Description	Indicator	Process	Target
File renamed	C:\Users\Admin\Pictures\ApproveNew.png => \??\c:\Users\Admin\Pictures\ApproveNew.png.quantum	C:\Users\Admin\AppData\Local\Temp\511c1021fad76670d6d407139e5fef62b34ca9656fb735bd7d406728568fa280.exe	N/A
File renamed	C:\Users\Admin\Pictures\ConfirmRead.tiff => \??\c:\Users\Admin\Pictures\ConfirmRead.tiff.quantum	C:\Users\Admin\AppData\Local\Temp\511c1021fad76670d6d407139e5fef62b34ca9656fb735bd7d406728568fa280.exe	N/A
File renamed	C:\Users\Admin\Pictures\UnregisterComplete.tiff => \??\c:\Users\Admin\Pictures\UnregisterComplete.tiff.quantum	C:\Users\Admin\AppData\Local\Temp\511c1021fad76670d6d407139e5fef62b34ca9656fb735bd7d406728568fa280.exe	N/A
File opened for modification	\??\c:\Users\Admin\Pictures\RestoreExit.tiff	C:\Users\Admin\AppData\Local\Temp\511c1021fad76670d6d407139e5fef62b34ca9656fb735bd7d406728568fa280.exe	N/A
File renamed	C:\Users\Admin\Pictures\RestoreExit.tiff => \??\c:\Users\Admin\Pictures\RestoreExit.tiff.quantum	C:\Users\Admin\AppData\Local\Temp\511c1021fad76670d6d407139e5fef62b34ca9656fb735bd7d406728568fa280.exe	N/A
File renamed	C:\Users\Admin\Pictures\UnprotectClose.raw => \??\c:\Users\Admin\Pictures\UnprotectClose.raw.quantum	C:\Users\Admin\AppData\Local\Temp\511c1021fad76670d6d407139e5fef62b34ca9656fb735bd7d406728568fa280.exe	N/A
File opened for modification	\??\c:\Users\Admin\Pictures\UnregisterComplete.tiff	C:\Users\Admin\AppData\Local\Temp\511c1021fad76670d6d407139e5fef62b34ca9656fb735bd7d406728568fa280.exe	N/A
File renamed	C:\Users\Admin\Pictures\AddUninstall.raw => \??\c:\Users\Admin\Pictures\AddUninstall.raw.quantum	C:\Users\Admin\AppData\Local\Temp\511c1021fad76670d6d407139e5fef62b34ca9656fb735bd7d406728568fa280.exe	N/A
File opened for modification	\??\c:\Users\Admin\Pictures\ConfirmRead.tiff	C:\Users\Admin\AppData\Local\Temp\511c1021fad76670d6d407139e5fef62b34ca9656fb735bd7d406728568fa280.exe	N/A
File renamed	C:\Users\Admin\Pictures\GetAssert.tif => \??\c:\Users\Admin\Pictures\GetAssert.tif.quantum	C:\Users\Admin\AppData\Local\Temp\511c1021fad76670d6d407139e5fef62b34ca9656fb735bd7d406728568fa280.exe	N/A
File renamed	C:\Users\Admin\Pictures\MeasureGrant.raw => \??\c:\Users\Admin\Pictures\MeasureGrant.raw.quantum	C:\Users\Admin\AppData\Local\Temp\511c1021fad76670d6d407139e5fef62b34ca9656fb735bd7d406728568fa280.exe	N/A

Deletes itself

Description	Indicator	Process	Target
N/A	N/A	C:\Windows\SysWOW64\cmd.exe	N/A

Drops desktop.ini file(s)

