Malware Analysis Report

2024-12-07 10:02

Sample ID 241114-dmstyasrbv
Target c94b70dff50e69639b0ef1e828621c5fddcf144fea93e27520f48264ddd33273.exe
SHA256 c94b70dff50e69639b0ef1e828621c5fddcf144fea93e27520f48264ddd33273
Tags
credential_access discovery ransomware spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

c94b70dff50e69639b0ef1e828621c5fddcf144fea93e27520f48264ddd33273

Threat Level: Known bad

The file c94b70dff50e69639b0ef1e828621c5fddcf144fea93e27520f48264ddd33273.exe was found to be: Known bad.

Malicious Activity Summary

credential_access discovery ransomware spyware stealer

Renames multiple (1509) files with added filename extension

Renames multiple (841) files with added filename extension

Credentials from Password Stores: Windows Credential Manager

Drops startup file

Reads user/profile data of web browsers

Drops desktop.ini file(s)

Browser Information Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-14 03:07

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-14 03:07

Reported

2024-11-14 03:10

Platform

win7-20240903-en

Max time kernel

121s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\c94b70dff50e69639b0ef1e828621c5fddcf144fea93e27520f48264ddd33273.exe"

Signatures

Renames multiple (841) files with added filename extension

ransomware

Credentials from Password Stores: Windows Credential Manager

credential_access stealer

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\readme.txt C:\Users\Admin\AppData\Local\Temp\c94b70dff50e69639b0ef1e828621c5fddcf144fea93e27520f48264ddd33273.exe N/A

