hxxps://github[.]com/Endermanch/MalwareDatabase

Resubmissions

06/12/2024, 19:50

241206-ykaksszqap 7

06/12/2024, 19:45

24/06/2024, 15:32

24/06/2024, 15:21

24/06/2024, 15:11

24/06/2024, 15:02

28/05/2024, 18:25

28/05/2024, 17:33

Analysis

max time kernel
203s
max time network
204s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
06/12/2024, 19:50

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

https://github.com/Endermanch/MalwareDatabase

Score

7^/10

discovery persistence upx

Malware Config

Signatures

Executes dropped EXE 4 IoCs

pid	Process
2976	NETFramework.exe
3592	Setup.exe
2284	[email protected]
1340	[email protected]

Loads dropped DLL 5 IoCs

pid	Process
3592	Setup.exe
3592	Setup.exe
3592	Setup.exe
3592	Setup.exe
3592	Setup.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000\Software\Microsoft\Windows\CurrentVersion\Run\2503326475 = "C:\\Users\\Admin\\2503326475\\2503326475.exe"	reg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\2503326475_del = "cmd /c del \"C:\\Users\\Admin\\Downloads\\HMBlocker\\[email protected]\""	reg.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
7	raw.githubusercontent.com
28	raw.githubusercontent.com
29	raw.githubusercontent.com

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0003000000026011-750.dat	upx
behavioral1/memory/1340-751-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/1340-785-0x0000000000400000-0x0000000000420000-memory.dmp	upx

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File created	C:\Windows\File Cache\DLL.dll	[email protected]
File created	C:\Windows\File Cache\IFEO.exe	[email protected]
File created	C:\Windows\File Cache\Driver.sys	[email protected]

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
668	2284	WerFault.exe	96

System Location Discovery: System Language Discovery 1 TTPs 9 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	shutdown.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	NETFramework.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	[email protected]

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Setup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Setup.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 17 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292114432"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365268"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133779882320044532"	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4290799360"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292114432"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365268"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = 99ebff004cc2ff000091f8000078d4000067c000003e9200001a6800f7630c00	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "183"	LogonUI.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Spark.zip:Zone.Identifier	chrome.exe
File opened for modification	C:\Users\Admin\Downloads\HMBlocker.zip:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 15 IoCs

pid	Process
2584	chrome.exe
2584	chrome.exe
3592	Setup.exe
3592	Setup.exe
3592	Setup.exe
3592	Setup.exe
3592	Setup.exe
3592	Setup.exe
3592	Setup.exe
3592	Setup.exe
2284	[email protected]
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe
2132	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2584	chrome.exe
2584	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe

Suspicious use of FindShellTrayWindow 42 IoCs

pid	Process
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2196	7zG.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
236	7zG.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2976	NETFramework.exe
2172	PickerHost.exe
4864	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2584 wrote to memory of 1496	2584	chrome.exe	77
PID 2584 wrote to memory of 1496	2584	chrome.exe	77
PID 2584 wrote to memory of 4568	2584	chrome.exe	78
PID 2584 wrote to memory of 4568	2584	chrome.exe	78
PID 2584 wrote to memory of 4568	2584	chrome.exe	78
PID 2584 wrote to memory of 4568	2584	chrome.exe	78
PID 2584 wrote to memory of 4568	2584	chrome.exe	78
PID 2584 wrote to memory of 4568	2584	chrome.exe	78
PID 2584 wrote to memory of 4568	2584	chrome.exe	78
PID 2584 wrote to memory of 4568	2584	chrome.exe	78
PID 2584 wrote to memory of 4568	2584	chrome.exe	78
PID 2584 wrote to memory of 4568	2584	chrome.exe	78
PID 2584 wrote to memory of 4568	2584	chrome.exe	78
PID 2584 wrote to memory of 4568	2584	chrome.exe	78
PID 2584 wrote to memory of 4568	2584	chrome.exe	78
PID 2584 wrote to memory of 4568	2584	chrome.exe	78
PID 2584 wrote to memory of 4568	2584	chrome.exe	78
PID 2584 wrote to memory of 4568	2584	chrome.exe	78
PID 2584 wrote to memory of 4568	2584	chrome.exe	78
PID 2584 wrote to memory of 4568	2584	chrome.exe	78
PID 2584 wrote to memory of 4568	2584	chrome.exe	78
PID 2584 wrote to memory of 4568	2584	chrome.exe	78
PID 2584 wrote to memory of 4568	2584	chrome.exe	78
PID 2584 wrote to memory of 4568	2584	chrome.exe	78
PID 2584 wrote to memory of 4568	2584	chrome.exe	78
PID 2584 wrote to memory of 4568	2584	chrome.exe	78
PID 2584 wrote to memory of 4568	2584	chrome.exe	78
PID 2584 wrote to memory of 4568	2584	chrome.exe	78
PID 2584 wrote to memory of 4568	2584	chrome.exe	78
PID 2584 wrote to memory of 4568	2584	chrome.exe	78
PID 2584 wrote to memory of 4568	2584	chrome.exe	78
PID 2584 wrote to memory of 4568	2584	chrome.exe	78
PID 2584 wrote to memory of 1912	2584	chrome.exe	79
PID 2584 wrote to memory of 1912	2584	chrome.exe	79
PID 2584 wrote to memory of 3228	2584	chrome.exe	80
PID 2584 wrote to memory of 3228	2584	chrome.exe	80
PID 2584 wrote to memory of 3228	2584	chrome.exe	80
PID 2584 wrote to memory of 3228	2584	chrome.exe	80
PID 2584 wrote to memory of 3228	2584	chrome.exe	80
PID 2584 wrote to memory of 3228	2584	chrome.exe	80
PID 2584 wrote to memory of 3228	2584	chrome.exe	80
PID 2584 wrote to memory of 3228	2584	chrome.exe	80
PID 2584 wrote to memory of 3228	2584	chrome.exe	80
PID 2584 wrote to memory of 3228	2584	chrome.exe	80
PID 2584 wrote to memory of 3228	2584	chrome.exe	80
PID 2584 wrote to memory of 3228	2584	chrome.exe	80
PID 2584 wrote to memory of 3228	2584	chrome.exe	80
PID 2584 wrote to memory of 3228	2584	chrome.exe	80
PID 2584 wrote to memory of 3228	2584	chrome.exe	80
PID 2584 wrote to memory of 3228	2584	chrome.exe	80
PID 2584 wrote to memory of 3228	2584	chrome.exe	80
PID 2584 wrote to memory of 3228	2584	chrome.exe	80
PID 2584 wrote to memory of 3228	2584	chrome.exe	80
PID 2584 wrote to memory of 3228	2584	chrome.exe	80
PID 2584 wrote to memory of 3228	2584	chrome.exe	80
PID 2584 wrote to memory of 3228	2584	chrome.exe	80
PID 2584 wrote to memory of 3228	2584	chrome.exe	80
PID 2584 wrote to memory of 3228	2584	chrome.exe	80
PID 2584 wrote to memory of 3228	2584	chrome.exe	80
PID 2584 wrote to memory of 3228	2584	chrome.exe	80
PID 2584 wrote to memory of 3228	2584	chrome.exe	80
PID 2584 wrote to memory of 3228	2584	chrome.exe	80
PID 2584 wrote to memory of 3228	2584	chrome.exe	80
PID 2584 wrote to memory of 3228	2584	chrome.exe	80

