teslacrypt | 9b1622602d4ae8196316deeb91fbdd1346a4b31453f3762be119e24c84827217

max time kernel
46s
max time network
146s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
26-11-2024 06:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a0340430d4b1c1f6dd4048ab98f2e4b2_JaffaCakes118.exe
Size

388KB
MD5

a0340430d4b1c1f6dd4048ab98f2e4b2
SHA1

a43ff275972b4ed9b7f3ece61d7d49375db635e9
SHA256

9b1622602d4ae8196316deeb91fbdd1346a4b31453f3762be119e24c84827217
SHA512

54ca85bee0ded2a742c767565159c0e3121d8cd1d97cebc751d067b1ea45d9fca86b6d5acad5b472eddef23d20afcc8ae3497cdd411fd9f393d80e0c90f2cd8d
SSDEEP

12288:XhTjRwlkwFrnAEryLFcG3yBrZTRDgZ8zOhG6:p4DRw7325gPh

Score

10^/10

teslacrypt defense_evasion discovery execution impact ransomware

Malware Config

Extracted

Path

C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\Recovery+dmwwd.txt

Family

teslacrypt

Ransom Note

NOT YOUR LANGUAGE? USE https://translate.google.com What happened to your files ? All of your files were protected by a strong encryption with RSA-4096. More information about the encryption keys using RSA-4096 can be found here: http://en.wikipedia.org/wiki/RSA_(cryptosystem) How did this happen ? !!! Specially for your PC was generated personal RSA-4096 KEY, both public and private. !!! ALL YOUR FILES were encrypted with the public key, which has been transferred to your computer via the Internet. !!! Decrypting of your files is only possible with the help of the private key and decrypt program , which is on our Secret Server What do I do ? So, there are two ways you can choose: wait for a miracle and get your price doubled, or start obtaining BITCOIN NOW! , and restore your data easy way. If You have really valuable data, you better not waste your time, because there is no other way to get your files, except make a payment. For more specific instructions, please visit your personal home page, there are a few different addresses pointing to your page below: 1. http://tt54rfdjhb34rfbnknaerg.milerteddy.com/A52C43E34E6F97F1 2. http://kkd47eh4hdjshb5t.angortra.at/A52C43E34E6F97F1 3. http://ytrest84y5i456hghadefdsd.pontogrot.com/A52C43E34E6F97F1 If for some reasons the addresses are not available, follow these steps: 1. Download and install tor-browser: http://www.torproject.org/projects/torbrowser.html.en 2. After a successful installation, run the browser 3. Type in the address bar: xlowfznrg4wf7dli.onion/A52C43E34E6F97F1 4. Follow the instructions on the site. ---------------- IMPORTANT INFORMATION------------------------ *-*-* Your personal pages: http://tt54rfdjhb34rfbnknaerg.milerteddy.com/A52C43E34E6F97F1 http://kkd47eh4hdjshb5t.angortra.at/A52C43E34E6F97F1 http://ytrest84y5i456hghadefdsd.pontogrot.com/A52C43E34E6F97F1 *-*-* Your personal page Tor-Browser: xlowfznrg4wf7dli.ONION/A52C43E34E6F97F1

URLs

http://tt54rfdjhb34rfbnknaerg.milerteddy.com/A52C43E34E6F97F1

http://kkd47eh4hdjshb5t.angortra.at/A52C43E34E6F97F1

http://ytrest84y5i456hghadefdsd.pontogrot.com/A52C43E34E6F97F1

http://xlowfznrg4wf7dli.ONION/A52C43E34E6F97F1

Signatures

TeslaCrypt, AlphaCrypt
Ransomware based on CryptoLocker. Shut down by the developers in 2016.
ransomware teslacrypt
Teslacrypt family
teslacrypt
Deletes shadow copies 3 TTPs
Ransomware often targets backup files to inhibit system recovery.
ransomware defense_evasion impact execution

File Deletion
T1070.004

Inhibit System Recovery
T1490

Windows Management Instrumentation
T1047

Deletes itself 1 IoCs

pid	Process
2456	cmd.exe

Executes dropped EXE 1 IoCs

pid	Process
2388	fhjkgwjuqdxl.exe

Indicator Removal: File Deletion 1 TTPs
Adversaries may delete files left behind by the actions of their intrusion activity.
defense_evasion

File Deletion
T1070.004

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1964 set thread context of 1348	1964	a0340430d4b1c1f6dd4048ab98f2e4b2_JaffaCakes118.exe	42

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\fhjkgwjuqdxl.exe	a0340430d4b1c1f6dd4048ab98f2e4b2_JaffaCakes118.exe
File created	C:\Windows\fhjkgwjuqdxl.exe	a0340430d4b1c1f6dd4048ab98f2e4b2_JaffaCakes118.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a0340430d4b1c1f6dd4048ab98f2e4b2_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a0340430d4b1c1f6dd4048ab98f2e4b2_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fhjkgwjuqdxl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
2428	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2716	chrome.exe
2716	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeDebugPrivilege	1348	a0340430d4b1c1f6dd4048ab98f2e4b2_JaffaCakes118.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe
Token: SeShutdownPrivilege	2716	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe
2716	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2716 wrote to memory of 2728	2716	chrome.exe	31
PID 2716 wrote to memory of 2728	2716	chrome.exe	31
PID 2716 wrote to memory of 2728	2716	chrome.exe	31
PID 2716 wrote to memory of 2572	2716	chrome.exe	33
PID 2716 wrote to memory of 2572	2716	chrome.exe	33
PID 2716 wrote to memory of 2572	2716	chrome.exe	33
PID 2716 wrote to memory of 2572	2716	chrome.exe	33
PID 2716 wrote to memory of 2572	2716	chrome.exe	33
PID 2716 wrote to memory of 2572	2716	chrome.exe	33
PID 2716 wrote to memory of 2572	2716	chrome.exe	33
PID 2716 wrote to memory of 2572	2716	chrome.exe	33
PID 2716 wrote to memory of 2572	2716	chrome.exe	33
PID 2716 wrote to memory of 2572	2716	chrome.exe	33
PID 2716 wrote to memory of 2572	2716	chrome.exe	33
PID 2716 wrote to memory of 2572	2716	chrome.exe	33
PID 2716 wrote to memory of 2572	2716	chrome.exe	33
PID 2716 wrote to memory of 2572	2716	chrome.exe	33
PID 2716 wrote to memory of 2572	2716	chrome.exe	33
PID 2716 wrote to memory of 2572	2716	chrome.exe	33
PID 2716 wrote to memory of 2572	2716	chrome.exe	33
PID 2716 wrote to memory of 2572	2716	chrome.exe	33
PID 2716 wrote to memory of 2572	2716	chrome.exe	33
PID 2716 wrote to memory of 2572	2716	chrome.exe	33
PID 2716 wrote to memory of 2572	2716	chrome.exe	33
PID 2716 wrote to memory of 2572	2716	chrome.exe	33
PID 2716 wrote to memory of 2572	2716	chrome.exe	33
PID 2716 wrote to memory of 2572	2716	chrome.exe	33
PID 2716 wrote to memory of 2572	2716	chrome.exe	33
PID 2716 wrote to memory of 2572	2716	chrome.exe	33
PID 2716 wrote to memory of 2572	2716	chrome.exe	33
PID 2716 wrote to memory of 2572	2716	chrome.exe	33
PID 2716 wrote to memory of 2572	2716	chrome.exe	33
PID 2716 wrote to memory of 2572	2716	chrome.exe	33
PID 2716 wrote to memory of 2572	2716	chrome.exe	33
PID 2716 wrote to memory of 2572	2716	chrome.exe	33
PID 2716 wrote to memory of 2572	2716	chrome.exe	33
PID 2716 wrote to memory of 2572	2716	chrome.exe	33
PID 2716 wrote to memory of 2572	2716	chrome.exe	33
PID 2716 wrote to memory of 2572	2716	chrome.exe	33
PID 2716 wrote to memory of 2572	2716	chrome.exe	33
PID 2716 wrote to memory of 2572	2716	chrome.exe	33
PID 2716 wrote to memory of 2572	2716	chrome.exe	33
PID 2716 wrote to memory of 2596	2716	chrome.exe	34
PID 2716 wrote to memory of 2596	2716	chrome.exe	34
PID 2716 wrote to memory of 2596	2716	chrome.exe	34
PID 2716 wrote to memory of 1296	2716	chrome.exe	35
PID 2716 wrote to memory of 1296	2716	chrome.exe	35
PID 2716 wrote to memory of 1296	2716	chrome.exe	35
PID 2716 wrote to memory of 1296	2716	chrome.exe	35
PID 2716 wrote to memory of 1296	2716	chrome.exe	35
PID 2716 wrote to memory of 1296	2716	chrome.exe	35
PID 2716 wrote to memory of 1296	2716	chrome.exe	35
PID 2716 wrote to memory of 1296	2716	chrome.exe	35
PID 2716 wrote to memory of 1296	2716	chrome.exe	35
PID 2716 wrote to memory of 1296	2716	chrome.exe	35
PID 2716 wrote to memory of 1296	2716	chrome.exe	35
PID 2716 wrote to memory of 1296	2716	chrome.exe	35
PID 2716 wrote to memory of 1296	2716	chrome.exe	35
PID 2716 wrote to memory of 1296	2716	chrome.exe	35
PID 2716 wrote to memory of 1296	2716	chrome.exe	35
PID 2716 wrote to memory of 1296	2716	chrome.exe	35
PID 2716 wrote to memory of 1296	2716	chrome.exe	35
PID 2716 wrote to memory of 1296	2716	chrome.exe	35
PID 2716 wrote to memory of 1296	2716	chrome.exe	35

