ramnit | 653d0cdec49318d4d6931e1fdb2a6e9e06b55583ee1b6271324e705fa4f1e55c

Analysis

max time kernel
101s
max time network
149s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
27/02/2025, 07:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe
Size

1.5MB
MD5

8685397030bbd818fe541e1e95390b98
SHA1

16d5614ac965bf805e5829ee251e8153e0d59334
SHA256

653d0cdec49318d4d6931e1fdb2a6e9e06b55583ee1b6271324e705fa4f1e55c
SHA512

b150ff82b2b6da509f99ced91a01807b1c6f25dde673d6f8c07ee7e9197bda38db6798a96ebcedb4bdcd13c8731418ec0849514bf10fc758208dfe59a17a6ac6
SSDEEP

24576:VsLp0FasdJu/+/dfMs2KLoyaU/5DeTgtMyPtTopLo/yydpgYE:ipncZO+HCyPtToZo6ydpgB

Score

10^/10

ramnit socelars banker discovery spyware stealer trojan upx worm

Malware Config

Extracted

Family

socelars

https://hueduy.s3.eu-west-1.amazonaws.com/dkfjrg725/

Signatures

Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
trojan spyware stealer worm banker ramnit
Ramnit family
ramnit
Socelars
Socelars is an infostealer targeting browser cookies and credit card credentials.
stealer socelars
Socelars family
socelars

Socelars payload 2 IoCs

resource	yara_rule
behavioral1/memory/2016-0-0x0000000000840000-0x00000000009D1000-memory.dmp	family_socelars
behavioral1/memory/2016-528-0x0000000000840000-0x00000000009D1000-memory.dmp	family_socelars

Executes dropped EXE 1 IoCs

pid	Process
2128	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnitmgr.exe

Loads dropped DLL 2 IoCs

pid	Process
2016	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe
2016	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
15	iplogger.org
14	iplogger.org

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000c0000000122e0-8.dat	upx
behavioral1/memory/2128-11-0x0000000000400000-0x000000000045D000-memory.dmp	upx
behavioral1/memory/2128-13-0x0000000000400000-0x000000000045D000-memory.dmp	upx
behavioral1/memory/2128-17-0x0000000000400000-0x000000000045D000-memory.dmp	upx
behavioral1/memory/2128-16-0x0000000000400000-0x000000000045D000-memory.dmp	upx
behavioral1/memory/2128-33-0x0000000000400000-0x000000000045D000-memory.dmp	upx

Drops file in Program Files directory 10 IoCs

description	ioc	Process
File created	C:\Program Files\aieoplapobidheellikiicjfpamacpfd\js\mode-ecb.js	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe
File created	C:\Program Files\aieoplapobidheellikiicjfpamacpfd\js\pad-nopadding.js	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe
File created	C:\Program Files\aieoplapobidheellikiicjfpamacpfd\manifest.json	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe
File created	C:\Program Files\aieoplapobidheellikiicjfpamacpfd\background.html	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe
File created	C:\Program Files\aieoplapobidheellikiicjfpamacpfd\js\aes.js	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe
File opened for modification	C:\Program Files\aieoplapobidheellikiicjfpamacpfd\js\background.js	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe
File created	C:\Program Files\aieoplapobidheellikiicjfpamacpfd\icon.png	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe
File created	C:\Program Files\aieoplapobidheellikiicjfpamacpfd\js\background.js	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe
File created	C:\Program Files\aieoplapobidheellikiicjfpamacpfd\js\content.js	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe
File created	C:\Program Files\aieoplapobidheellikiicjfpamacpfd\js\jquery-3.3.1.min.js	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnitmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Kills process with taskkill 1 IoCs