Description	Indicator	Process	Target
File opened for modification	\??\c:\Users\Admin\Searches\desktop.ini	C:\Users\Admin\AppData\Local\Temp\511c1021fad76670d6d407139e5fef62b34ca9656fb735bd7d406728568fa280.exe	N/A
File opened for modification	\??\c:\Users\Public\desktop.ini	C:\Users\Admin\AppData\Local\Temp\511c1021fad76670d6d407139e5fef62b34ca9656fb735bd7d406728568fa280.exe	N/A
File opened for modification	\??\c:\Users\Public\Downloads\desktop.ini	C:\Users\Admin\AppData\Local\Temp\511c1021fad76670d6d407139e5fef62b34ca9656fb735bd7d406728568fa280.exe	N/A
File opened for modification	\??\c:\Users\Public\Music\Sample Music\desktop.ini	C:\Users\Admin\AppData\Local\Temp\511c1021fad76670d6d407139e5fef62b34ca9656fb735bd7d406728568fa280.exe	N/A
File opened for modification	\??\c:\Users\Public\Recorded TV\desktop.ini	C:\Users\Admin\AppData\Local\Temp\511c1021fad76670d6d407139e5fef62b34ca9656fb735bd7d406728568fa280.exe	N/A
File opened for modification	\??\c:\Users\Admin\Links\desktop.ini	C:\Users\Admin\AppData\Local\Temp\511c1021fad76670d6d407139e5fef62b34ca9656fb735bd7d406728568fa280.exe	N/A
File opened for modification	\??\c:\Users\Admin\Music\desktop.ini	C:\Users\Admin\AppData\Local\Temp\511c1021fad76670d6d407139e5fef62b34ca9656fb735bd7d406728568fa280.exe	N/A
File opened for modification	\??\c:\Users\Admin\Saved Games\desktop.ini	C:\Users\Admin\AppData\Local\Temp\511c1021fad76670d6d407139e5fef62b34ca9656fb735bd7d406728568fa280.exe	N/A
File opened for modification	\??\c:\Users\Public\Documents\desktop.ini	C:\Users\Admin\AppData\Local\Temp\511c1021fad76670d6d407139e5fef62b34ca9656fb735bd7d406728568fa280.exe	N/A
File opened for modification	\??\c:\Users\Public\Videos\desktop.ini	C:\Users\Admin\AppData\Local\Temp\511c1021fad76670d6d407139e5fef62b34ca9656fb735bd7d406728568fa280.exe	N/A
File opened for modification	\??\c:\Users\Admin\Desktop\desktop.ini	C:\Users\Admin\AppData\Local\Temp\511c1021fad76670d6d407139e5fef62b34ca9656fb735bd7d406728568fa280.exe	N/A
File opened for modification	\??\c:\Users\Admin\Favorites\Links\desktop.ini	C:\Users\Admin\AppData\Local\Temp\511c1021fad76670d6d407139e5fef62b34ca9656fb735bd7d406728568fa280.exe	N/A
File opened for modification	\??\c:\Users\Admin\Pictures\desktop.ini	C:\Users\Admin\AppData\Local\Temp\511c1021fad76670d6d407139e5fef62b34ca9656fb735bd7d406728568fa280.exe	N/A