Reads user/profile data of web browsers

spyware stealer

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\Users\Admin\Pictures\desktop.ini C:\Users\Admin\AppData\Local\Temp\c94b70dff50e69639b0ef1e828621c5fddcf144fea93e27520f48264ddd33273.exe N/A
File opened for modification C:\Users\Admin\Videos\desktop.ini C:\Users\Admin\AppData\Local\Temp\c94b70dff50e69639b0ef1e828621c5fddcf144fea93e27520f48264ddd33273.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\OM66BHWE\desktop.ini C:\Users\Admin\AppData\Local\Temp\c94b70dff50e69639b0ef1e828621c5fddcf144fea93e27520f48264ddd33273.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\YPLB435F\desktop.ini C:\Users\Admin\AppData\Local\Temp\c94b70dff50e69639b0ef1e828621c5fddcf144fea93e27520f48264ddd33273.exe N/A
File opened for modification C:\Users\Admin\Downloads\desktop.ini C:\Users\Admin\AppData\Local\Temp\c94b70dff50e69639b0ef1e828621c5fddcf144fea93e27520f48264ddd33273.exe N/A
File opened for modification C:\Users\Admin\Favorites\desktop.ini C:\Users\Admin\AppData\Local\Temp\c94b70dff50e69639b0ef1e828621c5fddcf144fea93e27520f48264ddd33273.exe N/A
File opened for modification C:\Users\Admin\Music\desktop.ini C:\Users\Admin\AppData\Local\Temp\c94b70dff50e69639b0ef1e828621c5fddcf144fea93e27520f48264ddd33273.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\R627XHFP\desktop.ini C:\Users\Admin\AppData\Local\Temp\c94b70dff50e69639b0ef1e828621c5fddcf144fea93e27520f48264ddd33273.exe N/A
File opened for modification C:\Users\Public\Desktop\desktop.ini C:\Users\Admin\AppData\Local\Temp\c94b70dff50e69639b0ef1e828621c5fddcf144fea93e27520f48264ddd33273.exe N/A
File opened for modification C:\Users\Public\Downloads\desktop.ini C:\Users\Admin\AppData\Local\Temp\c94b70dff50e69639b0ef1e828621c5fddcf144fea93e27520f48264ddd33273.exe N/A
File opened for modification C:\Users\Public\Pictures\Sample Pictures\desktop.ini C:\Users\Admin\AppData\Local\Temp\c94b70dff50e69639b0ef1e828621c5fddcf144fea93e27520f48264ddd33273.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\desktop.ini C:\Users\Admin\AppData\Local\Temp\c94b70dff50e69639b0ef1e828621c5fddcf144fea93e27520f48264ddd33273.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini C:\Users\Admin\AppData\Local\Temp\c94b70dff50e69639b0ef1e828621c5fddcf144fea93e27520f48264ddd33273.exe N/A
File opened for modification C:\Users\Admin\Desktop\desktop.ini C:\Users\Admin\AppData\Local\Temp\c94b70dff50e69639b0ef1e828621c5fddcf144fea93e27520f48264ddd33273.exe N/A
File opened for modification C:\Users\Admin\Documents\desktop.ini C:\Users\Admin\AppData\Local\Temp\c94b70dff50e69639b0ef1e828621c5fddcf144fea93e27520f48264ddd33273.exe N/A
File opened for modification C:\Users\Public\Pictures\desktop.ini C:\Users\Admin\AppData\Local\Temp\c94b70dff50e69639b0ef1e828621c5fddcf144fea93e27520f48264ddd33273.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini C:\Users\Admin\AppData\Local\Temp\c94b70dff50e69639b0ef1e828621c5fddcf144fea93e27520f48264ddd33273.exe N/A
File opened for modification C:\Users\Admin\Saved Games\desktop.ini C:\Users\Admin\AppData\Local\Temp\c94b70dff50e69639b0ef1e828621c5fddcf144fea93e27520f48264ddd33273.exe N/A
File opened for modification C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini C:\Users\Admin\AppData\Local\Temp\c94b70dff50e69639b0ef1e828621c5fddcf144fea93e27520f48264ddd33273.exe N/A
File opened for modification C:\Users\Public\Music\desktop.ini C:\Users\Admin\AppData\Local\Temp\c94b70dff50e69639b0ef1e828621c5fddcf144fea93e27520f48264ddd33273.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\U8F4PBMO\desktop.ini C:\Users\Admin\AppData\Local\Temp\c94b70dff50e69639b0ef1e828621c5fddcf144fea93e27520f48264ddd33273.exe N/A
File opened for modification C:\Users\Admin\Favorites\Links\desktop.ini C:\Users\Admin\AppData\Local\Temp\c94b70dff50e69639b0ef1e828621c5fddcf144fea93e27520f48264ddd33273.exe N/A
File opened for modification C:\Users\Admin\Links\desktop.ini C:\Users\Admin\AppData\Local\Temp\c94b70dff50e69639b0ef1e828621c5fddcf144fea93e27520f48264ddd33273.exe N/A
File opened for modification C:\Users\Public\Videos\Sample Videos\desktop.ini C:\Users\Admin\AppData\Local\Temp\c94b70dff50e69639b0ef1e828621c5fddcf144fea93e27520f48264ddd33273.exe N/A
File opened for modification C:\Users\Admin\Contacts\desktop.ini C:\Users\Admin\AppData\Local\Temp\c94b70dff50e69639b0ef1e828621c5fddcf144fea93e27520f48264ddd33273.exe N/A
File opened for modification C:\Users\Public\Documents\desktop.ini C:\Users\Admin\AppData\Local\Temp\c94b70dff50e69639b0ef1e828621c5fddcf144fea93e27520f48264ddd33273.exe N/A
File opened for modification C:\Users\Public\Recorded TV\Sample Media\desktop.ini C:\Users\Admin\AppData\Local\Temp\c94b70dff50e69639b0ef1e828621c5fddcf144fea93e27520f48264ddd33273.exe N/A
File opened for modification C:\Users\Admin\Favorites\Links for United States\desktop.ini C:\Users\Admin\AppData\Local\Temp\c94b70dff50e69639b0ef1e828621c5fddcf144fea93e27520f48264ddd33273.exe N/A
File opened for modification C:\Users\Admin\Searches\desktop.ini C:\Users\Admin\AppData\Local\Temp\c94b70dff50e69639b0ef1e828621c5fddcf144fea93e27520f48264ddd33273.exe N/A
File opened for modification C:\Users\Public\Libraries\desktop.ini C:\Users\Admin\AppData\Local\Temp\c94b70dff50e69639b0ef1e828621c5fddcf144fea93e27520f48264ddd33273.exe N/A
File opened for modification C:\Users\Public\Music\Sample Music\desktop.ini C:\Users\Admin\AppData\Local\Temp\c94b70dff50e69639b0ef1e828621c5fddcf144fea93e27520f48264ddd33273.exe N/A
File opened for modification C:\Users\Public\Recorded TV\desktop.ini C:\Users\Admin\AppData\Local\Temp\c94b70dff50e69639b0ef1e828621c5fddcf144fea93e27520f48264ddd33273.exe N/A
File opened for modification C:\Users\Public\desktop.ini C:\Users\Admin\AppData\Local\Temp\c94b70dff50e69639b0ef1e828621c5fddcf144fea93e27520f48264ddd33273.exe N/A
File opened for modification C:\Users\Public\Videos\desktop.ini C:\Users\Admin\AppData\Local\Temp\c94b70dff50e69639b0ef1e828621c5fddcf144fea93e27520f48264ddd33273.exe N/A