defense_evasion

pid	Process
696	taskkill.exe

Modifies Internet Explorer settings 1 TTPs 52 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{DDE47951-F4D8-11EF-B432-C6DA928D33CD} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{DDEB9D71-F4D8-11EF-B432-C6DA928D33CD} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "446801642"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3290804112-2823094203-3137964600-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2128	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnitmgr.exe
2128	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnitmgr.exe
2128	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnitmgr.exe
2128	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnitmgr.exe
2128	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnitmgr.exe
2128	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnitmgr.exe
2128	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnitmgr.exe
2128	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnitmgr.exe
2416	chrome.exe
2416	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeCreateTokenPrivilege	2016	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe
Token: SeAssignPrimaryTokenPrivilege	2016	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe
Token: SeLockMemoryPrivilege	2016	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe
Token: SeIncreaseQuotaPrivilege	2016	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe
Token: SeMachineAccountPrivilege	2016	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe
Token: SeTcbPrivilege	2016	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe
Token: SeSecurityPrivilege	2016	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe
Token: SeTakeOwnershipPrivilege	2016	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe
Token: SeLoadDriverPrivilege	2016	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe
Token: SeSystemProfilePrivilege	2016	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe
Token: SeSystemtimePrivilege	2016	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe
Token: SeProfSingleProcessPrivilege	2016	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe
Token: SeIncBasePriorityPrivilege	2016	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe
Token: SeCreatePagefilePrivilege	2016	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe
Token: SeCreatePermanentPrivilege	2016	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe
Token: SeBackupPrivilege	2016	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe
Token: SeRestorePrivilege	2016	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe
Token: SeShutdownPrivilege	2016	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe
Token: SeDebugPrivilege	2016	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe
Token: SeAuditPrivilege	2016	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe
Token: SeSystemEnvironmentPrivilege	2016	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe
Token: SeChangeNotifyPrivilege	2016	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe
Token: SeRemoteShutdownPrivilege	2016	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe
Token: SeUndockPrivilege	2016	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe
Token: SeSyncAgentPrivilege	2016	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe
Token: SeEnableDelegationPrivilege	2016	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe
Token: SeManageVolumePrivilege	2016	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe
Token: SeImpersonatePrivilege	2016	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe
Token: SeCreateGlobalPrivilege	2016	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe
Token: 31	2016	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe
Token: 32	2016	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe
Token: 33	2016	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe
Token: 34	2016	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe
Token: 35	2016	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe
Token: SeDebugPrivilege	2128	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnitmgr.exe
Token: SeDebugPrivilege	696	taskkill.exe
Token: SeShutdownPrivilege	2416	chrome.exe
Token: SeShutdownPrivilege	2416	chrome.exe
Token: SeShutdownPrivilege	2416	chrome.exe
Token: SeShutdownPrivilege	2416	chrome.exe
Token: SeShutdownPrivilege	2416	chrome.exe
Token: SeShutdownPrivilege	2416	chrome.exe
Token: SeShutdownPrivilege	2416	chrome.exe
Token: SeShutdownPrivilege	2416	chrome.exe
Token: SeShutdownPrivilege	2416	chrome.exe
Token: SeShutdownPrivilege	2416	chrome.exe
Token: SeShutdownPrivilege	2416	chrome.exe
Token: SeShutdownPrivilege	2416	chrome.exe
Token: SeShutdownPrivilege	2416	chrome.exe
Token: SeShutdownPrivilege	2416	chrome.exe
Token: SeShutdownPrivilege	2416	chrome.exe
Token: SeShutdownPrivilege	2416	chrome.exe
Token: SeShutdownPrivilege	2416	chrome.exe
Token: SeShutdownPrivilege	2416	chrome.exe
Token: SeShutdownPrivilege	2416	chrome.exe
Token: SeShutdownPrivilege	2416	chrome.exe
Token: SeShutdownPrivilege	2416	chrome.exe
Token: SeShutdownPrivilege	2416	chrome.exe
Token: SeShutdownPrivilege	2416	chrome.exe
Token: SeShutdownPrivilege	2416	chrome.exe
Token: SeShutdownPrivilege	2416	chrome.exe
Token: SeShutdownPrivilege	2416	chrome.exe
Token: SeShutdownPrivilege	2416	chrome.exe
Token: SeShutdownPrivilege	2416	chrome.exe

Suspicious use of FindShellTrayWindow 36 IoCs

pid	Process
2836	iexplore.exe
2624	iexplore.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe
2416	chrome.exe