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/Endermanch/MalwareDatabase
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8dc13cc40,0x7ff8dc13cc4c,0x7ff8dc13cc58
  2⤵
  PID:1496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1824,i,12956614919974672093,12199833256826692091,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1812 /prefetch:2
  2⤵
  PID:4568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2068,i,12956614919974672093,12199833256826692091,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2096 /prefetch:3
  2⤵
  PID:1912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2184,i,12956614919974672093,12199833256826692091,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2372 /prefetch:8
  2⤵
  PID:3228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3084,i,12956614919974672093,12199833256826692091,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3116 /prefetch:1
  2⤵
  PID:556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3092,i,12956614919974672093,12199833256826692091,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:2268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4528,i,12956614919974672093,12199833256826692091,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4544 /prefetch:8
  2⤵
  PID:2524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4928,i,12956614919974672093,12199833256826692091,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4944 /prefetch:8
  2⤵
  - NTFS ADS
  PID:1904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4744,i,12956614919974672093,12199833256826692091,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4536 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4796,i,12956614919974672093,12199833256826692091,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4952 /prefetch:8
  2⤵
  - NTFS ADS
  PID:924

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1140

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3900

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2332

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Spark\" -spe -an -ai#7zMap24360:72:7zEvent14222
1⤵
- Suspicious use of FindShellTrayWindow
PID:2196

C:\Users\Admin\Downloads\Spark\NETFramework.exe
"C:\Users\Admin\Downloads\Spark\NETFramework.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2976
- C:\7821c8e21735a8956d\Setup.exe
  C:\7821c8e21735a8956d\\Setup.exe /x86 /x64 /web
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Suspicious behavior: EnumeratesProcesses
  PID:3592

C:\Users\Admin\Downloads\Spark\[email protected]
"C:\Users\Admin\Downloads\Spark\[email protected]"
1⤵
- Executes dropped EXE
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:2284
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 1060
  2⤵
  - Program crash
  PID:668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2284 -ip 2284
1⤵
PID:1724

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\HMBlocker\" -spe -an -ai#7zMap22317:80:7zEvent15298
1⤵
- Suspicious use of FindShellTrayWindow
PID:236

C:\Users\Admin\Downloads\HMBlocker\[email protected]
"C:\Users\Admin\Downloads\HMBlocker\[email protected]"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:1340
- C:\Windows\SysWOW64\shutdown.exe
  "C:\Windows\System32\shutdown.exe" /r /t 6 /f
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3108
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c REG ADD HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v 2503326475 /t REG_SZ /d "C:\Users\Admin\2503326475\2503326475.exe" /f
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3136
- - C:\Windows\SysWOW64\reg.exe
    REG ADD HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v 2503326475 /t REG_SZ /d "C:\Users\Admin\2503326475\2503326475.exe" /f
    3⤵
    - Adds Run key to start application
    - System Location Discovery: System Language Discovery
    PID:1664
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c REG ADD HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce /v 2503326475_del /t REG_SZ /d "cmd /c del \"C:\Users\Admin\Downloads\HMBlocker\[email protected]\"" /f
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4224
- - C:\Windows\SysWOW64\reg.exe
    REG ADD HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce /v 2503326475_del /t REG_SZ /d "cmd /c del \"C:\Users\Admin\Downloads\HMBlocker\[email protected]\"" /f
    3⤵
    - Adds Run key to start application
    - System Location Discovery: System Language Discovery
    PID:2588

C:\Windows\System32\PickerHost.exe
C:\Windows\System32\PickerHost.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:2172

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3a20855 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:4864

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\7821c8e21735a8956d\1025\LocalizedData.xml

Filesize
77KB

MD5
02ab15e715c7d1ae4ece7690cdf5a294

SHA1
6c998ab25338f369c474ac9e2ac47c5c8538db60

SHA256
954c175f9adb86be3a0f8e9ac3ff8518fa7b6ca18d08aa5ef69b8bccdf90197d

SHA512
bc7bee61267c65c1ba3ddaddf241e4e44201bfbb8f568dcb1f8e69eff338309cdd0dc4f7099da6f2300eb82487ae420701d5819955c5327da1be87d48a926cd0

Download Submit
C:\7821c8e21735a8956d\1028\LocalizedData.xml

Filesize
66KB

MD5
76f7b1cef1a49c82b47b90d04cb039d7

SHA1
4ac2ae25878c6a598b9cb355a59c060ab9f61497

SHA256
05327b7a1c41170fe226ff9079752e26a3a91b5c98e66317e1d90b216df100fc

SHA512
434059db641a566e791868f67248cad551f1d3151b82493fd5beaee05005ae79374b851860b4cb69aeda12a9d6b1daccf9b6f294e5cf3353af1aa044a871f1d3

Download Submit
C:\7821c8e21735a8956d\1029\LocalizedData.xml

Filesize
82KB

MD5
f3920542a960c87163a56c543cefd324

SHA1
7d3d3fd793a7d6d9b51c3186f248e85ee2bba926

SHA256
bc268ae7c59a667831d4146e075c31dad36ec7a37d2f4cb786e738c79771252d

SHA512
3dee2ba996a325ab1f42e21de3300307c600d8c1032af0c7282de352805fdde2e07fd2f2336fe2a23ea3ac91cf45a7914f1cb97cf3f5d7e47c879f7c0054ac3e

