742e3f0ca6967c947c99cbbff7f3eaa7f5059a1bba1714a20afee3d85312a439

Resubmissions

18/03/2025, 01:24

250318-bsvvda11dx 10

17/03/2025, 12:31

17/03/2025, 03:18

17/03/2025, 03:12

14/03/2025, 12:34

14/03/2025, 10:44

28/01/2025, 02:17

24/01/2025, 18:40

Analysis

max time kernel
83s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20250313-en
resource tags

arch:x64arch:x86image:win10v2004-20250313-enlocale:en-usos:windows10-2004-x64system
submitted
17/03/2025, 03:18

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

freehacks.exe
Size

105.5MB
MD5

4647bc264b4344c7ca47ae9adc130ba9
SHA1

08280768ffd55e06203fc8f13d3e6f1745c7ee0c
SHA256

742e3f0ca6967c947c99cbbff7f3eaa7f5059a1bba1714a20afee3d85312a439
SHA512

9d2a9f90746e74819c441da86086fc716f2e9f54fbf77e4a1cfec2badb1d64b9fe0ba3e3f5304ad797613c27cb038fbddc551d4824b6445ab5f8d063e1424981
SSDEEP

3145728:iZGbexf7I4RniT0BEI43vBrYwY+pOhdFs8rBb:isbexTi64/Bbp0KG

Score

10^/10

aspackv2 defense_evasion discovery execution impact ransomware upx

Malware Config

Extracted

Path

C:\eDFUqDqCUaUK66W\README_HOW_TO_UNLOCK.TXT

Ransom Note

YOUR FILE HAS BEEN LOCKED In order to unlock your files, follow the instructions bellow: 1. Download and install Tor Browser 2. After a successful installation, run Tor Browser and wait for its initialization. 3. Type in the address bar: http://zvnvp2rhe3ljwf2m.onion 4. Follow the instructions on the site.

URLs

http://zvnvp2rhe3ljwf2m.onion

Signatures

Deletes shadow copies 3 TTPs
Ransomware often targets backup files to inhibit system recovery.
ransomware defense_evasion impact execution

File Deletion
T1070.004

Inhibit System Recovery
T1490

Windows Management Instrumentation
T1047

Modifies Windows Firewall 2 TTPs 1 IoCs

defense_evasion

Windows Service

T1543.003

Disable or Modify System Firewall

T1562.004

pid	Process
3984	netsh.exe

ASPack v2.12-2.42 5 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
behavioral2/files/0x0007000000024208-6.dat	aspack_v212_v242
behavioral2/files/0x000700000002420e-75.dat	aspack_v212_v242
behavioral2/files/0x0007000000024210-97.dat	aspack_v212_v242
behavioral2/files/0x0007000000024212-131.dat	aspack_v212_v242
behavioral2/files/0x0007000000024213-138.dat	aspack_v212_v242

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
5844	icacls.exe

File and Directory Permissions Modification: Windows File and Directory Permissions Modification 1 TTPs
defense_evasion

Windows File and Directory Permissions Modification
T1222.001

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
51	ip-addr.es
35	ip-addr.es

AutoIT Executable 3 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
behavioral2/memory/2172-250-0x0000000000970000-0x0000000000BFE000-memory.dmp	autoit_exe
behavioral2/memory/2172-637-0x0000000000970000-0x0000000000BFE000-memory.dmp	autoit_exe
behavioral2/files/0x000700000002422d-409.dat	autoit_exe

UPX packed file 13 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2172-250-0x0000000000970000-0x0000000000BFE000-memory.dmp	upx
behavioral2/files/0x0007000000024221-259.dat	upx
behavioral2/memory/4052-599-0x0000000000400000-0x000000000044F000-memory.dmp	upx
behavioral2/memory/2172-637-0x0000000000970000-0x0000000000BFE000-memory.dmp	upx
behavioral2/files/0x000800000002426c-559.dat	upx
behavioral2/memory/2568-345-0x0000000000400000-0x000000000058D000-memory.dmp	upx
behavioral2/files/0x004600000002384f-688.dat	upx
behavioral2/files/0x0007000000024224-338.dat	upx
behavioral2/memory/2568-707-0x0000000000400000-0x000000000058D000-memory.dmp	upx
behavioral2/memory/1028-708-0x0000000000400000-0x0000000000438000-memory.dmp	upx
behavioral2/memory/13224-26421-0x0000000000400000-0x0000000000410000-memory.dmp	upx
behavioral2/memory/42540-27016-0x0000000000400000-0x0000000000410000-memory.dmp	upx
behavioral2/memory/13224-27015-0x0000000000400000-0x0000000000410000-memory.dmp	upx

Program crash 2 IoCs

pid	pid_target	Process
3876	4052	WerFault.exe
1640	3380	WerFault.exe

Interacts with shadow copies 3 TTPs 2 IoCs

Shadow copies are often targeted by ransomware to inhibit system recovery.

ransomware

File Deletion

T1070.004

Inhibit System Recovery

T1490

Direct Volume Access

T1006

pid	Process
5272	vssadmin.exe
4500	vssadmin.exe

Kills process with taskkill 4 IoCs

defense_evasion

pid	Process
2540	taskkill.exe
1084	taskkill.exe
6944	taskkill.exe
6188	taskkill.exe

Modifies registry key 1 TTPs 8 IoCs

Modify Registry

T1112

pid	Process
35792	reg.exe
4136	reg.exe
5996	reg.exe
1348	reg.exe
6900	reg.exe
6892	reg.exe
6884	reg.exe
23252	reg.exe

Runs net.exe

Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence execution

Scheduled Task

T1053.005

pid	Process
7732	SCHTASKS.exe

Views/modifies file attributes 1 TTPs 2 IoCs

defense_evasion

Hidden Files and Directories

T1564.001

pid	Process
3520	attrib.exe
6212	attrib.exe

C:\Users\Admin\AppData\Local\Temp\freehacks.exe
"C:\Users\Admin\AppData\Local\Temp\freehacks.exe"
1⤵
PID:1840
- C:\Users\Admin\AppData\Roaming\Avoid.exe
  "C:\Users\Admin\AppData\Roaming\Avoid.exe"
  2⤵
  PID:1972
- C:\Users\Admin\AppData\Roaming\ChilledWindows.exe
  "C:\Users\Admin\AppData\Roaming\ChilledWindows.exe"
  2⤵
  PID:5652
- C:\Users\Admin\AppData\Roaming\CookieClickerHack.exe
  "C:\Users\Admin\AppData\Roaming\CookieClickerHack.exe"
  2⤵
  PID:4168
- C:\Users\Admin\AppData\Roaming\CrazyNCS.exe
  "C:\Users\Admin\AppData\Roaming\CrazyNCS.exe"
  2⤵
  PID:4676
- C:\Users\Admin\AppData\Roaming\Curfun.exe
  "C:\Users\Admin\AppData\Roaming\Curfun.exe"
  2⤵
  PID:4588
- C:\Users\Admin\AppData\Roaming\DesktopBoom.exe
  "C:\Users\Admin\AppData\Roaming\DesktopBoom.exe"
  2⤵
  PID:4908
- C:\Users\Admin\AppData\Roaming\Flasher.exe
  "C:\Users\Admin\AppData\Roaming\Flasher.exe"
  2⤵
  PID:1220
- C:\Users\Admin\AppData\Roaming\Hydra.exe
  "C:\Users\Admin\AppData\Roaming\Hydra.exe"
  2⤵
  PID:4292
- C:\Users\Admin\AppData\Roaming\Launcher.exe
  "C:\Users\Admin\AppData\Roaming\Launcher.exe"
  2⤵
  PID:3068
- C:\Users\Admin\AppData\Roaming\Melting.exe
  "C:\Users\Admin\AppData\Roaming\Melting.exe"
  2⤵
  PID:4780
- C:\Users\Admin\AppData\Roaming\Popup.exe
  "C:\Users\Admin\AppData\Roaming\Popup.exe"
  2⤵
  PID:1900
- C:\Users\Admin\AppData\Roaming\rickroll.exe
  "C:\Users\Admin\AppData\Roaming\rickroll.exe"
  2⤵
  PID:4980
- C:\Users\Admin\AppData\Roaming\ScreenScrew.exe
  "C:\Users\Admin\AppData\Roaming\ScreenScrew.exe"
  2⤵
  PID:4328
- C:\Users\Admin\AppData\Roaming\Time.exe
  "C:\Users\Admin\AppData\Roaming\Time.exe"
  2⤵
  PID:4772
- C:\Users\Admin\AppData\Roaming\Trololo.exe
  "C:\Users\Admin\AppData\Roaming\Trololo.exe"
  2⤵
  PID:1556
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill.exe /f /im explorer.exe
    3⤵
    - Kills process with taskkill
    PID:1084
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill.exe /f /im taskmgr.exe
    3⤵
    - Kills process with taskkill
    PID:2540
- C:\Users\Admin\AppData\Roaming\Vista.exe
  "C:\Users\Admin\AppData\Roaming\Vista.exe"
  2⤵
  PID:3484
- C:\Users\Admin\AppData\Roaming\Windows-KB2670838.msu.exe
  "C:\Users\Admin\AppData\Roaming\Windows-KB2670838.msu.exe"
  2⤵
  PID:2708
- C:\Users\Admin\AppData\Roaming\WindowsUpdate.exe
  "C:\Users\Admin\AppData\Roaming\WindowsUpdate.exe"
  2⤵
  PID:4208
- C:\Users\Admin\AppData\Roaming\YouAreAnIdiot.exe
  "C:\Users\Admin\AppData\Roaming\YouAreAnIdiot.exe"
  2⤵
  PID:3380
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3380 -s 1204
    3⤵
    - Program crash
    PID:1640
- C:\Users\Admin\AppData\Roaming\Monoxidex86.harmless.exe
  "C:\Users\Admin\AppData\Roaming\Monoxidex86.harmless.exe"
  2⤵
  PID:5620
- C:\Users\Admin\AppData\Roaming\RedBoot.exe
  "C:\Users\Admin\AppData\Roaming\RedBoot.exe"
  2⤵
  PID:2172
- - C:\Users\Admin\83279751\protect.exe
    "C:\Users\Admin\83279751\protect.exe"
    3⤵
    PID:1664
- - C:\Users\Admin\83279751\assembler.exe
    "C:\Users\Admin\83279751\assembler.exe" -f bin "C:\Users\Admin\83279751\boot.asm" -o "C:\Users\Admin\83279751\boot.bin"
    3⤵
    PID:2036
- - C:\Users\Admin\83279751\overwrite.exe
    "C:\Users\Admin\83279751\overwrite.exe" "C:\Users\Admin\83279751\boot.bin"
    3⤵
    PID:5340
- C:\Users\Admin\AppData\Roaming\RedEye.exe
  "C:\Users\Admin\AppData\Roaming\RedEye.exe"
  2⤵
  PID:716
- - C:\Windows\System32\shutdown.exe
    "C:\Windows\System32\shutdown.exe" -r -t 00 -f
    3⤵
    PID:4740
- C:\Users\Admin\AppData\Roaming\Rensenware.exe
  "C:\Users\Admin\AppData\Roaming\Rensenware.exe"
  2⤵
  PID:5168
- - C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe
    dw20.exe -x -s 844
    3⤵
    PID:2520
- C:\Users\Admin\AppData\Roaming\Rokku.exe
  "C:\Users\Admin\AppData\Roaming\Rokku.exe"
  2⤵
  PID:2568
- - C:\Windows\SysWOW64\reg.exe
    "C:\Windows\System32\reg.exe" add "HKLM\SYSTEM\CurrentControlSet\services\VSS" /v Start /t REG_DWORD /d 4 /f
    3⤵
    PID:3544
- - C:\Windows\SysWOW64\net.exe
    "C:\Windows\System32\net.exe" stop swprv
    3⤵
    PID:4636
  - - C:\Windows\SysWOW64\net1.exe
      C:\Windows\system32\net1 stop swprv
      4⤵
      PID:7772
- - C:\Windows\SysWOW64\net.exe
    "C:\Windows\System32\net.exe" stop srservice
    3⤵
    PID:7796
  - - C:\Windows\SysWOW64\net1.exe
      C:\Windows\system32\net1 stop srservice
      4⤵
      PID:7500
- C:\Users\Admin\AppData\Roaming\satan.exe
  "C:\Users\Admin\AppData\Roaming\satan.exe"
  2⤵
  PID:3256
- - C:\Users\Admin\AppData\Roaming\satan.exe
    "C:\Users\Admin\AppData\Roaming\satan.exe"
    3⤵
    PID:5488
  - - C:\Users\Admin\AppData\Roaming\Utes\otxek.exe
      "C:\Users\Admin\AppData\Roaming\Utes\otxek.exe"
      4⤵
      PID:1244
    - - C:\Users\Admin\AppData\Roaming\Utes\otxek.exe
        
        "C:\Users\Admin\AppData\Roaming\Utes\otxek.exe"
        5⤵
        
        PID:4764
      - C:\Windows\System32\vssadmin.exe
        
        "C:\Windows\System32\vssadmin.exe" delete shadows /all /quiet
        6⤵
        Interacts with shadow copies
        
        PID:4500
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\tmp_cf8f7ce2.bat"
      4⤵
      PID:4532
- C:\Users\Admin\AppData\Roaming\Satana.exe
  "C:\Users\Admin\AppData\Roaming\Satana.exe"
  2⤵
  PID:3148
- C:\Users\Admin\AppData\Roaming\Seftad.exe
  "C:\Users\Admin\AppData\Roaming\Seftad.exe"
  2⤵
  PID:1772
- C:\Users\Admin\AppData\Roaming\SporaRansomware.exe
  "C:\Users\Admin\AppData\Roaming\SporaRansomware.exe"
  2⤵
  PID:928
- - C:\Windows\SysWOW64\wbem\WMIC.exe
    "C:\Windows\System32\wbem\WMIC.exe" process call create "cmd.exe /c vssadmin.exe delete shadows /all /quiet & bcdedit.exe /set {default} recoveryenabled no & bcdedit.exe /set {default} bootstatuspolicy ignoreallfailures"
    3⤵
    PID:7204
- C:\Users\Admin\AppData\Roaming\ViraLock.exe
  "C:\Users\Admin\AppData\Roaming\ViraLock.exe"
  2⤵
  PID:2052
- - C:\Users\Admin\qusEAscU\vWwYsQIY.exe
    "C:\Users\Admin\qusEAscU\vWwYsQIY.exe"
    3⤵
    PID:1740
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /FI "USERNAME eq Admin" /F /IM hCUkQwYk.exe
      4⤵
      Kills process with taskkill
      PID:6188
  - - C:\ProgramData\HacIMkco\hCUkQwYk.exe
      "C:\ProgramData\HacIMkco\hCUkQwYk.exe"
      4⤵
      PID:6448
- - C:\ProgramData\HacIMkco\hCUkQwYk.exe
    "C:\ProgramData\HacIMkco\hCUkQwYk.exe"
    3⤵
    PID:2632
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\ViraLock"
    3⤵
    PID:1500
  - - C:\Users\Admin\AppData\Roaming\ViraLock.exe
      C:\Users\Admin\AppData\Roaming\ViraLock
      4⤵
      PID:6480
    - - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Roaming\ViraLock"
        5⤵
        
        PID:6788
    - - C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
        5⤵
        Modifies registry key
        
        PID:6884
    - - C:\Windows\SysWOW64\reg.exe
        
        reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
        5⤵
        Modifies registry key
        
        PID:6892
    - - C:\Windows\SysWOW64\reg.exe
        
        reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
        5⤵
        Modifies registry key
        
        PID:6900
    - - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\aYMMYUcU.bat" "C:\Users\Admin\AppData\Roaming\ViraLock.exe""
        5⤵
        
        PID:6916
- - C:\Windows\SysWOW64\reg.exe
    reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v HideFileExt /t REG_DWORD /d 1
    3⤵
    - Modifies registry key
    PID:1348
- - C:\Windows\SysWOW64\reg.exe
    reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
    3⤵
    - Modifies registry key
    PID:5996
- - C:\Windows\SysWOW64\reg.exe
    reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
    3⤵
    - Modifies registry key
    PID:4136
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\wAgwMQIs.bat" "C:\Users\Admin\AppData\Roaming\ViraLock.exe""
    3⤵
    PID:3308
  - - C:\Windows\SysWOW64\cscript.exe
      cscript C:\Users\Admin\AppData\Local\Temp/file.vbs
      4⤵
      PID:7108
- C:\Users\Admin\AppData\Roaming\WannaCry.exe
  "C:\Users\Admin\AppData\Roaming\WannaCry.exe"
  2⤵
  PID:5920
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c 12641742171572.bat
    3⤵
    PID:2488
- C:\Users\Admin\AppData\Roaming\WannaCrypt0r.exe
  "C:\Users\Admin\AppData\Roaming\WannaCrypt0r.exe"
  2⤵
  PID:4568
- - C:\Windows\SysWOW64\attrib.exe
    attrib +h .
    3⤵
    - Views/modifies file attributes
    PID:3520
- - C:\Windows\SysWOW64\icacls.exe
    icacls . /grant Everyone:F /T /C /Q
    3⤵
    - Modifies file permissions
    PID:5844
- - C:\Users\Admin\AppData\Roaming\taskdl.exe
    taskdl.exe
    3⤵
    PID:2760
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c 256551742171580.bat
    3⤵
    PID:4176
- - C:\Windows\SysWOW64\attrib.exe
    attrib +h +s F:\$RECYCLE
    3⤵
    - Views/modifies file attributes
    PID:6212
- - C:\Users\Admin\AppData\Roaming\taskdl.exe
    taskdl.exe
    3⤵
    PID:8524
- - C:\Users\Admin\AppData\Roaming\taskdl.exe
    taskdl.exe
    3⤵
    PID:35832
- C:\Users\Admin\AppData\Roaming\WinlockerVB6Blacksod.exe
  "C:\Users\Admin\AppData\Roaming\WinlockerVB6Blacksod.exe"
  2⤵
  PID:4972
- - C:\Windows\SysWOW64\msiexec.exe
    "C:\Windows\system32\msiexec.exe" /i "C:\Users\Admin\AppData\Roaming\Windows\Error file remover 1.0.0.0\install\0A01606\Error file remover.msi" AI_SETUPEXEPATH=C:\Users\Admin\AppData\Roaming\WinlockerVB6Blacksod.exe SETUPEXEDIR=C:\Users\Admin\AppData\Roaming\ EXE_CMD_LINE="/exenoupdates /exelang 0 /noprereqs "
    3⤵
    PID:6960
- C:\Users\Admin\AppData\Roaming\Xyeta.exe
  "C:\Users\Admin\AppData\Roaming\Xyeta.exe"
  2⤵
  PID:4052
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4052 -s 448
    3⤵
    - Program crash
    PID:3876
- C:\Users\Admin\AppData\Roaming\$uckyLocker.exe
  "C:\Users\Admin\AppData\Roaming\$uckyLocker.exe"
  2⤵
  PID:4900
- C:\Users\Admin\AppData\Roaming\7ev3n.exe
  "C:\Users\Admin\AppData\Roaming\7ev3n.exe"
  2⤵
  PID:5112
- - C:\Users\Admin\AppData\Local\system.exe
    "C:\Users\Admin\AppData\Local\system.exe"
    3⤵
    PID:8848
  - - C:\Windows\SysWOW64\SCHTASKS.exe
      C:\Windows\System32\SCHTASKS.exe /create /SC ONLOGON /TN uac /TR "C:\Users\Admin\AppData\Local\bcd.bat" /RL HIGHEST /f
      4⤵
      Scheduled Task/Job: Scheduled Task
      PID:7732
- C:\Users\Admin\AppData\Roaming\Annabelle.exe
  "C:\Users\Admin\AppData\Roaming\Annabelle.exe"
  2⤵
  PID:5604
- C:\Users\Admin\AppData\Roaming\BadRabbit.exe
  "C:\Users\Admin\AppData\Roaming\BadRabbit.exe"
  2⤵
  PID:876
- - C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
    3⤵
    PID:6512
  - - C:\Windows\SysWOW64\cmd.exe
      /c schtasks /Delete /F /TN rhaegal
      4⤵
      PID:7064
  - - C:\Windows\SysWOW64\cmd.exe
      /c schtasks /Create /RU SYSTEM /SC ONSTART /TN rhaegal /TR "C:\Windows\system32\cmd.exe /C Start \"\" \"C:\Windows\dispci.exe\" -id 2524454250 && exit"
      4⤵
      PID:5832
  - - C:\Windows\SysWOW64\cmd.exe
      /c schtasks /Create /SC once /TN drogon /RU SYSTEM /TR "C:\Windows\system32\shutdown.exe /r /t 0 /f" /ST 00:51:00
      4⤵
      PID:5956
- C:\Users\Admin\AppData\Roaming\Birele.exe
  "C:\Users\Admin\AppData\Roaming\Birele.exe"
  2⤵
  PID:1028
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /F /IM explorer.exe
    3⤵
    - Kills process with taskkill
    PID:6944
- C:\Users\Admin\AppData\Roaming\Cerber5.exe
  "C:\Users\Admin\AppData\Roaming\Cerber5.exe"
  2⤵
  PID:5040
- - C:\Windows\SysWOW64\netsh.exe
    C:\Windows\system32\netsh.exe advfirewall set allprofiles state on
    3⤵
    - Modifies Windows Firewall
    PID:3984
- C:\Users\Admin\AppData\Roaming\CoronaVirus.exe
  "C:\Users\Admin\AppData\Roaming\CoronaVirus.exe"
  2⤵
  PID:6304
- C:\Users\Admin\AppData\Roaming\CryptoLocker.exe
  "C:\Users\Admin\AppData\Roaming\CryptoLocker.exe"
  2⤵
  PID:6408
- - C:\Users\Admin\AppData\Roaming\CryptoLocker.exe
    "C:\Users\Admin\AppData\Roaming\CryptoLocker.exe" /w00000224
    3⤵
    PID:6728
- C:\Users\Admin\AppData\Roaming\CryptoWall.exe
  "C:\Users\Admin\AppData\Roaming\CryptoWall.exe"
  2⤵
  PID:6520
- - C:\Windows\SysWOW64\explorer.exe
    "C:\Windows\syswow64\explorer.exe"
    3⤵
    PID:6828
- C:\Users\Admin\AppData\Roaming\DeriaLock.exe
  "C:\Users\Admin\AppData\Roaming\DeriaLock.exe"
  2⤵
  PID:6608
- C:\Users\Admin\AppData\Roaming\Dharma.exe
  "C:\Users\Admin\AppData\Roaming\Dharma.exe"
  2⤵
  PID:7104
- - C:\Users\Admin\AppData\Local\Temp\ac\nc123.exe
    "C:\Users\Admin\AppData\Local\Temp\ac\nc123.exe"
    3⤵
    PID:6424
- - C:\Users\Admin\AppData\Local\Temp\ac\mssql2.exe
    "C:\Users\Admin\AppData\Local\Temp\ac\mssql2.exe"
    3⤵
    PID:5848
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\ac\Shadow.bat" "
    3⤵
    PID:1700
- - C:\Users\Admin\AppData\Local\Temp\ac\EVER\SearchHost.exe
    "C:\Users\Admin\AppData\Local\Temp\ac\EVER\SearchHost.exe"
    3⤵
    PID:2808
- C:\Users\Admin\AppData\Roaming\Fantom.exe
  "C:\Users\Admin\AppData\Roaming\Fantom.exe"
  2⤵
  PID:1916
- C:\Users\Admin\AppData\Roaming\GandCrab.exe
  "C:\Users\Admin\AppData\Roaming\GandCrab.exe"
  2⤵
  PID:3368
- C:\Users\Admin\AppData\Roaming\InfinityCrypt.exe
  "C:\Users\Admin\AppData\Roaming\InfinityCrypt.exe"
  2⤵
  PID:5780
- C:\Users\Admin\AppData\Roaming\PolyRansom.exe
  "C:\Users\Admin\AppData\Roaming\PolyRansom.exe"
  2⤵
  PID:33928
- - C:\ProgramData\HacIMkco\hCUkQwYk.exe
    "C:\ProgramData\HacIMkco\hCUkQwYk.exe"
    3⤵
    PID:8564
- - C:\Windows\SysWOW64\reg.exe
    reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /f /v Hidden /t REG_DWORD /d 2
    3⤵
    - Modifies registry key
    PID:23252
- - C:\Windows\SysWOW64\reg.exe
    reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /d 0 /t REG_DWORD /f
    3⤵
    - Modifies registry key
    PID:35792
- C:\Users\Admin\AppData\Roaming\PowerPoint.exe
  "C:\Users\Admin\AppData\Roaming\PowerPoint.exe"
  2⤵
  PID:6160
- - C:\Users\Admin\AppData\Local\Temp\sys3.exe
    C:\Users\Admin\AppData\Local\Temp\\sys3.exe
    3⤵
    PID:24876
- C:\Users\Admin\AppData\Roaming\Bumerang.exe
  "C:\Users\Admin\AppData\Roaming\Bumerang.exe"
  2⤵
  PID:13224
- - C:\Windows\SysWOW64\ddraw32.dll
    C:\Windows\system32\ddraw32.dll :C:\Users\Admin\AppData\Roaming\Bumerang.exe
    3⤵
    PID:17860
- C:\Users\Admin\AppData\Roaming\Fagot.a.exe
  "C:\Users\Admin\AppData\Roaming\Fagot.a.exe"
  2⤵
  PID:18240
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\HeadTail.vbs"
  2⤵
  PID:37732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 3380 -ip 3380
1⤵
PID:4684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 4052 -ip 4052
1⤵
PID:1832

C:\Windows\System32\vssadmin.exe
"C:\Windows\System32\vssadmin.exe" delete shadows /all /quiet
1⤵
- Interacts with shadow copies
PID:5272

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2f4 0x4ec
1⤵
PID:3992

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
PID:4576
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 480219393F3CF567AD6D65FD5B25A79B
  2⤵
  PID:6684

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
PID:6532

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6388

C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
"C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
1⤵
PID:4052

C:\Windows\SysWOW64\cmd.exe
/c schtasks /Create /SC once /TN "" /TR "C:\Windows\system32\shutdown.exe /r /f" /ST 01:36
1⤵
PID:5576

C:\Users\Admin\AppData\Local\Temp\CF08.tmp
"C:\Users\Admin\AppData\Local\Temp\CF08.tmp" \\.\pipe\{A9368765-9B52-482E-8859-EE9E31F2B3CE}
1⤵
PID:2316

C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe C:\Windows\system32\PcaSvc.dll,PcaPatchSdbTask
1⤵
PID:8028

C:\Windows\SysWOW64\net1.exe
C:\Windows\system32\net1 stop vss
1⤵
PID:1480

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2c4,0x2ec,0x7ffd8bf7f208,0x7ffd8bf7f214,0x7ffd8bf7f220
1⤵
PID:7784

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1740,i,18331361549900614968,16541123616155384259,262144 --variations-seed-version --mojo-platform-channel-handle=2584 /prefetch:3
1⤵
PID:4776

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2432,i,18331361549900614968,16541123616155384259,262144 --variations-seed-version --mojo-platform-channel-handle=2424 /prefetch:2
1⤵
PID:8548

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=1896,i,18331361549900614968,16541123616155384259,262144 --variations-seed-version --mojo-platform-channel-handle=2820 /prefetch:8
1⤵
PID:1320

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3496,i,18331361549900614968,16541123616155384259,262144 --variations-seed-version --mojo-platform-channel-handle=3512 /prefetch:1
1⤵
PID:8424

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3516,i,18331361549900614968,16541123616155384259,262144 --variations-seed-version --mojo-platform-channel-handle=3544 /prefetch:1
1⤵
PID:8536

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:4184

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4164,i,18331361549900614968,16541123616155384259,262144 --variations-seed-version --mojo-platform-channel-handle=5028 /prefetch:8
1⤵
PID:8948

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4840,i,18331361549900614968,16541123616155384259,262144 --variations-seed-version --mojo-platform-channel-handle=5060 /prefetch:8
1⤵
PID:7896

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5296,i,18331361549900614968,16541123616155384259,262144 --variations-seed-version --mojo-platform-channel-handle=5368 /prefetch:8
1⤵
PID:26872

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6120,i,18331361549900614968,16541123616155384259,262144 --variations-seed-version --mojo-platform-channel-handle=6080 /prefetch:8
1⤵
PID:40544

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5368,i,18331361549900614968,16541123616155384259,262144 --variations-seed-version --mojo-platform-channel-handle=5080 /prefetch:8
1⤵
PID:21968

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Windows Management Instrumentation

T1047

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Direct Volume Access

T1006

File and Directory Permissions Modification

T1222

Windows File and Directory Permissions Modification

T1222.001

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Indicator Removal

T1070

File Deletion

T1070.004

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

T1490

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt.E6E9114204157F2F6533C1E45C6063CB6C916DC8341A38C4B19D429769D05697

Filesize
32KB

MD5
552c0fb3ae692761609be8ef723ccdba

SHA1
2182c04fe959009c613f3a8229fcc13f0a11edbd

SHA256
874de7fa52088530d76f8fc63495279de59b58b3d2ce3602dc458fff4b3218db

SHA512
adb62826b5bd13f02b4fe68963aa0e16c4a4b85d0009d7a2b5dc9b744e8a024acedcb60f0dc4191413b4140abb24998a8be69a1534ccd120df00b0108dc6afb3

Download Submit
C:\Users\Admin\83279751\assembler.exe

Filesize
589KB

MD5
7e3cea1f686207563c8369f64ea28e5b

SHA1
a1736fd61555841396b0406d5c9ca55c4b6cdf41

SHA256
2a5305369edb9c2d7354b2f210e91129e4b8c546b0adf883951ea7bf7ee0f2b2

SHA512
4629bc32094bdb030e6c9be247068e7295599203284cb95921c98fcbe3ac60286670be7e5ee9f0374a4017286c7af9db211bd831e3ea871d31a509d7bbc1d6a3

Download Submit
C:\Users\Admin\83279751\protect.exe

Filesize
837KB

MD5
fd414666a5b2122c3d9e3e380cf225ed

SHA1
de139747b42a807efa8a2dcc1a8304f9a29b862d

SHA256
e61a8382f7293e40cb993ddcbcaa53a4e5f07a3d6b6a1bfe5377a1a74a8dcac6

SHA512
9ab2163d7deff29c202ed88dba36d5b28f6c67e647a0cadb3d03cc725796e19e5f298c04b1c8523d1d1ee4307e1a5d6f8156fa4021627d6ca1bbd0830695ae05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
7b0736a36bad51260e5db322736df2e9

SHA1
30af14ed09d3f769230d67f51e0adb955833673e

SHA256
0d2adfd06d505b9020c292d30597083d808bfd90ddc0fe173def5db96832a087

SHA512
caabdc6a8601b93f3c082e6506b3c9efe2242b90e92e86306dc0bd4857d33343ba395325fabb21f5db562d3e3932f52f77de547f379072d0154efd5f1b1cdeb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
8ff0f403a6e424c1b91f8b676f0f0498

SHA1
a9eaf20e8a017dc9ed1028e6d67e220abb543b3e

SHA256
ae6760037c15ace7e903d6cc4f777f5808c5325dbc51f132c31bec0e0910cf4c

SHA512
c720dee5193875d3b72ec985e4442d2ade81093c7f7f0c849c54525bd52ead11d730b4277529364a192d668b381201b75eff1562bdba48ef49102c87351d89d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
d639cf689211501ad994e89919bbbe46

SHA1
848e730587a8117e23ede3d124fc4367948cd239

SHA256
be4568bf9a2f6f1e392f425f1d22ca1c2e3963f99f662a5b36826a726ac2541b

SHA512
b43198096bcf8769f10ff6a91aebc8dd8b317bbb3115defe5eef2086b7ebe49d7e99cd0d7988ba53672a485148b86bf488b8ef1a682b90c79117fff88585d391

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML

Filesize
9KB

MD5
7050d5ae8acfbe560fa11073fef8185d

SHA1
5bc38e77ff06785fe0aec5a345c4ccd15752560e

SHA256
cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

SHA512
a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

Download Submit
C:\Users\Admin\AppData\Local\Temp\AdvinstAnalytics\Error file remover\1.0.0.0\tracking.ini

Filesize
84B

MD5
46aee661c0714a876ae3dec6765cde28

SHA1
9f1d314f3626579df42c2de07ffee776c62f3019

SHA256
1521928b8d738380b73c0fad61fd4e51d65e37b3e1ad794de3cb135116b10482

SHA512
70f583a6410fc3e1597fb46d15dbb8f726bf46093c760274e16d78c538c8f056cf312d3623c2077b413528fe9050a5ed8bb093a3284fccd5758eccd26ef4333f

Download Submit
C:\Users\Admin\AppData\Local\Temp\AdvinstAnalytics\Error file remover\1.0.0.0\{DB881C16-69DB-4374-A1D6-15432AD2CA6B}.session

Filesize
4KB

MD5
d8c4f880824c5851df1a5c9453d226b4

SHA1
fd5e478ce552075d9bc5e78bca7932cdf70a0ee9

SHA256
3a6f6cd57a63721aac3531e79da664f16ec853aa204f6921ff18ec649f5633f8

SHA512
09c04dfc4f8af261a3edf2d6c5b356e450e3f511a451e80a29fd4449ec94ee6778f9635f1695314f97667999f4d23ede85ac867755b02d0d14e9004075100792

Download Submit
C:\Users\Admin\AppData\Local\Temp\CcAm.exe

Filesize
425KB

MD5
91cfe40b962b9a408ad4a0c998e48e4c

SHA1
e6a84ae2eedbbc5241342fae981752fd8b3871dc

SHA256
c4119c1fa03862bbb9cabd0d3013c27f23f435cfc6462df42b4f88fcee28b41a

SHA512
2cde53766a71d15f1c0353a7fe7afea1d027e8a1d96f004c3606e75f1342138f858b62746480fc5b442d101ac33b0e279e43b8db1184261b42a4dbb68e2b88a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\ac\EVER\SearchHost.exe

Filesize
1.6MB

MD5
8add121fa398ebf83e8b5db8f17b45e0

SHA1
c8107e5c5e20349a39d32f424668139a36e6cfd0

SHA256
35c4a6c1474eb870eec901cef823cc4931919a4e963c432ce9efbb30c2d8a413

SHA512
8f81c4552ff561eea9802e5319adcd6c7e5bdd1dc4c91e56fda6bdc9b7e8167b222500a0aee5cf27b0345d1c19ac9fa95ae4fd58d4c359a5232bcf86f03d2273

Download Submit
C:\Users\Admin\AppData\Local\Temp\ac\mssql.exe

Filesize
10.2MB

MD5
f6a3d38aa0ae08c3294d6ed26266693f

SHA1
9ced15d08ffddb01db3912d8af14fb6cc91773f2

SHA256
c522e0b5332cac67cde8fc84080db3b8f2e0fe85f178d788e38b35bbe4d464ad

SHA512
814b1130a078dcb6ec59dbfe657724e36aa3db64ed9b2f93d8559b6a50e512365c8596240174141d6977b5ddcf7f281add7886c456dc7463c97f432507e73515

Download Submit
C:\Users\Admin\AppData\Local\Temp\ac\nc123.exe

Filesize
125KB

MD5
597de376b1f80c06d501415dd973dcec

SHA1
629c9649ced38fd815124221b80c9d9c59a85e74

SHA256
f47e3555461472f23ab4766e4d5b6f6fd260e335a6abc31b860e569a720a5446

SHA512
072565912208e97cc691e1a102e32fd6c243b5a3f8047a159e97aabbe302bddc36f3c52cecde3b506151bc89e0f3b5acf6552a82d83dac6e0180c873d36d3f6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\eAse.exe

Filesize
646KB

MD5
163545c14b6f992db4a0b347be92dcf1

SHA1
a956f268484853da6cfb86ca315aec6d242764d8

SHA256
682787f17683c6eb1af7ca4263faa67abb28fe0fd8f785c7970a2c915a4d2160

SHA512
8865b4b50f18de6d5e2b5ea2651f0aa508a9fee3e1facb808743c9468b755486cea515cfe80574b9c46528f3a41d1e610b9cfac763b67eaaa5b4e2124cadc4a7

Download Submit
C:\Users\Admin\AppData\Roaming\$uckyLocker.exe

Filesize
414KB

MD5
c850f942ccf6e45230169cc4bd9eb5c8

SHA1
51c647e2b150e781bd1910cac4061a2cee1daf89

SHA256
86e0eac8c5ce70c4b839ef18af5231b5f92e292b81e440193cdbdc7ed108049f

SHA512
2b3890241b8c8690aab0aed347daa778aba20f29f76e8b79b02953b6252324317520b91ea60d3ef73e42ad403f7a6e0e3f2a057799f21ed447dae7096b2f47d9

Download Submit
C:\Users\Admin\AppData\Roaming\7ev3n.exe

Filesize
315KB

MD5
9f8bc96c96d43ecb69f883388d228754

SHA1
61ed25a706afa2f6684bb4d64f69c5fb29d20953

SHA256
7d373ccb96d1dbb1856ef31afa87c2112a0c1795a796ab01cb154700288afec5

SHA512
550a891c1059f58aa983138caf65a7ea9c326cb1b94c15f3e7594128f6e9f1295b9c2dbc0925637dba7c94e938083fffc6a63dc7c2e5b1e247679931cce505c6

Download Submit
C:\Users\Admin\AppData\Roaming\Annabelle.exe

Filesize
15.9MB

MD5
0f743287c9911b4b1c726c7c7edcaf7d

SHA1
9760579e73095455fcbaddfe1e7e98a2bb28bfe0

SHA256
716335ba5cd1e7186c40295b199190e2b6655e48f1c1cbe12139ba67faa5e1ac

SHA512
2a6dd6288303700ef9cb06ae1efeb1e121c89c97708e5ecd15ed9b2a35d0ecff03d8da58b30daeadad89bd38dc4649521ada149fb457408e5a2bdf1512f88677

Download Submit
C:\Users\Admin\AppData\Roaming\Avoid.exe

Filesize
248KB

MD5
20d2c71d6d9daf4499ffc4a5d164f1c3

SHA1
38e5dcd93f25386d05a34a5b26d3fba1bf02f7c8

SHA256
3ac8cc58dcbceaec3dab046aea050357e0e2248d30b0804c738c9a5b037c220d

SHA512
8ffd56fb3538eb60da2dde9e3d6eee0dac8419c61532e9127f47c4351b6e53e01143af92b2e26b521e23cdbbf15d7a358d3757431e572e37a1eede57c7d39704

Download Submit
C:\Users\Admin\AppData\Roaming\BadRabbit.exe

Filesize
431KB

MD5
fbbdc39af1139aebba4da004475e8839

SHA1
de5c8d858e6e41da715dca1c019df0bfb92d32c0

SHA256
630325cac09ac3fab908f903e3b00d0dadd5fdaa0875ed8496fcbb97a558d0da

SHA512
74eca8c01de215b33d5ceea1fda3f3bef96b513f58a750dba04b0de36f7ef4f7846a6431d52879ca0d8641bfd504d4721a9a96fa2e18c6888fd67fa77686af87

Download Submit
C:\Users\Admin\AppData\Roaming\Birele.exe

Filesize
116KB

MD5
41789c704a0eecfdd0048b4b4193e752

SHA1
fb1e8385691fa3293b7cbfb9b2656cf09f20e722

SHA256
b2dcfdf9e7b09f2aa5004668370e77982963ace820e7285b2e264a294441da23

SHA512
76391ac85fdc3be75441fcd6e19bed08b807d3946c7281c647f16a3be5388f7be307e6323fac8502430a4a6d800d52a88709592a49011ecc89de4f19102435ea

Download Submit
C:\Users\Admin\AppData\Roaming\Cerber5.exe

Filesize
313KB

MD5
fe1bc60a95b2c2d77cd5d232296a7fa4

SHA1
c07dfdea8da2da5bad036e7c2f5d37582e1cf684

SHA256
b3e1e9d97d74c416c2a30dd11858789af5554cf2de62f577c13944a19623777d

SHA512
266c541a421878e1e175db5d94185c991cec5825a4bc50178f57264f3556080e6fe984ed0380acf022ce659aa1ca46c9a5e97efc25ff46cbfd67b9385fd75f89

Download Submit
C:\Users\Admin\AppData\Roaming\ChilledWindows.exe

Filesize
4.4MB

MD5
6a4853cd0584dc90067e15afb43c4962

SHA1
ae59bbb123e98dc8379d08887f83d7e52b1b47fc

SHA256
ccb9502bf8ba5becf8b758ca04a5625c30b79e2d10d2677cc43ae4253e1288ec

SHA512
feb223e0de9bd64e32dc4f3227e175b58196b5e614bca8c2df0bbca2442a564e39d66bcd465154149dc7ebbd3e1ca644ed09d9a9174b52236c76e7388cb9d996

Download Submit
C:\Users\Admin\AppData\Roaming\CookieClickerHack.exe

Filesize
68KB

MD5
bc1e7d033a999c4fd006109c24599f4d

SHA1
b927f0fc4a4232a023312198b33272e1a6d79cec

SHA256
13adae722719839af8102f98730f3af1c5a56b58069bfce8995acd2123628401

SHA512
f5d9b8c1fd9239894ec9c075542bff0bcef79871f31038e627ae257b8c1db9070f4d124448a78e60ccc8bc12f138102a54825e9d7647cd34832984c7c24a6276

Download Submit
C:\Users\Admin\AppData\Roaming\CoronaVirus.exe

Filesize
1.0MB

MD5
055d1462f66a350d9886542d4d79bc2b

SHA1
f1086d2f667d807dbb1aa362a7a809ea119f2565

SHA256
dddf7894b2e6aafa1903384759d68455c3a4a8348a7e2da3bd272555eba9bec0

SHA512
2c5e570226252bdb2104c90d5b75f11493af8ed1be8cb0fd14e3f324311a82138753064731b80ce8e8b120b3fe7009b21a50e9f4583d534080e28ab84b83fee1

Download Submit
C:\Users\Admin\AppData\Roaming\CrazyNCS.exe

Filesize
122KB

MD5
d043ba91e42e0d9a68c9866f002e8a21

SHA1
e9f177e1c57db0a15d1dc6b3e6c866d38d85b17c

SHA256
6820c71df417e434c5ad26438c901c780fc5a80b28a466821b47d20b8424ef08

SHA512
3e9783646e652e9482b3e7648fb0a5f7c8b6c386bbc373d5670d750f6f99f6137b5501e21332411609cbcc0c20f829ab8705c2835e2756455f6754c9975ac6bd

Download Submit
C:\Users\Admin\AppData\Roaming\CryptoWall.exe

Filesize
132KB

MD5
919034c8efb9678f96b47a20fa6199f2

SHA1
747070c74d0400cffeb28fbea17b64297f14cfbd

SHA256
e036d68b8f8b7afc6c8b6252876e1e290f11a26d4ad18ac6f310662845b2c734

SHA512
745a81c50bbfd62234edb9788c83a22e0588c5d25c00881901923a02d7096c71ef5f0cd5b73f92ad974e5174de064b0c5ea8044509039aab14b2aed83735a7c4

Download Submit
C:\Users\Admin\AppData\Roaming\Curfun.exe

Filesize
138KB

MD5
0b3b2dff5503cb032acd11d232a3af55

SHA1
6efc31c1d67f70cf77c319199ac39f70d5a7fa95

SHA256
ef878461a149024f3065121ff4e165731ecabef1b94b0b3ed2eda010ad39202b

SHA512
484014d65875e706f7e5e5f54c2045d620e5cce5979bf7f37b45c613e6d948719c0b8e466df5d8908706133ce4c4b71a11b804417831c9dbaf72b6854231ea17

Download Submit
C:\Users\Admin\AppData\Roaming\DeriaLock.exe

Filesize
484KB

MD5
0a7b70efba0aa93d4bc0857b87ac2fcb

SHA1
01a6c963b2f5f36ff21a1043587dcf921ae5f5cd

SHA256
4f5bff64160044d9a769ab277ff85ba954e2a2e182c6da4d0672790cf1d48309

SHA512
2033f9637b8d023242c93f54c140dd561592a3380a15a9fdc8ebfa33385ff4fc569d66c846a01b4ac005f0521b3c219e87f4b1ed2a83557f9d95fa066ad25e14

Download Submit
C:\Users\Admin\AppData\Roaming\DesktopBoom.exe

Filesize
1.1MB

MD5
f0a661d33aac3a3ce0c38c89bec52f89

SHA1
709d6465793675208f22f779f9e070ed31d81e61

SHA256
c20e78ce9028299d566684d35b1230d055e5ea0e9b94d0aff58f650e0468778a

SHA512
57cdb3c38f2e90d03e6dc1f9d8d1131d40d3919f390bb1783343c82465461319e70483dc3cd3efdbd9a62dfc88d74fc706f05d760ffd8506b16fd7686e414443

Download Submit
C:\Users\Admin\AppData\Roaming\Dharma.exe

Filesize
11.5MB

MD5
928e37519022745490d1af1ce6f336f7

SHA1
b7840242393013f2c4c136ac7407e332be075702

SHA256
6fb303dd8ba36381948127d44bd8541e4a1ab8af07b46526ace08458f2498850

SHA512
8040195ab2b2e15c9d5ffa13a47a61c709738d1cf5e2108e848fedf3408e5bad5f2fc5f523f170f6a80cb33a4f5612d3d60dd343d028e55cfc08cd2f6ed2947c

Download Submit
C:\Users\Admin\AppData\Roaming\Fantom.exe

Filesize
261KB

MD5
7d80230df68ccba871815d68f016c282

SHA1
e10874c6108a26ceedfc84f50881824462b5b6b6

SHA256
f4234a501edcd30d3bc15c983692c9450383b73bdd310059405c5e3a43cc730b

SHA512
64d02b3e7ed82a64aaac1f74c34d6b6e6feaac665ca9c08911b93eddcec66595687024ec576e74ea09a1193ace3923969c75de8733859835fef45335cf265540

Download Submit
C:\Users\Admin\AppData\Roaming\Flasher.exe

Filesize
246KB

MD5
9254ca1da9ff8ad492ca5fa06ca181c6

SHA1
70fa62e6232eae52467d29cf1c1dacb8a7aeab90

SHA256
30676ad5dc94c3fec3d77d87439b2bf0a1aaa7f01900b68002a06f11caee9ce6

SHA512
a84fbbdea4e743f3e41878b9cf6db219778f1479aa478100718af9fc8d7620fc7a3295507e11df39c7863cb896f946514e50368db480796b6603c8de5580685a

Download Submit
C:\Users\Admin\AppData\Roaming\GandCrab.exe

Filesize
291KB

MD5
e6b43b1028b6000009253344632e69c4

SHA1
e536b70e3ffe309f7ae59918da471d7bf4cadd1c

SHA256
bfb9db791b8250ffa8ebc48295c5dbbca757a5ed3bbb01de12a871b5cd9afd5a

SHA512
07da214314673407a7d3978ee6e1d20bf1e02f135bf557e86b50489ecc146014f2534515c1b613dba96e65489d8c82caaa8ed2e647684d61e5e86bd3e8251adf

Download Submit
C:\Users\Admin\AppData\Roaming\Hydra.exe

Filesize
43KB

MD5
b2eca909a91e1946457a0b36eaf90930

SHA1
3200c4e4d0d4ece2b2aadb6939be59b91954bcfa

SHA256
0b6c0af51cde971b3e5f8aa204f8205418ab8c180b79a5ac1c11a6e0676f0f7c

SHA512
607d20e4a46932c7f4d9609ef9451e2303cd79e7c4778fe03f444e7dc800d6de7537fd2648c7c476b9f098588dc447e8c39d8b21cd528d002dfa513a19c6ebbf

Download Submit
C:\Users\Admin\AppData\Roaming\InfinityCrypt.exe

Filesize
211KB

MD5
b805db8f6a84475ef76b795b0d1ed6ae

SHA1
7711cb4873e58b7adcf2a2b047b090e78d10c75b

SHA256
f5d002bfe80b48386a6c99c41528931b7f5df736cd34094463c3f85dde0180bf

SHA512
62a2c329b43d186c4c602c5f63efc8d2657aa956f21184334263e4f6d0204d7c31f86bda6e85e65e3b99b891c1630d805b70997731c174f6081ecc367ccf9416

Download Submit
C:\Users\Admin\AppData\Roaming\Krotten.exe

Filesize
53KB

MD5
87ccd6f4ec0e6b706d65550f90b0e3c7

SHA1
213e6624bff6064c016b9cdc15d5365823c01f5f

SHA256
e79f164ccc75a5d5c032b4c5a96d6ad7604faffb28afe77bc29b9173fa3543e4

SHA512
a72403d462e2e2e181dbdabfcc02889f001387943571391befed491aaecba830b0869bdd4d82bca137bd4061bbbfb692871b1b4622c4a7d9f16792c60999c990

Download Submit
C:\Users\Admin\AppData\Roaming\Launcher.exe

Filesize
197KB

MD5
7506eb94c661522aff09a5c96d6f182b

SHA1
329bbdb1f877942d55b53b1d48db56a458eb2310

SHA256
d5b962dfe37671b5134f0b741a662610b568c2b5374010ee92b5b7857d87872c

SHA512
d815a9391ef3d508b89fc221506b95f4c92d586ec38f26aec0f239750f34cf398eed3d818fa439f6aa6ed3b30f555a1903d93eeeec133b80849a4aa6685ec070

Download Submit
C:\Users\Admin\AppData\Roaming\Melting.exe

Filesize
12KB

MD5
833619a4c9e8c808f092bf477af62618

SHA1
b4a0efa26f790e991cb17542c8e6aeb5030d1ebf

SHA256
92a284981c7ca33f1af45ce61738479fbcbb5a4111f5498e2cb54931c8a36c76

SHA512
4f231fc16339d568b5cf9353133aeae835eb262dab68bc80d92f37b43df64dce4fae0e913cbaa3bb61351a759aeecf9d280bc5779b0853c980559a654d6cca11

Download Submit
C:\Users\Admin\AppData\Roaming\Monoxidex86.harmless.exe

Filesize
131KB

MD5
bd65d387482def1fe00b50406f731763

SHA1
d06a2ba2e29228f443f97d1dd3a8da5dd7df5903

SHA256
1ab7375550516d7445c47fd9b551ed864f227401a14ff3f1ff0d70caca3bd997

SHA512
351ecd109c4d49bc822e8ade73a9516c4a531ebcda63546c155e677dcff19708068dc588b2fcf30cad086238e8b206fc5f349d37dda02d3c3a8d9b570d92e4d9

Download Submit
C:\Users\Admin\AppData\Roaming\Petya.A.exe

Filesize
225KB

MD5
af2379cc4d607a45ac44d62135fb7015

SHA1
39b6d40906c7f7f080e6befa93324dddadcbd9fa

SHA256
26b4699a7b9eeb16e76305d843d4ab05e94d43f3201436927e13b3ebafa90739

SHA512
69899c47d0b15f92980f79517384e83373242e045ca696c6e8f930ff6454219bf609e0d84c2f91d25dfd5ef3c28c9e099c4a3a918206e957be806a1c2e0d3e99

Download Submit
C:\Users\Admin\AppData\Roaming\PolyRansom.exe

Filesize
220KB

MD5
3ed3fb296a477156bc51aba43d825fc0

SHA1
9caa5c658b1a88fee149893d3a00b34a8bb8a1a6

SHA256
1898f2cae1e3824cb0f7fd5368171a33aba179e63501e480b4da9ea05ebf0423

SHA512
dc3d6e409cee4d54f48d1a25912243d07e2f800578c8e0e348ce515a047ecf5fa3089b46284e0956bbced345957a000eecdc082e6f3060971759d70a14c1c97e

Download Submit
C:\Users\Admin\AppData\Roaming\Popup.exe

Filesize
373KB

MD5
9c3e9e30d51489a891513e8a14d931e4

SHA1
4e5a5898389eef8f464dee04a74f3b5c217b7176

SHA256
f8f7b5f20ca57c61df6dc8ff49f2f5f90276a378ec17397249fdc099a6e1dcd8

SHA512
bf45677b7dd6c67ad350ec6ecad5bc3f04dea179fae0ff0a695c69f7de919476dd7a69c25b04c8530a35119e4933f4a8c327ed6dcef892b1114dfd7e494a19a7

Download Submit
C:\Users\Admin\AppData\Roaming\PowerPoint.exe

Filesize
136KB

MD5
70108103a53123201ceb2e921fcfe83c

SHA1
c71799a6a6d09ee758b04cdf90a4ab76fbd2a7e3

SHA256
9c3f8df80193c085912c9950c58051ae77c321975784cc069ceacd4f57d5861d

SHA512
996701c65eee7f781c2d22dce63f4a95900f36b97a99dcf833045bce239a08b3c2f6326b3a808431cdab92d59161dd80763e44126578e160d79b7095175d276b

Download Submit
C:\Users\Admin\AppData\Roaming\RedBoot.exe

Filesize
1.2MB

MD5
e0340f456f76993fc047bc715dfdae6a

SHA1
d47f6f7e553c4bc44a2fe88c2054de901390b2d7

SHA256
1001a8c7f33185217e6e1bdbb8dba9780d475da944684fb4bf1fc04809525887

SHA512
cac10c675d81630eefca49b2ac4cc83f3eb29115ee28a560db4d6c33f70bf24980e48bb48ce20375349736e3e6b23a1ca504b9367917328853fffc5539626bbc

Download Submit
C:\Users\Admin\AppData\Roaming\RedEye.exe

Filesize
10.6MB

MD5
e9e5596b42f209cc058b55edc2737a80

SHA1
f30232697b3f54e58af08421da697262c99ec48b

SHA256
9ac9f207060c28972ede6284137698ce0769e3695c7ad98ab320605d23362305

SHA512
e542319beb6f81b493ad80985b5f9c759752887dc3940b77520a3569cd5827de2fcae4c2357b7f9794b382192d4c0b125746df5cf08f206d07b2b473b238d0c7

Download Submit
C:\Users\Admin\AppData\Roaming\Rensenware.exe

Filesize
96KB

MD5
60335edf459643a87168da8ed74c2b60

SHA1
61f3e01174a6557f9c0bfc89ae682d37a7e91e2e

SHA256
7bf5623f0a10dfa148a35bebd899b7758612f1693d2a9910f716cf15a921a76a

SHA512
b4e5e4d4f0b4a52243d6756c66b4fe6f4b39e64df7790072046e8a3dadad3a1be30b8689a1bab8257cc35cb4df652888ddf62b4e1fccb33e1bbf1f5416d73efb

Download Submit
C:\Users\Admin\AppData\Roaming\Rokku.exe

Filesize
666KB

MD5
97512f4617019c907cd0f88193039e7c

SHA1
24cfa261ee30f697e7d1e2215eee1c21eebf4579

SHA256
438888ef36bad1079af79daf152db443b4472c5715a7b3da0ba24cc757c53499

SHA512
cfbb8dd91434f917d507cb919aa7e6b16b7b2056d56185f6ad5b6149e05629325cdb3df907f58bb3f634b17a9989bf5b6d6b81f5396a3a556431742ed742ac4a

Download Submit
C:\Users\Admin\AppData\Roaming\Satana.exe

Filesize
49KB

MD5
46bfd4f1d581d7c0121d2b19a005d3df

SHA1
5b063298bbd1670b4d39e1baef67f854b8dcba9d

SHA256
683a09da219918258c58a7f61f7dc4161a3a7a377cf82a31b840baabfb9a4a96

SHA512
b52aa090f689765d099689700be7e18922137e7a860a00113e3f72aa6553e94a870bbb741e52de9617506a236a2a59198fb224fcd128576d76642eec9d715df5

Download Submit
C:\Users\Admin\AppData\Roaming\ScreenScrew.exe

Filesize
111KB

MD5
e87a04c270f98bb6b5677cc789d1ad1d

SHA1
8c14cb338e23d4a82f6310d13b36729e543ff0ca

SHA256
e03520794f00fb39ef3cfff012f72a5d03c60f89de28dbe69016f6ed151b5338

SHA512
8784f4d42908e54ecedfb06b254992c63920f43a27903ccedd336daaeed346db44e1f40e7db971735da707b5b32206be1b1571bc0d6a2d6eb90bbf9d1f69de13

Download Submit
C:\Users\Admin\AppData\Roaming\Seftad.exe

Filesize
48KB

MD5
86a3a3ce16360e01933d71d0bf1f2c37

SHA1
af54089e3601c742d523b507b3a0793c2b6e60be

SHA256
2ebe23ba9897d9c127b9c0a737ba63af8d0bcd76ec866610cc0b5de2f62b87bd

SHA512
65a3571cf5b057d2c3ce101346947679f162018fa5eadf79c5a6af6c0a3bc9b12731ff13f27629b14983ef8bc73fa9782cc0a9e6c44b0ffc2627da754c324d6e

Download Submit
C:\Users\Admin\AppData\Roaming\SporaRansomware.exe

Filesize
24KB

MD5
4a4a6d26e6c8a7df0779b00a42240e7b

SHA1
8072bada086040e07fa46ce8c12bf7c453c0e286

SHA256
7ad9ed23a91643b517e82ad5740d24eca16bcae21cfe1c0da78ee80e0d1d3f02

SHA512
c7a7b15d8dbf8e8f8346a4dab083bb03565050281683820319906da4d23b97b39e88f841b30fc8bd690c179a8a54870238506ca60c0f533d34ac11850cdc1a95

Download Submit
C:\Users\Admin\AppData\Roaming\Time.exe

Filesize
111KB

MD5
9d0d2fcb45b1ff9555711b47e0cd65e5

SHA1
958f29a99cbb135c92c5d1cdffb9462be35ee9fd

SHA256
dc476ae39effdd80399b6e36f1fde92c216a5bbdb6b8b2a7ecbe753e91e4c993

SHA512
8fd4ce4674cd52a3c925149945a7a50a139302be17f6ee3f30271ebe1aa6d92bcb15a017dca989cd837a5d23cd56eaacc6344dc7730234a4629186976c857ca9

Download Submit
C:\Users\Admin\AppData\Roaming\Trololo.exe

Filesize
3.0MB

MD5
b6d61b516d41e209b207b41d91e3b90d

SHA1
e50d4b7bf005075cb63d6bd9ad48c92a00ee9444

SHA256
3d0efd55bde5fb7a73817940bac2a901d934b496738b7c5cab7ea0f6228e28fe

SHA512
3217fc904e4c71b399dd273786634a6a6c19064a9bf96960df9b3357001c12b9547813412173149f6185eb5d300492d290342ec955a8347c6f9dcac338c136da

Download Submit
C:\Users\Admin\AppData\Roaming\UIWIX.exe

Filesize
211KB

MD5
a933a1a402775cfa94b6bee0963f4b46

SHA1
18aa7b02f933c753989ba3d16698a5ee3a4d9420

SHA256
146581f0b3fbe00026ee3ebe68797b0e57f39d1d8aecc99fdc3290e9cfadc4fc

SHA512
d83da3c97ffd78c42f49b7bfb50525e7c964004b4b7d9cba839c0d8bf3a5fe0424be3b3782e33c57debc6b13b5420a3fa096643c8b7376b3accfb1bc4e7d7368

Download Submit
C:\Users\Admin\AppData\Roaming\USDB1-E0ETX-TXTXG-TFTXY.KEY

Filesize
1KB

MD5
1caa48a6a31d1641765b4807901ff2e3

SHA1
b3dfcf2108aa063551374de8cd853521d8567069

SHA256
a86e5c4f7e7a13b8abdee90dd89e2780bcccc212c0ea7822cdd6e4598b1634d2

SHA512
1691dde1dcc5cc23c7815a19f70ddc104ad90cbf1d45d31c32272e862c11bab9066efa434c2c7ec3d82b2f6501e6aef9c42331d638fa82dfa2457c31c633f9cc

Download Submit
C:\Users\Admin\AppData\Roaming\USDB1-E0ETX-TXTXG-TFTXY.LST

Filesize
2KB

MD5
c79a61b6ecb1e36fd77543e03227db36

SHA1
f0c68ec2f7fa3a1c559fcab24bd917af38186f68

SHA256
7378575f27c1d3b5362b0048c3c87f845742558d72a593c9f9d79ebcb32e2550

SHA512
5576ccd5bdb58a192ef0e3913f9275bd9a9896b4b60ca95dc0f67e214f0a4006f10d8047c542b44ef1eca872f4713fecbabf4b05bf85b91bc9ee1bb35b3bc6ff

Download Submit
C:\Users\Admin\AppData\Roaming\Utes\otxek.exe

Filesize
67KB

MD5
9182d5ddf38f927ea4012e111f9ea80e

SHA1
824a853f7f2fdd72a59a674d67df26b451bfa104

SHA256
cd086271c64b4f624324ed2fe0c502b712c4a3dbf3ffca7300dab2242b4ba0e8

SHA512
f7906375c54d2fabd38eef6da1fd0fe283aad3b06a1feb474c3cbf2dce195abfc0793ac9e6a0306aeac787c84bd030978190a406961f3f2722836f4b47fba405

Download Submit
C:\Users\Admin\AppData\Roaming\ViraLock.exe

Filesize
194KB

MD5
8803d517ac24b157431d8a462302b400

SHA1
b56afcad22e8cda4d0e2a98808b8e8c5a1059d4e

SHA256
418395efd269bc6534e02c92cb2c568631ada6e54bc55ade4e4a5986605ff786

SHA512
38fdfe0bc873e546b05a8680335526eec61ccc8cf3f37c60eee0bc83ec54570077f1dc1da26142488930eabcc21cb7a33c1b545a194cbfb4c87e430c4b2bfb50

Download Submit
C:\Users\Admin\AppData\Roaming\Vista.exe

Filesize
1.9MB

MD5
faa6cb3e816adaeaabf2930457c79c33

SHA1
6539de41b48d271bf4237e6eb09b0ee40f9a2140

SHA256
6680317e6eaa04315b47aaadd986262cd485c8a4bd843902f4c779c858a3e31b

SHA512
58859556771203d736ee991b651a6a409de7e3059c2afe81d4545864295c383f75cfbabf3cffaa0c412a6ec27bf939f0893c28152f53512c7885e597db8d2c66

Download Submit
C:\Users\Admin\AppData\Roaming\WannaCry.exe

Filesize
224KB

MD5
5c7fb0927db37372da25f270708103a2

SHA1
120ed9279d85cbfa56e5b7779ffa7162074f7a29

SHA256
be22645c61949ad6a077373a7d6cd85e3fae44315632f161adc4c99d5a8e6844

SHA512
a15f97fad744ccf5f620e5aabb81f48507327b898a9aa4287051464019e0f89224c484e9691812e166471af9beaddcfc3deb2ba878658761f4800663beef7206

Download Submit
C:\Users\Admin\AppData\Roaming\WannaCrypt0r.exe

Filesize
3.4MB

MD5
84c82835a5d21bbcf75a61706d8ab549

SHA1
5ff465afaabcbf0150d1a3ab2c2e74f3a4426467

SHA256
ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa

SHA512
90723a50c20ba3643d625595fd6be8dcf88d70ff7f4b4719a88f055d5b3149a4231018ea30d375171507a147e59f73478c0c27948590794554d031e7d54b7244

Download Submit
C:\Users\Admin\AppData\Roaming\Windows-KB2670838.msu.exe

Filesize
728KB

MD5
6e49c75f701aa059fa6ed5859650b910

SHA1
ccb7898c509c3a1de96d2010d638f6a719f6f400

SHA256
f91f02fd27ada64f36f6df59a611fef106ff7734833dea825d0612e73bdfb621

SHA512
ccd1b581a29de52d2313a97eb3c3b32b223dba1e7a49c83f7774b374bc2d16b13fba9566de6762883f3b64ed8e80327b454e5d32392af2a032c22653fed0fff8

Download Submit
C:\Users\Admin\AppData\Roaming\WindowsUpdate.exe

Filesize
760KB

MD5
515198a8dfa7825f746d5921a4bc4db9

SHA1
e1da0b7f046886c1c4ff6993f7f98ee9a1bc90ae

SHA256
0fda176b199295f72fafc3bc25cefa27fa44ed7712c3a24ca2409217e430436d

SHA512
9e47037fe40b79ebf056a9c6279e318d85da9cd7e633230129d77a1b8637ecbafc60be38dd21ca9077ebfcb9260d87ff7fcc85b8699b3135148fe956972de3e8

Download Submit
C:\Users\Admin\AppData\Roaming\Windows\Error file remover 1.0.0.0\install\0A01606\Error file remover.msi

Filesize
1010KB

MD5
27bc9540828c59e1ca1997cf04f6c467

SHA1
bfa6d1ce9d4df8beba2bedf59f86a698de0215f3

SHA256
05c18698c3dc3b2709afd3355ad5b91a60b2121a52e5fcc474e4e47fb8e95e2a

SHA512
a3ae822116cddb52d859de7ffc958541bb47c355a835c5129aade9cc0e5fba3ff25387061deb5b55b5694a535f09fe8669485282eb6e7c818cc7092eb3392848

Download Submit
C:\Users\Admin\AppData\Roaming\Windows\Error file remover 1.0.0.0\install\decoder.dll

Filesize
126KB

MD5
3531cf7755b16d38d5e9e3c43280e7d2

SHA1
19981b17ae35b6e9a0007551e69d3e50aa1afffe

SHA256
76133e832c15aa5cbc49fb3ba09e0b8dd467c307688be2c9e85e79d3bf62c089

SHA512
7b053ba2cf92ef2431b98b2a06bd56340dad94de36d11e326a80cd61b9acb378ac644ac407cf970f4ef8333b8d3fb4ff40b18bb41ec5aee49d79a6a2adcf28fd

Download Submit
C:\Users\Admin\AppData\Roaming\WinlockerVB6Blacksod.exe

Filesize
2.4MB

MD5
dbfbf254cfb84d991ac3860105d66fc6

SHA1
893110d8c8451565caa591ddfccf92869f96c242

SHA256
68b0e1932f3b4439865be848c2d592d5174dbdbaab8f66104a0e5b28c928ee0c

SHA512
5e9ccdf52ebdb548c3fa22f22dd584e9a603ca1163a622db5707dbcc5d01e4835879dcfd28cb1589cbb25aed00f352f7a0a0962b1f38b68fc7d6693375e7666d

Download Submit
C:\Users\Admin\AppData\Roaming\Xyeta.exe

Filesize
84KB

MD5
9d15a3b314600b4c08682b0202700ee7

SHA1
208e79cdb96328d5929248bb8a4dd622cf0684d1

SHA256
3ab3833e31e4083026421c641304369acfd31b957b78af81f3c6ef4968ef0e15

SHA512
9916397b782aaafa68eb6a781ea9a0db27f914035dd586142c818ccbd7e69036896767bedba97489d5100de262a554cf14bcdf4a24edda2c5d37217b265398d3

Download Submit
C:\Users\Admin\AppData\Roaming\YouAreAnIdiot.exe

Filesize
424KB

MD5
e263c5b306480143855655233f76dc5a

SHA1
e7dcd6c23c72209ee5aa0890372de1ce52045815

SHA256
1f69810b8fe71e30a8738278adf09dd982f7de0ab9891d296ce7ea61b3fa4f69

SHA512
e95981eae02d0a8bf44493c64cca8b7e50023332e91d75164735a1d0e38138f358100c93633ff3a0652e1c12a5155cba77d81e01027422d7d5f71000eafb4113

Download Submit
C:\Users\Admin\AppData\Roaming\msg\m_finnish.wnry

Filesize
37KB

MD5
35c2f97eea8819b1caebd23fee732d8f

SHA1
e354d1cc43d6a39d9732adea5d3b0f57284255d2

SHA256
1adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e

SHA512
908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf

Download Submit
C:\Users\Admin\AppData\Roaming\rickroll.exe

Filesize
129KB

MD5
0ec108e32c12ca7648254cf9718ad8d5

SHA1
78e07f54eeb6af5191c744ebb8da83dad895eca1

SHA256
48b08ea78124ca010784d9f0faae751fc4a0c72c0e7149ded81fc03819f5d723

SHA512
1129e685f5dd0cb2fa22ef4fe5da3f1e2632e890333ce17d3d06d04a4097b4d9f4ca7d242611ffc9e26079900945cf04ab6565a1c322e88e161f1929d18a2072

Download Submit
C:\Users\Admin\AppData\Roaming\satan.exe

Filesize
184KB

MD5
c9c341eaf04c89933ed28cbc2739d325

SHA1
c5b7d47aef3bd33a24293138fcba3a5ff286c2a8

SHA256
1a0a2fd546e3c05e15b2db3b531cb8e8755641f5f1c17910ce2fb7bbce2a05b7

SHA512
7cfa6ec0be0f5ae80404c6c709a6fd00ca10a18b6def5ca746611d0d32a9552f7961ab0ebf8a336b27f7058d700205be7fcc859a30d7d185aa9457267090f99b

Download Submit
C:\Users\Admin\AppData\Roaming\u.wry

Filesize
236KB

MD5
cf1416074cd7791ab80a18f9e7e219d9

SHA1
276d2ec82c518d887a8a3608e51c56fa28716ded

SHA256
78e3f87f31688355c0f398317b2d87d803bd87ee3656c5a7c80f0561ec8606df

SHA512
0bb0843a90edacaf1407e6a7273a9fbb896701635e4d9467392b7350ad25a1bec0c1ceef36737b4af5e5841936f4891436eded0533aa3d74c9a54efa42f024c5

Download Submit
C:\Windows\Installer\MSI1916.tmp

Filesize
88KB

MD5
4083cb0f45a747d8e8ab0d3e060616f2

SHA1
dcec8efa7a15fa432af2ea0445c4b346fef2a4d6

SHA256
252b7423b01ff81aea6fe7b40de91abf49f515e9c0c7b95aa982756889f8ac1a

SHA512
26f8949cad02334f9942fda8509579303b81b11bc052a962c5c31a7c6c54a1c96957f30ee241c2206d496d2c519d750d7f6a12b52afdb282fa706f9fee385133

Download Submit
C:\Windows\Installer\MSIAFC.tmp

Filesize
180KB

MD5
d552dd4108b5665d306b4a8bd6083dde

SHA1
dae55ccba7adb6690b27fa9623eeeed7a57f8da1

SHA256
a0367875b68b1699d2647a748278ebce64d5be633598580977aa126a81cf57c5

SHA512
e5545a97014b5952e15bb321135f65c0e24414f8dd606fe454fd2d048d3f769b9318df7cfb2a6bf932eb2bf6d79811b93cb2008115deb0f0fa9db07f32a70969

Download Submit
C:\eDFUqDqCUaUK66W\README_HOW_TO_UNLOCK.HTML

Filesize
1KB

MD5
c784d96ca311302c6f2f8f0bee8c725b

SHA1
dc68b518ce0eef4f519f9127769e3e3fa8edce46

SHA256
a7836550412b0e0963d16d8442b894a1148326b86d119e4d30f1b11956380ef0

SHA512
f97891dc3c3f15b9bc3446bc9d5913431f374aa54cced33d2082cf14d173a8178e29a8d9487c2a1ab87d2f6abf37e915f69f45c0d8b747ad3f17970645c35d98

Download Submit
C:\eDFUqDqCUaUK66W\README_HOW_TO_UNLOCK.TXT

Filesize
330B

MD5
04b892b779d04f3a906fde1a904d98bb

SHA1
1a0d6cb6f921bc06ba9547a84b872ef61eb7e8a5

SHA256
eb22c6ecfd4d7d0fcea5063201ccf5e7313780e007ef47cca01f1369ee0e6be0

SHA512
e946aa4ac3ec9e5a178eac6f4c63a98f46bc85bed3efd6a53282d87aa56e53b4c11bb0d1c58c6c670f9f4ad9952b5e7fd1bb310a8bd7b5b04e7c607d1b74238a

Download Submit
memory/520-527-0x0000024DBA540000-0x0000024DBA557000-memory.dmp

Filesize
92KB

Download
memory/716-537-0x0000028CB25A0000-0x0000028CB25B7000-memory.dmp

Filesize
92KB

Download
memory/716-951-0x0000028CCAF00000-0x0000028CCBF16000-memory.dmp

Filesize
16.1MB

Download
memory/716-1217-0x0000028CB25D0000-0x0000028CB25D6000-memory.dmp

Filesize
24KB

Download
memory/716-282-0x0000028CAFFB0000-0x0000028CB0A4C000-memory.dmp

Filesize
10.6MB

Download
memory/928-346-0x0000000000400000-0x0000000000407200-memory.dmp

Filesize
28KB

Download
memory/1028-708-0x0000000000400000-0x0000000000438000-memory.dmp

Filesize
224KB

Download
memory/1244-484-0x00000000030A0000-0x00000000030AC000-memory.dmp

Filesize
48KB

Download
memory/1244-475-0x0000000000ED0000-0x0000000000FFA000-memory.dmp

Filesize
1.2MB

Download
memory/1244-469-0x00000000009D0000-0x0000000000B71000-memory.dmp

Filesize
1.6MB

Download
memory/1244-470-0x0000000000B80000-0x0000000000C2C000-memory.dmp

Filesize
688KB

Download
memory/1244-471-0x0000000000D30000-0x0000000000D52000-memory.dmp

Filesize
136KB

Download
memory/1244-466-0x0000000000570000-0x000000000062E000-memory.dmp

Filesize
760KB

Download
memory/1244-472-0x0000000000D60000-0x0000000000D8B000-memory.dmp

Filesize
172KB

Download
memory/1244-473-0x0000000000D90000-0x0000000000E2E000-memory.dmp

Filesize
632KB

Download
memory/1244-477-0x0000000001110000-0x00000000011AD000-memory.dmp

Filesize
628KB

Download
memory/1244-481-0x0000000002C20000-0x0000000002C38000-memory.dmp

Filesize
96KB

Download
memory/1244-485-0x00000000030B0000-0x0000000003133000-memory.dmp

Filesize
524KB

Download
memory/1244-467-0x0000000000630000-0x00000000008F9000-memory.dmp

Filesize
2.8MB

Download
memory/1244-468-0x0000000000170000-0x0000000000200000-memory.dmp

Filesize
576KB

Download
memory/1244-474-0x0000000000E30000-0x0000000000ECB000-memory.dmp

Filesize
620KB

Download
memory/1244-483-0x0000000002D30000-0x0000000002D57000-memory.dmp

Filesize
156KB

Download
memory/1244-482-0x0000000002CF0000-0x0000000002D24000-memory.dmp

Filesize
208KB

Download
memory/1244-479-0x00000000014B0000-0x00000000014E0000-memory.dmp

Filesize
192KB

Download
memory/1244-480-0x0000000002BE0000-0x0000000002C11000-memory.dmp

Filesize
196KB

Download
memory/1244-478-0x00000000011B0000-0x00000000012B0000-memory.dmp

Filesize
1024KB

Download
memory/1244-476-0x0000000001000000-0x000000000110B000-memory.dmp

Filesize
1.0MB

Download
memory/1556-536-0x000000001D0F0000-0x000000001D107000-memory.dmp

Filesize
92KB

Download
memory/1740-32197-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/1740-572-0x0000000000400000-0x0000000000430000-memory.dmp

Filesize
192KB

Download
memory/1840-347-0x00007FFD7B113000-0x00007FFD7B115000-memory.dmp

Filesize
8KB

Download
memory/1840-529-0x0000000022620000-0x0000000022637000-memory.dmp

Filesize
92KB

Download
memory/1840-1-0x0000000000820000-0x0000000001820000-memory.dmp

Filesize
16.0MB

Download
memory/1840-0-0x00007FFD7B113000-0x00007FFD7B115000-memory.dmp

Filesize
8KB

Download
memory/1916-953-0x0000000002360000-0x0000000002392000-memory.dmp

Filesize
200KB

Download
memory/1916-27009-0x0000000005450000-0x000000000545E000-memory.dmp

Filesize
56KB

Download
memory/1916-954-0x00000000023F0000-0x0000000002422000-memory.dmp

Filesize
200KB

Download
memory/1972-380-0x0000000002240000-0x0000000002241000-memory.dmp

Filesize
4KB

Download
memory/1972-21-0x0000000002240000-0x0000000002241000-memory.dmp

Filesize
4KB

Download
memory/2052-586-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/2052-382-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/2172-250-0x0000000000970000-0x0000000000BFE000-memory.dmp

Filesize
2.6MB

Download
memory/2172-637-0x0000000000970000-0x0000000000BFE000-memory.dmp

Filesize
2.6MB

Download
memory/2520-544-0x0000000000180000-0x0000000000197000-memory.dmp

Filesize
92KB

Download
memory/2568-345-0x0000000000400000-0x000000000058D000-memory.dmp

Filesize
1.6MB

Download
memory/2568-707-0x0000000000400000-0x000000000058D000-memory.dmp

Filesize
1.6MB

Download
memory/2632-574-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2632-1737-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2640-515-0x000001852DF80000-0x000001852DF97000-memory.dmp

Filesize
92KB

Download
memory/2656-516-0x0000025B4C710000-0x0000025B4C727000-memory.dmp

Filesize
92KB

Download
memory/2708-215-0x00000000000B0000-0x000000000016C000-memory.dmp

Filesize
752KB

Download
memory/2812-517-0x0000017F49160000-0x0000017F49177000-memory.dmp

Filesize
92KB

Download
memory/3304-528-0x000001F0BB1D0000-0x000001F0BB1E7000-memory.dmp

Filesize
92KB

Download
memory/3380-271-0x00000000051F0000-0x0000000005246000-memory.dmp

Filesize
344KB

Download
memory/3380-261-0x0000000004F20000-0x0000000004FBC000-memory.dmp

Filesize
624KB

Download
memory/3380-260-0x0000000000600000-0x0000000000672000-memory.dmp

Filesize
456KB

Download
memory/3448-518-0x0000000003090000-0x00000000030A7000-memory.dmp

Filesize
92KB

Download
memory/3472-526-0x000001F45CFE0000-0x000001F45CFF7000-memory.dmp

Filesize
92KB

Download
memory/3640-519-0x00000224F6130000-0x00000224F6147000-memory.dmp

Filesize
92KB

Download
memory/3684-525-0x000001C3A4840000-0x000001C3A4857000-memory.dmp

Filesize
92KB

Download
memory/3812-520-0x0000015677020000-0x0000015677037000-memory.dmp

Filesize
92KB

Download
memory/3908-521-0x000002C47F390000-0x000002C47F3A7000-memory.dmp

Filesize
92KB

Download
memory/3932-540-0x000001D75E8F0000-0x000001D75E907000-memory.dmp

Filesize
92KB

Download
memory/3972-522-0x000001C02F040000-0x000001C02F057000-memory.dmp

Filesize
92KB

Download
memory/4052-599-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/4060-523-0x00000233C27A0000-0x00000233C27B7000-memory.dmp

Filesize
92KB

Download
memory/4160-524-0x00000269FC9C0000-0x00000269FC9D7000-memory.dmp

Filesize
92KB

Download
memory/4168-532-0x000000001C8A0000-0x000000001C8B7000-memory.dmp

Filesize
92KB

Download
memory/4168-63-0x0000000001520000-0x0000000001530000-memory.dmp

Filesize
64KB

Download
memory/4168-569-0x0000000001520000-0x0000000001530000-memory.dmp

Filesize
64KB

Download
memory/4168-157-0x000000001C7D0000-0x000000001C81C000-memory.dmp

Filesize
304KB

Download
memory/4168-538-0x000000001C8A0000-0x000000001C8B7000-memory.dmp

Filesize
92KB

Download
memory/4168-113-0x000000001C040000-0x000000001C50E000-memory.dmp

Filesize
4.8MB

Download
memory/4168-94-0x000000001BAC0000-0x000000001BB66000-memory.dmp

Filesize
664KB

Download
memory/4168-132-0x000000001C670000-0x000000001C70C000-memory.dmp

Filesize
624KB

Download
memory/4168-156-0x000000001C510000-0x000000001C518000-memory.dmp

Filesize
32KB

Download
memory/4204-541-0x00000143620E0000-0x00000143620F7000-memory.dmp

Filesize
92KB

Download
memory/4208-623-0x0000000000400000-0x00000000006BC000-memory.dmp

Filesize
2.7MB

Download
memory/4208-244-0x0000000000400000-0x00000000006BC000-memory.dmp

Filesize
2.7MB

Download
memory/4292-168-0x0000000004F40000-0x0000000004F4A000-memory.dmp

Filesize
40KB

Download
memory/4292-154-0x0000000004DA0000-0x0000000004E32000-memory.dmp

Filesize
584KB

Download
memory/4292-142-0x0000000005270000-0x0000000005814000-memory.dmp

Filesize
5.6MB

Download
memory/4292-127-0x00000000004F0000-0x0000000000500000-memory.dmp

Filesize
64KB

Download
memory/4568-508-0x0000000010000000-0x0000000010010000-memory.dmp

Filesize
64KB

Download
memory/4732-542-0x000001AEC9730000-0x000001AEC9747000-memory.dmp

Filesize
92KB

Download
memory/4764-465-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/4764-514-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/4780-534-0x000001D915510000-0x000001D915527000-memory.dmp

Filesize
92KB

Download
memory/4900-630-0x0000000000200000-0x000000000026E000-memory.dmp

Filesize
440KB

Download
memory/4908-533-0x0000000000870000-0x0000000000887000-memory.dmp

Filesize
92KB

Download
memory/4928-543-0x00000221D01E0000-0x00000221D01F7000-memory.dmp

Filesize
92KB

Download
memory/4980-535-0x00000000022E0000-0x00000000022F7000-memory.dmp

Filesize
92KB

Download
memory/5168-539-0x000000001B340000-0x000000001B357000-memory.dmp

Filesize
92KB

Download
memory/5380-530-0x00000211BE270000-0x00000211BE287000-memory.dmp

Filesize
92KB

Download
memory/5488-402-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download
memory/5488-407-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download
memory/5488-377-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download
memory/5604-24561-0x00000286A7E60000-0x00000286A93EE000-memory.dmp

Filesize
21.6MB

Download
memory/5604-694-0x000002868C7B0000-0x000002868D7A4000-memory.dmp

Filesize
16.0MB

Download
memory/5652-531-0x0000000000BA0000-0x0000000000BB7000-memory.dmp

Filesize
92KB

Download
memory/5652-231-0x0000000022EA0000-0x0000000022ED8000-memory.dmp

Filesize
224KB

Download
memory/5652-513-0x00007FFD7B113000-0x00007FFD7B115000-memory.dmp

Filesize
8KB

Download
memory/5652-186-0x000000001C690000-0x000000001C698000-memory.dmp

Filesize
32KB

Download
memory/5652-232-0x0000000022E70000-0x0000000022E7E000-memory.dmp

Filesize
56KB

Download
memory/5652-38-0x00007FFD7B113000-0x00007FFD7B115000-memory.dmp

Filesize
8KB

Download
memory/5652-56-0x0000000000080000-0x00000000004E4000-memory.dmp

Filesize
4.4MB

Download
memory/5780-1179-0x0000000000CB0000-0x0000000000CEC000-memory.dmp

Filesize
240KB

Download
memory/5848-1442-0x0000000000400000-0x0000000000B02000-memory.dmp

Filesize
7.0MB

Download
memory/5848-4255-0x0000000000400000-0x0000000000B02000-memory.dmp

Filesize
7.0MB

Download
memory/5920-392-0x0000000010000000-0x0000000010012000-memory.dmp

Filesize
72KB

Download
memory/6160-25853-0x000000002AA00000-0x000000002AA24000-memory.dmp

Filesize
144KB

Download
memory/6304-859-0x0000000000400000-0x000000000056F000-memory.dmp

Filesize
1.4MB

Download
memory/6480-879-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/6480-922-0x0000000000400000-0x0000000000432000-memory.dmp

Filesize
200KB

Download
memory/6608-923-0x0000000000AC0000-0x0000000000B42000-memory.dmp

Filesize
520KB

Download
memory/13224-26421-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/13224-27015-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/42540-27016-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download

Resubmissions

Analysis

Sharing

Errors

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads