc12995058711f0067b4fe6a6ad4704114172bde71ac333595f

                                                                              Download Submit

                                                                            • memory/764-209-0x000001B3EB8F0000-0x000001B3EC29A000-memory.dmp

                                                                              Filesize

                                                                              9.7MB

                                                                              Download

                                                                            • memory/1096-127-0x0000000002740000-0x0000000002798000-memory.dmp

                                                                              Filesize

                                                                              352KB

                                                                              Download

                                                                            • memory/1096-125-0x00000000002E0000-0x0000000000356000-memory.dmp

                                                                              Filesize

                                                                              472KB

                                                                              Download

                                                                            • memory/1692-333-0x0000000000400000-0x0000000000539000-memory.dmp

                                                                              Filesize

                                                                              1.2MB

                                                                              Download

                                                                            • memory/1692-667-0x0000000000400000-0x0000000000539000-memory.dmp

                                                                              Filesize

                                                                              1.2MB

                                                                              Download

                                                                            • memory/1692-1461-0x0000000000400000-0x0000000000539000-memory.dmp

                                                                              Filesize

                                                                              1.2MB

                                                                              Download

                                                                            • memory/1692-218-0x0000000000400000-0x0000000000539000-memory.dmp

                                                                              Filesize

                                                                              1.2MB

                                                                              Download

                                                                            • memory/1928-167-0x0000000000400000-0x0000000000539000-memory.dmp

                                                                              Filesize

                                                                              1.2MB

                                                                              Download

                                                                            • memory/1928-370-0x0000000000400000-0x0000000000539000-memory.dmp

                                                                              Filesize

                                                                              1.2MB

                                                                              Download

                                                                            • memory/1928-1758-0x0000000000400000-0x0000000000539000-memory.dmp

                                                                              Filesize

                                                                              1.2MB

                                                                              Download

                                                                            • memory/1928-439-0x0000000030000000-0x0000000030389000-memory.dmp

                                                                              Filesize

                                                                              3.5MB

                                                                              Download

                                                                            • memory/1928-240-0x0000000000400000-0x0000000000539000-memory.dmp

                                                                              Filesize

                                                                              1.2MB

                                                                              Download

                                                                            • memory/1928-822-0x0000000000400000-0x0000000000539000-memory.dmp

                                                                              Filesize

                                                                              1.2MB

                                                                              Download

                                                                            • memory/2616-205-0x0000000006A20000-0x0000000006A70000-memory.dmp

                                                                              Filesize

                                                                              320KB

                                                                              Download

                                                                            • memory/2616-136-0x00000000054E0000-0x0000000005572000-memory.dmp

                                                                              Filesize

                                                                              584KB

                                                                              Download

                                                                            • memory/2616-160-0x0000000005B20000-0x0000000005B86000-memory.dmp

                                                                              Filesize

                                                                              408KB

                                                                              Download

                                                                            • memory/2616-156-0x00000000030C0000-0x00000000030D8000-memory.dmp

                                                                              Filesize

                                                                              96KB

                                                                              Download

                                                                            • memory/2616-148-0x0000000005710000-0x00000000057AC000-memory.dmp

                                                                              Filesize

                                                                              624KB

                                                                              Download

                                                                            • memory/2616-130-0x0000000000400000-0x0000000000450000-memory.dmp

                                                                              Filesize

                                                                              320KB

                                                                              Download

                                                                            • memory/2616-322-0x0000000006F00000-0x0000000006F0A000-memory.dmp

                                                                              Filesize

                                                                              40KB

                                                                              Download

                                                                            • memory/2616-135-0x0000000005BD0000-0x0000000006174000-memory.dmp

                                                                              Filesize

                                                                              5.6MB

                                                                              Download

                                                                            • memory/2868-233-0x0000000000400000-0x0000000000444000-memory.dmp

                                                                              Filesize

                                                                              272KB

                                                                              Download

                                                                            • memory/2868-234-0x00000000005F0000-0x0000000000607000-memory.dmp

                                                                              Filesize

                                                                              92KB

                                                                              Download

                                                                            • memory/3048-323-0x0000000000400000-0x000000000045A000-memory.dmp

                                                                              Filesize

                                                                              360KB

                                                                              Download

                                                                            • memory/3048-617-0x0000000000400000-0x000000000045A000-memory.dmp

                                                                              Filesize

                                                                              360KB

                                                                              Download

                                                                            • memory/3048-217-0x0000000000400000-0x000000000045A000-memory.dmp

                                                                              Filesize

                                                                              360KB

                                                                              Download

                                                                            • memory/3048-623-0x0000000000400000-0x000000000045A000-memory.dmp

                                                                              Filesize

                                                                              360KB

                                                                              Download

                                                                            • memory/3076-155-0x0000000000400000-0x00000000005F1000-memory.dmp

                                                                              Filesize

                                                                              1.9MB

                                                                              Download

                                                                            • memory/3076-219-0x0000000000400000-0x00000000005F1000-memory.dmp

                                                                              Filesize

                                                                              1.9MB

                                                                              Download

                                                                            • memory/3588-83-0x0000020ABE800000-0x0000020ABE801000-memory.dmp

                                                                              Filesize

                                                                              4KB

                                                                              Download

                                                                            • memory/3588-86-0x0000020ABE800000-0x0000020ABE801000-memory.dmp

                                                                              Filesize

                                                                              4KB

                                                                              Download

                                                                            • memory/3588-82-0x0000020ABE800000-0x0000020ABE801000-memory.dmp