C:\Users\Admin\AppData\Local\Temp\a0340430d4b1c1f6dd4048ab98f2e4b2_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\a0340430d4b1c1f6dd4048ab98f2e4b2_JaffaCakes118.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:1964
- C:\Users\Admin\AppData\Local\Temp\a0340430d4b1c1f6dd4048ab98f2e4b2_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\a0340430d4b1c1f6dd4048ab98f2e4b2_JaffaCakes118.exe"
  2⤵
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  PID:1348
- - C:\Windows\fhjkgwjuqdxl.exe
    C:\Windows\fhjkgwjuqdxl.exe
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:2388
  - - C:\Windows\fhjkgwjuqdxl.exe
      C:\Windows\fhjkgwjuqdxl.exe
      4⤵
      PID:1236
    - - C:\Windows\System32\wbem\WMIC.exe
        
        "C:\Windows\System32\wbem\WMIC.exe" shadowcopy delete /noin teractive
        5⤵
        
        PID:1612
    - - C:\Windows\SysWOW64\NOTEPAD.EXE
        
        "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\RECOVERY.TXT
        5⤵
        Opens file in notepad (likely ransom note)
        
        PID:2428
    - - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\RECOVERY.HTM
        5⤵
        
        PID:1528
      - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1528 CREDAT:275457 /prefetch:2
        6⤵
        
        PID:484
      - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1528 CREDAT:209928 /prefetch:2
        6⤵
        
        PID:1668
    - - C:\Windows\System32\wbem\WMIC.exe
        
        "C:\Windows\System32\wbem\WMIC.exe" shadowcopy delete /noin teractive
        5⤵
        
        PID:568
    - - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c DEL C:\Windows\FHJKGW~1.EXE
        5⤵
        
        PID:1040
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\system32\cmd.exe" /c DEL C:\Users\Admin\AppData\Local\Temp\A03404~1.EXE
    3⤵
    - Deletes itself
    - System Location Discovery: System Language Discovery
    PID:2456

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7259758,0x7fef7259768,0x7fef7259778
  2⤵
  PID:2728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1132 --field-trial-handle=1388,i,8766071689764384185,18187127190277114482,131072 /prefetch:2
  2⤵
  PID:2572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1432 --field-trial-handle=1388,i,8766071689764384185,18187127190277114482,131072 /prefetch:8
  2⤵
  PID:2596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1608 --field-trial-handle=1388,i,8766071689764384185,18187127190277114482,131072 /prefetch:8
  2⤵
  PID:1296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2276 --field-trial-handle=1388,i,8766071689764384185,18187127190277114482,131072 /prefetch:1
  2⤵
  PID:880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2284 --field-trial-handle=1388,i,8766071689764384185,18187127190277114482,131072 /prefetch:1
  2⤵
  PID:2812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1508 --field-trial-handle=1388,i,8766071689764384185,18187127190277114482,131072 /prefetch:2
  2⤵
  PID:2208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1552 --field-trial-handle=1388,i,8766071689764384185,18187127190277114482,131072 /prefetch:1
  2⤵
  PID:2080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3720 --field-trial-handle=1388,i,8766071689764384185,18187127190277114482,131072 /prefetch:8
  2⤵
  PID:1760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=2132 --field-trial-handle=1388,i,8766071689764384185,18187127190277114482,131072 /prefetch:1
  2⤵
  PID:2016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2784 --field-trial-handle=1388,i,8766071689764384185,18187127190277114482,131072 /prefetch:8
  2⤵
  PID:1628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3900 --field-trial-handle=1388,i,8766071689764384185,18187127190277114482,131072 /prefetch:8
  2⤵
  PID:2680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3844 --field-trial-handle=1388,i,8766071689764384185,18187127190277114482,131072 /prefetch:1
  2⤵
  PID:1964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3900 --field-trial-handle=1388,i,8766071689764384185,18187127190277114482,131072 /prefetch:1
  2⤵
  PID:2336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3004 --field-trial-handle=1388,i,8766071689764384185,18187127190277114482,131072 /prefetch:1
  2⤵
  PID:1380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3052 --field-trial-handle=1388,i,8766071689764384185,18187127190277114482,131072 /prefetch:8
  2⤵
  PID:2708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2988 --field-trial-handle=1388,i,8766071689764384185,18187127190277114482,131072 /prefetch:1
  2⤵
  PID:3016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2980 --field-trial-handle=1388,i,8766071689764384185,18187127190277114482,131072 /prefetch:8
  2⤵
  PID:1876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4164 --field-trial-handle=1388,i,8766071689764384185,18187127190277114482,131072 /prefetch:1
  2⤵
  PID:2132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=1076 --field-trial-handle=1388,i,8766071689764384185,18187127190277114482,131072 /prefetch:1
  2⤵
  PID:1040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4288 --field-trial-handle=1388,i,8766071689764384185,18187127190277114482,131072 /prefetch:1
  2⤵
  PID:776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4124 --field-trial-handle=1388,i,8766071689764384185,18187127190277114482,131072 /prefetch:8
  2⤵
  PID:1620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=4188 --field-trial-handle=1388,i,8766071689764384185,18187127190277114482,131072 /prefetch:1
  2⤵
  PID:1876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4444 --field-trial-handle=1388,i,8766071689764384185,18187127190277114482,131072 /prefetch:8
  2⤵
  PID:1764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4392 --field-trial-handle=1388,i,8766071689764384185,18187127190277114482,131072 /prefetch:8
  2⤵
  PID:3044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4420 --field-trial-handle=1388,i,8766071689764384185,18187127190277114482,131072 /prefetch:8
  2⤵
  PID:944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4588 --field-trial-handle=1388,i,8766071689764384185,18187127190277114482,131072 /prefetch:8
  2⤵
  PID:2636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4040 --field-trial-handle=1388,i,8766071689764384185,18187127190277114482,131072 /prefetch:8
  2⤵
  PID:1948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4168 --field-trial-handle=1388,i,8766071689764384185,18187127190277114482,131072 /prefetch:8
  2⤵
  PID:2008
- C:\Users\Admin\Downloads\Bloxstrap-v2.8.0.exe
  "C:\Users\Admin\Downloads\Bloxstrap-v2.8.0.exe"
  2⤵
  PID:1660