Suspicious use of SetWindowsHookEx 10 IoCs

pid	Process
2624	iexplore.exe
2624	iexplore.exe
2836	iexplore.exe
2836	iexplore.exe
2692	IEXPLORE.EXE
2692	IEXPLORE.EXE
2752	IEXPLORE.EXE
2752	IEXPLORE.EXE
2752	IEXPLORE.EXE
2752	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2016 wrote to memory of 2128	2016	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe	31
PID 2016 wrote to memory of 2128	2016	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe	31
PID 2016 wrote to memory of 2128	2016	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe	31
PID 2016 wrote to memory of 2128	2016	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe	31
PID 2128 wrote to memory of 2836	2128	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnitmgr.exe	32
PID 2128 wrote to memory of 2836	2128	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnitmgr.exe	32
PID 2128 wrote to memory of 2836	2128	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnitmgr.exe	32
PID 2128 wrote to memory of 2836	2128	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnitmgr.exe	32
PID 2128 wrote to memory of 2624	2128	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnitmgr.exe	33
PID 2128 wrote to memory of 2624	2128	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnitmgr.exe	33
PID 2128 wrote to memory of 2624	2128	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnitmgr.exe	33
PID 2128 wrote to memory of 2624	2128	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnitmgr.exe	33
PID 2624 wrote to memory of 2752	2624	iexplore.exe	34
PID 2624 wrote to memory of 2752	2624	iexplore.exe	34
PID 2624 wrote to memory of 2752	2624	iexplore.exe	34
PID 2624 wrote to memory of 2752	2624	iexplore.exe	34
PID 2836 wrote to memory of 2692	2836	iexplore.exe	35
PID 2836 wrote to memory of 2692	2836	iexplore.exe	35
PID 2836 wrote to memory of 2692	2836	iexplore.exe	35
PID 2836 wrote to memory of 2692	2836	iexplore.exe	35
PID 2016 wrote to memory of 2432	2016	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe	37
PID 2016 wrote to memory of 2432	2016	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe	37
PID 2016 wrote to memory of 2432	2016	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe	37
PID 2016 wrote to memory of 2432	2016	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe	37
PID 2432 wrote to memory of 696	2432	cmd.exe	39
PID 2432 wrote to memory of 696	2432	cmd.exe	39
PID 2432 wrote to memory of 696	2432	cmd.exe	39
PID 2432 wrote to memory of 696	2432	cmd.exe	39
PID 2016 wrote to memory of 2416	2016	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe	42
PID 2016 wrote to memory of 2416	2016	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe	42
PID 2016 wrote to memory of 2416	2016	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe	42
PID 2016 wrote to memory of 2416	2016	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe	42
PID 2416 wrote to memory of 1996	2416	chrome.exe	43
PID 2416 wrote to memory of 1996	2416	chrome.exe	43
PID 2416 wrote to memory of 1996	2416	chrome.exe	43
PID 2416 wrote to memory of 1140	2416	chrome.exe	44
PID 2416 wrote to memory of 1140	2416	chrome.exe	44
PID 2416 wrote to memory of 1140	2416	chrome.exe	44
PID 2416 wrote to memory of 1140	2416	chrome.exe	44
PID 2416 wrote to memory of 1140	2416	chrome.exe	44
PID 2416 wrote to memory of 1140	2416	chrome.exe	44
PID 2416 wrote to memory of 1140	2416	chrome.exe	44
PID 2416 wrote to memory of 1140	2416	chrome.exe	44
PID 2416 wrote to memory of 1140	2416	chrome.exe	44
PID 2416 wrote to memory of 1140	2416	chrome.exe	44
PID 2416 wrote to memory of 1140	2416	chrome.exe	44
PID 2416 wrote to memory of 1140	2416	chrome.exe	44
PID 2416 wrote to memory of 1140	2416	chrome.exe	44
PID 2416 wrote to memory of 1140	2416	chrome.exe	44
PID 2416 wrote to memory of 1140	2416	chrome.exe	44
PID 2416 wrote to memory of 1140	2416	chrome.exe	44
PID 2416 wrote to memory of 1140	2416	chrome.exe	44
PID 2416 wrote to memory of 1140	2416	chrome.exe	44
PID 2416 wrote to memory of 1140	2416	chrome.exe	44
PID 2416 wrote to memory of 1140	2416	chrome.exe	44
PID 2416 wrote to memory of 1140	2416	chrome.exe	44
PID 2416 wrote to memory of 1140	2416	chrome.exe	44
PID 2416 wrote to memory of 1140	2416	chrome.exe	44
PID 2416 wrote to memory of 1140	2416	chrome.exe	44
PID 2416 wrote to memory of 1140	2416	chrome.exe	44
PID 2416 wrote to memory of 1140	2416	chrome.exe	44
PID 2416 wrote to memory of 1140	2416	chrome.exe	44
PID 2416 wrote to memory of 1140	2416	chrome.exe	44
PID 2416 wrote to memory of 1140	2416	chrome.exe	44

C:\Users\Admin\AppData\Local\Temp\2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe
"C:\Users\Admin\AppData\Local\Temp\2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2016
- C:\Users\Admin\AppData\Local\Temp\2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnitmgr.exe
  C:\Users\Admin\AppData\Local\Temp\2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnitmgr.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2128
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe"
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2836
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2836 CREDAT:275457 /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:2692
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe"
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2624
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2624 CREDAT:275457 /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:2752
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c taskkill /f /im chrome.exe
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2432
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im chrome.exe
    3⤵
    - System Location Discovery: System Language Discovery
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe"
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:2416
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef64e9758,0x7fef64e9768,0x7fef64e9778
    3⤵
    PID:1996
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1196 --field-trial-handle=1380,i,14566039024791022163,3692622500535566106,131072 /prefetch:2
    3⤵
    PID:1140
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1428 --field-trial-handle=1380,i,14566039024791022163,3692622500535566106,131072 /prefetch:8
    3⤵
    PID:1644
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1616 --field-trial-handle=1380,i,14566039024791022163,3692622500535566106,131072 /prefetch:8
    3⤵
    PID:844
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2316 --field-trial-handle=1380,i,14566039024791022163,3692622500535566106,131072 /prefetch:1
    3⤵
    PID:2136
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2328 --field-trial-handle=1380,i,14566039024791022163,3692622500535566106,131072 /prefetch:1
    3⤵
    PID:1028
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2696 --field-trial-handle=1380,i,14566039024791022163,3692622500535566106,131072 /prefetch:1
    3⤵
    PID:876
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1556 --field-trial-handle=1380,i,14566039024791022163,3692622500535566106,131072 /prefetch:2
    3⤵
    PID:1672
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=1412 --field-trial-handle=1380,i,14566039024791022163,3692622500535566106,131072 /prefetch:1
    3⤵
    PID:1248
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3748 --field-trial-handle=1380,i,14566039024791022163,3692622500535566106,131072 /prefetch:8
    3⤵
    PID:1096
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3728 --field-trial-handle=1380,i,14566039024791022163,3692622500535566106,131072 /prefetch:8
    3⤵
    PID:1140
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4004 --field-trial-handle=1380,i,14566039024791022163,3692622500535566106,131072 /prefetch:8
    3⤵
    PID:2412

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2964

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\aieoplapobidheellikiicjfpamacpfd\background.html

Filesize
786B

MD5
9ffe618d587a0685d80e9f8bb7d89d39

SHA1
8e9cae42c911027aafae56f9b1a16eb8dd7a739c

SHA256
a1064146f622fe68b94cd65a0e8f273b583449fbacfd6fd75fec1eaaf2ec8d6e

SHA512
a4e1f53d1e3bf0ff6893f188a510c6b3da37b99b52ddd560d4c90226cb14de6c9e311ee0a93192b1a26db2d76382eb2350dc30ab9db7cbd9ca0a80a507ea1a12

Download Submit
C:\Program Files\aieoplapobidheellikiicjfpamacpfd\icon.png

Filesize
6KB

MD5
c8d8c174df68910527edabe6b5278f06

SHA1
8ac53b3605fea693b59027b9b471202d150f266f

SHA256
9434dd7008059a60d6d5ced8c8a63ab5cae407e7152da98ca4dda408510f08f5

SHA512
d439e5124399d1901934319535b7156c0ca8d76b5aa4ddf1dd0b598d43582f6d23c16f96be74d3cd5fe764396da55ca51811d08695f356f12f7a8a71bcc7e45c

Download Submit
C:\Program Files\aieoplapobidheellikiicjfpamacpfd\js\aes.js

Filesize
13KB

MD5
4ff108e4584780dce15d610c142c3e62

SHA1
77e4519962e2f6a9fc93342137dbb31c33b76b04

SHA256
fc7e184beeda61bf6427938a84560f52348976bb55e807b224eb53930e97ef6a

SHA512
d6eee0fc02205a3422c16ad120cad8d871563d8fcd4bde924654eac5a37026726328f9a47240cf89ed6c9e93ba5f89c833e84e65eee7db2b4d7d1b4240deaef2

Download Submit
C:\Program Files\aieoplapobidheellikiicjfpamacpfd\js\background.js

Filesize
19KB

MD5
74082c4e0667366aabb5d13111d4f3f1

SHA1
f419f0e33517296cc082973f43fe4020af434bed

SHA256
040ef2d11277a14993cb7e8511ae05f2009278d5203d1c230e74cbdb4d5a723b

SHA512
4fa516b07b5800c1bbf1c0c0390fd325e654cadb7a6bff5d779ab19772c282a2fec07cca1471c1d3102ecc4b24d23c15fc81d1f780492dc680c222bcd63dec20

Download Submit
C:\Program Files\aieoplapobidheellikiicjfpamacpfd\js\content.js

Filesize
3KB

MD5
368dbd669e86a3e5d6f38cf0025a31fd

SHA1
93c6f457d876646713913f3fa59f44a9a373ff03

SHA256
40d6653a91bd77ecbd6e59151febb0d8b157b66706aab53d4c281bb1f2fe0cd6

SHA512
24881d53e334510748f51ce814c6e41c4de2094fd3acc1f250f8a73e26c64d5a74430b6c891fc03b28fb7bddfcf8b540edcf86498d2bb597e70c2b80b172ee7e

Download Submit
C:\Program Files\aieoplapobidheellikiicjfpamacpfd\js\jquery-3.3.1.min.js

Filesize
84KB

MD5
a09e13ee94d51c524b7e2a728c7d4039

SHA1
0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae

SHA256
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

SHA512
f8da8f95b6ed33542a88af19028e18ae3d9ce25350a06bfc3fbf433ed2b38fefa5e639cddfdac703fc6caa7f3313d974b92a3168276b3a016ceb28f27db0714a

Download Submit
C:\Program Files\aieoplapobidheellikiicjfpamacpfd\js\mode-ecb.js

Filesize
604B

MD5
23231681d1c6f85fa32e725d6d63b19b

SHA1
f69315530b49ac743b0e012652a3a5efaed94f17

SHA256
03164b1ac43853fecdbf988ce900016fb174cf65b03e41c0a9a7bf3a95e8c26a

SHA512
36860113871707a08401f29ab2828545932e57a4ae99e727d8ca2a9f85518d3db3a4e5e4d46ac2b6ba09494fa9727c033d77c36c4bdc376ae048541222724bc2

Download Submit
C:\Program Files\aieoplapobidheellikiicjfpamacpfd\js\pad-nopadding.js

Filesize
268B

MD5
0f26002ee3b4b4440e5949a969ea7503

SHA1
31fc518828fe4894e8077ec5686dce7b1ed281d7

SHA256
282308ebc3702c44129438f8299839ca4d392a0a09fdf0737f08ef1e4aff937d

SHA512
4290a1aee5601fcbf1eb2beec9b4924c30cd218e94ae099b87ba72c9a4fa077e39d218fc723b8465d259028a6961cc07c0cd6896aa2f67e83f833ca023a80b11

Download Submit
C:\Program Files\aieoplapobidheellikiicjfpamacpfd\manifest.json

Filesize
1KB

MD5
6da6b303170ccfdca9d9e75abbfb59f3

SHA1
1a8070080f50a303f73eba253ba49c1e6d400df6

SHA256
66f5620e3bfe4692b14f62baad60e3269327327565ff8b2438e98ce8ed021333

SHA512
872957b63e8a0d10791877e5d204022c08c8e8101807d7ebe6fd537d812ad09e14d8555ccf53dc00525a22c02773aa45b8fa643c05247fb0ce6012382855a89a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
71KB

MD5
83142242e97b8953c386f988aa694e4a

SHA1
833ed12fc15b356136dcdd27c61a50f59c5c7d50

SHA256
d72761e1a334a754ce8250e3af7ea4bf25301040929fd88cf9e50b4a9197d755

SHA512
bb6da177bd16d163f377d9b4c63f6d535804137887684c113cc2f643ceab4f34338c06b5a29213c23d375e95d22ef417eac928822dfb3688ce9e2de9d5242d10

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
bca5a607dc37308f070d1a707c48a209

SHA1
169a6aff22486ed4914fc548a57f761a9e649fb9

SHA256
f5b23d4fbc686b6f0ea888bd964811aeb8dc4715e3da69b7a545efba5eebeef7

SHA512
a22f8463c005aaece6664b321b4ad7a957c24bd55f6e8e760e6550f231cfac581b3e22807d82231e10286d015c3a2190adb5f83c0e37546fe3e4debcc9e0e514

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
f8b6a6de24adf50904df77162455709a

SHA1
5a25e9811d1e0128f01783fe8fe3c2e9b0b34b1d

SHA256
f5a0cecf07c5da9737d403d62bbbcd77e3781b1d1ed17fcedab6a7effe0388a8

SHA512
6cb574bd678915a82ed615e2c36bd17bb933b7a6287c5a2a77ff5d2f434bee1f54e762e2e404bdb006687282ffe511844e64d210b364fae7bfa9a921f44e07d5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c391baaae9bb08e9c00f27f5bf9565df

SHA1
88c136aa3a4c094f9d5122ee87bb5f315715a1ad

SHA256
067ed0618dd731f5ab3b2747323d0d354e8fea1023d99db5aaf5e766aac15e1a

SHA512
9cf9ba6f150660e1e99e18c391726366a0e33de30f5825109d874e959e682e269f85f16d252463befd617a0359298dbd27bc5b83b24692392a01eff2409e182f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fc2a5ec29a70f2b86165ebaa2fcf5fb4

SHA1
d51f80dd128b22cb073392b7392604d1edd660fb

SHA256
0821672395813d8a7b9ca524c8fb6bf1968dcd1b0a5d13f3140371c96d854301

SHA512
1f1e753781e093b1ccaaaaed5560ed0c8166671df0667ed5976ec0362d3d895d43a0efeebe764c7a9b0637b547d1f4ca8d87cdf647e7433d5cd56da5a3485bbd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8c5a9dd175687f17e9071e83866680e8

SHA1
7581a738628ff2f13a51caf4eb31837a17523af2

SHA256
5f5f9fcc2d9f41b33326c91ad7d9ee4f25556b36180331af53018c4df082b80c

SHA512
56744ba1ddffbaaba555baf9af73355fca85901f31374cd52f1427d793649bbe135c16e4f233c7bdb25b7302b94d4e8e7fd36ac389e9d229dc5fcb55aac2d661

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fcf999c5017bf00cf1707e2418dfdfee

SHA1
06631b03a644f7b1ea180af38fd5a6f283aa1ee6

SHA256
c7af503932b8d370b30adf60d97992bbedc35f62d8b3fc92b3b00a0b68a8e936

SHA512
78245bf74d7d80e0f578c1d5231c596f7d60dbf31e77ff14d3a0e50c56867958ab3bd17491f213179b2efa06c5214475b8dc151a54ec5f5947e58d08943a5bd4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c2ba7553f1e6fe557043cdd7546bd2a2

SHA1
ef77e9e114f4f843fd421b9602bd03ba1c395f1d

SHA256
8d44ad814a5b10a8ff986025dece58c80f805043e8049c3daf750eed0dce7d91

SHA512
e5f9a3919f6c9c46cecf205fc774249626c6386cd52d13ea1e15d3378d56ca1ce336ab4f49a8b7528ceb6c1aa676cc440cec085e2f760e1bb61df3f2541fb5b7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4383330b2486af31b2863c25e67ce50c

SHA1
0059c72bc6e44278b70b15f23d37197d1fcf8468

SHA256
5b21c7a2c0645a9526b265a796b296b079cd238a683750457f606818e2c92dfe

SHA512
4fc59360cc0c8c30880d43b5defb46183944196cb212fb003a22c2dc7f49d493426400fd07a0dd45893067d946b809ce10ab3e5f09561a2a5285ad18d50c7881

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9058fb1e1e3ea75ffe0bc828f1721296

SHA1
91eea754d5e9f98e70e1abfa102b3f2138cb666a

SHA256
a74117cdd43b3fabde4b3c4f90f65d6233d4d90689afb0564ea57fece3ff1a26

SHA512
8a1099d0334fc29bd92e085be5623ca66c30eabf4964e4afb23aafb91ef378f85667d75660cecffd4df0702063b488249e2c2d61c5c60c32cd23c2d5890986d4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
83324d965f17edc3b64ef3c492f063f7

SHA1
a17f84747042e648eb56e0525c8d3abdba489190

SHA256
44607a28fb99e066c7913c522d08ab9ca979d4745e43201eceefde163a6bf7aa

SHA512
271c74e53188cc89787b87fed44379b0741b829eacccb7c17033dd1b34a141a08c4913e2e0bddcc84e29a90289f18e19a83a34ac0fdfa58370f9a27136eb7ccf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8777738a47309ca78dbe87b7aa3c4765

SHA1
bf0c35144990000b76e5fd00f52cdf1be5c2df91

SHA256
2b20092dbe3606b42873d316b53fee710c69290c4426ab985b2b412e554f1fcd

SHA512
7c75db682836e4a987dc273e22308e3bee14177fefcef2734e4d1e017f4c9d1e7a4db839b68b0fd536eb0364b036dcaca3f9ba77f746bbfb9718b19afd771404

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
33c18e59faee60d07527d9e4b48b58fc

SHA1
97750fc09a3960bc2fe985549a8a683e105b0f61

SHA256
fde19831fbd17357253ccb442d274bf4ae9b847053cdaf73efc573b7af6077cd

SHA512
f37c251dd00fde2e3705f996df05727d6045f661a1fbb7a24f24021b6814b485a7d657b669f58a158031b0826751b92ffebbc52705bdf132b0c2ef077320efa0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f59f6e97baab77dd5c75791bb9036a82

SHA1
6e8a170d962eaa7828f5468e8c49ea57dd53d7d3

SHA256
b41656c226df5c909a311ceb392961bb0ebfc224e7f610b38b93350666279fa1

SHA512
a8082c56d4fd12a927e6f2b87aac4dc9cd4716371261abccb7b28b258821b4c54be354516e1ea040e4eca4fd078a1041f1e94cb78b016e844ac4f3ded4b7fb95

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
025e7899202d3c631d525e79754a19f8

SHA1
0faf6e44255fcdf419eea83337f307867d9a5b68

SHA256
e43002dc010a07ec06bc0eb943f0d9ba0b00e27ecf77333b1ef21d9765710c4d

SHA512
e1113c74e892d27bc805eaa4bf0fe33204b05529bda6d4fcfe592194bbb59505d6a16d148c031ad4ab7c4ec697ca2b99e371ddca90a9df45b6e9216801e292e8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a95462d63a49b242499e412fe0723f5f

SHA1
c1f142d547691b115d3f2de74d9305726d387464

SHA256
8b7f4c8373e7bed30af1c8c658e70efb4bd33e7aca7a9c238db45318bb4d67e6

SHA512
e94750064372d10764033d88c879aa498c24d82db0ceadba1a3cf83dfb7eb9820ba44f514a2a235d000eec3dc70e61d38e0d7afee159fceb5de53155250ba5a4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fc7cb7f62443866136fe6e96b57f8ad6

SHA1
a8e9650a2c4aaff68593b59c061a1a52389e15df

SHA256
a62d1e9d7ae7baa92ed490cde27d1b50ce7ebbca6f9f5f0fa9a9e8784cfb1c3e

SHA512
8d4aa3734cef5004ee0e1e4c5e6133684e624abcd7ba96957c4097fd4aedee94e26457a212334e95686d9ce65cdc7f47858aeafbf64a8f24a801b118d83bf93d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
88683056d72797ef2b86f82e3d2cbeac

SHA1
2b72a1b94764f5382a12e3934f3b1ebe1a96f286

SHA256
2b436f9b201765cbbeeade64024e0ed449f17adb8fea64e7163ffe313fea5613

SHA512
3ce7c06d5299ef3e9a84c3ae23e0a796587e34345f0ceb99da6c93825279394154b318700b1a9b15d57c7c36a1f289e7076521889e1dd9a107601b13a8154939

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e4c61b7928c36622ec30da22fc1a5c80