Download Submit
C:\7821c8e21735a8956d\1030\LocalizedData.xml

Filesize
80KB

MD5
8d00b037478dd7d49f71762737240958

SHA1
832772a63671209fba379caa17b2786e5a45e41b

SHA256
3afc5c85a625d9526c13e7a5c088f44ba0ae8155b93f006c7f65cf1cf807dff6

SHA512
024e8430ada12f0e7960fa9f33ab2b6b4f2241afb4b40a883f2344fc04aa0916d3000429fda2059331cf7bd78983c3397a700b1c14dc26af3b1c67c0182e3560

Download Submit
C:\7821c8e21735a8956d\1031\LocalizedData.xml

Filesize
84KB

MD5
6dbdfcd42c445771a1be1d6a979e5749

SHA1
d4f9ca38ada2959eb9f1170c7f8186f1146d4cb1

SHA256
1160e3c01d50c4c2a9975e33eb79fd567a6b82f0e68270d705f8abc1f30c2e23

SHA512
5fe927ef6e13ee1386d131f20c265026c9f8977a20c97144d8110c33b7757d626d190c9fb7768cef58666197e2d4a7228eda6eb776e8cade456067ea78479b67

Download Submit
C:\7821c8e21735a8956d\1032\LocalizedData.xml

Filesize
86KB

MD5
57650e70903871e960b49e65dce6e9f9

SHA1
4574188dfa8d28bfadcf58572e800f1171f89fde

SHA256
1014aedc8e8af3094df5ee650264b5e3a0405e7ff15f9cc2e93c20c2eeb0e48a

SHA512
8158e041b731b53c42d77022b3551049cb8998ff7be7471d874b8b246718392e1a222215dbe44a5f23cb8cec1c86d3abda38d266ed37c2b853e0e65ba8c04e19

Download Submit
C:\7821c8e21735a8956d\1033\LocalizedData.xml

Filesize
80KB

MD5
2640d0f6737cb3d2a6bdb85bd7cec3d4

SHA1
4948ab621477ae6609d2c87e49f7a6c421b91acf

SHA256
47a78abb0463514e38f58dc852033b3d6a860b6ff78e9eb840252b811ca07b43

SHA512
94fd8a425253861fed41ce4c48b04a298fa9b40ba2b99e16bc5cb52c02d84c405586c805279bc66111ba8fa076dbaf8e3d4c309d9601708206fc632d1c0c8136

Download Submit
C:\7821c8e21735a8956d\1033\SetupResources.dll

Filesize
28KB

MD5
b64b497b9a0c6f73664d94fc3939b217

SHA1
eebf353932eb05afe67b4b93ea2f72eef90ef7ae

SHA256
1f178f943699bc5ee7185be95e33598a7174d5e8aea39f9415f0a48f91ab5fe4

SHA512
72041e8d12ef6559b3bd6eb62c4d88909b37b611bdb4c1ee7fcd8fb19977b332054e1867ccd99b7b653bb5afcc1268b0c10c2a697c38580f813a4db7d414d17e

Download Submit
C:\7821c8e21735a8956d\1035\LocalizedData.xml

Filesize
80KB

MD5
6db3905aa9cdbb5218945b2f039bd918

SHA1
8b083a073476c33619f1a7e59143e834a0aaeba8

SHA256
3b2ae103414d88df359138e6300a42b4b81a4a9ec029647cd92a91507f6790e4

SHA512
0758f118d25177a5b25ea3a28ff1980047006f3635da8f606c2da444e43978d3caf9576a0d40da5fdd06d4b3c93d19b6f3a6ea0ff7a2a4dcf84b12ba5a3d0285

Download Submit
C:\7821c8e21735a8956d\1036\LocalizedData.xml

Filesize
84KB

MD5
c4e7d53b6230a96a51a9229a38649f6b

SHA1
e8803c413e849c2284ecb4e6413a9c806aff4356

SHA256
5063961620f393ec42aca367543bbac7ab060ce755bb21893961c7ed3e0b8181

SHA512
6c55d234cb9016526690c83bc37280bf35bb3e0dd931bc8a8c2042f6544c1411795d1d4c5b4cda8699151c6de50350bb14ea8262ee47a6b630c808650bbc66bc

Download Submit
C:\7821c8e21735a8956d\1037\LocalizedData.xml

Filesize
75KB

MD5
56329f193fdd4cb90668342ba38b8bbe

SHA1
9471a902509ad3229a8dff03cee2fa092af2e8b8

SHA256
f40ecf915e020f5e80da0f4507563e6e986d0082e32388e419bb2cb9ab278ba0

SHA512
017d9b2ff58cc3236c4eca34cc502930b69bdb9f77b89ea5075305492437740819375247017d9000932d898f05b526679c879415a243e3da7abb1b39815b33b2

Download Submit
C:\7821c8e21735a8956d\1038\LocalizedData.xml

Filesize
83KB

MD5
4e4a8d918f7d6f9c7f703d32e02b0616

SHA1
54aa1acaa00e2fed592d9fca89019d5e20953490

SHA256
e7d59bd7f25e498c1beaff4410c99915cf9196a64bcaed65ee78c2050e775265

SHA512
4b5b6db2de1380a11c31f3f70d44740594557c2b36c5aefd8a9b7fcf045821605afb5adc36c5884501af070fd74efeac7e5e6d87e54758574617fd6153fe1f6f

Download Submit
C:\7821c8e21735a8956d\1040\LocalizedData.xml

Filesize
82KB

MD5
08d44237c079905a1790ce4f248766d1

SHA1
8b7731a0d2353bc196f4baf882963dcd63208f7f

SHA256
4496e4f201007336d7074e69f489512ed972f22bb7824d6912cf5393ab84aa5a

SHA512
bbc145ef2e9af63c32e43102b6164eda0e6389ab60671ff4cc23606afa743fb07c762711d58fa35d94bd2c1f3354eace6f7642dcd969ec2c56f49f73b8a4b0bf