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2164

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}
1⤵
PID:1644

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Windows Management Instrumentation

T1047

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

T1070

File Deletion

T1070.004

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

T1490

Replay Monitor

Loading Replay Monitor...

Downloads

C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\Recovery+dmwwd.html

Filesize
9KB

MD5
76a71f1189f8e119113b3acda3c03c0d

SHA1
9cc84724e68fac066c7c9324f49ab2016a278705

SHA256
eb5223221d7f9d865040f8578074312b78ee65f0b6e4c0666ac5fe85c645f020

SHA512
c8c23a9eb0a2fc372822724d166bf7d6c2e02fffb164135ce1cd0fb5c18a523ee8dfd6733620452026b17855d063396309d48b2ef6197d0e1e4a4c8baf87160c

Download Submit
C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\Recovery+dmwwd.png

Filesize
63KB

MD5
c74f496920a60c5473a6adf1123d3a07

SHA1
6d30efda3fb50df861f11bd1625235291af8b868

SHA256
6ad7e2fef5cdb9061625255a635d43060be0ff9066cc97da9af48524dc3b4e47

SHA512
fa9ebc7b5146167c262d6d40e447ac86f868fb09b96e99bf689a563ec7db80a8db38493b05d9e94f1cc728f9595484f745d57be2a3eb3478bf9dd65d77216997

Download Submit
C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\Recovery+dmwwd.txt

Filesize
1KB

MD5
dddd2e84ea00c29898b415f82c905b5d

SHA1
b0a1a6fc32f34f361324697f7a326ac0e2003d12

SHA256
cfb755eb2c1fdda83c218589b4c95a44b958dfbe37908ce65ce6f4c78de9b35b

SHA512
7d92d42272058243dc95bb0575a00f6724811bee6834edb3c33917bced67bd3b3d895839e8059bb4c75cda32751802970528a98d66b719bd1cff0c02c67eef53

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt

Filesize
11KB

MD5
88ceb112621b06c6aecbcd4939032947

SHA1
02df22eb54a6bf16f67026089e34668e1295079e

SHA256
8fea5ad80316e214498877c35ec1fa8a51a0b3bc7a437124c82eb8baa13de718

SHA512
b562903eeca1199a663eaac0e17ffaba1a48c3a60617e72ee361be7a853c816aee8a111cf438e46faba002a1a21d7f2a7ccc24246c07ebbbe77f52e92e90a9ce

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt

Filesize
109KB

MD5
d629be417c4cbeb9e43941186b5c68cd

SHA1
ed1be3860926c25c249dfed224e4d8f81887c299

SHA256
2372b97bf45b2d9d0ef93e95c258029c88cf9bbc5ff71d6f185c55034cbcf286

SHA512
1c3dec05025c8bac5bb8d207417de611ba542adeb8e45f63dc6d8a88be91aef65ffcc8c792e59f9ec5e12b1f154108771714b6395f7770a2ddaf5e299d101062

Download Submit
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt

Filesize
173KB

MD5
1f2117fb91b929e1134e568f36367fea

SHA1
07636621f2ce499e451039cd23ad00e46c296d00

SHA256
92c96ce8ccf0c28101f91fbb3a1a1a000076a77f2b58cc9858ead190300b2fcd

SHA512
78455702749a64b2c7ab1086293ecc205fded25ac3b0a51c97663e62a2f347475dc23abccaa9fae6e186854edd8cd18bffa82fb946d9d056329f70f8ca8f7dd4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
9171af2b7d72444954e68b638e44c75f