Browser Information Discovery

discovery

Processes

C:\Users\Admin\AppData\Local\Temp\c94b70dff50e69639b0ef1e828621c5fddcf144fea93e27520f48264ddd33273.exe

"C:\Users\Admin\AppData\Local\Temp\c94b70dff50e69639b0ef1e828621c5fddcf144fea93e27520f48264ddd33273.exe"

Network

N/A

Files

C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\readme.txt

MD5 dd806040720673ef74d9b53f012929a9
SHA1 9512b747ee8b3ecd443fbcd8b6f2ec59bda6ca0d
SHA256 f051974989e511fcb4740dad18accfd50badb43533711d58fd64f244859da499
SHA512 c4abc24869feb2358c84d40c5a4f4b4ceea27b1290e646a6b2ed734a24b374dc7b238dcdab1d387cbe73744c9cfb55b5a6e1a7c982dd7d3c99922098c2c38cdd

C:\ProgramData\Microsoft\Assistance\Client\1.0\es-ES\Help_MValidator.Lck

MD5 1a0e1caf93351e0f0994b2d227f6cfa8
SHA1 b74877060459c312ef81d747a44fa83ee762eb2b
SHA256 86dbd62c853d11e151ad8e29592ada749db30ff9b84d815b47082366a586b92b
SHA512 9e3c16b04ad8c5380718fc4f3809d2c964547beb738f06272e6f34812a95165318e962323c830584fd8f6f87cd48dd89ea6dbac7afff3f2621753884bc2cac1b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\CURRENT

MD5 f0969fc54d5b44142006fde7105b472f
SHA1 18301ffeed5aa1f1dffcc4cca759f982eedec377
SHA256 523a5148b3b0cd6714e2d5861590acd623a374cb7c945311788615c7b3e6170d
SHA512 373b90166b450ab9abf1b0d47ae236fd6b944b9df4ea8430bb1be5a0d52fe5f3174a8321babf7cceca3df0d00cb2eedaceb06a811398ed354f5a3fdd76e28f42

C:\Users\Admin\AppData\Local\Microsoft\Feeds\Feeds for United States~\Popular Government Questions from USA~dgov~.feed-ms

MD5 3dd99960cf7d10a4e2427c30766f6e4f
SHA1 0b245c36b86d940708d38c4e0484c26132fccc68
SHA256 b4c8a7f2b5f0901b9c5711e35660e8652f6174f5beec247514262b85213b0c2b
SHA512 48a8a222048a7184fc998ff8c0da28d3c4ee4971cf698bbef3556203fbb1a92f21df1d06f7873cd2562aca63c8a0e61d44d289d35d249f93f96f283c8f0ac512

C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\R627XHFP\desktop.ini

MD5 2ab36ed45e90c24ca0246a5c3e0ae6aa
SHA1 0daa1f71d33142049329e3f97faff0768fa7922f
SHA256 a664b155d17cf6037c2d8b06d5613986cba799b4d2269eb95de7511b4f782fe4
SHA512 e418265af5264971f4ac8a3f04a6b73c88296883e0ae472a4702b818f0a24da12f9cda82435a46df5f6a3cb1d41d8996e467dba67f7302d11863338a87024308

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

MD5 ac5894bb4e1171a46ae4e924ef6af9dd
SHA1 ea69517e4a7c332ba3c48dbecd80137cf82bb211
SHA256 5b94012f3dfbb62133b58efc74bfad6d30f039f24897073152a4a357fe40f4eb
SHA512 601cfafa7e0df84ea3767259eee45c73567dbe2ad7ef01acdaed63aab097e4a2a0e932f606dc08315cab85e8c10c813d07993cc622ae472fe4de814c11ecc102

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_3

MD5 a19c997f5e776e93b8bc7f4ab6f463fd
SHA1 6f8a364dbf0a5b8a9f9a0f4567f3411df65f898e
SHA256 be6f9b37512773a26962be905afb9dbcd5ed1ea34f6ecea1ecadbc5736b73543
SHA512 66befd39f73b8516ee62f52387a409d62568598aa14cf4372e6f7f2a303aecb2ecc12d94d53eb437de636ff7bed98d7c1878d48bec58848fca255870063a05b9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_2

MD5 279dd811334c72efc08bda074fedd615
SHA1 f9ee1f2a611c3304eed9f5e6fbbf05fd3caf0211
SHA256 c7e263c791c65a3036497bb8d1218b73f01b3116082b5c1853c1ac630cba1351
SHA512 69564b90d5fc2519f3cd9b0904f156bb86768564f286b7246da1e715d90d14345f8b1fe65ed1a91d22bb2256eef2c0cf04fa416b4c39f737d1b22317a5f62c0b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_0

MD5 936c1cb9210b32cc8cc113584536aeed
SHA1 f4465df65f4e9d7b59e60afae20fb09f3f2bf83f
SHA256 c394b5427624da777657027e2cb24f506e9922cbad7e120b3af3d19ca80d2def
SHA512 ee7ce1de4d969531509b1c5ca64c5e83f251316ca374528211a0627a7e9055824302995e96f71d7950dd4624a376540b613f513e095916e19d56bfde78aac6fa

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1bogwdvw.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite

MD5 48ef2ec2265940845792a7416db784d8
SHA1 f0b4efb0ba367e41b2b754be352a73d8e181a713
SHA256 50f88f1c67fea2044a2d17055e4ccc1e12e53ca523d7b8f98302906ece6a8bb6
SHA512 e8c4f8502a4538cdd15b6642a8dd768aee0cf3b0a3b9e350e5feae6d2f56bf74aed7bdbca5b2a88117bf6a7c145232405724a3b3f44bf6284a884d4843b9bd38

memory/2712-2225-0x000000013F970000-0x000000013FAD3000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-14 03:07

Reported

2024-11-14 03:10

Platform

win10v2004-20241007-en

Max time kernel

149s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\c94b70dff50e69639b0ef1e828621c5fddcf144fea93e27520f48264ddd33273.exe"

Signatures

Renames multiple (1509) files with added filename extension

ransomware

Credentials from Password Stores: Windows Credential Manager

credential_access stealer

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\readme.txt C:\Users\Admin\AppData\Local\Temp\c94b70dff50e69639b0ef1e828621c5fddcf144fea93e27520f48264ddd33273.exe N/A

Reads user/profile data of web browsers

spyware stealer

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\Users\Admin\Documents\desktop.ini C:\Users\Admin\AppData\Local\Temp\c94b70dff50e69639b0ef1e828621c5fddcf144fea93e27520f48264ddd33273.exe N/A
File opened for modification C:\Users\Public\desktop.ini C:\Users\Admin\AppData\Local\Temp\c94b70dff50e69639b0ef1e828621c5fddcf144fea93e27520f48264ddd33273.exe N/A
File opened for modification C:\Users\Public\Documents\desktop.ini C:\Users\Admin\AppData\Local\Temp\c94b70dff50e69639b0ef1e828621c5fddcf144fea93e27520f48264ddd33273.exe N/A
File opened for modification C:\Users\Admin\Pictures\Saved Pictures\desktop.ini C:\Users\Admin\AppData\Local\Temp\c94b70dff50e69639b0ef1e828621c5fddcf144fea93e27520f48264ddd33273.exe N/A
File opened for modification C:\Users\Admin\Contacts\desktop.ini C:\Users\Admin\AppData\Local\Temp\c94b70dff50e69639b0ef1e828621c5fddcf144fea93e27520f48264ddd33273.exe N/A
File opened for modification C:\Users\Public\Pictures\desktop.ini C:\Users\Admin\AppData\Local\Temp\c94b70dff50e69639b0ef1e828621c5fddcf144fea93e27520f48264ddd33273.exe N/A
File opened for modification C:\Users\Admin\Favorites\Links\desktop.ini C:\Users\Admin\AppData\Local\Temp\c94b70dff50e69639b0ef1e828621c5fddcf144fea93e27520f48264ddd33273.exe N/A
File opened for modification C:\Users\Admin\Music\desktop.ini C:\Users\Admin\AppData\Local\Temp\c94b70dff50e69639b0ef1e828621c5fddcf144fea93e27520f48264ddd33273.exe N/A
File opened for modification C:\Users\Public\AccountPictures\desktop.ini C:\Users\Admin\AppData\Local\Temp\c94b70dff50e69639b0ef1e828621c5fddcf144fea93e27520f48264ddd33273.exe N/A
File opened for modification C:\Users\Admin\Saved Games\desktop.ini C:\Users\Admin\AppData\Local\Temp\c94b70dff50e69639b0ef1e828621c5fddcf144fea93e27520f48264ddd33273.exe N/A
File opened for modification C:\Users\Admin\Downloads\desktop.ini C:\Users\Admin\AppData\Local\Temp\c94b70dff50e69639b0ef1e828621c5fddcf144fea93e27520f48264ddd33273.exe N/A
File opened for modification C:\Users\Admin\OneDrive\desktop.ini C:\Users\Admin\AppData\Local\Temp\c94b70dff50e69639b0ef1e828621c5fddcf144fea93e27520f48264ddd33273.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini C:\Users\Admin\AppData\Local\Temp\c94b70dff50e69639b0ef1e828621c5fddcf144fea93e27520f48264ddd33273.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini C:\Users\Admin\AppData\Local\Temp\c94b70dff50e69639b0ef1e828621c5fddcf144fea93e27520f48264ddd33273.exe N/A
File opened for modification C:\Users\Admin\3D Objects\desktop.ini C:\Users\Admin\AppData\Local\Temp\c94b70dff50e69639b0ef1e828621c5fddcf144fea93e27520f48264ddd33273.exe N/A
File opened for modification C:\Users\Admin\Links\desktop.ini C:\Users\Admin\AppData\Local\Temp\c94b70dff50e69639b0ef1e828621c5fddcf144fea93e27520f48264ddd33273.exe N/A
File opened for modification C:\Users\Admin\Pictures\Camera Roll\desktop.ini C:\Users\Admin\AppData\Local\Temp\c94b70dff50e69639b0ef1e828621c5fddcf144fea93e27520f48264ddd33273.exe N/A
File opened for modification C:\Users\Admin\Videos\desktop.ini C:\Users\Admin\AppData\Local\Temp\c94b70dff50e69639b0ef1e828621c5fddcf144fea93e27520f48264ddd33273.exe N/A
File opened for modification C:\Users\Public\Videos\desktop.ini C:\Users\Admin\AppData\Local\Temp\c94b70dff50e69639b0ef1e828621c5fddcf144fea93e27520f48264ddd33273.exe N/A
File opened for modification C:\Users\Public\Libraries\desktop.ini C:\Users\Admin\AppData\Local\Temp\c94b70dff50e69639b0ef1e828621c5fddcf144fea93e27520f48264ddd33273.exe N/A
File opened for modification C:\Users\Admin\Searches\desktop.ini C:\Users\Admin\AppData\Local\Temp\c94b70dff50e69639b0ef1e828621c5fddcf144fea93e27520f48264ddd33273.exe N/A
File opened for modification C:\Users\Public\Desktop\desktop.ini C:\Users\Admin\AppData\Local\Temp\c94b70dff50e69639b0ef1e828621c5fddcf144fea93e27520f48264ddd33273.exe N/A
File opened for modification C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini C:\Users\Admin\AppData\Local\Temp\c94b70dff50e69639b0ef1e828621c5fddcf144fea93e27520f48264ddd33273.exe N/A
File opened for modification C:\Users\Admin\Desktop\desktop.ini C:\Users\Admin\AppData\Local\Temp\c94b70dff50e69639b0ef1e828621c5fddcf144fea93e27520f48264ddd33273.exe N/A
File opened for modification C:\Users\Admin\Pictures\desktop.ini C:\Users\Admin\AppData\Local\Temp\c94b70dff50e69639b0ef1e828621c5fddcf144fea93e27520f48264ddd33273.exe N/A
File opened for modification C:\Users\Public\Music\desktop.ini C:\Users\Admin\AppData\Local\Temp\c94b70dff50e69639b0ef1e828621c5fddcf144fea93e27520f48264ddd33273.exe N/A
File opened for modification C:\Users\Public\Downloads\desktop.ini C:\Users\Admin\AppData\Local\Temp\c94b70dff50e69639b0ef1e828621c5fddcf144fea93e27520f48264ddd33273.exe N/A
File opened for modification C:\Users\Admin\Favorites\desktop.ini C:\Users\Admin\AppData\Local\Temp\c94b70dff50e69639b0ef1e828621c5fddcf144fea93e27520f48264ddd33273.exe N/A

Browser Information Discovery

discovery

Processes

C:\Users\Admin\AppData\Local\Temp\c94b70dff50e69639b0ef1e828621c5fddcf144fea93e27520f48264ddd33273.exe