File opened for modification	\??\c:\Users\Public\Libraries\desktop.ini	C:\Users\Admin\AppData\Local\Temp\511c1021fad76670d6d407139e5fef62b34ca9656fb735bd7d406728568fa280.exe	N/A
File opened for modification	\??\c:\Users\Public\Music\desktop.ini	C:\Users\Admin\AppData\Local\Temp\511c1021fad76670d6d407139e5fef62b34ca9656fb735bd7d406728568fa280.exe	N/A
File opened for modification	\??\c:\Users\Public\Recorded TV\Sample Media\desktop.ini	C:\Users\Admin\AppData\Local\Temp\511c1021fad76670d6d407139e5fef62b34ca9656fb735bd7d406728568fa280.exe	N/A
File opened for modification	\??\c:\Users\Public\Videos\Sample Videos\desktop.ini	C:\Users\Admin\AppData\Local\Temp\511c1021fad76670d6d407139e5fef62b34ca9656fb735bd7d406728568fa280.exe	N/A
File opened for modification	\??\c:\Users\Admin\Contacts\desktop.ini	C:\Users\Admin\AppData\Local\Temp\511c1021fad76670d6d407139e5fef62b34ca9656fb735bd7d406728568fa280.exe	N/A
File opened for modification	\??\c:\Users\Admin\Videos\desktop.ini	C:\Users\Admin\AppData\Local\Temp\511c1021fad76670d6d407139e5fef62b34ca9656fb735bd7d406728568fa280.exe	N/A
File opened for modification	\??\c:\Users\Public\Desktop\desktop.ini	C:\Users\Admin\AppData\Local\Temp\511c1021fad76670d6d407139e5fef62b34ca9656fb735bd7d406728568fa280.exe	N/A
File opened for modification	\??\c:\Users\Admin\Favorites\Links for United States\desktop.ini	C:\Users\Admin\AppData\Local\Temp\511c1021fad76670d6d407139e5fef62b34ca9656fb735bd7d406728568fa280.exe	N/A
File opened for modification	\??\c:\Users\Public\Pictures\desktop.ini	C:\Users\Admin\AppData\Local\Temp\511c1021fad76670d6d407139e5fef62b34ca9656fb735bd7d406728568fa280.exe	N/A
File opened for modification	\??\c:\Users\Public\Pictures\Sample Pictures\desktop.ini	C:\Users\Admin\AppData\Local\Temp\511c1021fad76670d6d407139e5fef62b34ca9656fb735bd7d406728568fa280.exe	N/A
File opened for modification	\??\c:\Users\Admin\Documents\desktop.ini	C:\Users\Admin\AppData\Local\Temp\511c1021fad76670d6d407139e5fef62b34ca9656fb735bd7d406728568fa280.exe	N/A
File opened for modification	\??\c:\Users\Admin\Downloads\desktop.ini	C:\Users\Admin\AppData\Local\Temp\511c1021fad76670d6d407139e5fef62b34ca9656fb735bd7d406728568fa280.exe	N/A
File opened for modification	\??\c:\Users\Admin\Favorites\desktop.ini	C:\Users\Admin\AppData\Local\Temp\511c1021fad76670d6d407139e5fef62b34ca9656fb735bd7d406728568fa280.exe	N/A

Modifies Internet Explorer settings

adware spyware

Description	Indicator	Process	Target
Set value (str)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	C:\Program Files\Internet Explorer\iexplore.exe	N/A
Set value (str)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE	N/A
Set value (data)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 2090ef0f7046d901	C:\Program Files\Internet Explorer\iexplore.exe	N/A
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Main	C:\Program Files\Internet Explorer\iexplore.exe	N/A
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	C:\Program Files\Internet Explorer\iexplore.exe	N/A
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	C:\Program Files\Internet Explorer\iexplore.exe	N/A
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Zoom	C:\Program Files\Internet Explorer\iexplore.exe	N/A
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	C:\Program Files\Internet Explorer\iexplore.exe	N/A
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	C:\Program Files\Internet Explorer\iexplore.exe	N/A
Set value (int)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	C:\Program Files\Internet Explorer\iexplore.exe	N/A
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	C:\Program Files\Internet Explorer\iexplore.exe	N/A
Set value (int)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	C:\Program Files\Internet Explorer\iexplore.exe	N/A
Set value (data)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000dbb59ddc676e394a83d3f942d26f43ca00000000020000000000106600000001000020000000981ad87620cfd88d380f0b20f4ba29e81f7dd26e7c032bbd9aa05d812614931a000000000e8000000002000020000000326a76ee2141cd04aab6e0757aaf46427b2990d3acc97a9fe15a1f9d78e1045190000000e64d07533ef67841621dc499c6fad5717ccf3cb7aad6adf0f0c0885b744e243150b2779340bf056b430e35cdbd99ed523f2eb8082970caed67bbff530b1e26761a3c92280346c36bfdb0452310224b310a2d1068fc6305b125f6a77619ff944dc350d4472db96ea81593f896a047769b5f42ecaaf57e5e3431d1d4834cf725c68deef821aeb5ad96eb873265cbe0460a40000000d739660517399c3900ef84f1453be7609d7c268df3bc01c7d2ffbf19c94441c376648fbbe473fc8660219abe9a54bbd878d5d57bb5900bceb67d7807e30e848e	C:\Program Files\Internet Explorer\iexplore.exe	N/A
Set value (int)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	C:\Program Files\Internet Explorer\iexplore.exe	N/A
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames	C:\Program Files\Internet Explorer\iexplore.exe	N/A
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\GPU	C:\Program Files\Internet Explorer\iexplore.exe	N/A
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\PageSetup	C:\Program Files\Internet Explorer\iexplore.exe	N/A
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Toolbar	C:\Program Files\Internet Explorer\iexplore.exe	N/A
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE	N/A
Set value (str)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	C:\Program Files\Internet Explorer\iexplore.exe	N/A
Set value (data)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	C:\Program Files\Internet Explorer\iexplore.exe	N/A
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	C:\Program Files\Internet Explorer\iexplore.exe	N/A
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	C:\Program Files\Internet Explorer\iexplore.exe	N/A
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\IntelliForms	C:\Program Files\Internet Explorer\iexplore.exe	N/A
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\InternetRegistry	C:\Program Files\Internet Explorer\iexplore.exe	N/A
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\LowRegistry	C:\Program Files\Internet Explorer\iexplore.exe	N/A
Set value (int)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{3893D401-B263-11ED-AC43-E6255E64A624} = "0"	C:\Program Files\Internet Explorer\iexplore.exe	N/A
Set value (int)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "383802449"	C:\Program Files\Internet Explorer\iexplore.exe	N/A
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	C:\Program Files\Internet Explorer\iexplore.exe	N/A
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	C:\Program Files\Internet Explorer\iexplore.exe	N/A
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	C:\Program Files\Internet Explorer\iexplore.exe	N/A
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	C:\Program Files\Internet Explorer\iexplore.exe	N/A
Set value (int)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	C:\Program Files\Internet Explorer\iexplore.exe	N/A
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\SearchScopes	C:\Program Files\Internet Explorer\iexplore.exe	N/A
Set value (data)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000dbb59ddc676e394a83d3f942d26f43ca000000000200000000001066000000010000200000000b7bdf8f9d8dd90595898a5024497eb3cd9f672c2b03897aa31ee72643b03d23000000000e80000000020000200000000599c062c0fe8a9b9fad564ce2d86a3a6065880ce1a8123853fd7e428deaeb9c20000000d2f83335ed75ed85944e2b6752539dec82102f2840f95174da9f25bb63185c7e40000000276ce42917b606d12e588fd909fd2d5433bd9c96d8df0e94494f97357d9c0045dd4db73a635da625a02c339ac5d3598913b318e82a9dd34dbcc1fb07bb92d7d4	C:\Program Files\Internet Explorer\iexplore.exe	N/A
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	C:\Program Files\Internet Explorer\iexplore.exe	N/A
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Main	C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE	N/A
Set value (str)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	C:\Program Files\Internet Explorer\iexplore.exe	N/A

Modifies registry class

Description	Indicator	Process	Target
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\.quantum\shell\Open\command	C:\Users\Admin\AppData\Local\Temp\511c1021fad76670d6d407139e5fef62b34ca9656fb735bd7d406728568fa280.exe	N/A
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\.quantum	C:\Users\Admin\AppData\Local\Temp\511c1021fad76670d6d407139e5fef62b34ca9656fb735bd7d406728568fa280.exe	N/A
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\.quantum\shell	C:\Users\Admin\AppData\Local\Temp\511c1021fad76670d6d407139e5fef62b34ca9656fb735bd7d406728568fa280.exe	N/A
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\.quantum\shell\Open	C:\Users\Admin\AppData\Local\Temp\511c1021fad76670d6d407139e5fef62b34ca9656fb735bd7d406728568fa280.exe	N/A
Set value (str)	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000_CLASSES\.quantum\shell\Open\command\ = "explorer.exe README_TO_DECRYPT.html"	C:\Users\Admin\AppData\Local\Temp\511c1021fad76670d6d407139e5fef62b34ca9656fb735bd7d406728568fa280.exe	N/A

Suspicious behavior: EnumeratesProcesses

Description	Indicator	Process	Target
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\511c1021fad76670d6d407139e5fef62b34ca9656fb735bd7d406728568fa280.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\511c1021fad76670d6d407139e5fef62b34ca9656fb735bd7d406728568fa280.exe	N/A