Download Submit
C:\7821c8e21735a8956d\1041\LocalizedData.xml

Filesize
72KB

MD5
cd14395e8e607de625a274651eb5a52b

SHA1
402dc99037a2cc2c8da53f52dc9559782bcc1851

SHA256
4c5ead9dbe4444405f9d9cfe1d400996f336251d75c264f31521d634cb0095ca

SHA512
32accc7cfd5b3a2973db995d4c846844e72d5d6ff7adddb89b7a4fb274e4acb18478e7e357e5151bfd99fafe43e1e55ca0518d79d9b8ffdff06484a5c6c627df

Download Submit
C:\7821c8e21735a8956d\1042\LocalizedData.xml

Filesize
70KB

MD5
bd35a3f092019cdda9aed34580aad75b

SHA1
2716acf6f85be4b98e8b113f053e072a437b9aea

SHA256
08bd53d0c3500faf56aca1aaa3066887415581977d3b1dc87c82d7243a0fc74c

SHA512
fd2110ead353f46bda1c055deaaebdd3fd6c72df274ec1826e1e1429d8ed87dfbe24c2e0aa09d32271161d136515cf31ddca334041c71d355aafb995d2fd6a98

Download Submit
C:\7821c8e21735a8956d\1043\LocalizedData.xml

Filesize
82KB

MD5
7ed59b3f7090880fdca53615aaf0b1b8

SHA1
ed741c332e76e42dc84e44872fb320679b39d528

SHA256
15896789b0db777822afeab092f5875f1ec34427c149d9a76a73c7d4c305c8a7

SHA512
74b5ad365e208f25d1023b9db5cb450ae8c1a3cc52ae8e850a537010cfea6d47940ddc725638c90413ba4b4e81859cb5f924a894f90e568da76345a26cd09f67

Download Submit
C:\7821c8e21735a8956d\1044\LocalizedData.xml

Filesize
81KB

MD5
0aec9e12bdc036632554bfa7acf02364

SHA1
52fc4760f0b177e02162dbd2e8f864f09dd40b46

SHA256
ca7402592b3d15c1a0cc489e8c6e3bedbe686e6c25491f1d3dfdb8991ca2aeea

SHA512
ed97c2a059dc54cf4952060ec6415b3a3b437c7e4255bcb326789f5977532660bbb9d05a59c9e567742d225e875a88aa5fabb545166460ad8eb108304b666b9b

Download Submit
C:\7821c8e21735a8956d\1045\LocalizedData.xml

Filesize
84KB

MD5
41e0beb3b84b4c515914361d4d0faca2

SHA1
abd800e9b47ea64a1d59ece318e346d17c0a36d9

SHA256
3dc70b6cc40369c955fc93e452d890372375758bd74fae2093c19f79c65c0add

SHA512
39057093b3e698d3a6abd25a25a04a3cd0813ee7803ae818f5c26d150b76cc0474a22521d468bfd1012c99d85a410b16668db4b460894b5d255a0028dc9c0bf5

Download Submit
C:\7821c8e21735a8956d\1046\LocalizedData.xml

Filesize
81KB

MD5
11776bf8799541b1fe275f316800f736

SHA1
67b2b1893ce2d4ea3a7db5bbc9276d1a5b19ac01

SHA256
9139f6acae8399628c522e8bd1d714e92be225bc33e696c1bfbeccd6d0e233de

SHA512
b7bdb2c9f4f81d21281ccd553f7882e4475c2e01c9c37a2045e5caa48974a7dd796806ae1a76286360e9d314d4da18f4a4cac77e73ca84c9eb3705097c881879

Download Submit
C:\7821c8e21735a8956d\1049\LocalizedData.xml

Filesize
83KB

MD5
1bc37bac6c635d56bd68e785950955d1

SHA1
4e16ed5dde6f2d37449137f2e414761718e4e6f5

SHA256
5c6eeb4c977a4c371dbc787d0cf1ad503fbe5d13c10d9b69664954974e15a899

SHA512
9a7ae5e495a9863ca0c44107b253d387b8a4c442081974acb030593e98895cdcd80f93b16397a244e45b80d99d2b22edca8b7bdfff5715cb633bf040e7a35192

Download Submit
C:\7821c8e21735a8956d\1053\LocalizedData.xml

Filesize
80KB

MD5
a6c1f2a9c0c3367bb484a0322392ecf3

SHA1
26887a144de9e1961be84cec5aab58225967dd77

SHA256
8abcf315769b6fae1751133bb2dbcba6bf0b0ef4c37304dc466824c77db22ba9

SHA512
cb39a1435c0721bac2c44b8ca8873218a1dfda849d478de0e5e75f8fd6762b556a869de3646c5a3394e5367914a87170d5743bcb5c2f91773561d8a526eaa487

Download Submit
C:\7821c8e21735a8956d\1055\LocalizedData.xml

Filesize
80KB

MD5
9b47a98c389ced8315fe4b477c9ad06d

SHA1
a52933f5e3e40fa5bb871a3ce33e41342d751ecd

SHA256
979d4402c8ba85a265cdabda3de7e0f5ab0715fb83faa63c8484095e866ed4ef

SHA512
32e2c5bed2c18122bbd434f983dffb4ee318aa28200e4a2e1343591387c81acd4af063874787e4eb9ff110bc456ea888420f59f5afbfe7e0a5fac62213deb597

Download Submit
C:\7821c8e21735a8956d\2052\LocalizedData.xml

Filesize
66KB

MD5
ef091f3efb7b9270502f2eb939c970cf

SHA1
62f0a992fe9f032bc8197b89daf0a37a34e34a40

SHA256
6063d64a1d09d1a33ea3c4fe0a9446bafd5ca69786351f3bdbbd9a9ddc283676

SHA512
1713da86ea18be10984314139d3fa78d55de47c04e51c2e869875fec313a5ac8d9da9850a0c1295dc95b62b43351aa735fe407446ed3c8a5a590e64a98378e30

Download Submit
C:\7821c8e21735a8956d\2070\LocalizedData.xml

Filesize
83KB

MD5
4c00a85cd7bf97400b70d1de3859e061

SHA1
fd5e38e0c92da14373e28600a8396a17102b15fe

SHA256
93039cf880eaca54ccc48f159848a17f2c30fa70d334cf2b9eedbcc5aefb27fb

SHA512
7005b3c8c6b775a31bce1cea6924bcb929217d288e6bce390a5e591098a39ac0de321474591b56333b6d84167862bcfa12cbb65b9fa0b767961248ae3eae0f64