SHA1
15c61af67b1ba1e3380768541317c70fe4b656b3

SHA256
9d7590887a9d3835013288a65cb0b4ef5c90511a59de1309da7e2ad9a00b457b

SHA512
ed90f01869b8519b4874f3a5130ad909b16288f3217f9ddc153844219a19d7bb6c48e62648df5ee2b54a10009674ffb24c05af1a0b8c9507f2eaa147ed736b7b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
88c6e8bdd42b96e2c5654f0eb92412c0

SHA1
a2c186363ab31861435bdcce817a47fa356888fa

SHA256
9ea8402fd49660dbc3712a4d957f839054dc194def94e6915eb719abfab6de43

SHA512
a89e3c074d71be2b4b6c764767db0fc73c306515421dc4edf49a1fdb6052753c942cca06873c546202b192cda7bffa42d9aa7293ff829de457ec78e28b65c0a4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0467410a98b0576b1d373b95ea40511e

SHA1
d65711d7c31c8c2740ef815f506737443e8fb0a9

SHA256
5f203063d00fcec5d8430f0d2138a9dd7de023b7c0dde307a0b24717ee022e08

SHA512
3b592025b0cd6d33d120cf909121b4ad64ea1279650dbb799459e8469b9a0bc49c2914aca86d43494ba40f0bb1da0ee5b851367ee995df5eb95cd48dc92ddbdd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1a6ee32133c74aa1dc46d061f88ff5eb

SHA1
bdc7b9e4fd33a3f1ad0a6e623d73b413a3b6ad6c

SHA256
f95ad41caa4b2d38b4095c9dbe5f87576927d9033b47ba51cc7bbc0f66cbfe8e

SHA512
4f595308af596c8c348f20a7f3c8ceec09c22655741f1e7ffb12150a6c318886d351dbe9516f64afcde29dff648e8a89234a354bb4b7ab1caea57870fc54feec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
51a081a58e9ad4d42570e63b62fa2d0a

SHA1
0f666f9938ceece43cd73bbf936b7978ce97c43e

SHA256
a7a71c95acbedfe9f7d332a268d340aa061b3bd0730718f8f8eb3ca4b9621750

SHA512
60875f02f947b16f7c0fc1d1a2ff95c8cb71c1ffb904c361ec13d877bc6e36e451a4e22b7238b5207d233cdbf5b7a515ffde32de25a512574571a1cc56aa87fa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0d836e8d1993c0eb0b125258d8b94fb4

SHA1
403dc804bbb3b36f471035880383e2040bcaca0e

SHA256
6c73c608b0bba5125481816697744ab816d9745fd1ffcdd61b032e93793fdaef

SHA512
3a616a240693d2bd8bbdc666f9f7324904fd07f411d0c12fcd5cbb722cf6d95c3bc1556d7307e67e2ed571520bbbf3115d3bf4fb907ba1f7942b13600154bee9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
192fcd6f99c10217bc818df454aaa0fe

SHA1
e7c4b3708502c86b92e165f8c44c56f7921f6d7c

SHA256
271e3acc2e9198fc3e2ab99422b76b7bec7ae2fc7f6749a12e267481d93883dd

SHA512
1796caafa5aae16cc29b19023c27725adf2e7e427a26e0f31a7c55964c379f27f45c415af6e8f1110ef5886773670fad42184c60d100ef2259b6ac640e992427

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cdbca89c6088e01ac9b0f60087a7f049

SHA1
ec8633eebfc1b9574bc539f48c5790575fbb5e61

SHA256
3772a6d93a85b45eca0d5fa693d071d4c81b66156a224e7ddef916dc12b15a75

SHA512
3158c266151d7d5315ab995fc36060d0068b3750e10f7fb0dd47b0cb03955da4a8abde6c0f3521b81b092734bd7ce0878e5c041ed75e655b218b35d57914c0a2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7df549c549112fa914eb5893f6aa7f11

SHA1
21b6a922e5dc217c00695ee0da662fb4b9d7e071

SHA256
d4c1fce2ab012812a5cded397970c2ecd1f9043aea7d17cb6029454715461c53

SHA512
5a5e5ff58aa9fa03d6acf3508f5ec6bf9526664197d7fb95f8a39f26fbc3f9fa59fe811b2b6623cfcbafc3554c659eb79b2d85985f39cb5b4b45832556ee907f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b61a3aa2f731e47d1ed13a710e136c8f

SHA1
e127d0b8648dbbf98e76ac1d337a10e8b9fe0d6f

SHA256
67c4d835f0c90e3ef47268662b7983e947b847b1d74c494720dc51328ea3d03d

SHA512
39c84a0f58fad62f4025753a4f9dbc9b5da3686ec78131eadabd13ad45bcf425698a6806b938357cde49607185a790358725f7c23768555c117c6b53a0f7a5fa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c3c208fb6cb73086da15a73dcb0ddef0

