ramnit | 653d0cdec49318d4d6931e1fdb2a6e9e06b55583ee1b6271324e705fa4f1e55c

Analysis

max time kernel
40s
max time network
154s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
27/02/2025, 07:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe
Size

1.5MB
MD5

8685397030bbd818fe541e1e95390b98
SHA1

16d5614ac965bf805e5829ee251e8153e0d59334
SHA256

653d0cdec49318d4d6931e1fdb2a6e9e06b55583ee1b6271324e705fa4f1e55c
SHA512

b150ff82b2b6da509f99ced91a01807b1c6f25dde673d6f8c07ee7e9197bda38db6798a96ebcedb4bdcd13c8731418ec0849514bf10fc758208dfe59a17a6ac6
SSDEEP

24576:VsLp0FasdJu/+/dfMs2KLoyaU/5DeTgtMyPtTopLo/yydpgYE:ipncZO+HCyPtToZo6ydpgB

Score

10^/10

ramnit socelars banker discovery spyware stealer trojan upx worm

Malware Config

Extracted

Family

socelars

https://hueduy.s3.eu-west-1.amazonaws.com/dkfjrg725/

Signatures

Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
trojan spyware stealer worm banker ramnit
Ramnit family
ramnit
Socelars
Socelars is an infostealer targeting browser cookies and credit card credentials.
stealer socelars
Socelars family
socelars

Socelars payload 2 IoCs

resource	yara_rule
behavioral1/memory/2412-0-0x00000000010F0000-0x0000000001281000-memory.dmp	family_socelars
behavioral1/memory/2412-323-0x00000000010F0000-0x0000000001281000-memory.dmp	family_socelars

Executes dropped EXE 1 IoCs

pid	Process
2008	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnitmgr.exe

Loads dropped DLL 2 IoCs

pid	Process
2412	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe
2412	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
13	iplogger.org
14	iplogger.org

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2008-17-0x0000000000400000-0x000000000045D000-memory.dmp	upx
behavioral1/memory/2008-15-0x0000000000400000-0x000000000045D000-memory.dmp	upx
behavioral1/memory/2008-13-0x0000000000400000-0x000000000045D000-memory.dmp	upx
behavioral1/memory/2008-11-0x0000000000400000-0x000000000045D000-memory.dmp	upx
behavioral1/files/0x000900000001227e-7.dat	upx
behavioral1/memory/2008-42-0x0000000000400000-0x000000000045D000-memory.dmp	upx

Drops file in Program Files directory 10 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\aieoplapobidheellikiicjfpamacpfd\js\background.js	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe
File created	C:\Program Files\aieoplapobidheellikiicjfpamacpfd\background.html	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe
File created	C:\Program Files\aieoplapobidheellikiicjfpamacpfd\js\aes.js	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe
File created	C:\Program Files\aieoplapobidheellikiicjfpamacpfd\js\background.js	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe
File created	C:\Program Files\aieoplapobidheellikiicjfpamacpfd\js\jquery-3.3.1.min.js	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe
File created	C:\Program Files\aieoplapobidheellikiicjfpamacpfd\js\mode-ecb.js	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe
File created	C:\Program Files\aieoplapobidheellikiicjfpamacpfd\js\pad-nopadding.js	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe
File created	C:\Program Files\aieoplapobidheellikiicjfpamacpfd\icon.png	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe
File created	C:\Program Files\aieoplapobidheellikiicjfpamacpfd\js\content.js	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe
File created	C:\Program Files\aieoplapobidheellikiicjfpamacpfd\manifest.json	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnitmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Kills process with taskkill 1 IoCs