SHA1
86e61a1f41e7c92dc72ac1fa420f512d8d54e414

SHA256
4f53e78bebc56c11facf2f8167cd0123461637e3db4b7e9563093ece31acdef1

SHA512
992c794b932b2dfd871302b2141f90f8661b6b36c2a4aa122565fd2eb7f4b16a3dad38ac032b27dfe5f23a9014007772bfd70d28ebc75b4cde2b3675153c198f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9584e2afd85facb43aa3ea9c93931867

SHA1
4bcd3f0d0a839447e49d2a0a223195bd558227e6

SHA256
a0ad01a676750c2097b80561a9a66d390a591420fde8099b6cb930ebd46a1916

SHA512
38ba56e40bc081dfe6686f5d3af64a03c1b246936ed54f072d9b36361ae29e847209a1024d561e175dd3757ac8e2668c31f416b83e44a13d7b806086a7b59ab1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cc6c6c6311f03922b0450899bb4b7e97

SHA1
72e6e3522724a5005795cbe7bd44f1dd16736250

SHA256
200dead157ef05c28e581ac8cdd678e9371d0387a5a05b70bfd74dde1631b99c

SHA512
d205abfbb5e348559eb3a06ee33a5eca105719cba814e47f366bd7c2b33dc95dc709cce6bbdc2234e14103987be20af003bbf7ae91d6d19a3f4e3905b0c0f815

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5ee0ac0a4661a380e612203c97990aae

SHA1
00db5e95c370018e366504dae687e34a66b3339a

SHA256
3efb9ddc1129774998e358ef6289e12716864580c0a23aa17d35c88600b8b774

SHA512
8acf5a03bd9a2e6ae345653e140f5c9b367225ffcb1a50b406565c99dbdad24a64512d6961c0ac5fd39eadc7fc4a067db842756a6928983a8f2eb5ed6745b892

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5aa9e0572406c92ef109b79c8be4d16f

SHA1
9317522483413589c79b84bcc1c36c4ab0d63077

SHA256
05ae49fe9566f1824512a3760fb32a1e968c8c21fe48df98579f0f9616fb19ae

SHA512
1ec02eff08eb1a20a80a9c479e896d6ead4f8018e8f009a79cf6496ca077bb68aa5b5c5feda412eb74fb54d431d777f9b775f4cc91558de711d605d59ea2ec34

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
80b3734c2773b810232b8baad9b458ce

SHA1
205ba998bb830a4d60f9d11d194adb851eb44675

SHA256
dbd562bb8c7af0fe7f66316f7883ba182fef7ffed13df64b2e28f5ea64191deb

SHA512
1c7ce2cd00bad4982129ad4e44720a3ba6df9f9c6aef809e9bd7bf2a4d689cd6fda09f569b8052c2a111b9574d96b3251d206e9e45720d52fc558e3cd6c4ec29

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
6db2d2d402ed69d2b8ca207c6fa40a83

SHA1
2b741447c12fa1e54357bae8380d81dca8d5aee4

SHA256
d0a3cc06f7f828981f7c5d1eb128c09ed22eea11a932c646764ff7959bfc1377

SHA512
71c8c5d8545e29bd95b54ddee708df3f6367ae0501ae52141f2a9b5373b1b7e332aa0b7ee4bd23fd46da55f7158addc0c76de3f82d9793af20d34600b02cc370

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
854B

MD5
bb68bf71353de2df7db2d07ed4e56505

SHA1
7595c1ca4aa448e04cd7bf9f5088c8dafef76f0a

SHA256
6a58aa7e7169c30ea8bdf920cd0f533ab7b8f785a37f637205306e8dab0bb047

SHA512
0e075f5028f442317ddbb39419efa724cb5770013c020931f12913a03a1d1963f9035ed2610f781b76cca8b6d793c14afe56442aa76ea5839ae67f3c080beaf4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
854B

MD5
c307555f603e86a5698f979850c445fd

SHA1
210454d6df7436ef466bdb6c0cfc257301c985c8

SHA256
9f86afd3da9a1433e657114f136c62c2c0d0fa663c5296a68f42ff5d2d9c51ff

SHA512
dfd37cfafb6c8b94acd035e3ca5e7cdefd23469a340309c3a42df5a8f877ce8979603426a0d5b6912d1de36e9a6aac51b5954e4c66ec9f6dfd7c9664b178046b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
854B

MD5
794c9470fb43552bd186fee3735b9441

SHA1
c10229c11ed7d95b63f5235032cceda91caae460

SHA256
216fb721dca367489a7acba7a3a1a3f10737f2f9d9858639ad2ab0f30b7a2b91

SHA512
7859de8724f03fde3e31606749ca0181476643f8d00492874d8b6b21275a8704433ce8afb8ffaa24c3192db914f44ecd8b7a6972fde6094e806fa114b76da9d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
2c7f9fe6200cbbcc431d0e9ba54adac3

SHA1
cbee5a26c32b7f59ee5fb854c214d7941295379c

SHA256
da37914e82d3fca1d3ab50f4129efef107fd4d1531ef8c7f1329d95a7151705e

SHA512
47340ca686bd46af064e424d044a141d73c78922bdb3c50d0e46fd65502584c336280150fef7f66ea53677704c2b06a571c997c8a43baf359ff1ab020364cfdb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
1f45f91818d285faabbc4d12cb8fe125