Suspicious use of AdjustPrivilegeToken

Description	Indicator	Process	Target
Token: SeRestorePrivilege	N/A	C:\Users\Admin\AppData\Local\Temp\511c1021fad76670d6d407139e5fef62b34ca9656fb735bd7d406728568fa280.exe	N/A
Token: SeDebugPrivilege	N/A	C:\Users\Admin\AppData\Local\Temp\511c1021fad76670d6d407139e5fef62b34ca9656fb735bd7d406728568fa280.exe	N/A

Suspicious use of FindShellTrayWindow

Description	Indicator	Process	Target
N/A	N/A	C:\Program Files\Internet Explorer\iexplore.exe	N/A

Suspicious use of SetWindowsHookEx

Description	Indicator	Process	Target
N/A	N/A	C:\Program Files\Internet Explorer\iexplore.exe	N/A
N/A	N/A	C:\Program Files\Internet Explorer\iexplore.exe	N/A
N/A	N/A	C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE	N/A
N/A	N/A	C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE	N/A
N/A	N/A	C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE	N/A
N/A	N/A	C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE	N/A

Suspicious use of WriteProcessMemory

Description	Indicator	Process	Target
PID 1188 wrote to memory of 992	N/A	C:\Users\Admin\AppData\Local\Temp\511c1021fad76670d6d407139e5fef62b34ca9656fb735bd7d406728568fa280.exe	C:\Windows\SysWOW64\cmd.exe
PID 1188 wrote to memory of 992	N/A	C:\Users\Admin\AppData\Local\Temp\511c1021fad76670d6d407139e5fef62b34ca9656fb735bd7d406728568fa280.exe	C:\Windows\SysWOW64\cmd.exe
PID 1188 wrote to memory of 992	N/A	C:\Users\Admin\AppData\Local\Temp\511c1021fad76670d6d407139e5fef62b34ca9656fb735bd7d406728568fa280.exe	C:\Windows\SysWOW64\cmd.exe
PID 1188 wrote to memory of 992	N/A	C:\Users\Admin\AppData\Local\Temp\511c1021fad76670d6d407139e5fef62b34ca9656fb735bd7d406728568fa280.exe	C:\Windows\SysWOW64\cmd.exe
PID 992 wrote to memory of 1732	N/A	C:\Windows\SysWOW64\cmd.exe	C:\Windows\SysWOW64\attrib.exe
PID 992 wrote to memory of 1732	N/A	C:\Windows\SysWOW64\cmd.exe	C:\Windows\SysWOW64\attrib.exe
PID 992 wrote to memory of 1732	N/A	C:\Windows\SysWOW64\cmd.exe	C:\Windows\SysWOW64\attrib.exe
PID 992 wrote to memory of 1732	N/A	C:\Windows\SysWOW64\cmd.exe	C:\Windows\SysWOW64\attrib.exe
PID 1636 wrote to memory of 1528	N/A	C:\Program Files\Internet Explorer\iexplore.exe	C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1636 wrote to memory of 1528	N/A	C:\Program Files\Internet Explorer\iexplore.exe	C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1636 wrote to memory of 1528	N/A	C:\Program Files\Internet Explorer\iexplore.exe	C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
PID 1636 wrote to memory of 1528	N/A	C:\Program Files\Internet Explorer\iexplore.exe	C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Views/modifies file attributes

evasion

Description	Indicator	Process	Target
N/A	N/A	C:\Windows\SysWOW64\attrib.exe	N/A

Processes

C:\Users\Admin\AppData\Local\Temp\511c1021fad76670d6d407139e5fef62b34ca9656fb735bd7d406728568fa280.exe

"C:\Users\Admin\AppData\Local\Temp\511c1021fad76670d6d407139e5fef62b34ca9656fb735bd7d406728568fa280.exe"

C:\Windows\SysWOW64\cmd.exe

cmd /c ""C:\Users\Admin\AppData\Local\Temp\\006C364D.bat" "C:\Users\Admin\AppData\Local\Temp\511c1021fad76670d6d407139e5fef62b34ca9656fb735bd7d406728568fa280.exe""