"C:\Users\Admin\AppData\Local\Temp\c94b70dff50e69639b0ef1e828621c5fddcf144fea93e27520f48264ddd33273.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 10.179.89.13.in-addr.arpa udp

Files

C:\ProgramData\Adobe\Setup\readme.txt

MD5 dd806040720673ef74d9b53f012929a9
SHA1 9512b747ee8b3ecd443fbcd8b6f2ec59bda6ca0d
SHA256 f051974989e511fcb4740dad18accfd50badb43533711d58fd64f244859da499
SHA512 c4abc24869feb2358c84d40c5a4f4b4ceea27b1290e646a6b2ed734a24b374dc7b238dcdab1d387cbe73744c9cfb55b5a6e1a7c982dd7d3c99922098c2c38cdd

C:\ProgramData\Microsoft\Network\Downloader\edbtmp.log

MD5 85e1ec088d98cbba7197a8eed152b5c7
SHA1 866d6f9950908c86d4b05bd54acbebeb03d56996
SHA256 d2c4c504e960efadff7226056fa4c759b31f28eabeb44e1966063366d37fda9a
SHA512 ae6581a758f7faa0b807b7fbf761f2de318a207a074b9e82e8c2db757291966ece3e83d60322fd38f7e660f9f0726fee64351b3c3f15a3066a44b4b6a09baeab

C:\Users\Admin\AppData\Local\Comms\UnistoreDB\USStmp.jtx

MD5 27fc97b43b1298b44bd6ff875740a95a
SHA1 495e53cb88d4147639a3c05ea26449db2f64edab
SHA256 8210308858815b384a2c1073b7ad6b5a53bf9c0f4c098b9f1ce14bd2c793b48a
SHA512 843219e7183ba21c9aa06cfaebdf1e9f3900fc48d4e18e93c8803a8f2d16b015237f2e9da013c53c0fe120589cf322a8fbc35b313d0829f3cda28b2d6969369c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\CURRENT

MD5 8a19fe9992fe113ea0638f941b892aab
SHA1 2e5ea1ae74b6636d9e419a68599ddd8ad75278a3
SHA256 6861224096f474ca4110fe85654468eb1fd9f54c9ba3e79421b1fb23f9c4f2b2
SHA512 b0f5ec7b67385c9bd0202ad26b30e4bf9e2081a8fe534b785182a04d2ced3014bbed42ab63e3e354a987b89442da495c955852b20f3af009dd93ae408332734f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\MANIFEST-000001

MD5 751c0d8718e1bfae51059fb207ab752c
SHA1 4e3b1e2ee19438546b6bb695a77d16db1f01e0c3
SHA256 110cc8aa70d2eba70df916c40f6ef81420679d0e173d1ece1c7dd6d1c0eb5451
SHA512 656e417e3855b6a57683921a8e7b28112a6d6595dc0790325d5a9efb4586a94f5e43c3280c1802a49b2665a32619ce0d6f3b9444d29af48f1ae43565aba99aa0

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js\index

MD5 950e30b5642cdfb2794656276fc5a37e
SHA1 47cb8ff61c648828838fb80e3a94221384c5d66b
SHA256 2ba8d9254bf25907acd820286c3d8f65d4b5b2e5633ed662aaa03b44f65706e5
SHA512 4ec409cb02f4a8cb98a793375d743fdc779108693dc5ff7b6ee5adb2cd091ee29b6cd33ac22aec81662dd7daa46d1f85a76a91e36c65a187da605b32ff1d177a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\MANIFEST-000001

MD5 70fe68affea79f7c3d6bc8f84ce90f43
SHA1 2c30407d33ad09a71098c908761023dd3233d3e5
SHA256 f3b723941330c187efbfdec9cfc5f04262496a1e1db0e93b2733d59484acbfa2
SHA512 709a78c0f580495e191b72e746c481fa3fb4685ee4f4f4cea371d44e8151ec38eeb4aaa045d552a765cee4856ed9f201ada91efbd7f4b9ef8c790747669c49ee

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\CURRENT

MD5 0ed54087f0d6042a872a2c71158df2bf
SHA1 e447b162eae54f9ea7692ef1bd419756511e22a6
SHA256 9c5fe6ef5a086050f340d2e0ebd4e701f79afcf248539a682c1f5081190e86d2
SHA512 4d141bab5868c39cc518d9840025ae461b9dc22e8a9c568a320a7df929f698edfe9b830947bbd0a78a91586c6127b96b899c2f3b99bf0a1b06516aef2076c89a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache\data_3

MD5 e245fe64e2c8a7d1998ccfeb3ab7a70d
SHA1 a684f8c75a6d4f6eea6650a184b7f57265800b5c
SHA256 9dcbd494e05eb172151aca1a9a4936098c923d8a6dbe9a22022cda6f40992775
SHA512 80810a508887692b0ba453f63b2ff49d1c4709cbccc879f5a49eba6733360ec9c97b6de61e58b20128ee5aa953705a561f8e056fc68041a921d06aa35420462c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache\data_2

MD5 f7297b4b62f6041b5b8200009b402424
SHA1 d6194ad00779fada34a240b62335ceffc9f6e54f
SHA256 5a41641df5f829e8130516bae9cee462264b47a6938c73f1646235006fa45de8
SHA512 ba355c410dd723af7809474943c8ef77fc530f2b6060ae38d600b8a860878c15a199804e9afb4f7760bd4e9d7cb3ab9d71ce2bac0e05cf00ceab959b790671f1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache\data_1

MD5 ed69ce598863da3c23e078a3505d7dad
SHA1 b916d6a151968dead848042037196f7e7e5b10f1
SHA256 955a9bcd28a8a90b7d26c4ddfb44d76f32d04efb0f4c9d68d6dc51aea0f4c2e4
SHA512 0fae023c76e22def1a6438fb986148b8bef11665a9166e603dc193e1c66929c24c324e452e3eb3b235d952bc8d3f1ff6ccb2602588c591b470332eb1c13d3ceb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache\data_0

MD5 3be0ece2d2e76f08ce42f7f72e7cf7d3
SHA1 59d8e02dbc4d2add7eba6dc23dbff36062bccf47
SHA256 980fbd109c6d940bc4139d48d46ce6a9761b7ee820c28e14a6fb816678e39682
SHA512 ab612bc5e1400e48db3cfd34956f62c3672b2e480e0706b97922234f1ec0c4c3b310ca285c859c775de73cbb6aef38624d6b6b111d08ba219eb6a1bd475cdcb6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\CURRENT

MD5 6ec0b2850e0bab57094c5c2cf170f149
SHA1 ccd6a59d2c03f587b1b77b16d81f3a0d350a0d40
SHA256 b62a5c4ce0535cdac6cf75cdf9ea6b7c82d06361197adbff7691a91832726509
SHA512 e19023f3ab6c9d4c37eb5475a76b1882abbe30f687e881b9876822a616eed135015150a5208290bbd6448ab83c90d70da3e69f04b7dc5ecce7486181b6d26eed

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\MANIFEST-000001

MD5 cca15e51a44b9058109b70055ccb9dd4
SHA1 dd632e15f55d8d204d71cca0ed6769f3f531e707
SHA256 194cf9167200e43ce5557ff2a4f50beb1626a0efe7100c8b6e20a75c84cc0890
SHA512 eebbff4b756aa197a360a68dd39eba45f9d2436af61d2593f9bb117e8e184c00ea38a186fff775aeac2d69840d6ca32a800f8ca7d3ab052127273a6c58cbbc9d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

MD5 c92723ecfc71fa0a810bd4a2ec00684d
SHA1 db7ba55fd4a2d42e3f152e94daec0475fd786d35
SHA256 4faea6cad0142104a5160d890290c5fe3c50b025630b9257b85b187612b7d62a
SHA512 c00a0bf6d9b7799131f08b229ebf8e907538e4ddab36a6178832b07361e42d14912f1ddb74d5f2216491d52a4e12b7008ae7c0e058c4cd17d9ee96949d0993cc

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_3

MD5 2d8249166b2856047c763c408fb96623
SHA1 d844fbcce9173d10af9e7022d4e807dd9d6628cf
SHA256 3464603056ccaca09b5a07cbf8c718d07a85271e2d09378595591dc0c8a84e9c
SHA512 6bcebc8df5e4e37cab913f26398df1ee8493866ed8860b591913fbd6a610f9aec4269ca3d70a914cfc01186f25e4de4b677d98c8542b719ce896bef79648f059

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_0

MD5 912829bfc455cc072df3801e73412e5b
SHA1 28a2c491b01b78144f19f811d75ad67330862c94
SHA256 e79e56fbc1c5830a028014f896dec94b8cf063fe38583fc434e9b7dfca65078f
SHA512 1d8cb8a0138548471c5b399ef032ff3621af4aeb2266113471f4a3381be8b197a386702db66481542b34df99dccfa2463d1d53a1b54bff5084862129e8c58a34

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_2

MD5 46a9874480c36fb1a78697c9e1eee81a
SHA1 b7b879775a755d626cd8ebf84f6f29a557fea5d8
SHA256 0954b32b62a9f94818f1c9f9c69fee31f23ae2d463f750377e4658fa5400224c
SHA512 fd2f6536908ac51bcd5c4602de7bad0cd1f3e46cacbfe516b677cb1129ccd9e58d9c5e9ba580c6f168f1ad9ba0906a23a36dc428349d57e9a5194e165cb949be

C:\Users\Admin\AppData\Local\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_cw5n1h2txyewy\Settings\settings.dat

MD5 1c6fbd8f48bbe6b1f17f52e8d3920283
SHA1 c39c3c9cf65c4b53ed4e2368c21893e0a9251074
SHA256 f2a943abc935b0cdda25e791c216a5115a3bfd39cbfbbdda5cd6e3104295210d
SHA512 2a19f1cc500a69054581f3a40863cea6b31ddf2c49947b808526d96fdcb68677530d9b24899644db04219049d3442499d39fafbbcf7d70747c9528223a79d7ff

C:\Users\Admin\AppData\Local\Packages\Microsoft.Win32WebViewHost_cw5n1h2txyewy\Settings\settings.dat

MD5 ebe94b28c6d4e6dc12525b9f59292c6e
SHA1 e20f44f826d927151e0dbe6cf8a3ddc790de640f
SHA256 3009c74a9426d1022a18b343a9d1f7ce174a55f9e43efc2cefe10983448fb93b
SHA512 23bdbd41386ebcc48f9c0ff7a5f25a5f5c0a85b0d1094c5a5a75692a1fdcc607e4454c8fddb4cc3d315fb1dc3166615b78fbe99205e3c64dd2670bc445fae301

C:\Users\Admin\AppData\Local\Temp\wct9A3C.tmp

MD5 f91a4b07ee8d3504dae7a35d342fc228
SHA1 0f45f71838044c6a8fafd9e41e705b63411cf3bc
SHA256 a759d599a81d1e13fbd2cb56bc5a6e7fa153274cbd939f132546c8c2845b4186
SHA512 9282166b176aee5a98fa5c21bfa65f14e57510e2ef7d8bb39bb515194b18f77806d5829781d08fd1fba9b035f98d2936534e8f196e226cb3ce3bc1477368adf8

C:\Users\Admin\AppData\Roaming\Microsoft\Templates\LiveContent\16\Managed\Word Document Bibliography Styles\TM02851223[[fn=iso690]].xsl

MD5 014c1496bf77c4399c1c766e75ba2885
SHA1 0b70513d03cc2bd59763b4cdb947169e71b86116
SHA256 36d11f9427bec1ad18f91890a5a09ad69fd4294d7ad89f021202dfb674114f93
SHA512 83aa4a289bef58a5eccf871e8d0d2be117e40bab96b870758f0e58cd3253247bb346d15d19caf4c397c4dd54976f4985269f0c9accfb3cb63e2bf237633ddc17

memory/2720-3846-0x00007FF756CC0000-0x00007FF756E23000-memory.dmp

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite

MD5 410cc40a12745b6343354c1b4e8a3b2f
SHA1 2daac033506c3800cc67ddeb5ebc3db946e2cd23
SHA256 28c27895206fc52b69386806260b917b3507b474f63b481220ed7ea5feaa514a
SHA512 ef9e9bf7f08e8530ab38e2ed139b9e005d1be14b56c237849b3c82b831c3f9c3dacdbb9e3ef8a87c39b7aa29db29c16ebe9d3e090ad1044710d23907e71f8609

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite-shm

MD5 5800f64033e6c8fb9eb86d6dc29d3f90
SHA1 9c35f3154491621307b0c27026c096ccb66e5aa1
SHA256 60d7f740ae9dc3bcaf1c1daeea63ae56ea29e3156049c68549e33aabb63f9adf
SHA512 2b388df5d2102228865e98de8964fc50a4e5b7760d30c450cb27b7065e26db6850bbf8491030c8e07afee72c8368de4dc955c90c269775a3efde63b4220ef253

memory/2720-4395-0x00007FF756CC0000-0x00007FF756E23000-memory.dmp