Download Submit
C:\7821c8e21735a8956d\3082\LocalizedData.xml

Filesize
82KB

MD5
9dd24f4d210e2139badbb7e0ea897c87

SHA1
4aace4240fcc09d433bd82684064136e2145ac4f

SHA256
509cfa220321582a56ec21959dfd8a7c55bb3070ad5bb738b074a14188e80593

SHA512
97af7279463e4dd69344745dbe7a29b7bd536e795524ce0c24b5672e4c7a4203d3ae0cf6c46f69d491edfcb3efe3a57ddc27ea9f6e213fbc0f4a537cf93d2949

Download Submit
C:\7821c8e21735a8956d\ParameterInfo.xml

Filesize
2.7MB

MD5
36837cdb9209e5924ff65a69e9be7534

SHA1
a31dedd58d65755cfd3b8edbecf49ee0bc7e2edc

SHA256
1d395b3d453d14f95c80dbd69a66f5b82caee182d3ac5c2cccedf0fe2ab4ee12

SHA512
44c6a4a7131bc30c97e07698b3be7d418880b8940b77e635b503a104bab6916a3a254c48f9e9d58999204995cc278e4a3efdf45f06b0927fd304b68d95e5d1a4

Download Submit
C:\7821c8e21735a8956d\Setup.exe

Filesize
86KB

MD5
8367720a1164111028db6d5f396cda97

SHA1
7cfd8f59bbf4653edc0dcbd1603dacde5a7690f1

SHA256
e241471f86108bbb6c1c5e4323d1c5598bc3d3f214db2d35103c55aaae62d66c

SHA512
2313cce886580ad2dd4feb9e64e671c5e422cb46d2652d0ef6e148f42864adff58e3426f0df2500506441aff019b84e3577fa4b415cff6ac0e3266f11589df3c

Download Submit
C:\7821c8e21735a8956d\SetupEngine.dll

Filesize
868KB

MD5
ee43a1104d88368e5c0c4ab7eace4731

SHA1
a3ff9f8ab508c3131db5eba8cee0b205ccacf7e4

SHA256
920605232c94d163753f21cf46957ec5af0e0b6ca606b46b4ac4bb1ebab67ff1

SHA512
f4b95386fa5f8d0ade3317c97dd623e59f2f9ae9a5ff49f58cfb6da804585cc2bed773340f068ff89b70a4bb9ee4009e6a1daccce49981fe273f23d268f99f0b

Download Submit
C:\7821c8e21735a8956d\SetupUi.dll

Filesize
312KB

MD5
41905594045c8c1321d19d2323afa5f1

SHA1
bf2425dc7198e18a5941febbe046257b0630fcea

SHA256
d789a1e0cfcd134eabc3d7a9ec3efbc04fa6bf589189871884c542bb302ec648

SHA512
b1e1bfe94633c1bde81cf851a0ff726d1044690bc4a71701d5c3847c386576c2357eba57161a647edfc0db063cd4f949adb72bddde32fee5d5f0785008da6101

Download Submit
C:\7821c8e21735a8956d\SetupUi.xsd

Filesize
31KB

MD5
a9f6a028e93f3f6822eb900ec3fda7ad

SHA1
8ff2e8f36d690a687233dbd2e72d98e16e7ef249

SHA256
aaf8cb1a9af89d250cbc0893a172e2c406043b1f81a211cb93604f165b051848

SHA512
1c51392c334aea17a25b20390cd4e7e99aa6373e2c2b97e7304cf7ec1a16679051a41e124c7bc890b02b890d4044b576b666ef50d06671f7636e4701970e8ddc

Download Submit
C:\7821c8e21735a8956d\SplashScreen.bmp

Filesize
117KB

MD5
bc32088bfaa1c76ba4b56639a2dec592

SHA1
84b47aa37bda0f4cd196bd5f4bd6926a594c5f82

SHA256
b05141dbc71669a7872a8e735e5e43a7f9713d4363b7a97543e1e05dcd7470a7

SHA512
4708015aa57f1225d928bfac08ed835d31fd7bdf2c0420979fd7d0311779d78c392412e8353a401c1aa1885568174f6b9a1e02b863095fa491b81780d99d0830

Download Submit
C:\7821c8e21735a8956d\Strings.xml

Filesize
13KB

MD5
8a28b474f4849bee7354ba4c74087cea

SHA1
c17514dfc33dd14f57ff8660eb7b75af9b2b37b0

SHA256
2a7a44fb25476886617a1ec294a20a37552fd0824907f5284fade3e496ed609b

SHA512
a7927700d8050623bc5c761b215a97534c2c260fcab68469b7a61c85e2dff22ed9cf57e7cb5a6c8886422abe7ac89b5c71e569741db74daa2dcb4152f14c2369

Download Submit
C:\7821c8e21735a8956d\UiInfo.xml

Filesize
68KB

MD5
cb78d0ca2b26ab8ed781819e722567a2

SHA1
65b909a6420aae40193ef591565873c6e73a868c

SHA256
7e6d551037d889ee3eb5fab8b84f23cc9ce459c6150104a5d7f5c78ecf81c6d0

SHA512
c6c9ea01dc90e7099a5baa543c1784e18a703cb2a733db92abd7e4be0e19453a765bc0da85054eab1c5452b1f58ae4892cd9e0820fd8b71d4a03cf0b25315ab3

Download Submit
C:\7821c8e21735a8956d\graphics\print.ico

Filesize
123KB

MD5
d39bad9dda7b91613cb29b6bd55f0901

SHA1
6d079df41e31fbc836922c19c5be1a7fc38ac54e

SHA256
d80ffeb020927f047c11fc4d9f34f985e0c7e5dfea9fb23f2bc134874070e4e6

SHA512
fad8cb2b9007a7240421fbc5d621c3092d742417c60e8bb248e2baa698dcade7ca54b24452936c99232436d92876e9184eaf79d748c96aa1fe8b29b0e384eb82