SHA1
248864f30bbf831e81eb06bfbb778281fad6cf87

SHA256
bec3b758af0fedb8edd988a7e5e3c01d18084017c43171cdb793ecde43de6bf4

SHA512
0cbe9341b09e296e1e6fc6115f074f22c7392b8296078bfb0fa6664b57e89a717e3753790ef3a88c857be8e9e2ef0c884ff5a7bd4d2b0538fcd4a60e4ecb71e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
11KB

MD5
71abb62ae5bc04d5e366660d20d129b9

SHA1
ca9aec40226ea032e533f62e7f046bd3637a8d1d

SHA256
4b7293cebc94895508cffffe5316d0a62f95a41b63be4179b9ba4dbdff46a3c6

SHA512
202d5164115e2f2b7223cb223d21981abd0cf15e6515c52929a93fd0afaee6573ca86f88f7008d28c8166fb21710066532f0eb2dca3f36f8a0116584a9aed4b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\aieoplapobidheellikiicjfpamacpfd\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{DDE47951-F4D8-11EF-B432-C6DA928D33CD}.dat

Filesize
5KB

MD5
2e20fd14bb1d6d09102c12984973d001

SHA1
5424cc065715bc2ba769df2b6b985e0e894860a9

SHA256
faa3c89f2bf6fd400ece186e225f881f9c8d89fabe5f7cc847089fcd00804128

SHA512
dfb67d0c30518b5eedf7024becd61b1ed142075be76173f28ca401becda9a639071865d752fa985b522ea71847bb08fdc744bda214b6b83f35d0a8c5311f5d99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{DDEB9D71-F4D8-11EF-B432-C6DA928D33CD}.dat

Filesize
3KB

MD5
74f4ec9c309719dfc7d3a792789143a4

SHA1
47ba1d12755f7f8701b89f9f9c782cacc95b1ee2

SHA256
eb07f93253b138932f72713672ff53fa56e4e67432052f90da0353bdb3f33834

SHA512
3c88b748dad057d738249e4e1b9f413732892713a3157192716155c5a78ce113ed6d92a344c7c76113121e48adccb1ef31e6e792d448283fb7d50d349fba6a23

Download Submit
C:\Users\Admin\AppData\Local\Temp\2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnitmgr.exe

Filesize
105KB

MD5
d5ca6e1f080abc64bbb11e098acbeabb

SHA1
1849634bf5a65e1baddddd4452c99dfa003e2647

SHA256
30193b5ccf8a1834eac3502ef165350ab74b107451145f3d2937fdf24b9eceae

SHA512
aa57ce51de38af6212d7339c4baac543a54b0f527621b0ef9e78eca5e5699e8508a154f54f8ac04135527d8417275eeee72a502a362547575699330cc756b161

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabF22F.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarF230.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarF320.tmp

Filesize
183KB

MD5
109cab5505f5e065b63d01361467a83b

SHA1
4ed78955b9272a9ed689b51bf2bf4a86a25e53fc

SHA256
ea6b7f51e85835c09259d9475a7d246c3e764ad67c449673f9dc97172c351673

SHA512
753a6da5d6889dd52f40208e37f2b8c185805ef81148682b269fff5aa84a46d710fe0ebfe05bce625da2e801e1c26745998a41266fa36bf47bc088a224d730cc

Download Submit
memory/2016-9-0x0000000000180000-0x00000000001DD000-memory.dmp

Filesize
372KB

Download
memory/2016-34-0x0000000000180000-0x00000000001DD000-memory.dmp

Filesize
372KB

Download
memory/2016-528-0x0000000000840000-0x00000000009D1000-memory.dmp

Filesize
1.6MB

Download
memory/2016-178-0x0000000000180000-0x00000000001DD000-memory.dmp

Filesize
372KB

Download
memory/2016-10-0x0000000000180000-0x00000000001DD000-memory.dmp

Filesize
372KB

Download
memory/2016-0-0x0000000000840000-0x00000000009D1000-memory.dmp

Filesize
1.6MB

Download
memory/2128-13-0x0000000000400000-0x000000000045D000-memory.dmp

Filesize
372KB

Download
memory/2128-14-0x0000000000320000-0x0000000000321000-memory.dmp

Filesize
4KB

Download
memory/2128-11-0x0000000000400000-0x000000000045D000-memory.dmp

Filesize
372KB

Download
memory/2128-12-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2128-17-0x0000000000400000-0x000000000045D000-memory.dmp

Filesize
372KB

Download
memory/2128-16-0x0000000000400000-0x000000000045D000-memory.dmp

Filesize
372KB

Download
memory/2128-15-0x0000000000330000-0x0000000000331000-memory.dmp

Filesize
4KB

Download
memory/2128-33-0x0000000000400000-0x000000000045D000-memory.dmp

Filesize
372KB

Download