                                                                              Filesize

                                                                              4KB

                                                                              Download

                                                                            • memory/3588-85-0x0000020ABE800000-0x0000020ABE801000-memory.dmp

                                                                              Filesize

                                                                              4KB

                                                                              Download

                                                                            • memory/3588-76-0x0000020ABE800000-0x0000020ABE801000-memory.dmp

                                                                              Filesize

                                                                              4KB

                                                                              Download

                                                                            • memory/3588-84-0x0000020ABE800000-0x0000020ABE801000-memory.dmp

                                                                              Filesize

                                                                              4KB

                                                                              Download

                                                                            • memory/3588-77-0x0000020ABE800000-0x0000020ABE801000-memory.dmp

                                                                              Filesize

                                                                              4KB

                                                                              Download

                                                                            • memory/3588-87-0x0000020ABE800000-0x0000020ABE801000-memory.dmp

                                                                              Filesize

                                                                              4KB

                                                                              Download

                                                                            • memory/3588-75-0x0000020ABE800000-0x0000020ABE801000-memory.dmp

                                                                              Filesize

                                                                              4KB

                                                                              Download

                                                                            • memory/3900-168-0x0000000000400000-0x000000000330D000-memory.dmp

                                                                              Filesize

                                                                              47.1MB

                                                                              Download

                                                                            • memory/4396-70-0x000001D6586A0000-0x000001D6586A1000-memory.dmp

                                                                              Filesize

                                                                              4KB

                                                                              Download

                                                                            • memory/4396-73-0x000001D6586A0000-0x000001D6586A1000-memory.dmp

                                                                              Filesize

                                                                              4KB

                                                                              Download

                                                                            • memory/4396-74-0x000001D6586A0000-0x000001D6586A1000-memory.dmp

                                                                              Filesize

                                                                              4KB

                                                                              Download

                                                                            • memory/4396-63-0x000001D6586A0000-0x000001D6586A1000-memory.dmp

                                                                              Filesize

                                                                              4KB

                                                                              Download

                                                                            • memory/4396-64-0x000001D6586A0000-0x000001D6586A1000-memory.dmp

                                                                              Filesize

                                                                              4KB

                                                                              Download

                                                                            • memory/4396-62-0x000001D6586A0000-0x000001D6586A1000-memory.dmp

                                                                              Filesize

                                                                              4KB

                                                                              Download

                                                                            • memory/4396-72-0x000001D6586A0000-0x000001D6586A1000-memory.dmp

                                                                              Filesize

                                                                              4KB

                                                                              Download

                                                                            • memory/4396-69-0x000001D6586A0000-0x000001D6586A1000-memory.dmp

                                                                              Filesize

                                                                              4KB

                                                                              Download

                                                                            • memory/4396-71-0x000001D6586A0000-0x000001D6586A1000-memory.dmp

                                                                              Filesize

                                                                              4KB

                                                                              Download

                                                                            • memory/4396-68-0x000001D6586A0000-0x000001D6586A1000-memory.dmp

                                                                              Filesize

                                                                              4KB

                                                                              Download

                                                                            • memory/4608-91-0x0000021F40720000-0x0000021F40742000-memory.dmp

                                                                              Filesize

                                                                              136KB

                                                                              Download

                                                                            • memory/4608-102-0x0000021F40CE0000-0x0000021F40D56000-memory.dmp

                                                                              Filesize

                                                                              472KB

                                                                              Download

                                                                            • memory/4608-104-0x0000021F40CA0000-0x0000021F40CBE000-memory.dmp

                                                                              Filesize

                                                                              120KB

                                                                              Download

                                                                            • memory/4608-101-0x0000021F40C10000-0x0000021F40C54000-memory.dmp

                                                                              Filesize

                                                                              272KB

                                                                              Download

                                                                            • memory/5108-133-0x0000000000AC0000-0x0000000000AC8000-memory.dmp

                                                                              Filesize

                                                                              32KB

                                                                              Download

                                                                            • memory/5108-128-0x000000001BD30000-0x000000001BDCC000-memory.dmp

                                                                              Filesize

                                                                              624KB

                                                                              Download

                                                                            • memory/5108-126-0x000000001B730000-0x000000001BBFE000-memory.dmp

                                                                              Filesize

                                                                              4.8MB

                                                                              Download

                                                                            • memory/5108-123-0x000000001B1B0000-0x000000001B256000-memory.dmp

                                                                              Filesize

                                                                              664KB

                                                                              Download

                                                                            • memory/5108-134-0x000000001BF90000-0x000000001BFDC000-memory.dmp

                                                                              Filesize

                                                                              304KB

                                                                              Download

                                                                            • memory/5768-435-0x0000000000400000-0x000000000327A000-memory.dmp

                                                                              Filesize

                                                                              46.5MB

                                                                              Download

                                                                            • memory/5884-1868-0x0000000000400000-0x0000000000420000-memory.dmp

                                                                              Filesize

                                                                              128KB

                                                                              Download

                                                                            • memory/7924-1226-0x0000000000400000-0x000000000046E000-memory.dmp

                                                                              Filesize

                                                                              440KB

                                                                              Download

                                                                            • memory/8444-669-0x0000000000400000-0x000000000089E000-memory.dmp

                                                                              Filesize

                                                                              4.6MB

                                                                              Download

                                                                            • memory/8444-1466-0x0000000000400000-0x000000000089E000-memory.dmp

                                                                              Filesize

                                                                              4.6MB

                                                                              Download