Download Submit
C:\7821c8e21735a8956d\graphics\save.ico

Filesize
123KB

MD5
c66bbe8f84496ef85f7af6bed5212cec

SHA1
1e4eab9cc728916a8b1c508f5ac8ae38bb4e7bf1

SHA256
1372c7f132595ddad210c617e44fedff7a990a9e8974cc534ca80d897dd15abd

SHA512
5dabf65ec026d8884e1d80dcdacb848c1043ef62c9ebd919136794b23be0deb3f7f1acdff5a4b25a53424772b32bd6f91ba1bd8c5cf686c41477dd65cb478187

Download Submit
C:\7821c8e21735a8956d\graphics\setup.ico

Filesize
123KB

MD5
6125f32aa97772afdff2649bd403419b

SHA1
d84da82373b599aed496e0d18901e3affb6cfaca

SHA256
a0c7b4b17a69775e1d94123dfceec824744901d55b463ba9dca9301088f12ea5

SHA512
c4bdcd72fa4f2571c505fdb0adc69f7911012b6bdeb422dca64f79f7cc1286142e51b8d03b410735cd2bd7bc7c044c231a3a31775c8e971270beb4763247850f

Download Submit
C:\7821c8e21735a8956d\graphics\warn.ico

Filesize
194KB

MD5
c8824ea3ce0a54ff1e89f8a296b4e64b

SHA1
333feb78e9bb088650ce90dea0f0ccc57d54a803

SHA256
4bb9ea033f4e93dbf42fc74e6faf94fe8b777a34836f7d537436cbe409fd743f

SHA512
c40e40e0cb2aaa7cf7cccbe29ca4530ff0e0a4de9a7328996305db6dfd6994cbe085fab7b8f666bbd3d1efd95406ea26b1376aa81908ace60dc131a4e9c32d40

Download Submit
C:\7821c8e21735a8956d\sqmapi.dll

Filesize
221KB

MD5
6404765deb80c2d8986f60dce505915b

SHA1
e40e18837c7d3e5f379c4faef19733d81367e98f

SHA256
b236253e9ecb1e377643ae5f91c0a429b91c9b30cca1751a7bc4403ea6d94120

SHA512
a5ff302f38020b31525111206d2f5db2d6a9828c70ef0b485f660f122a30ce7028b5a160dd5f5fbcccb5b59698c8df7f2e15fdf19619c82f4dec8d901b7548ba

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
99102652570b2fbc2a1d4cb3abaa834e

SHA1
03b3d02b382bc5770a175239e8f3662f1052dc86

SHA256
0d5d7cb4d25eb816a4c9f98b7b5067a6d0d09883fc43d56e74ad7aa3ff5eecbb

SHA512
39f2a753c09c9f34a55bd25b8cbee2621574b4ea3341fab182a180dee4e63aab7403006a7ad5135473e06ed1e84816488f7cbe72c44d4aa27bf4afa26bc77005

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
35ab9125c7474a88e702b2efb1fecf74

SHA1
149040018473dae4f88057257969ca5a1b5cab44

SHA256
b6a0a1f1908ff518504f443796bf486d79feb26276dc4c9adcb55f41b46dea01

SHA512
7b01b01c17047dfcfd98c0a5c1ba2f012ec9f76f6a20ff7b4fcd3b013a401e6592fe49c190675ff345ac42e8cfc343497ec692373b495457e89793458a491030

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
47375c9eedb5fdbfd4e371728c88ea47

SHA1
639e989738d250c49b532fbfa40c17ae49a6942c

SHA256
f8f0a3887756d90bbf55011db6ba914e551d836d35acd467d131eca10afebf11

SHA512
49077d3428aa6ab2c33fcf15f53a240b6c7d5e2a732a4286f2625cf28c4346732b8cf6435d1b0f08663c4c889e5ed7db87cd08901a2b0b5b3b2a1051c956d4bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
e71f33646a66ba5395056aae31e38078

SHA1
435a3d22eb78f56c31f82177dba057aabe5eabd7

SHA256
fdad7cc38fda7fe6b37e6382da6993a55d6cc930873444e93fa7c6565610192b

SHA512
e924b2aeabf13c1bafab9319c3272e19a5840e9be4d0b8cc48a82cba0da44991dc03895f067b9fea49c4b88691e2a9403b0e8c8b50134f7977e1e4b8a109affa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
02f1586f21286de1a70f9da0bad479f3

SHA1
76ff36a7e1a655acf580132a1846091c870c9486

SHA256
4c4830a928c4a75d859662d1d9a149976693f7ac1164ffb128aa800ea3dfbe69

SHA512
8176497bb482bde9288fd9cead2eb7262711214e97c511f2bd842f1af58080e14f655232eeead34545210afcb840be84fd32a814c2566495f8d6f2afcea15c77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
36ba4b779a313c72f8419b8472f0d126

SHA1
cdd5acb357d5d9d3ed7ec9da1ac6513fb668b3b0

SHA256
e30839fb23fcea90d059ee6bbfafd24684d45ffbaafaa1b8e7609d8bb0de3734

SHA512
857002f2aae92fe6a40e76d2bc795902a70b7f8d03d21da6f9c07a6e5872d9d6ef7c8dd6f67c8a74100ee4a296cc1168c876ee203a5724b2afc6aafd8e9ec456

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e616dd4e5bcc52821d731a6b8a9700d2

SHA1
ccddd0756d4c215fa57d099b8226b69c0b97c743

SHA256
09d26c47d52a9e8f810e062154f1252d3c22c69c4d9aa0aac71db79743c55a10

SHA512
4786bccfb62e77fde038cdd229f8e7d6067a4911ef4bcbc2cb6adeedc02439e620005a5ac2a239933313b853961b3adf4e6ff3c89aca866e1e1ca08c73c4adc8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
62cd24eac194b6028c6a3775341d2fd7

SHA1
ede724da24934302353c8ab61fa69b4ef3303123

SHA256
4e8ede672629b19be39d4d827b180b430c7cf8f9e73b398d6f396fee5f277f52

SHA512
0bff71c7976e8948fb84729a781237e55653a16b8d047b44f09f669666d02095e76b8eab5a471efe302ee64187d55b0bd5410aa4fd99f00c4f3755382b4ecf6c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1abd9514db0c584775d5542ab220733a