defense_evasion

pid	Process
1576	taskkill.exe

Modifies Internet Explorer settings 1 TTPs 50 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{684CE0A1-F4D9-11EF-AF7A-C23FE47451C3} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff3d0000003d000000c3040000a2020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{68566621-F4D9-11EF-AF7A-C23FE47451C3} = "0"	iexplore.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2008	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnitmgr.exe
2008	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnitmgr.exe
2008	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnitmgr.exe
2008	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnitmgr.exe
2008	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnitmgr.exe
2008	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnitmgr.exe
2008	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnitmgr.exe
2008	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnitmgr.exe
1032	chrome.exe
1032	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeCreateTokenPrivilege	2412	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe
Token: SeAssignPrimaryTokenPrivilege	2412	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe
Token: SeLockMemoryPrivilege	2412	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe
Token: SeIncreaseQuotaPrivilege	2412	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe
Token: SeMachineAccountPrivilege	2412	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe
Token: SeTcbPrivilege	2412	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe
Token: SeSecurityPrivilege	2412	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe
Token: SeTakeOwnershipPrivilege	2412	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe
Token: SeLoadDriverPrivilege	2412	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe
Token: SeSystemProfilePrivilege	2412	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe
Token: SeSystemtimePrivilege	2412	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe
Token: SeProfSingleProcessPrivilege	2412	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe
Token: SeIncBasePriorityPrivilege	2412	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe
Token: SeCreatePagefilePrivilege	2412	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe
Token: SeCreatePermanentPrivilege	2412	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe
Token: SeBackupPrivilege	2412	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe
Token: SeRestorePrivilege	2412	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe
Token: SeShutdownPrivilege	2412	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe
Token: SeDebugPrivilege	2412	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe
Token: SeAuditPrivilege	2412	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe
Token: SeSystemEnvironmentPrivilege	2412	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe
Token: SeChangeNotifyPrivilege	2412	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe
Token: SeRemoteShutdownPrivilege	2412	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe
Token: SeUndockPrivilege	2412	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe
Token: SeSyncAgentPrivilege	2412	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe
Token: SeEnableDelegationPrivilege	2412	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe
Token: SeManageVolumePrivilege	2412	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe
Token: SeImpersonatePrivilege	2412	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe
Token: SeCreateGlobalPrivilege	2412	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe
Token: 31	2412	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe
Token: 32	2412	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe
Token: 33	2412	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe
Token: 34	2412	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe
Token: 35	2412	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe
Token: SeDebugPrivilege	2008	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnitmgr.exe
Token: SeDebugPrivilege	1576	taskkill.exe
Token: SeShutdownPrivilege	1032	chrome.exe
Token: SeShutdownPrivilege	1032	chrome.exe
Token: SeShutdownPrivilege	1032	chrome.exe
Token: SeShutdownPrivilege	1032	chrome.exe
Token: SeShutdownPrivilege	1032	chrome.exe
Token: SeShutdownPrivilege	1032	chrome.exe
Token: SeShutdownPrivilege	1032	chrome.exe
Token: SeShutdownPrivilege	1032	chrome.exe
Token: SeShutdownPrivilege	1032	chrome.exe
Token: SeShutdownPrivilege	1032	chrome.exe
Token: SeShutdownPrivilege	1032	chrome.exe
Token: SeShutdownPrivilege	1032	chrome.exe
Token: SeShutdownPrivilege	1032	chrome.exe
Token: SeShutdownPrivilege	1032	chrome.exe
Token: SeShutdownPrivilege	1032	chrome.exe
Token: SeShutdownPrivilege	1032	chrome.exe
Token: SeShutdownPrivilege	1032	chrome.exe
Token: SeShutdownPrivilege	1032	chrome.exe
Token: SeShutdownPrivilege	1032	chrome.exe
Token: SeShutdownPrivilege	1032	chrome.exe
Token: SeShutdownPrivilege	1032	chrome.exe
Token: SeShutdownPrivilege	1032	chrome.exe
Token: SeShutdownPrivilege	1032	chrome.exe
Token: SeShutdownPrivilege	1032	chrome.exe
Token: SeShutdownPrivilege	1032	chrome.exe
Token: SeShutdownPrivilege	1032	chrome.exe
Token: SeShutdownPrivilege	1032	chrome.exe
Token: SeShutdownPrivilege	1032	chrome.exe

Suspicious use of FindShellTrayWindow 36 IoCs

pid	Process
2424	iexplore.exe
2832	iexplore.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe
1032	chrome.exe

Suspicious use of SetWindowsHookEx 10 IoCs

pid	Process
2424	iexplore.exe
2424	iexplore.exe
2888	IEXPLORE.EXE
2888	IEXPLORE.EXE
2832	iexplore.exe
2832	iexplore.exe
2688	IEXPLORE.EXE
2688	IEXPLORE.EXE
2688	IEXPLORE.EXE
2688	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2412 wrote to memory of 2008	2412	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe	29
PID 2412 wrote to memory of 2008	2412	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe	29
PID 2412 wrote to memory of 2008	2412	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe	29
PID 2412 wrote to memory of 2008	2412	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe	29
PID 2008 wrote to memory of 2424	2008	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnitmgr.exe	30
PID 2008 wrote to memory of 2424	2008	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnitmgr.exe	30
PID 2008 wrote to memory of 2424	2008	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnitmgr.exe	30
PID 2008 wrote to memory of 2424	2008	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnitmgr.exe	30
PID 2008 wrote to memory of 2832	2008	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnitmgr.exe	31
PID 2008 wrote to memory of 2832	2008	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnitmgr.exe	31
PID 2008 wrote to memory of 2832	2008	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnitmgr.exe	31
PID 2008 wrote to memory of 2832	2008	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnitmgr.exe	31
PID 2424 wrote to memory of 2888	2424	iexplore.exe	32
PID 2424 wrote to memory of 2888	2424	iexplore.exe	32
PID 2424 wrote to memory of 2888	2424	iexplore.exe	32
PID 2424 wrote to memory of 2888	2424	iexplore.exe	32
PID 2832 wrote to memory of 2688	2832	iexplore.exe	33
PID 2832 wrote to memory of 2688	2832	iexplore.exe	33
PID 2832 wrote to memory of 2688	2832	iexplore.exe	33
PID 2832 wrote to memory of 2688	2832	iexplore.exe	33
PID 2412 wrote to memory of 3000	2412	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe	34
PID 2412 wrote to memory of 3000	2412	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe	34
PID 2412 wrote to memory of 3000	2412	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe	34
PID 2412 wrote to memory of 3000	2412	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe	34
PID 3000 wrote to memory of 1576	3000	cmd.exe	36
PID 3000 wrote to memory of 1576	3000	cmd.exe	36
PID 3000 wrote to memory of 1576	3000	cmd.exe	36
PID 3000 wrote to memory of 1576	3000	cmd.exe	36
PID 2412 wrote to memory of 1032	2412	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe	39
PID 2412 wrote to memory of 1032	2412	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe	39
PID 2412 wrote to memory of 1032	2412	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe	39
PID 2412 wrote to memory of 1032	2412	2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe	39
PID 1032 wrote to memory of 1208	1032	chrome.exe	40
PID 1032 wrote to memory of 1208	1032	chrome.exe	40
PID 1032 wrote to memory of 1208	1032	chrome.exe	40
PID 1032 wrote to memory of 2040	1032	chrome.exe	41
PID 1032 wrote to memory of 2040	1032	chrome.exe	41
PID 1032 wrote to memory of 2040	1032	chrome.exe	41
PID 1032 wrote to memory of 2040	1032	chrome.exe	41
PID 1032 wrote to memory of 2040	1032	chrome.exe	41
PID 1032 wrote to memory of 2040	1032	chrome.exe	41
PID 1032 wrote to memory of 2040	1032	chrome.exe	41
PID 1032 wrote to memory of 2040	1032	chrome.exe	41
PID 1032 wrote to memory of 2040	1032	chrome.exe	41
PID 1032 wrote to memory of 2040	1032	chrome.exe	41
PID 1032 wrote to memory of 2040	1032	chrome.exe	41
PID 1032 wrote to memory of 2040	1032	chrome.exe	41
PID 1032 wrote to memory of 2040	1032	chrome.exe	41
PID 1032 wrote to memory of 2040	1032	chrome.exe	41
PID 1032 wrote to memory of 2040	1032	chrome.exe	41
PID 1032 wrote to memory of 2040	1032	chrome.exe	41
PID 1032 wrote to memory of 2040	1032	chrome.exe	41
PID 1032 wrote to memory of 2040	1032	chrome.exe	41
PID 1032 wrote to memory of 2040	1032	chrome.exe	41
PID 1032 wrote to memory of 2040	1032	chrome.exe	41
PID 1032 wrote to memory of 2040	1032	chrome.exe	41
PID 1032 wrote to memory of 2040	1032	chrome.exe	41
PID 1032 wrote to memory of 2040	1032	chrome.exe	41
PID 1032 wrote to memory of 2040	1032	chrome.exe	41
PID 1032 wrote to memory of 2040	1032	chrome.exe	41
PID 1032 wrote to memory of 2040	1032	chrome.exe	41
PID 1032 wrote to memory of 2040	1032	chrome.exe	41
PID 1032 wrote to memory of 2040	1032	chrome.exe	41
PID 1032 wrote to memory of 2040	1032	chrome.exe	41

C:\Users\Admin\AppData\Local\Temp\2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe
"C:\Users\Admin\AppData\Local\Temp\2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnit.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2412
- C:\Users\Admin\AppData\Local\Temp\2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnitmgr.exe
  C:\Users\Admin\AppData\Local\Temp\2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnitmgr.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2008
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe"
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2424
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2424 CREDAT:340993 /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:2888
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe"
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2832
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2832 CREDAT:275457 /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:2688
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c taskkill /f /im chrome.exe
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:3000
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im chrome.exe
    3⤵
    - System Location Discovery: System Language Discovery
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:1576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe"
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:1032
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fefb649758,0x7fefb649768,0x7fefb649778
    3⤵
    PID:1208
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1156 --field-trial-handle=1364,i,5849961422797902409,15176711690293482713,131072 /prefetch:2
    3⤵
    PID:2040
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1524 --field-trial-handle=1364,i,5849961422797902409,15176711690293482713,131072 /prefetch:8
    3⤵
    PID:1616
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1584 --field-trial-handle=1364,i,5849961422797902409,15176711690293482713,131072 /prefetch:8
    3⤵
    PID:2576
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=2288 --field-trial-handle=1364,i,5849961422797902409,15176711690293482713,131072 /prefetch:1
    3⤵
    PID:628
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2296 --field-trial-handle=1364,i,5849961422797902409,15176711690293482713,131072 /prefetch:1
    3⤵
    PID:2032
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2500 --field-trial-handle=1364,i,5849961422797902409,15176711690293482713,131072 /prefetch:1
    3⤵
    PID:2780
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=3412 --field-trial-handle=1364,i,5849961422797902409,15176711690293482713,131072 /prefetch:2
    3⤵
    PID:972
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=3616 --field-trial-handle=1364,i,5849961422797902409,15176711690293482713,131072 /prefetch:1
    3⤵
    PID:2212
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3748 --field-trial-handle=1364,i,5849961422797902409,15176711690293482713,131072 /prefetch:8
    3⤵
    PID:1548
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3868 --field-trial-handle=1364,i,5849961422797902409,15176711690293482713,131072 /prefetch:8
    3⤵
    PID:2244
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3976 --field-trial-handle=1364,i,5849961422797902409,15176711690293482713,131072 /prefetch:8
    3⤵
    PID:1416

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1152

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\aieoplapobidheellikiicjfpamacpfd\background.html

Filesize
786B

MD5
9ffe618d587a0685d80e9f8bb7d89d39

SHA1
8e9cae42c911027aafae56f9b1a16eb8dd7a739c

SHA256
a1064146f622fe68b94cd65a0e8f273b583449fbacfd6fd75fec1eaaf2ec8d6e

SHA512
a4e1f53d1e3bf0ff6893f188a510c6b3da37b99b52ddd560d4c90226cb14de6c9e311ee0a93192b1a26db2d76382eb2350dc30ab9db7cbd9ca0a80a507ea1a12

Download Submit
C:\Program Files\aieoplapobidheellikiicjfpamacpfd\icon.png

Filesize
6KB

MD5
c8d8c174df68910527edabe6b5278f06

SHA1
8ac53b3605fea693b59027b9b471202d150f266f

SHA256
9434dd7008059a60d6d5ced8c8a63ab5cae407e7152da98ca4dda408510f08f5

SHA512
d439e5124399d1901934319535b7156c0ca8d76b5aa4ddf1dd0b598d43582f6d23c16f96be74d3cd5fe764396da55ca51811d08695f356f12f7a8a71bcc7e45c

Download Submit
C:\Program Files\aieoplapobidheellikiicjfpamacpfd\js\aes.js

Filesize
13KB

MD5
4ff108e4584780dce15d610c142c3e62

SHA1
77e4519962e2f6a9fc93342137dbb31c33b76b04

SHA256
fc7e184beeda61bf6427938a84560f52348976bb55e807b224eb53930e97ef6a

SHA512
d6eee0fc02205a3422c16ad120cad8d871563d8fcd4bde924654eac5a37026726328f9a47240cf89ed6c9e93ba5f89c833e84e65eee7db2b4d7d1b4240deaef2

Download Submit
C:\Program Files\aieoplapobidheellikiicjfpamacpfd\js\background.js

Filesize
19KB

MD5
ed977dc8bd73f5d9d4f8ca2b43f37a6e

SHA1
0c76ea80029a7c74eb8310980715e1bc53c82578

SHA256
ff8bc7e5643c05190ad51606e080ed63367a593adf91c2a93384291283c43f21

SHA512
a45c422997380b5dab2e0948dc1ce9ecc3379c3525e3d20a4978a471b6dcf6f7b084924bf725f9115672ac8bb6086ba72b5601d12f86e99c66c0f7439b55156f

Download Submit
C:\Program Files\aieoplapobidheellikiicjfpamacpfd\js\content.js

Filesize
3KB

MD5
368dbd669e86a3e5d6f38cf0025a31fd

SHA1
93c6f457d876646713913f3fa59f44a9a373ff03

SHA256
40d6653a91bd77ecbd6e59151febb0d8b157b66706aab53d4c281bb1f2fe0cd6

SHA512
24881d53e334510748f51ce814c6e41c4de2094fd3acc1f250f8a73e26c64d5a74430b6c891fc03b28fb7bddfcf8b540edcf86498d2bb597e70c2b80b172ee7e

Download Submit
C:\Program Files\aieoplapobidheellikiicjfpamacpfd\js\jquery-3.3.1.min.js

Filesize
84KB

MD5
a09e13ee94d51c524b7e2a728c7d4039

SHA1
0dc32db4aa9c5f03f3b38c47d883dbd4fed13aae

SHA256
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

SHA512
f8da8f95b6ed33542a88af19028e18ae3d9ce25350a06bfc3fbf433ed2b38fefa5e639cddfdac703fc6caa7f3313d974b92a3168276b3a016ceb28f27db0714a

Download Submit
C:\Program Files\aieoplapobidheellikiicjfpamacpfd\js\mode-ecb.js

Filesize
604B

MD5
23231681d1c6f85fa32e725d6d63b19b

SHA1
f69315530b49ac743b0e012652a3a5efaed94f17

SHA256
03164b1ac43853fecdbf988ce900016fb174cf65b03e41c0a9a7bf3a95e8c26a

SHA512
36860113871707a08401f29ab2828545932e57a4ae99e727d8ca2a9f85518d3db3a4e5e4d46ac2b6ba09494fa9727c033d77c36c4bdc376ae048541222724bc2

Download Submit
C:\Program Files\aieoplapobidheellikiicjfpamacpfd\js\pad-nopadding.js

Filesize
268B

MD5
0f26002ee3b4b4440e5949a969ea7503

SHA1
31fc518828fe4894e8077ec5686dce7b1ed281d7

SHA256
282308ebc3702c44129438f8299839ca4d392a0a09fdf0737f08ef1e4aff937d

SHA512
4290a1aee5601fcbf1eb2beec9b4924c30cd218e94ae099b87ba72c9a4fa077e39d218fc723b8465d259028a6961cc07c0cd6896aa2f67e83f833ca023a80b11

Download Submit
C:\Program Files\aieoplapobidheellikiicjfpamacpfd\manifest.json

Filesize
1KB

MD5
6da6b303170ccfdca9d9e75abbfb59f3

SHA1
1a8070080f50a303f73eba253ba49c1e6d400df6

SHA256
66f5620e3bfe4692b14f62baad60e3269327327565ff8b2438e98ce8ed021333

SHA512
872957b63e8a0d10791877e5d204022c08c8e8101807d7ebe6fd537d812ad09e14d8555ccf53dc00525a22c02773aa45b8fa643c05247fb0ce6012382855a89a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
71KB

MD5
83142242e97b8953c386f988aa694e4a

SHA1
833ed12fc15b356136dcdd27c61a50f59c5c7d50

SHA256
d72761e1a334a754ce8250e3af7ea4bf25301040929fd88cf9e50b4a9197d755

SHA512
bb6da177bd16d163f377d9b4c63f6d535804137887684c113cc2f643ceab4f34338c06b5a29213c23d375e95d22ef417eac928822dfb3688ce9e2de9d5242d10

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
287a99cf4621b5ba4149aae70cefc046

SHA1
7696284b7355784d949c22a2ebac39ff8e2c6217

SHA256
050737304d66606e82d5da67dfca61d79e6def8121a8fa68490c3b32bc898b9c

SHA512
b997a340bd1dc64c49bdd635954b2013bd21a4b0e8939ccec77ba28647666340c06967077a907225964cfe7c1d126ca38f0514afa021a4ab4ec421c685c1b0da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
1623be87016a63e4cf74c239ea1fbba8

SHA1
e6fcf2d1e2f9c33d11da712c57008e88b49dfab0

SHA256
403624c09568ad15231ebadfc96a24099e80d6e51488410b25441c94fad951d1

SHA512
78a0ecf9947c6a7e4a79134da9221253fa234b4202a35cc55824082779c88c9c23038019d36556cf64deda6ec1dfca8bc038c37b00edb81d603b89bce1db7ffd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1d3889be600d4395c5adc2ebbdf7fde2

SHA1
8f8514070dcaf23f46e1ebbf70e17d0ab243e1d4

SHA256
7b7d52bbae54eff906bdd9b9118081ad5c43baeb8ec06ffa8541b40d487e97bb

SHA512
79bb285960244a1de8c2657da994ea3a0702bc8bc979826ba70d70a375fd397ea3201d01f89c5a4ea2df05a7654d8ed5c5e51c42682afee3e8703a7db90c9f66

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8f92573e611832e09aa29f4eb97a4248

SHA1
12b1c566cc1e9a667083975259cd9701a0b2c366

SHA256
5f871d83fc6e2631f5ea03e66b978641d853c97faf2aa776fa498083e52588c2

SHA512
b38884e09f1edce5f0792d325143cb617a8a16170796ae893269ca6c3c72391bb1962cd2caa2e65521fe382016945d41ba0946280a0a7a7073a37c0b7478ee53

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7958c704c84c9d613454a9a48be46369

SHA1
ad4d6bd1dd96570044df9bc2390376341a214204

SHA256
32ca8737854a68c5a5319a62e9d527c2805b5ba46793a4b9ebc58b535de46b49

SHA512
7f25172362dec7004a6a005173a63dff97feaa9f72735a45f2719ff6508a13ab40924b96572680012a19dbf338ddb26f567234aaea182abd6f5b1c988a29cdde

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
edfad7c4d5dc3aaa6aef6c35c7a59f26

SHA1
8a0ccd61758bca942185bee41aa4129fd1d75944

SHA256
f5c4f0f785ef5c1a95fa75b82baf884a3af61a6c6af29d81b7ae0ab377b17a5f

SHA512
7181b4ee271d51a896d181dc6265216d4688659befc210ea37488bd426bb494499e17b98a506f4682950383264559e67a8bcbf0672e62de1989ff3b825db4040

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ebe25ede7e4d4ff3205b1292f739ba45

SHA1
4a59d17bff40534ba15cb6982d1b5ecdc7139da1

SHA256
fe114ac90b3e737a3dda5c74c9c9c69ef353e30ebf4d37a0fd271b6b6b03aded

SHA512
86be0a35f8b69ead8c15c09109f5917e8465b34426a7abf4219bb7a72bdac1744669154c5ac85f9493cf99b03738187c5869e30bb6f1863d50dd5e48bfbc7a8a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
429b81cb886633ae5449eb6b69465b14

SHA1
30670a55ff1bdd8c53a468db7f3bf460d985e044

SHA256
2ed4103a5724cfd4732427c965a4c9b684b303b4b0f82ec289df2529cff6dfa6

SHA512
779f96de99130c80da097b5a85366c1dffb068ef6f69c69e04e17da03fceb90c7889dd1b1387f8864ed61e77aeecbfb71098a246605df46191b8dc6e5d3a9719

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
016249c2de0f0333b95840861e43e6c9

SHA1
537e71b3bb81df7f9e7976e3e827b5e4bceb42ad

SHA256
f7d1b59b09b662dceb52661c8783ca8abb175c580598dcf1958ab23dec1138c7

SHA512
2282eddb927bd09457ae9c93598bbd1c58314a1684ece4492d9facf43c629bf6ca3d43f51d407cb8fd2bbbc0baa67d64526ceb588407c5bdf4f79eaf08c4fa6d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
93c6f15ce35db9c5421604c7b3a244a5

SHA1
74526f9aba9c04af6652c59426c3bc27ca82ee55

SHA256
4f6d7712781c273be4bb4d3b237b082e9b596dfe02ca6279ca2bc7fdc1536e3d

SHA512
06431d76429a54bc3baa794c23170ab7ae940046d9f24b1e0fbb604a0c8e2048632da12d72ccfd20cddae6b3841d04f6ef1627da5f3a44c748b26a9d259c7957

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b4d8bbd9df6e0b0a40bc5eb696a7a58a

SHA1
3d1f3b66c7912508744157a1c677c5fec259f3f4

SHA256
c0732c9c48b0846fc2c651abeb52357cca90fa2c1d012f2ac5239eed3abc9fd0

SHA512
fdf247929de5555137f8050b404c500466f3d5935baccfd3745d49bc8399fad25650d02d21e444009941b68ea6036f1c7e73b8c2ade892a8ac3c21da06fef15e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
14ad995d31372edc93ee5615745cd16c

SHA1
b68ace6e69a6e6606f48778df17731cac3b0fecd

SHA256
5d141eb44ed679d54576e41165b2f0c73eafd869ca75279295534f932dc675a7

SHA512
c6f0a350e0d425ff778408bdf57ac08be0aae34edc7861757a1cdb4ea8c3f113a9b1a02a6c0d061ef3a6510258bb2c349b40d8d642463592d2e60eb8b8961222

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
798b3172e2cbb0ca29181cbd882f84f8

SHA1
18460162b34693325371074ba9d3aa2fa16a5fe3

SHA256
34f9ff420eaf9d17c52811438b17d95d3fa5884180691bb7dc343ebf14295700

SHA512
d08155bcf7439d48bb6fca3032dcb96caf274d53fdc31ebcf988ccfe8fddd7fcee4ecc607b93bbfc2531940410a5a63a82f6da766907c2657dc271ff72ee7e4e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c979d64f9100c112d53fd58241225c73

SHA1
effd27c2f23775908fc1a9b5395c6675d1e63385

SHA256
3102894dc62bd590ec857ae05a784506d6c7ab6d1e2a3892d294387abe89ee2e

SHA512
5e34fc8be25db48a71ae5e6049c1116e378c807bfc5f73a59149ee45ae22b90cea207f8a63221ee8c1b1f7e1aa7791378c5f6a387763ce4b9e3c1d621c1952a7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f1278f5582c534b8e31f7a4b9e96dcc6

SHA1
e5714b6a03eaf0c54648ca29407c8135b81db57c

SHA256
99b963a1979c8713ac18405bcd56668a516f626de2c9b332c5487f0bd846f899

SHA512
73455ae401902eae94bc6da6846275fbf2d912559a98c7ad2497e3323ceed3b3fa5e8eeaf4d977123aeb0a45f08e279fa5b2f72a25ae8eb7bd62b8beeaa12560

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
779afb138505b9a56e3e43ff97e7d8f2

SHA1
c93377128d0ecc81531204e1d5cda681c1f2fd78

SHA256
51300cecd5f88408ec1e96a6d903739eb194c0fda200a08d84eaa8510c172cb4

SHA512
8fba004094910e6a27bd8c17713695bcf698b84d3eb663258b8549ad03aab77658e920c6857b59e5d332dab0333d33e208feb75eb5f6a1376e8c0f28979820e6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2e8fa1f53dd35f8df8111323cbfd627c

SHA1
864a4051d0084c6f122c364df6a7e80ba6625005

SHA256
b368d104d05b18f53b483d7f34a91817a4c2cc5f67151b185b9fa47a121c8793

SHA512
cb3eaf82f287b8e34162d149962ad7d5236ad3c9d4bdad3c43b0b6c138037d435a841e58d08691508d06642e3bbf3a59db4e5672919cc3367acbd97f09ef5e04

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
dcc982a3c96a1946684fb53bc59c68ae

SHA1
5b8bd8448f147f66a4facba7a7abb98117a95c74

SHA256
5b2d5344aa612c1798dac4860d080ed825fec1f62efa6d6b945257d1bdd36136

SHA512
e8762a0349bb2a12f028126e7b672febbea1722d7391f013cd46a1143a7ab7b36f31873e7df80260d3f35a13f3b84ca639648fb9fce68109dc1bef9864d3d5e2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6c8d593a5578a4193945d00c2edbfbcc

SHA1
079ed1f87e168645288a9b0a971b9169932b68e0

SHA256
02dc86a2c9372300efee2f60a800e2359493b6d9a15e47b890b14c8abd5589ce

SHA512
03f56ef34e8aa2c562778e86d7044d4c2020dda903124f172b00b4af9c713b3e0f60162031141ba7b2227d490ae581302c77bb92e1a01125975a6030eb9bf82c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5ea3cd8492de9dc5e435cf072adf216c

SHA1
9138112e863e2b668963be388b5a413b127f6b82

SHA256
63414a01e7c6813d76e769dd7d177e679f57c145a307d62b85c78d4ec726a1bc

SHA512
d8936885e25b30ac6a54f3e182d418f31b7bc023f7ad358edb218a4f0bd4aa8ecac49aacefba0f1056fde6d38b6bde6d8e2c2d6c2e521ec79bcf5d485a0d21d6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cb96182c08a5c0c050549bedd6db7dd5

SHA1
16fc4e72afeacebcc0932be2d09f379b982da671

SHA256
7aeb1de56e8aa7b0b6d7477139b461f0585b773570107e0e0674c5ce35884e9a

SHA512
b55f119ae512675418d49b1ecb9fb508835973a083ab398553058f443034d991369bee4d97944cb11f3fb26d8eae8c7ad52ba71cd6a842b48d1c7244b6982392

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fef25a1f5fc6a497769806562c36a990

SHA1
10140c068651209dc17377724af55f86918228d2

SHA256
2ff18d40f7e46c7c681bc27eba3be6381683b6f9773690c88df31778f8f3427b

SHA512
d3de1919f8252fff33e0f966fe9aa2942f0927e257b8d94655118ecb27b813961dbed997c9d196f0f429004c70a49fff1e70cb8b3cd5f7d6112219ba6e3a3ea2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
34339ba597d099c276c7e5d46c6861a2

SHA1
a016887b9b56eeda00f16e708ac0f7f0271b4d29

SHA256
af102ef00f1a72e7d17bcd4b8a35382136f0f4ef0a324a360902eecc9c63e13a

SHA512
2cd66593f50af338a930fc858d6b84f0d0c1250d0d05ec53b4f5de64d9e1e8d15c817cbadf91e7e536e045822366e66579f1c137238d647e2d592d6f1a82307f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
990d3ee29aaeae71b836d09054628412

SHA1
c26f83e6d123b27d99727c986bf99bc87066a140

SHA256
e0183885a6db231b18556eb79fbc098ad7d72199be163dec7916641d6c556e39

SHA512
cad4ed95e3e05b9693addca7c2dfce439b7a80dd506fd511d1a689947189ab721071bd28c73e6db2f9826e73c1a20e0fd967ea4159c60b9fb6d9ff954ae68c34

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
77315446abbe6451cb9972734b888a5a

SHA1
b00a8178a803392110f1fd207b2ec906a9104c7d

SHA256
4385c1dc715928fe5d88d16e72be7168bf6ecece21e8408eea21a481c965c4b2

SHA512
d036554e549e3234f7a4531c04980e100f9350e2219495c89ca1502e565b989bbf33b94212ef0392b9f3f225008565de981dd4ea1f752207efd97b4dfab07565

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b7b27847143053879a31f9da03f37f75

SHA1
09614f3fda4680e49660bb577c06bdb20116a3d2

SHA256
758452dcd648b335272c595c040dfecd104bc1c9f9dc9e015fb94691a5c0f712

SHA512
08831557cb0c43ee168ba1e9591eebb9c2cccedd6a627e04376469114033b1b472a5ed667b394e81d32f0790ba07992b9ff3af268c606fd2f0975833b4712c9b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
22568de882cf96af866d5b6726ca6d46

SHA1
4f6bc6cdac60218b04f0f05ac68f6c90b2b3b7d2

SHA256
629daa2fc1f34147719df1a81538a58d00d536a2236eb8a00992c6c3c95ea5c0

SHA512
f7c745f2f2f590a106659244b71df5cdad934766c52daae7f781d2e144702a78e000c6797a0cfe423cd2d3c00b8a431a0cd4672618a024a5b77f0beb91974bd6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b13c2204a030d80e52492b812017e4a4

SHA1
baaa67d1655ce27a8db0ba803c8ffd5a1a58accc

SHA256
b3f9ce936468ebdd2ce2b1ef565ec7463ab26171f48306d4bb4e22feae4d5841

SHA512
b68756fb9081e4c340fc9b88245ad9900da2d0f74b2d9fdfb22cad1d907daa1cacf0dc7e95e5186f8e9d3d81b89bd45ad3312cd22904a5aa12b2a48499ff4184

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
58f142127039144b72ccc3f47a2d2c32

SHA1
a26106298c76add898a412c0c9504d0bc167b32e

SHA256
0816c47c00ff81ace99790683fd21fd07c086cc4dbea41daec9b611b1ca99b0a

SHA512
38d539ca71f16954902422f06cb8f8dd69453814b975b8c2b36c19e0391422cafc1e35384509f4f33c7d77c8c45619b8ed8c2582e75a70f443a24df0d66d2312

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ce2c12479c3017c071832814d1dbaeb4

SHA1
a156aecf6c7b4a2f2682d9fef11553d0b7a483cd

SHA256
b079209fa0c4273aaa370d52e6f9489a2bb8db4649036ea4986efb6af9fc993c

SHA512
0165409f070e96e901bab65c669ae6f0ecaca80b98b27e6e0e33b57638c6b9306dc8cfb0eaa18cc8765bd92026779681917536988107288e33cd23cf6923d09b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
502d196b8af7fe17b850532d23c12e54

SHA1
26e1a3db8807cf7f74725eca68b381829a3c195a

SHA256
d53b8e28b1dec7377eced081301951b5cdb22eeab3788b9fde4f747a31739e28

SHA512
77d764fa9b4c4e53efedfecdc5fc625613377d25d726ce1795d5f08de719e5ef6cac838ac2237d060d473b2afffed0e8cd90c5ec6aecf58f0afc60ca3f364de2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
854B

MD5
84fd0bd1e2c156f12637156f90a78e84

SHA1
898af18cd1d951a323061fdd3cba36e27871ef6e

SHA256
3bd3ee80f0a4eda4e900bd67632f821135a98b979645edad47d5e0a03d7bd081

SHA512
21d6de9603950b1ff8b62ef1641adf8e7fa2c7219a03ea7e790fdd542dac8081b76b8267d2963afac30f753518c3c3bfc03dfaeaf5871594acde0216e99fffe0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
854B

MD5
89a53546725733edf346b91b090dc71e

SHA1
5aca967aac3dd2bf583e4e324a92f4e209c94680

SHA256
06fe65aad7d60c9b4374f5d9e3ab307e556345693b73bcd0cd332ed8c6e56dda

SHA512
425012f08a7a44e45bd459facf02d4e85c67e0c6666f120ee5c075b5b974b3caad2c655b31018490120cc0f3c61e01217b3499762f9bf184e8036560350b8d4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
854B

MD5
c210aeac649340f0d3f4a6688aa118b3

SHA1
d56086a33b763441363e2141008e78b74d5c1524

SHA256
0a13fcd78a4d4a3cc564240800fe744ea761c47ebcf8c8e7eacb44aa874b34b2

SHA512
3eaa2c97036d9110b1896b36b11d5b93ca2bba017731465642409322fb15ebacc01799c5d8400386294b265652ffb932c9a6215db8280363a2dd7d0f5bc48b3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
24611441aaaad196dc23246e920b53d3

SHA1
cd7c8bb92e08541386f51fac9101225115621bc8

SHA256
eefc9bb26396617734b3450b69116052566d9d741a31ee0e0f6ff62a514c8d1e

SHA512
a655811a21d0e32c656f0a7777cb46153fe4564ed6f222bc3bb70c2a49912115e4434e381f5dcae9a9382c80534058441051ea1e42b803c3330306c128ade2b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
0a672a12395220d64d8df2391bf6c9dd

SHA1
dd14b7e66a74bb65ce4459c0c50e305f8c056350

SHA256
ac56c13a666e1dc70d512602c7c24d92995861ca1ae2ec4810a1fd41084ceb0c

SHA512
2a5439fbe721217f633483f0cac1746ef8dc1d64df8ae9b8dca7205ccc6e2e61b6ead2a9dc9942d1a0979cd88d9495db0726a39bdba4ac5270e223d140503b10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
11KB

MD5
7509662fbac37ca065e02f8827ce91c4

SHA1
3d68c0f55ea0005ade5091428a2533c9f2c1a2eb

SHA256
1a1884204b80a4f2201ac19eefe4da689c3a4a30ce5eb20d7b2f535724aad2c8

SHA512
d30c318e321a2de645e75d9ff20c52b1bc1aec5785d1c68ac69b09900bb3fa1dedf1e4bed1a4a16e5dde0f14d95785fa6a2aa6432f6c60b66f8733aa0f5de5b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\aieoplapobidheellikiicjfpamacpfd\CURRENT~RFf784ead.TMP

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{684CE0A1-F4D9-11EF-AF7A-C23FE47451C3}.dat

Filesize
5KB

MD5
47cc15ba613e629ad98679fd403624b5

SHA1
984f35c5ae2f2c55a48a6faa0e164d3c9d63d00e

SHA256
0aa1d856d1803676e0ee06319c9350610797a0e3b4e545d422b7480f08d22cf2

SHA512
1902e97e08f8b40ea9ef77d575c3aa11bb3f7bb8d10d5fd3a440b5b482e5ae77e8f0cdbb7b4ab302c98d36fadf00de39e41904bbe1324434187a62453acf3194

Download Submit
C:\Users\Admin\AppData\Local\Temp\2025-02-27_8685397030bbd818fe541e1e95390b98_avoslocker_luca-stealer_ramnitmgr.exe

Filesize
105KB

MD5
d5ca6e1f080abc64bbb11e098acbeabb

SHA1
1849634bf5a65e1baddddd4452c99dfa003e2647

SHA256
30193b5ccf8a1834eac3502ef165350ab74b107451145f3d2937fdf24b9eceae

SHA512
aa57ce51de38af6212d7339c4baac543a54b0f527621b0ef9e78eca5e5699e8508a154f54f8ac04135527d8417275eeee72a502a362547575699330cc756b161

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3CE2.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3CE4.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3EB2.tmp

Filesize
183KB

MD5
109cab5505f5e065b63d01361467a83b

SHA1
4ed78955b9272a9ed689b51bf2bf4a86a25e53fc

SHA256
ea6b7f51e85835c09259d9475a7d246c3e764ad67c449673f9dc97172c351673

SHA512
753a6da5d6889dd52f40208e37f2b8c185805ef81148682b269fff5aa84a46d710fe0ebfe05bce625da2e801e1c26745998a41266fa36bf47bc088a224d730cc

Download Submit
memory/2008-16-0x0000000001CC0000-0x0000000001CC1000-memory.dmp

Filesize
4KB

Download
memory/2008-15-0x0000000000400000-0x000000000045D000-memory.dmp

Filesize
372KB

Download
memory/2008-14-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/2008-11-0x0000000000400000-0x000000000045D000-memory.dmp

Filesize
372KB

Download
memory/2008-13-0x0000000000400000-0x000000000045D000-memory.dmp

Filesize
372KB

Download
memory/2008-42-0x0000000000400000-0x000000000045D000-memory.dmp

Filesize
372KB

Download
memory/2008-17-0x0000000000400000-0x000000000045D000-memory.dmp

Filesize
372KB

Download
memory/2008-12-0x00000000001B0000-0x00000000001B1000-memory.dmp

Filesize
4KB

Download
memory/2412-9-0x0000000000750000-0x00000000007AD000-memory.dmp

Filesize
372KB

Download
memory/2412-323-0x00000000010F0000-0x0000000001281000-memory.dmp

Filesize
1.6MB

Download
memory/2412-0-0x00000000010F0000-0x0000000001281000-memory.dmp

Filesize
1.6MB

Download
memory/2412-8-0x0000000000750000-0x00000000007AD000-memory.dmp

Filesize
372KB

Download