SHA1
4bdb32f3f93f9a1e6380bac0366098ba703f84f8

SHA256
109e19be6f953bc4d1a0375f31f59f8f8d6ad9bc5eb31d33b3d9857a78e97a67

SHA512
f95722023e689d7da4d8749605643a907704074d01fc3d6323cfce9e2c8abfd38bf4edd7dc32eeb2efdea21c95008fff0b0dd4f54704af9da66961d0ba2a3322

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1cce6deac4033e01460e7b09ecf4f023

SHA1
8f420c7ab813cfc8adb41e86cd9576c238fb8a96

SHA256
03b583dd9213d6d97c3c65972a7fee49a44beff4eef3141d91b5320ed0524c41

SHA512
89479390e951b85e581a179613033abea5b30741a3b58bcf306dd58995283eccd5dc79fa8f7149e4aecaab36d4993d2fd16addf5cca04aeb256a4df94e9a2824

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f11ce3352e4f614420a514d45e5c1065

SHA1
7f3c277d0bc0492b89728e8aee7a72de3f262773

SHA256
0b1c6331c89105d8b14c5fe836172a4dbeb67673aa2ef245f5f0d9e38014ba38

SHA512
2050f0ddccecd23487e6a0f3a9f24013ecbd9287635153496b20a51f8b48f1ce31ae25183b9245b579bf6dc8fb06acb037860f269d837cccd9c5c81257570386

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a776140185d3189afe7d6bff68918e43

SHA1
447cb51151d455e9e71fac16f6258b6c7bba5bff

SHA256
fb1e34e959cf609e52dce6c22fba14e9bcb5341524a145d52c1a344d8b4941de

SHA512
d811b010c6565494ad8fb725c986e58245a7c9582b365255a3a8621e244c253ac89bc9c56fdae6de8486d8b4a1f01b1dbe877bd7141cd80a7fdaa682b68f685c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d7bec67e150d25102c54d35870adcfeb

SHA1
c9c92cc6f7ff7e5324ef13d0a1d6edbab6c7c357

SHA256
1989a43fa3992608fd294de9b32c6e2eac01d7dd97003b00198f064b2d92a092

SHA512
187b986c482e175fc96b8cfda368c523ee88948e49c6c5a960593d71698bbd2fb55aa0d7cd17a8deda0d219ba4207fdb87a695c9faf65cb083195b102202df62

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fcad8e4fc1a8bcde783b5f30dcaef713

SHA1
eda421658da6a9308f5e19ed03242ac01c9504a7

SHA256
43fa0aa6ce897ab02f75cd3662169768b30f958707d21641335a321ff1dbf68a

SHA512
41435925036b89f800de6bc899f88aff8811ce5bfdc0f52729dfb50b19307dbdfb0d5b01ee03046ed1a23368faf81f894d295877dee71d3897c7d5a1b5b21033

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
40d734db983c06b805380026d5cdcb37

SHA1
aea688239b1d20ac126e2143addc93419d0a6293

SHA256
aed7df5af7fb114151b9754357625a242697ecf79d2d8a00f8051ac9094db535

SHA512
97c6bc9f20d7767f8d9860315ce0afa25bdb7cbf27bd127c5fa4cc90f5872721fca357f12e2493b049b923492c46170828fc7c9d32ce2e68beda305c7428748c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
bc8a7c180f040b6e6f4d4285b5d3eed0

SHA1
0009017a531e7a3c838c744b00239f0f02fead51

SHA256
95e202ffd411c75efe4e604af077b9dd10e62c9320a3c298bf6d95d0ae8b83f6

SHA512
48bfe1413dfdc0d46294e16d83c7597aa987206f20de996244080ad89eb46ab45d40ecafc13d5b1e7a7f289f34511b7fefb8833a3d717c16373be4446d8123e0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
80b8a3891039552f92fa1a854bafb287

SHA1
f953fab9109d4d7432a76172e35c6984aa9edf6d

SHA256
c7cb7a1425eed875ec1e5a790bb8fe1ba5434eb490a4df8fc2c3d446a07a1aae

SHA512
b81d0bdddf0922284928b10a26a1072c856bef73d510a6c295e401755f62b28888b5b11e5b2fb3b94db4e50ea97b26ed3d91ed8e1de50c5f0e249524af0618c5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b0f837fc3623a3f8d6817b7ce90e8921

SHA1
c280bd0bbc25525b668a8d2e374113b5cecf55b0

SHA256
83d30c35f58334f4e3eb56400d422a84ab459f344fcd217e36dc71e3fd6139fb

SHA512
14e284306c34ea5c1f4df245220d3c03cc3db4a4d9923c7932e80ce2a45071db4c317eaee931c5b702e71b7b22d2b3a9fabacc827bcded87d96b0f242d93510e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d4c3832137b758720390e0b3181c99b9

SHA1
4c9f3950a1c84a852dc784650a8de612528a37a8

SHA256
df5f5549ecb085188d974b2875f7bda5ff6078b49ed486f1290b87cd84f5e52a

SHA512
512c1af2b7a167b2ce97fe32f1d0c492614d27b3af521d2874aa4878e709b6f6576a479ef53c487dae57f13b28f3f2c1bff28e740ef7a16181c83df51cdd35bd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ac4d90fc38551f727e0e8f83e43e9b3a