SHA1
ee7fb9dc824267b76e38b6bb9782d621b7f8af94

SHA256
61422a390f58e1d0904e1d62592fa078f9a7f6c5f6deb7eafd9bf68548714228

SHA512
bd24fc2dca4b343e3b2658a65adf241fbc441d5886c78f7b5efbe5273520ba5477666c0b851834c203f57b56d623bc37c14d7aaf1c784f1edeb6e4de66b029d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1e62eae833a34eff3a747e9883d3f954

SHA1
9a52f8ac6c3993a1509d698fb6f41912b7e1586f

SHA256
7b97615d5f88c2872748693e1a3d6341f0be75a57d658a60425511fa20a758e6

SHA512
49eb59956822b798d1774117559c0fde98de3836422f192989ae6dc9eb0123a2c63abc880813a0b1d59b9604a1a0710da34b7ecc0e1b04681d97c033e9173e67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
917bf788127c2994a21f303fbc5244b8

SHA1
48e1ce5880089d09ce9c24ad750e7c56a6cc4f53

SHA256
9d615b64dd5243c0a2e86a0d5b79eb4405d4065586ef6390675d176abb3db654

SHA512
4b77f5b475267b812ec3433b98910d1399f19d8df4c82b4e4d9f71e6f80d1fbae705b062503ca7ff626d9580f7471b41946aac9e5aa0fa7cd43482b730f7bf2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0b4c41bb336d046966081a639b9952f7

SHA1
0c0cbab8b81f2d1c4dca9b69fa4e7e9a55bea50b

SHA256
3fdf21c3d330a457faf850e4f8f5a0dc3dc6d66bb2eb785772ac6b24be56af98

SHA512
22fa01fe3433cb1d837c57d880d9ab10f59f5358a2521d966664b7a3ec000ad8c9ebc2fc395dee7a60d6c0ab8ee9a5885998135c7be4a4e93f8d80f56a497f90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6d2a5a53b8cbd9dc7ba866fdb334e37b

SHA1
f33876759727c19350194c33c46c84ff02717dbf

SHA256
bc8642b848c6832baf0dd96fbf6d5337f7c3f5a4002f75b25913fa02e2c87430

SHA512
58f599ce0555a68889af8a1edbc570320b65441d941294907675744448ba985c8a2d59396da3dedc35bfa2f90c0980ce0fa1d0a262966b08ff4a6ef84b1de814

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
af55dd3f5cf10e84c89e7bf01b51a106

SHA1
b4028b0937fceb6789f404fc1201e54b94c89bc7

SHA256
6666993aeea03978802e471b2e7a8b197a9b4aef0451eb51182f61629906d395

SHA512
c09dcb4a7ad8fa38c501db1e4ff1931690d40fe1329ee35af0c6baac0efcf675160046b117860fcac442207eb91bfdda6e57e2c055034667d9c631dcbc412f79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
33194362febcd9e2e9d5416fa66138d2

SHA1
541eafcd34759432e1584c97f2c1450203d9b2ec

SHA256
62b8564d9c86141c1d874090de332aed0c1b7f72d96c4ff48a5cedab229f19a5

SHA512
c9120552c16e2d7f3091e15762aa895c905fda4359283271c2d3fccd6b0c7cdf1f18a7de3b94ea777bfe221038896040aee73f07562e47f95041604faf00c5fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f2f9d9e02e2026070fbe146144d08625

SHA1
026293b437e368bd21c7acc643a6841232285a19

SHA256
992960c622cfc0e2f66e877ba956d7c0df1f3857ef12937d6db574c9c16c9cc2

SHA512
fce7e837bf20071b562ce8edf759042cb87240c6631d7d45e639d46be556c56de686c1ed622b6024cbc565bd26c5e3030ac90746688d3d70d2214556c7b44d56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f0534557c0ec06f8bcace69c74520000

SHA1
617b0899c8752f6339be6ae66c2768251f1b0359

SHA256
51d49c38d60087a215010ca0e99067a815339543787daeb1260e359a146fa5d3

SHA512
add3ca92befab4e82bbadf533410e3bdfb44b711d01afb7c2b2f1fbdac22c27b2a6cb6c5c36925b9d6ad81a675d6e662e5cfd22fd1aee653474ca121d02836ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
77441a906ed96cb6280a43a856d6b68d

SHA1
83c36d5c6b75768a106eeca4fbe186620dc0db32

SHA256
e1d72994e0e731d5285e992b92280d729771a54d27d82427aef48ec356e56a31

SHA512
5c079a5a514c1274b9cf68fa1c4a3d67b0abc17b8d9eeeba0b7e345d5cf90246656320ac8f44205f675f41897ebfceb3dd70259f2edaae0c6a7242ab69c1ac48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
70607c9495c78fbbc3868173f804290e

SHA1
a920456732bf12f6a3e28ef5dbd59c5b353e8976

SHA256
eeb82c7962e2cc63894717eb4caf0fe0181ab74eb82a1ee9cbc4e4b1f416c2fa

SHA512
96b4c84ebd8a23ac09488b5e3a6c4fe8c6719b5b9430d6e53c59ce26c5c7f353aa5a3464f59a0c5abab8dc7042cbbd36a206851b6fbb8e473abef6e1c218747b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e9c11399500ba76601ff4161d838ba0e

SHA1
1de787159564161eb03b568a7c28ed651bcacce1

SHA256
f6becd29f65a2928869c02c3cfe2f8b8b7cdcbdffa8a4ac82a8a60fa223c1bc3

SHA512
1ded3740ca3473f71af3dd6c7eefcc7920329749fc6df513321f590c6df715d199a5f41e37818776677da51920e4f250aa033cae4215ccbb78d9f3ec2b35083d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
45fe31068f96f599bfdc00e99f79432d

SHA1
1da7e99299d09e8b99450b34fea7ba7838af1df8

SHA256
f084873b758b2f2ac300ed6166664d4028b778dc5c686f3aa101cd0655f0cd7e

SHA512
d7f0c6d88d1a4a8a24f3f42f33c1fa3d6a75cd5d7eae0eb0f8c04650ac0ac705cae7ebf232fbeb3b91f6cc6b3e2e66aa7cd467378c0117c2d1e619f82fac06c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\cd110c96-ac87-42d1-986f-32dddf14bc1a.tmp

