Edit tour

Windows Analysis Report
https://t.ly/ZPR23.10

Overview

General Information

Sample URL:	https://t.ly/ZPR23.10
Analysis ID:	1540230
Infos:

Detection

Score:	80
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for dropped file

Yara detected ZipBomb

Creates autostart registry keys with suspicious names

Query firmware table information (likely to detect VMs)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

Tries to steal Mail credentials (via file / registry access)

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Creates a process in suspended mode (likely to inject code)

Creates processes with suspicious names

Drops PE files

Launches processes in debugging mode, may be used to hinder debugging

May sleep (evasive loops) to hinder dynamic analysis

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Searches for user specific document files

Sigma detected: CurrentVersion Autorun Keys Modification

Sigma detected: Direct Autorun Keys Modification

Sigma detected: Potential Persistence Attempt Via Run Keys Using Reg.EXE

Stores files to the Windows start menu directory

Uses reg.exe to modify the Windows registry

Yara detected Credential Stealer

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 6760 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

chrome.exe (PID: 6940 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 --field-trial-handle=1908,i,4206417619455310414,13767620118186559656,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

chrome.exe (PID: 2240 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5956 --field-trial-handle=1908,i,4206417619455310414,13767620118186559656,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

chrome.exe (PID: 6532 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://t.ly/ZPR23.10" MD5: 83395EAB5B03DEA9720F8D7AC0D15CAA)

rundll32.exe (PID: 4040 cmdline: C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding MD5: EF3179D498793BF4234F708D3BE28633)

Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe (PID: 5888 cmdline: "C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe" MD5: 4864A55CFF27F686023456A22371E790)

Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe (PID: 2520 cmdline: "C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe" MD5: 4864A55CFF27F686023456A22371E790)

NR15PJSGLDVJ4UJ5KMQEV4.exe (PID: 1732 cmdline: "C:\Users\user\AppData\Local\Temp\NR15PJSGLDVJ4UJ5KMQEV4.exe" MD5: BDAFCAF9ECD3F3310417E90D91E3E0FC)

cmd.exe (PID: 4532 cmdline: cmd.exe /C reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "*UpdaterCisco" /t REG_SZ /d "rundll32.exe C:\Users\user\Documents\CiscoUpdater000_PARTIAL.dll",EntryPoint /f & exit MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 3408 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

reg.exe (PID: 1112 cmdline: reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "*UpdaterCisco" /t REG_SZ /d "rundll32.exe C:\Users\user\Documents\CiscoUpdater000_PARTIAL.dll",EntryPoint /f MD5: CDD462E86EC0F20DE2A1D781928B1B0C)

cleanup

Yara Signatures

Dropped Files

Source	Rule	Description	Author
C:\Users\user\Downloads\5bedcbf5-8168-4420-86ac-80168b9aa32e.tmp	JoeSecurity_ZipBomb	Yara detected ZipBomb	Joe Security
C:\Users\user\Downloads\5bedcbf5-8168-4420-86ac-80168b9aa32e.tmp	JoeSecurity_ZipBomb	Yara detected ZipBomb	Joe Security
C:\Users\user\Downloads\5bedcbf5-8168-4420-86ac-80168b9aa32e.tmp	JoeSecurity_ZipBomb	Yara detected ZipBomb	Joe Security

Memory Dumps

Source	Rule	Description	Author	Strings
0000000F.00000003.1681013812.0000000000D87000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security

Sigma Signatures

Sigma detected: CurrentVersion Autorun Keys Modification

Source: Registry Key set

Author: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: rundll32.exe C:\Users\user\Documents\CiscoUpdater000_PARTIAL.dll,EntryPoint, EventID: 13, EventType: SetValue, Image: C:\Windows\SysWOW64\reg.exe, ProcessId: 1112, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\*UpdaterCisco

Sigma detected: Direct Autorun Keys Modification

Source: Process started

Author: Victor Sergeev, Daniil Yugoslavskiy, oscd.community: Data: Command: reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "*UpdaterCisco" /t REG_SZ /d "rundll32.exe C:\Users\user\Documents\CiscoUpdater000_PARTIAL.dll",EntryPoint /f , CommandLine: reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "*UpdaterCisco" /t REG_SZ /d "rundll32.exe C:\Users\user\Documents\CiscoUpdater000_PARTIAL.dll",EntryPoint /f , CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\reg.exe, NewProcessName: C:\Windows\SysWOW64\reg.exe, OriginalFileName: C:\Windows\SysWOW64\reg.exe, ParentCommandLine: cmd.exe /C reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "*UpdaterCisco" /t REG_SZ /d "rundll32.exe C:\Users\user\Documents\CiscoUpdater000_PARTIAL.dll",EntryPoint /f & exit, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 4532, ParentProcessName: cmd.exe, ProcessCommandLine: reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "*UpdaterCisco" /t REG_SZ /d "rundll32.exe C:\Users\user\Documents\CiscoUpdater000_PARTIAL.dll",EntryPoint /f , ProcessId: 1112, ProcessName: reg.exe

Sigma detected: Potential Persistence Attempt Via Run Keys Using Reg.EXE

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: cmd.exe /C reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "*UpdaterCisco" /t REG_SZ /d "rundll32.exe C:\Users\user\Documents\CiscoUpdater000_PARTIAL.dll",EntryPoint /f & exit, CommandLine: cmd.exe /C reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "*UpdaterCisco" /t REG_SZ /d "rundll32.exe C:\Users\user\Documents\CiscoUpdater000_PARTIAL.dll",EntryPoint /f & exit, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: "C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe" , ParentImage: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe, ParentProcessId: 5888, ParentProcessName: Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe, ProcessCommandLine: cmd.exe /C reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "*UpdaterCisco" /t REG_SZ /d "rundll32.exe C:\Users\user\Documents\CiscoUpdater000_PARTIAL.dll",EntryPoint /f & exit, ProcessId: 4532, ProcessName: cmd.exe

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Local\Temp\NR15PJSGLDVJ4UJ5KMQEV4.exe

ReversingLabs: Detection: 26%

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.200
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	DNS traffic detected: DNS query: t.ly
Source: global traffic	DNS traffic detected: DNS query: www.dropbox.com
Source: global traffic	DNS traffic detected: DNS query: uc09c682091fb767579f50eff07d.dl.dropboxusercontent.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49700
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49700 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701

Source: C:\Windows\SysWOW64\cmd.exe

Process created: C:\Windows\SysWOW64\reg.exe reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "*UpdaterCisco" /t REG_SZ /d "rundll32.exe C:\Users\user\Documents\CiscoUpdater000_PARTIAL.dll",EntryPoint /f

Source: classification engine

Classification label: mal80.spyw.evad.win@35/10@8/153

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: C:\Windows\System32\conhost.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3408:120:WilError_03

Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe

File created: C:\Users\user\AppData\Local\Temp\NR15PJSGLDVJ4UJ5KMQEV4.exe

Source: C:\Windows\System32\rundll32.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: unknown

Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 --field-trial-handle=1908,i,4206417619455310414,13767620118186559656,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://t.ly/ZPR23.10"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 --field-trial-handle=1908,i,4206417619455310414,13767620118186559656,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: unknown	Process created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Source: unknown	Process created: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe "C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe"
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	Process created: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe "C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe"
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	Process created: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe "C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5956 --field-trial-handle=1908,i,4206417619455310414,13767620118186559656,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "*UpdaterCisco" /t REG_SZ /d "rundll32.exe C:\Users\user\Documents\CiscoUpdater000_PARTIAL.dll",EntryPoint /f & exit
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\reg.exe reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "*UpdaterCisco" /t REG_SZ /d "rundll32.exe C:\Users\user\Documents\CiscoUpdater000_PARTIAL.dll",EntryPoint /f
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5956 --field-trial-handle=1908,i,4206417619455310414,13767620118186559656,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "*UpdaterCisco" /t REG_SZ /d "rundll32.exe C:\Users\user\Documents\CiscoUpdater000_PARTIAL.dll",EntryPoint /f & exit
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\reg.exe reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "*UpdaterCisco" /t REG_SZ /d "rundll32.exe C:\Users\user\Documents\CiscoUpdater000_PARTIAL.dll",EntryPoint /f
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	Process created: C:\Users\user\AppData\Local\Temp\NR15PJSGLDVJ4UJ5KMQEV4.exe "C:\Users\user\AppData\Local\Temp\NR15PJSGLDVJ4UJ5KMQEV4.exe"
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	Process created: C:\Users\user\AppData\Local\Temp\NR15PJSGLDVJ4UJ5KMQEV4.exe "C:\Users\user\AppData\Local\Temp\NR15PJSGLDVJ4UJ5KMQEV4.exe"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	Section loaded: apphelp.dll
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	Section loaded: wininet.dll
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	Section loaded: version.dll
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	Section loaded: msimg32.dll
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	Section loaded: opengl32.dll
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	Section loaded: oledlg.dll
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	Section loaded: winmm.dll
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	Section loaded: glu32.dll
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	Section loaded: k7rn7l32.dll
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	Section loaded: ntd3ll.dll
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	Section loaded: windows.storage.dll
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	Section loaded: wldp.dll
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	Section loaded: winhttp.dll
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	Section loaded: webio.dll
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	Section loaded: mswsock.dll
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	Section loaded: iphlpapi.dll
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	Section loaded: winnsi.dll
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	Section loaded: sspicli.dll
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	Section loaded: dnsapi.dll
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	Section loaded: rasadhlp.dll
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	Section loaded: fwpuclnt.dll
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	Section loaded: schannel.dll
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	Section loaded: mskeyprotect.dll
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	Section loaded: ntasn1.dll
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	Section loaded: ncrypt.dll
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	Section loaded: ncryptsslp.dll
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	Section loaded: msasn1.dll
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	Section loaded: cryptsp.dll
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	Section loaded: rsaenh.dll
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	Section loaded: gpapi.dll
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	Section loaded: dpapi.dll
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	Section loaded: kernel.appcore.dll
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	Section loaded: uxtheme.dll
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	Section loaded: wbemcomn.dll
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	Section loaded: amsi.dll
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	Section loaded: userenv.dll
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	Section loaded: profapi.dll
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	Section loaded: version.dll
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\NR15PJSGLDVJ4UJ5KMQEV4.exe	Section loaded: apphelp.dll
Source: C:\Users\user\AppData\Local\Temp\NR15PJSGLDVJ4UJ5KMQEV4.exe	Section loaded: version.dll
Source: C:\Users\user\AppData\Local\Temp\NR15PJSGLDVJ4UJ5KMQEV4.exe	Section loaded: wininet.dll
Source: C:\Users\user\AppData\Local\Temp\NR15PJSGLDVJ4UJ5KMQEV4.exe	Section loaded: oleacc.dll
Source: C:\Users\user\AppData\Local\Temp\NR15PJSGLDVJ4UJ5KMQEV4.exe	Section loaded: wtsapi32.dll
Source: C:\Users\user\AppData\Local\Temp\NR15PJSGLDVJ4UJ5KMQEV4.exe	Section loaded: userenv.dll
Source: C:\Users\user\AppData\Local\Temp\NR15PJSGLDVJ4UJ5KMQEV4.exe	Section loaded: k7rn7l32.dll
Source: C:\Users\user\AppData\Local\Temp\NR15PJSGLDVJ4UJ5KMQEV4.exe	Section loaded: ntd3ll.dll
Source: C:\Users\user\AppData\Local\Temp\NR15PJSGLDVJ4UJ5KMQEV4.exe	Section loaded: cryptbase.dll
Source: C:\Users\user\AppData\Local\Temp\NR15PJSGLDVJ4UJ5KMQEV4.exe	Section loaded: winmm.dll
Source: C:\Users\user\AppData\Local\Temp\NR15PJSGLDVJ4UJ5KMQEV4.exe	Section loaded: powrprof.dll
Source: C:\Users\user\AppData\Local\Temp\NR15PJSGLDVJ4UJ5KMQEV4.exe	Section loaded: umpdc.dll
Source: C:\Users\user\AppData\Local\Temp\NR15PJSGLDVJ4UJ5KMQEV4.exe	Section loaded: mswsock.dll

Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File created: \dow d naruszenia praw wlasnosci intelektualnej - szczeg ly naruszenia cdn02.exe
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File created: \dow d naruszenia praw wlasnosci intelektualnej - szczeg ly naruszenia cdn02.exe
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File created: \dow d naruszenia praw wlasnosci intelektualnej - szczeg ly naruszenia cdn02.exe
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File created: \dow d naruszenia praw wlasnosci intelektualnej - szczeg ly naruszenia cdn02.exe
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File created: \dow d naruszenia praw wlasnosci intelektualnej - szczeg ly naruszenia cdn02.exe
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File created: \dow d naruszenia praw wlasnosci intelektualnej - szczeg ly naruszenia cdn02.exe

Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe

File created: C:\Users\user\AppData\Local\Temp\NR15PJSGLDVJ4UJ5KMQEV4.exe

Jump to dropped file

Boot Survival

Creates autostart registry keys with suspicious names

Source: C:\Windows\SysWOW64\reg.exe

Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run *UpdaterCisco

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Source: C:\Windows\SysWOW64\reg.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run *UpdaterCisco
Source: C:\Windows\SysWOW64\reg.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run *UpdaterCisco

Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Users\user\AppData\Local\Temp\NR15PJSGLDVJ4UJ5KMQEV4.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX

Malware Analysis System Evasion

Yara detected ZipBomb

Source: Yara match

File source: C:\Users\user\Downloads\5bedcbf5-8168-4420-86ac-80168b9aa32e.tmp, type: DROPPED

Query firmware table information (likely to detect VMs)

Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe

System information queried: FirmwareTableInformation

Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe TID: 2040	Thread sleep time: -30000s >= -30000s
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe TID: 2304	Thread sleep time: -150000s >= -30000s
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe TID: 2304	Thread sleep time: -30000s >= -30000s

Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS

Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe

Process information queried: ProcessInformation

Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe

Process created: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe "C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe"

Source: C:\Windows\SysWOW64\cmd.exe

Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	Queries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\NR15PJSGLDVJ4UJ5KMQEV4.exe	Queries volume information: C:\Users\user\AppData\Local\config VolumeInformation

Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

Stealing of Sensitive Information

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgef
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbch
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncg
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflc
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgk
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahd
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfe
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmon
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbg
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliof
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8h0a78bs.default-release\formhistory.sqlite
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhad
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhm
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdil
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbm
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnba
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcje
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdo
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopg
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjeh
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafa
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgik
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkm
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaoc
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajb
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclg
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkld
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnm
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoa
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemg
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblb
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddfffla
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnid
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhi
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbch
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihd
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcob
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcm
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjh
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdph
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgn
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcob
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddfffla
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaad
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklk
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifb
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfdd
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhk
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdma
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgpp
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnf
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcge
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbn
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8h0a78bs.default-release\cookies.sqlite
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcellj
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbai
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8h0a78bs.default-release\logins.json
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkp
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbic
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdno
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkd
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolaf
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolb
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8h0a78bs.default-release\prefs.js
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeap
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbb
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihoh
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilc
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoadd
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoa
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8h0a78bs.default-release\cert9.db
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfci
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8h0a78bs.default-release\key4.db
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpo
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnkno
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\8h0a78bs.default-release\places.sqlite
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhae
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchh
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For Account
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapac
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdaf
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpak

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Roaming\Conceptworld\Notezilla
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\Favorites
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Roaming\FTPRush
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Roaming\FTPInfo
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Roaming\FTPbox
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\ProgramData\SiteDesigner\3D-FTP
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Roaming\FTPGetter

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Roaming\Binance
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	Key opened: HKEY_USERS.DEFAULT\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	Key opened: HKEY_USERS.DEFAULT\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	Key opened: HKEY_USERS.DEFAULT\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	Key opened: HKEY_USERS.DEFAULT\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000004

Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	Directory queried: C:\Users\user\Documents\BNAGMGSPLO
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	Directory queried: C:\Users\user\Documents\EEGWXUHVUG
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	Directory queried: C:\Users\user\Documents\GAOBCVIQIJ
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	Directory queried: C:\Users\user\Documents\IPKGELNTQY
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	Directory queried: C:\Users\user\Documents\KLIZUSIQEN
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	Directory queried: C:\Users\user\Documents\MXPXCVPDVN
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	Directory queried: C:\Users\user\Documents\NYMMPCEIMA
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	Directory queried: C:\Users\user\Documents\Outlook Files
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	Directory queried: C:\Users\user\Documents\PALRGUCVEH
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	Directory queried: C:\Users\user\Documents\SFPUSAFIOL
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	Directory queried: C:\Users\user\Documents\ZGGKNSUKOP
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	Directory queried: C:\Users\user\Documents\ZQIXMVQGAH
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	Directory queried: C:\Users\user\Documents\GAOBCVIQIJ
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	Directory queried: C:\Users\user\Documents\IPKGELNTQY
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	Directory queried: C:\Users\user\Documents\KLIZUSIQEN
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	Directory queried: C:\Users\user\Documents\MXPXCVPDVN
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	Directory queried: C:\Users\user\Documents\NYMMPCEIMA
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	Directory queried: C:\Users\user\Documents\Outlook Files
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	Directory queried: C:\Users\user\Documents\BNAGMGSPLO
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	Directory queried: C:\Users\user\Documents\GAOBCVIQIJ
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	Directory queried: C:\Users\user\Documents\MXPXCVPDVN
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	Directory queried: C:\Users\user\Documents\NYMMPCEIMA
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	Directory queried: C:\Users\user\Documents\SFPUSAFIOL
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	Directory queried: C:\Users\user\Documents\UOOJJOZIRH
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	Directory queried: C:\Users\user\Documents\ZQIXMVQGAH
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	Directory queried: C:\Users\user\Documents\EEGWXUHVUG
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	Directory queried: C:\Users\user\Documents\GAOBCVIQIJ
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	Directory queried: C:\Users\user\Documents\Outlook Files
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	Directory queried: C:\Users\user\Documents\IPKGELNTQY
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	Directory queried: C:\Users\user\Documents\NYMMPCEIMA
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	Directory queried: C:\Users\user\Documents\PALRGUCVEH
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	Directory queried: C:\Users\user\Documents\GAOBCVIQIJ
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	Directory queried: C:\Users\user\Documents\SFPUSAFIOL
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	Directory queried: C:\Users\user\Documents
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	Directory queried: C:\Users\user\Documents\BNAGMGSPLO
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	Directory queried: C:\Users\user\Documents\IPKGELNTQY
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	Directory queried: C:\Users\user\Documents\NYMMPCEIMA
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	Directory queried: C:\Users\user\Documents\ZGGKNSUKOP
Source: C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe	Directory queried: C:\Users\user\Documents

Source: Yara match

File source: 0000000F.00000003.1681013812.0000000000D87000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Windows Management Instrumentation	111 Registry Run Keys / Startup Folder	11 Process Injection	1 Masquerading	2 OS Credential Dumping	21 Security Software Discovery	Remote Services	1 Email Collection	2 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 DLL Side-Loading	111 Registry Run Keys / Startup Folder	1 Modify Registry	LSASS Memory	111 Virtualization/Sandbox Evasion	Remote Desktop Protocol	31 Data from Local System	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 DLL Side-Loading	1 Disable or Modify Tools	Security Account Manager	1 Process Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	2 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	111 Virtualization/Sandbox Evasion	NTDS	1 File and Directory Discovery	Distributed Component Object Model	Input Capture	Protocol Impersonation	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	11 Process Injection	LSA Secrets	22 System Information Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Rundll32	Cached Domain Credentials	Wi-Fi Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 DLL Side-Loading	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery

Source	Detection	Scanner	Label	Link
C:\Users\user\AppData\Local\Temp\NR15PJSGLDVJ4UJ5KMQEV4.exe	26%	ReversingLabs

Name	IP	Active	Malicious	Reputation
t.ly	104.20.6.133	true	false	unknown
edge-block-www-env.dropbox-dns.com	162.125.66.15	true	false	unknown
www-env.dropbox-dns.com	162.125.66.18	true	false	unknown
uc09c682091fb767579f50eff07d.dl.dropboxusercontent.com	unknown	unknown	false	unknown
www.google.com	unknown	unknown	false	unknown
www.dropbox.com	unknown	unknown	false	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.186.68	unknown	United States	15169	GOOGLEUS	false
185.245.106.67	unknown	Germany	49024	FHE3DE	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
162.125.66.18	www-env.dropbox-dns.com	United States	19679	DROPBOXUS	false
108.177.15.84	unknown	United States	15169	GOOGLEUS	false
142.250.186.174	unknown	United States	15169	GOOGLEUS	false
216.58.206.67	unknown	United States	15169	GOOGLEUS	false
104.20.6.133	t.ly	United States	13335	CLOUDFLARENETUS	false
162.125.66.15	edge-block-www-env.dropbox-dns.com	United States	19679	DROPBOXUS	false
46.8.232.106	unknown	Russian Federation	28917	FIORD-ASIP-transitoperatorinRussiaUkraineandBaltics	false
54.231.199.129	unknown	United States	16509	AMAZON-02US	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
188.114.97.3	unknown	European Union	13335	CLOUDFLARENETUS	false
142.250.185.164	unknown	United States	15169	GOOGLEUS	false
185.166.143.48	unknown	Germany	16509	AMAZON-02US	false
142.250.184.206	unknown	United States	15169	GOOGLEUS	false
142.250.186.99	unknown	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.17
127.0.0.1