SHA1
4a1d3dec39d8866de770aefe4486d957fabc4796

SHA256
8835973609456de340bac2f00790697b1c82999100208189b51f885694743711

SHA512
6bbf3154480ac380198631e66951236f954b15820040349fff9576c45fd3d0a7bb73443af1656e16956768680ed49b1fe42e3b7d7a1ebf8c2bf479168c2db5a0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d38ae5dbc76d3ebbb26155db8bd042c8

SHA1
5fba4518febfce1fc9ede767dc17edd5ea36b0c9

SHA256
63dbe7efc3ceb88332f00b3d783b522fff38f13610a81f3f722c64c21e01dcbe

SHA512
79ea2994bbcd630819594172e3a865252b65740f5f147866d756e89d5e2f361403c7fca37138772bcfed690ba4f2b8ffe63c788dedd804c982db4c804f86d6e0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
c8d34e70ef83db4a53968fa222c3dd53

SHA1
f877e26981048c31fc3b62a24f7ec90baba00053

SHA256
13809b416a20b24459eb23476bbdfa683cc8ce4b4bd796aeb041c33e41c40c9a

SHA512
37e6c72bd392912a577a533170a15a6e72d02d2e3c911269b3e8b3746e26220e7dadc25e98dd129017e3503962775c2436fea5b6c7f64c10bf3232db5a7f6e3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
215KB

MD5
2be38925751dc3580e84c3af3a87f98d

SHA1
8a390d24e6588bef5da1d3db713784c11ca58921

SHA256
1412046f2516b688d644ff26b6c7ef2275b6c8f132eb809bd32e118208a4ec1b

SHA512
1341ffc84f16c1247eb0e9baacd26a70c6b9ee904bc2861e55b092263613c0f09072efd174b3e649a347ef3192ae92d7807cc4f5782f8fd07389703d75c4c4e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
f7ab3e6e3b5c5cf2d60aaf72126ed1a0

SHA1
736a82ec2fbfdf9c48ca17600a3beb5112fa6b0d

SHA256
ddd458669cb5aefda88d99a64ab1606e03d31b243031293487492be0828e73a4

SHA512
31ebc5182a7eb596f5d837595c4f517b8dbbb01794d9a0de5f3bd208a61043f1c143e0365a2e0092f29dfb865ba370dcb851b5ca1ae202bbfdeaf3e14632b469

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
527B

MD5
ebc592a646d0283eaad80c122d200fa8

SHA1
c6951d78d1ff56595d0f210b5c7ddbaec2dc0ee9

SHA256
4ebc4fbaced7abda89a29819b54124dd88684708dd75c201a9ddfad845fdd31b

SHA512
a172604852f47e3f9b87399a6a8ed1d6c4cb2348eaf7ad118aa5d61acd96b15ed2d26bec52b1e3ff65d73c112f748b20262cc1f94573e3ed54c7965c08a03d54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
725594848f6176236851c24fcdeade18

SHA1
c604cb1f4d1004e5392a7597dadb1808b90ad948

SHA256
ebc04a65381f2bfd3766e4550d01406359e74986d50e53ae44b71dca9d9c3358

SHA512
94fc98021080be91cca45023a61cbd2e1e659453334d33f9c5191593d89cfaaebd932d638775c730e06fd05871b17263dd2c5556f4370268c77ebd78d7bcb12f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
363B

MD5
52688b27a478e1f7c200fea5f9f696bb

SHA1
f3c412f3c5a6be78c65afe76dd12068ee02b56aa

SHA256
d483e336b03c6d0adb6ad61dff3191058fa929f8c458008d77b69598b0491d53

SHA512
c9607996acd29457520d77424cbd870fb3a9ea232e80bae79e500869df1b465014b6979eb869f5e0632980705907f076f930e0b16de7e9a76d1c3ce8effe45be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
8df10dce7e597ac41444c5dd16efc505

SHA1
614ec41a1f0e55351479036acc405dc803282c60

SHA256
bc886acd7115152b4cf468c5d58d2c143934ab335d36037f60b695f7add3edcc

SHA512
261b17e450947a5c422d5323133eaceda18569cc7df7cd905ea6b9e595a724afa9dd53f33609e50ebdaf6822783848dbe8950d4453514fb1ed2beec11bbd4e78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5996c4d4c930152e5c4907272822bf90

SHA1
e4763bf48bfc034b9bd4f49980a42ae0003deadb

SHA256
43163f7d9fa372ac69df2d8287696ea17b34ec2e875a9f2a49703d9dfb4ed62b

SHA512
e30c21c25a3fe95a19f26f9a66a0d18dd838df1a895842a3d8bc31b55c7de33ae4c086c47edd373dbfe40536e226b8118ef18188193c0296ca6d1712fc2afbbf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d9f8b710fb4245e57369600174b1b881

SHA1
e80f8e6079af190ecbc9b5e2cd7a66bce99d999f

SHA256
e99495a0c8b7d4b608f2a614af6b0d3c43a7c1cd4c0972e86141d45ba3cb9c3e

SHA512
b53a8ccb6e1657668c8a140e0bb7208c8f679b3f487f948c8ba4dc87ff46c19f0a6db920e4ca6e39011b777b8db36ca29a14c0422eb3162361232689fd5d85ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b381e7c4b40c980ab78fa40b86469b67

SHA1
064a72a36c1d6f84dc3d3d61443ef37541c71bc4

SHA256
3429c1647140f31aa2e0b8344129f45433dd7c484c3b4ed48bed9bfcaca586ed

SHA512
6d27e3dd4898d89f55c9b8041bc8845a377eee1cdacf1ab3c079b8587d6ebd95a74a6b7876c270cbbcfa90e07e95c4787d1a80c5e3674b358e3946d10440f526

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
374f1b9a73d11508fe0e04e42cf63f81

SHA1
f62dfed8329cf325910a640886b700c6bbaa203a

SHA256
38ffa391227053c4b5db0c2bcdb2dc6283d2f0af1773de6894d2108eaa85b562

SHA512
b3601e2fa3faf0a670ae495b559d3e41e7a765c358d36c3384133178f5543f24cef79814e69819633c14c8de1142e97405ce074773885627dd4ccc5cb8e77a7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
85KB

MD5
4603758639b0fdca137fc221131256a2

SHA1
bf964dcc6472675c3d78cea4e419ceef5dee3dd5

SHA256
69ec7023dad1710a9e94c7c24194c8bb6f681f02aad3c0934e250b9536a14931

SHA512
6408379039dbb777f25fcb934f08658509b248d47c94c4474e6176ce25cb6378820ea98f8f0e95bdecd307809febe4f974063be9c4828566425e0f8528006f0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
73KB

MD5
a5b9e8b80de106de05e14df687903691

SHA1
d43ac0c2ae4117e190e2dcc5acc815bd9111d08c

SHA256
384f3b2048959cd72a6dfc00ee945c74aa4ee85f2a04e40a0ab7449d3186af54

SHA512
bdae246fd443a1a1276504c2001ec7aad771e2cf93f6cf3c1ac9cd53a3f53ebf75e97888a0c546f8ef2f75e8c582b6997a443ef5375551972b6dd8a861a2b233

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab86CC.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar88D2.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\Downloads\Bloxstrap-v2.8.0.exe

Filesize
11.0MB

MD5
3890622389fa64559eb3035aec65215f

SHA1
ffb9810df58890a71d58e4f901a26e4cce50e7ed

SHA256
90842a4b97876d51d8471d78f6aea71aad0a83f30f7440d19fc9db96490354e2

SHA512
28e514c587d29364b080ce426ed9bbe88818b5f34ee468f06b6cfa399fa181f3efd1a8d2172b8da76971a7e4b0f51056a88728bb08854d0ad7b5c3888d378e05

Download Submit
C:\Windows\fhjkgwjuqdxl.exe

Filesize
388KB

MD5
a0340430d4b1c1f6dd4048ab98f2e4b2

SHA1
a43ff275972b4ed9b7f3ece61d7d49375db635e9

SHA256
9b1622602d4ae8196316deeb91fbdd1346a4b31453f3762be119e24c84827217

SHA512
54ca85bee0ded2a742c767565159c0e3121d8cd1d97cebc751d067b1ea45d9fca86b6d5acad5b472eddef23d20afcc8ae3497cdd411fd9f393d80e0c90f2cd8d

Download Submit
memory/1236-205-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/1236-210-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/1236-6766-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/1236-6763-0x0000000003D20000-0x0000000003D22000-memory.dmp

Filesize
8KB

Download
memory/1236-208-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/1236-6755-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/1236-6807-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/1236-6816-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/1236-6817-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/1236-6455-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/1236-204-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/1236-4911-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/1236-209-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/1236-3682-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/1236-2371-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/1236-922-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/1348-89-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/1348-93-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/1348-85-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/1348-87-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/1348-77-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/1348-102-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/1348-83-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/1348-75-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/1348-92-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/1348-81-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/1348-79-0x0000000000400000-0x0000000000486000-memory.dmp

Filesize
536KB

Download
memory/1644-6764-0x00000000001B0000-0x00000000001B2000-memory.dmp

Filesize
8KB

Download
memory/1964-91-0x00000000003E0000-0x00000000003E3000-memory.dmp

Filesize
12KB

Download
memory/1964-0-0x00000000003E0000-0x00000000003E3000-memory.dmp

Filesize
12KB

Download
memory/1964-1-0x00000000003E0000-0x00000000003E3000-memory.dmp

Filesize
12KB

Download
memory/2388-101-0x0000000000400000-0x0000000000633000-memory.dmp

Filesize
2.2MB

Download