Filesize
649B

MD5
5c09a7122ce32db1da7c5f653ff5ada5

SHA1
cf60191add661b0ff6f94676ba19c4828db536d8

SHA256
67a70151e44720b4a17d8e27559342a18ca5a771a66d79619a344e4dedc19a26

SHA512
d58194aa1ebe9b70959f3963bb3b7dc44ad951431465c380c229ea7e53c0dd64a6d0d503dea0f4b7c61a238d2876fe3929adfbf51610ceda40d094d57b41e83d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
c8df84e0527ebb62cb13943acd402578

SHA1
75af6f0b7f8acb92676fdca0eceb50e07b9a136a

SHA256
65df30ea9ab3f27a142785a58fde6c8344ff62de9d3d7330cf03ea849c6b8a43

SHA512
36828a1c6af284436d54a593742df8c6373b7bcbb461f8e4a65da009d52b69acface4e3166230d8ed9976e5bb4aeca83f870d6b2c9f26add6820bd08b8c2cc7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
def293fb8fde0b935b4ca2ede445c18d

SHA1
d3f5aa23a8de6591d03fa376d66457f1df945c0a

SHA256
53eb65f422b8fedaa061427d8b7dc280e1de14badb38c377e7b6715e53b7b9be

SHA512
24bd5ec5bb18f030a203f1efff578fa6ab6ead97211b35499d5e6561c4948ab19e552cfa3be86867bfbca37c662431c8daeb07a9500f2c2e9d768b924d137ed9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
33e31f297a7d513b07345e6fa26fb8a9

SHA1
e8443246f932f8ef1d4020af5fd874c98947f79b

SHA256
db88d53a5baf36af2e8ffcec13b0fbcb4714aff4adf21b74f852148813deaeb6

SHA512
cff80f9dc07224024f3daf2b4f2fdb0f9732f79619f7fc3cac7d0f562b9aeb52b7fef1d942ad16f2b82e69acfba284388ea7c744a193601031453807050e8048

Download Submit
C:\Users\Admin\AppData\Local\Temp\HFIDB1A.tmp.html

Filesize
15KB

MD5
cd131d41791a543cc6f6ed1ea5bd257c

SHA1
f42a2708a0b42a13530d26515274d1fcdbfe8490

SHA256
e139af8858fe90127095ac1c4685bcd849437ef0df7c416033554703f5d864bb

SHA512
a6ee9af8f8c2c7acd58dd3c42b8d70c55202b382ffc5a93772af7bf7d7740c1162bb6d38a4307b1802294a18eb52032d410e128072af7d4f9d54f415be020c9a

Download Submit
C:\Users\Admin\Downloads\HMBlocker.zip

Filesize
38KB

MD5
5968e8a8caa61b46ba347f8c521c1f2e

SHA1
88f9a7ce6e77d191c9a57ecf238ef5e9e9ba6c7c

SHA256
a181f8925c8c66614be38de89e6dc38cf85715379a10de8d9f9d70b04891ca35

SHA512
6b0659ff7a5548cd1b752a72a70b147d1c9676dce14148430961a7b5204d4e3a42de5530d423ebb879f8e5c72785a45e5b20bd40cbf93cfaefe981534e96cbe3

Download Submit
C:\Users\Admin\Downloads\HMBlocker\[email protected]

Filesize
48KB

MD5
21943d72b0f4c2b42f242ac2d3de784c

SHA1
c887b9d92c026a69217ca550568909609eec1c39

SHA256
2d047b0a46be4da59d375f71cfbd578ce1fbf77955d0bb149f6be5b9e4552180

SHA512
04c9fa8358944d01b5fd0b6d5da2669df4c54fe79c58e7987c16bea56c114394173b6e8a6ac54cd4acd081fcbc66103ea6514c616363ba8d212db13b301034d8

Download Submit
C:\Users\Admin\Downloads\Spark.zip

Filesize
1.6MB

MD5
860168a14356be3e65650b8a3cf6c3a0

SHA1
ea99e29e119d88caf9d38fb6aac04a97e9c5ac63

SHA256
1ae2a53c8adc94b1566ea6b3aa63ce7fe2a2b2fcbe4cec3112f9ebe76e2e9bf9

SHA512
0637e4838beded9c829612f0961d981ee6c049f4390c3115fed9c4e919561ad3d0aa7110e32c1d62468a7e4cdc85d2f2e39a741939efd1aafae551de705aab61

Download Submit
C:\Users\Admin\Downloads\Spark.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\Spark\[email protected]

Filesize
495KB

MD5
181ee63003e5c3ec8c378030286ed7a2

SHA1
6707f3a0906ab6d201edc5b6389f9e66e345f174

SHA256
55bfcb784904477ef62ef7e4994dee42f03d69bfec3591989513cccbba3fc8fe

SHA512
e9820f60b496d6631e054204c6fc5b525527d40a578faac1d5cdb116abcb4a35aacf4f4354ff092a2b455c5d9c2e0f29a761d737d9c9ad3d59d70b51d0583d92

Download Submit
C:\Users\Admin\Downloads\Spark\NETFramework.exe

Filesize
1.4MB

MD5
4fb795478a8f346c337a1f84baccc85b

SHA1
c0919415622d86c3d6ab19f0f92ea938788db847

SHA256
65a7cb8fd1c7c529c40345b4746818f8947be736aa105007dfcc57b05897ed62

SHA512
9ca9e00bb6502a6ab481849b11c11526a12e5a1f436f929381d038e370c991e89a7bbcddc62da436accaeaa1d292b6453fdea964d645d08299a64aa603f8bc69

Download Submit
memory/1340-753-0x0000000002130000-0x0000000002131000-memory.dmp

Filesize
4KB

Download
memory/1340-751-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1340-754-0x0000000002130000-0x0000000002131000-memory.dmp

Filesize
4KB

Download
memory/1340-755-0x0000000002130000-0x0000000002131000-memory.dmp

Filesize
4KB

Download
memory/1340-785-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2284-643-0x0000000000500000-0x0000000000580000-memory.dmp

Filesize
512KB

Download
memory/2284-644-0x0000000005720000-0x0000000005CC6000-memory.dmp

Filesize
5.6MB

Download
memory/2284-645-0x0000000005210000-0x00000000052A2000-memory.dmp

Filesize
584KB

Download

Resubmissions

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads