File Path and Name: 

Hash: 

Description: 

C:\Windows\Temp\adf\AdFind.exe

SHA1: 2cb6ff75b38a3f24f3b60a2742b6f4d6027f0f2a

Command line Active Directory query tool 

(http://www.joeware.net/freetools/tools/adfind/)

 

C:\Windows\Temp\adf\cor.exe

SHA1: 4a7875427d27ff2a1261f3cc295615da9bd38597 

Unknown 

C:\Windows\Temp\adf\kerbrute_windows_amd64.exe

SHA1: 8e55377990128a9c3ba61a663a8540a8c56f8a54

Tool to enumerate or bruteforce Active 

Directory accounts with Kerberos Pre-

Authentication 

(https://github.com/ropnop/kerbrute)

 

C:\PerfLogs\socks.exe

SHA1: 7052ab1acd0b88912b77862211d0de8777a9dcb4 

Socks proxy tool 

C:\PerfLogs\grub.info.test2\7z.exe

SHA1: e8dcddb302f01d51da3bcbfa6707d025a896aa57

7zip compression tool 

C:\Windows\Temp\r.exe

MD5: 2f3759b5e3f63bc91f25b3129caab726 

 

SHA1: c82fd826adfeef439d0c55843f4696488b1f711c 

 

SHA256: 

dce7c654c62b01ba2116336f563d4c4231283db94b00028c2d82 6649b5f0bfaf 

Ryuk ransomware