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1540230
Start date and time:	2024-10-23 15:27:58 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Sample URL:	https://t.ly/ZPR23.10
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	31
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled
Analysis Mode:	stream
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal80.spyw.evad.win@35/10@8/153

Warnings

Exclude process from analysis (whitelisted): TextInputHost.exe
Excluded IPs from analysis (whitelisted): 142.250.186.99, 108.177.15.84, 142.250.186.174, 34.104.35.123
Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, edgedl.me.gvt1.com, clientservices.googleapis.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Skipping network analysis since amount of network traffic is too extensive
VT rate limit hit for: https://t.ly/ZPR23.10

Created / dropped Files

C:\Users\user\AppData\Local\Temp\NR15PJSGLDVJ4UJ5KMQEV4.exe

Download File

Process:	C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia CDN02.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	8931328
Entropy (8bit):	7.35539101214803
Encrypted:	false
SSDEEP:
MD5:	BDAFCAF9ECD3F3310417E90D91E3E0FC
SHA1:	01EA5E3B71BD4E60DBF4BE286F307712691F739F
SHA-256:	514E8FC85EA7E17BC156B20C6EE967D290C030958BFC038A3E0EF065D28A0037
SHA-512:	18ACC786D47A75D226BD893FED820974B5EDE7CA3F85AA17093799B87497F6DECE2F0DAF4A26F030C2C31A52685AE3693F5E07D9A503C185EE043E1FFAB4A934
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 26%
Reputation:	unknown
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........B...,..,..,......,....,..B..,..A..,..W..,..-...,....,...i.,.....,.....,....,....,.Rich..,.........PE..L...._.................l....\|.....N.............@.................................{.....@..................................w..........\Oz..........8...7......................................... g..@............................................text....p.......l.................. ..`.rdata...0.......(...p..............@..@.data............`..................@....rsrc...\Oz......Pz.................@..@................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\config

Download File

Process:	C:\Users\user\AppData\Local\Temp\NR15PJSGLDVJ4UJ5KMQEV4.exe
File Type:	data
Category:	dropped
Size (bytes):	416
Entropy (8bit):	6.282210482542297
Encrypted:	false
SSDEEP:
MD5:	4BC77CCA61F8CDD883F7A414A56BC82C
SHA1:	36B1BCB2386CE44F9775EA6CDDF3D418E37BD9D3
SHA-256:	5C89C60F073CDB248038E845FE6EDA606FB762BDA1A86549FA6BE087D04D932C
SHA-512:	DD9B0ABF8D48F33933B804DA8CF5824228B39BDE0C3D3BB1E50B657A5CD37A325CA4C6A178CC461EB301E2B9C2BD110277B61B630C39AE46C06311FCB0991ACE
Malicious:	false
Reputation:	unknown
Preview:	.=)S.V.#.W.V.._SSU".A!<.L.;5]Q).X..#M...Q..\@437Q.X'Z"-8\0&M",^X/0%^..(U5..E6.../>)...5..P-.1.$Y88%F74.A..(W.<._2..@!;)[.&4G.(.\...P.:._Q&@,..U.4?X"..B-%..\^<..T...\?.7.!S.$.AS1.L.&.P.R.]W.4M[.2X.Z.V.<.V...G.R[_WZ2V...P.5)@2.5QV.%\...]5_PO<(3...,.....$....18T.%1L[..F .WW..,R.?.G.(?\...R.._[=:)@!^.R. ._!..X./.MX>.P+""_?.+O[...T.\."%V..9<.1..T!..L(?F.3&_.&.[..#Q3..@..R..'Z)*Y^.[TM$8.[.26^(..U;..G4.&\%./W..WZ..!

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 23 12:28:31 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2677
Entropy (8bit):	3.9847793444347146
Encrypted:	false
SSDEEP:
MD5:	37EF2D69F614E5912A729686ED7F2102
SHA1:	5D3CA1744E41D5D5A4AE72891F6C20A58F47963A
SHA-256:	7A33766E3CA099848D793FC7B367DE22E9F1A4CA62401203F564B607E921EFC0
SHA-512:	EC3D44992ED1C5652DF21D120C820063A3EE4C454E48BA51F8ADA67C042EB05EDC5277C3B70D38A6B673A624527350FEDC47DC6A05B933C046D94FF694491516
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,......)tO%......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IWY.k....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VWY.k....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VWY.k....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VWY.k...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VWY.k...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........(%.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 23 12:28:31 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2679
Entropy (8bit):	4.001160055517436
Encrypted:	false
SSDEEP:
MD5:	8AD35895CC32E8331AC871673822028E
SHA1:	EF62D3ACDEFAD367186FA849B66FE40C23B8F505
SHA-256:	61BA0D3E4455C719EABA10D2F145D27BE30A668B0781C55B261CE6F080500A16
SHA-512:	2B45097B07A3ED04BC242E3EEBBDD2B4B6401FD49E7F391621CD8BAC127F58CCB696F03749CEA1226CC841229A6E766F74F31B25FA20EE4FA1185F69A199E6B7
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....d..tO%......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IWY.k....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VWY.k....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VWY.k....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VWY.k...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VWY.k...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........(%.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:54:41 2023, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2693
Entropy (8bit):	4.012274544666533
Encrypted:	false
SSDEEP:
MD5:	4294E08E6D91223A5FDE25984865ACB0
SHA1:	04797890DC724CDFEDC01E71AAA270D2BE0DBB05
SHA-256:	865CF1DF53188AA73F63CEC4B1B40AB404556E70CDF4F68372BB9E060883E29A
SHA-512:	924AF96309C98334D0BD5785612B533B689D09345661844E5A11DD60C785CD644EAC61234B02131B4DC64C6CABAB7E9B55F59DCFF9E2062E4EE59BEAE6A80BE1
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....v. ;.......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IWY.k....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VWY.k....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VWY.k....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VWY.k...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VFW.N...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........(%.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 23 12:28:31 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.997207090546371
Encrypted:	false
SSDEEP:
MD5:	01CB1DAA7F7EDF19DD1A21DF626EBD32
SHA1:	A592B708C72C207E80EC1A2C4446D199DF90EB50
SHA-256:	1F086CE1BF6A79D10720FB14E197C223AD77E54C976568BC32FF5AE83ED7B5DC
SHA-512:	D7BD036E553D668240B3400CB658E532C2A945CBBFE58186DA255C6B3D1AD034DB1644E906D6406D551305033D77E35F89FD0656E7D290E16F3885AFD880C004
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....B.tO%......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IWY.k....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VWY.k....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VWY.k....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VWY.k...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VWY.k...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........(%.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 23 12:28:31 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2681
Entropy (8bit):	3.9903530310853026
Encrypted:	false
SSDEEP:
MD5:	ED4F1B7417CAC1242050AE1D368E5993
SHA1:	584D5CCB85FF9DBD810B7398CC040F0CF0B03510
SHA-256:	9327CDDA8F707E1F7E08E00FA488C9E3AB727AA3C2A0B179585E7D4B1318FEDF
SHA-512:	B125682252C38639952909BED27BEA0D0A9035D6F5C73398684DA81D44DB109D048DE05659C6A4F515CC53910CB61F06EE40FA1CD984762A1C4E65EB495CC80B
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,....]."tO%......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IWY.k....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VWY.k....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VWY.k....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VWY.k...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VWY.k...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........(%.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 23 12:28:31 2024, atime=Mon Oct 2 20:46:57 2023, length=1210144, window=hide
Category:	dropped
Size (bytes):	2683
Entropy (8bit):	3.997212442862174
Encrypted:	false
SSDEEP:
MD5:	C1D5B332044BBA238F167447B0F00312
SHA1:	F53C1675A626AD8DCCBE8BD0DE2AEF3BD2D1CBE7
SHA-256:	2A98AAEA5B71158E73BCF87DFC0A121D7407124791E7ACB2D1488247FE4976C8
SHA-512:	CEFD24B7D0F7FA93CBC2AEA3A20CAD2EC5BB74BDF3F3A4FDDDBA3789447B55EBE4478D66F1D416EDD743EE9107C9EBA8F1C37836DF890AA76AF319B39135694A
Malicious:	false
Reputation:	unknown
Preview:	L..................F.@.. ...$+.,.....W.tO%......y... w......................1....P.O. .:i.....+00.../C:\.....................1.....FWoN..PROGRA~1..t......O.IWY.k....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.VWY.k....L.....................p+j.G.o.o.g.l.e.....T.1.....FW.N..Chrome..>......CW.VWY.k....M......................W..C.h.r.o.m.e.....`.1.....FW.N..APPLIC~1..H......CW.VWY.k...........................W..A.p.p.l.i.c.a.t.i.o.n.....n.2. w..BW. .CHROME~1.EXE..R......CW.VWY.k...........................3.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i...........(%.......C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

C:\Users\user\Downloads\5bedcbf5-8168-4420-86ac-80168b9aa32e.tmp

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Category:	dropped
Size (bytes):	65008
Entropy (8bit):	7.987726137321349
Encrypted:	false
SSDEEP:
MD5:	A471083F68066628600FF63CCD308400
SHA1:	F1903DBE7270CF84B76D8505C33794DC5CA85E98
SHA-256:	EA785FF1B82435A466D3DB583BFFAB35B3D848FFD7E260963B395CE68F3F4796
SHA-512:	980FF4621F7B19D059E835A69062A58A016ED1223BF4FDA80C9EC57B29A71A1B8C4651057872671DED5CCC5B02F0BA6BF7EFD2C207ABA49F60DE9CCFF52825CB
Malicious:	true
Yara Hits:	Rule: JoeSecurity_ZipBomb, Description: Yara detected ZipBomb, Source: C:\Users\user\Downloads\5bedcbf5-8168-4420-86ac-80168b9aa32e.tmp, Author: Joe Security Rule: JoeSecurity_ZipBomb, Description: Yara detected ZipBomb, Source: C:\Users\user\Downloads\5bedcbf5-8168-4420-86ac-80168b9aa32e.tmp, Author: Joe Security Rule: JoeSecurity_ZipBomb, Description: Yara detected ZipBomb, Source: C:\Users\user\Downloads\5bedcbf5-8168-4420-86ac-80168b9aa32e.tmp, Author: Joe Security
Reputation:	unknown
Preview:	PK.........2.Y.0.V.-.h a.T...Dow.d Naruszenia Praw W.asno.ci Intelektualnej - Szczeg..y Naruszenia CDN02.exe.<}\|.....0..l..T..h<8..Z.\|...n..........E....X..e.B.,5.x.5._....[+z.pl.P#.......f..La.%{.......G..n.?...y...~..y..75#;B......B...Q...Ch...v...;ty.[p....U..^w.?.[~g..k..UWt.mE.....ZSTy...;.Zy.../..X..7...\|~.K......._=...<\|..C..^.."W=.V.N+.^.,.F.@.^u.........y..S..U.k..~...'.....G.W]\|.....s#.<..i.B.N..6.....M..&-roCh.....V.?<...?@..l.....jt..+......~9........?.(.Q......W[.vj.m.....). .+o.)B....[..n9B.,..x_...O....20T.5..h5B..#t.:..k...V .x.<.....3........@D..q. .N..vx.\|....C.}....S..b...{..}..6.].Se...L..xI...b...\,.1.-...S........OK..4.....= .....4.Q.8.....Y.6.....x..90...o..Ly.j..!\|.sw..............`$..<.N....o%..L\|..W.....SJ..bx..v..v.i.,...9...Q.a=.d".,...V..O.'.o).Lfg.....Gh.i.O..e\o..q.'.5. T...d.to..T..%..A..P]>.e.4.....?",..)..Wz.......W1..M.c.w..O.D.....T._.&q`.S....(,...G.h....c.n..^..p.*.#....$.7....Qg...16.

C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02.zip.crdownload

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Category:	dropped
Size (bytes):	106427437
Entropy (8bit):	7.999471114700879
Encrypted:	true
SSDEEP:
MD5:	18219F70626BAB0820705CA04EA401E0
SHA1:	0A95BF69F345157186334D03501DDBADF4A72927
SHA-256:	13B555CB80289697C892C5DFE8C22EF18DAF626EB14BEAEE8514B293717545ED
SHA-512:	41CACB59D2FA8A05DB4F8C678AE51DB19732D5BC55A34D2287CEBEE41F1C63061CB71D8137637E67489CCC430497DA039515475B30AB439DE4BF072BC7C5503C
Malicious:	false
Reputation:	unknown
Preview:	PK.........2.Y.0.V.-.h a.T...Dow.d Naruszenia Praw W.asno.ci Intelektualnej - Szczeg..y Naruszenia CDN02.exe.<}\|.....0..l..T..h<8..Z.\|...n..........E....X..e.B.,5.x.5._....[+z.pl.P#.......f..La.%{.......G..n.?...y...~..y..75#;B......B...Q...Ch...v...;ty.[p....U..^w.?.[~g..k..UWt.mE.....ZSTy...;.Zy.../..X..7...\|~.K......._=...<\|..C..^.."W=.V.N+.^.,.F.@.^u.........y..S..U.k..~...'.....G.W]\|.....s#.<..i.B.N..6.....M..&-roCh.....V.?<...?@..l.....jt..+......~9........?.(.Q......W[.vj.m.....). .+o.)B....[..n9B.,..x_...O....20T.5..h5B..#t.:..k...V .x.<.....3........@D..q. .N..vx.\|....C.}....S..b...{..}..6.].Se...L..xI...b...\,.1.-...S........OK..4.....= .....4.Q.8.....Y.6.....x..90...o..Ly.j..!\|.sw..............`$..<.N....o%..L\|..W.....SJ..bx..v..v.i.,...9...Q.a=.d".,...V..O.'.o).Lfg.....Gh.i.O..e\o..q.'.5. T...d.to..T..%..A..P]>.e.4.....?",..)..Wz.......W1..M.c.w..O.D.....T._.&q`.S....(,...G.h....c.n..^..p.*.#....$.7....Qg...16.

C:\Users\user\Downloads\Dow.d Naruszenia Praw WBasno[ci Intelektualnej - Szczeg.By Naruszenia.CDN02.zip (copy)

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	18219F70626BAB0820705CA04EA401E0
SHA1:	0A95BF69F345157186334D03501DDBADF4A72927
SHA-256:	13B555CB80289697C892C5DFE8C22EF18DAF626EB14BEAEE8514B293717545ED
SHA-512:	41CACB59D2FA8A05DB4F8C678AE51DB19732D5BC55A34D2287CEBEE41F1C63061CB71D8137637E67489CCC430497DA039515475B30AB439DE4BF072BC7C5503C
Malicious:	false
Reputation:	unknown
Preview:	PK.........2.Y.0.V.-.h a.T...Dow.d Naruszenia Praw W.asno.ci Intelektualnej - Szczeg..y Naruszenia CDN02.exe.<}\|.....0..l..T..h<8..Z.\|...n..........E....X..e.B.,5.x.5._....[+z.pl.P#.......f..La.%{.......G..n.?...y...~..y..75#;B......B...Q...Ch...v...;ty.[p....U..^w.?.[~g..k..UWt.mE.....ZSTy...;.Zy.../..X..7...\|~.K......._=...<\|..C..^.."W=.V.N+.^.,.F.@.^u.........y..S..U.k..~...'.....G.W]\|.....s#.<..i.B.N..6.....M..&-roCh.....V.?<...?@..l.....jt..+......~9........?.(.Q......W[.vj.m.....). .+o.)B....[..n9B.,..x_...O....20T.5..h5B..#t.:..k...V .x.<.....3........@D..q. .N..vx.\|....C.}....S..b...{..}..6.].Se...L..xI...b...\,.1.-...S........OK..4.....= .....4.Q.8.....Y.6.....x..90...o..Ly.j..!\|.sw..............`$..<.N....o%..L\|..W.....SJ..bx..v..v.i.,...9...Q.a=.d".,...V..O.'.o).Lfg.....Gh.i.O..e\o..q.'.5. T...d.to..T..%..A..P]>.e.4.....?",..)..Wz.......W1..M.c.w..O.D.....T._.&q`.S....(,...G.h....c.n..^..p.*.#....$.7....Qg...16.

C:\Users\user\Downloads\Dow.d Naruszenia Praw WBasno[ci Intelektualnej - Szczeg.By Naruszenia.CDN02.zip.crdownload (copy)

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Category:	dropped
Size (bytes):	0
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:
MD5:	A471083F68066628600FF63CCD308400
SHA1:	F1903DBE7270CF84B76D8505C33794DC5CA85E98
SHA-256:	EA785FF1B82435A466D3DB583BFFAB35B3D848FFD7E260963B395CE68F3F4796
SHA-512:	980FF4621F7B19D059E835A69062A58A016ED1223BF4FDA80C9EC57B29A71A1B8C4651057872671DED5CCC5B02F0BA6BF7EFD2C207ABA49F60DE9CCFF52825CB
Malicious:	false
Reputation:	unknown
Preview:	PK.........2.Y.0.V.-.h a.T...Dow.d Naruszenia Praw W.asno.ci Intelektualnej - Szczeg..y Naruszenia CDN02.exe.<}\|.....0..l..T..h<8..Z.\|...n..........E....X..e.B.,5.x.5._....[+z.pl.P#.......f..La.%{.......G..n.?...y...~..y..75#;B......B...Q...Ch...v...;ty.[p....U..^w.?.[~g..k..UWt.mE.....ZSTy...;.Zy.../..X..7...\|~.K......._=...<\|..C..^.."W=.V.N+.^.,.F.@.^u.........y..S..U.k..~...'.....G.W]\|.....s#.<..i.B.N..6.....M..&-roCh.....V.?<...?@..l.....jt..+......~9........?.(.Q......W[.vj.m.....). .+o.)B....[..n9B.,..x_...O....20T.5..h5B..#t.:..k...V .x.<.....3........@D..q. .N..vx.\|....C.}....S..b...{..}..6.].Se...L..xI...b...\,.1.-...S........OK..4.....= .....4.Q.8.....Y.6.....x..90...o..Ly.j..!\|.sw..............`$..<.N....o%..L\|..W.....SJ..bx..v..v.i.,...9...Q.a=.d".,...V..O.'.o).Lfg.....Gh.i.O..e\o..q.'.5. T...d.to..T..%..A..P]>.e.4.....?",..)..Wz.......W1..M.c.w..O.D.....T._.&q`.S....(,...G.h....c.n..^..p.*.#....$.7....Qg...16.

Static File Info

⊘No static file info

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to hide configuration information within Registry keys, remove information as part of cleaning up, or as part of other techniques to aid in persistence and execution.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse rundll32.exe to proxy execution of malicious code. Using rundll32.exe, vice executing directly (i.e. Shared Modules ), may avoid triggering security tools that may not monitor execution of the rundll32.exe process because of allowlists or false positives from normal operations. Rundll32.exe is commonly associated with executing DLL payloads (ex: `rundll32.exe {DLLname, DLLfunction}` ).
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://t.ly/ZPR23.10

Overview

General Information

Detection

Signatures

Classification

Process Tree

Yara Signatures

Dropped Files

Memory Dumps

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Networking

System Summary

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Mitre Att&ck Matrix

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Created / dropped Files

C:\Users\user\AppData\Local\Temp\NR15PJSGLDVJ4UJ5KMQEV4.exe

C:\Users\user\AppData\Local\config

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk

C:\Users\user\Downloads\5bedcbf5-8168-4420-86ac-80168b9aa32e.tmp

C:\Users\user\Downloads\Dow d Naruszenia Praw Wlasnosci Intelektualnej - Szczeg ly Naruszenia.CDN02.zip.crdownload

C:\Users\user\Downloads\Dow.d Naruszenia Praw WBasno[ci Intelektualnej - Szczeg.By Naruszenia.CDN02.zip (copy)

C:\Users\user\Downloads\Dow.d Naruszenia Praw WBasno[ci Intelektualnej - Szczeg.By Naruszenia.CDN02.zip.crdownload (copy)

Static File Info

Windows Analysis Report
https://t.ly/ZPR23.10