C:\Windows\SysWOW64\attrib.exe

attrib -s -r -h "C:\Users\Admin\AppData\Local\Temp\511c1021fad76670d6d407139e5fef62b34ca9656fb735bd7d406728568fa280.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\README_TO_DECRYPT.html

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1636 CREDAT:275457 /prefetch:2

Network

Country	Destination	Domain	Proto
US	204.79.197.200:443	ieonline.microsoft.com	tcp

Files

C:\Users\Admin\Desktop\README_TO_DECRYPT.html

MD5	2e98aa73af7f70b1093ebbadcc159516
SHA1	f8ae4add527887e0e09713653f96e98663196732
SHA256	5abd65d8a846737eda80da5ab5ddfd6771a0e4dee4996690edf47c54ad54bc63
SHA512	875bc7c172a976fd8bb40301e3db424aaa7d1adfb0a8ff1e4c1b24cab40f4a5b5e217f939ccc40af4f12b1dd2860c4a0435667d999b8ab71e733ef1819d09657

C:\Users\Admin\AppData\Local\Temp\006C364D.bat

MD5	348cae913e496198548854f5ff2f6d1e
SHA1	a07655b9020205bd47084afd62a8bb22b48c0cdc
SHA256	c80128f51871eec3ae2057989a025ce244277c1c180498a5aaef45d5214b8506
SHA512	799796736d41d3fcb5a7c859571bb025ca2d062c4b86e078302be68c1a932ed4f78e003640df5405274364b5a9a9c0ba5e37177997683ee7ab54e5267590b611

C:\Users\Admin\AppData\Local\Temp\006C364D.bat

MD5	348cae913e496198548854f5ff2f6d1e
SHA1	a07655b9020205bd47084afd62a8bb22b48c0cdc
SHA256	c80128f51871eec3ae2057989a025ce244277c1c180498a5aaef45d5214b8506
SHA512	799796736d41d3fcb5a7c859571bb025ca2d062c4b86e078302be68c1a932ed4f78e003640df5405274364b5a9a9c0ba5e37177997683ee7ab54e5267590b611

memory/1636-322-0x0000000002380000-0x0000000002390000-memory.dmp

memory/1528-323-0x0000000000E60000-0x0000000000E62000-memory.dmp

C:\Users\Admin\Desktop\README_TO_DECRYPT.html

MD5	2e98aa73af7f70b1093ebbadcc159516
SHA1	f8ae4add527887e0e09713653f96e98663196732
SHA256	5abd65d8a846737eda80da5ab5ddfd6771a0e4dee4996690edf47c54ad54bc63
SHA512	875bc7c172a976fd8bb40301e3db424aaa7d1adfb0a8ff1e4c1b24cab40f4a5b5e217f939ccc40af4f12b1dd2860c4a0435667d999b8ab71e733ef1819d09657

C:\Users\Admin\AppData\Local\Temp\CabC332.tmp

MD5	fc4666cbca561e864e7fdf883a9e6661
SHA1	2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5
SHA256	10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b
SHA512	c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

C:\Users\Admin\AppData\Local\Temp\TarC440.tmp

MD5	73b4b714b42fc9a6aaefd0ae59adb009
SHA1	efdaffd5b0ad21913d22001d91bf6c19ecb4ac41
SHA256	c0cf8cc04c34b5b80a2d86ad0eafb2dd71436f070c86b0321fba0201879625fd
SHA512	73af3c51b15f89237552b1718bef21fd80788fa416bab2cb2e7fb3a60d56249a716eda0d2dd68ab643752272640e7eaaaf57ce64bcb38373ddc3d035fb8d57cd

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5	0b391aa89d3dc3036c72b7e65b71c90f
SHA1	67fccab552a52095bd8bee9c3dc1d184e1050381
SHA256	67baef66a414906266bb3e8dd1c8162b258c960ca00ea3810189a6da6709ee84
SHA512	3040492f180f1473dfeaacba7796008c84ffacb03e66a60aa56c4ed33bc59bc704e3b873b92561fdb4aaee0b127830a93b9c863807c802a9e40ae93612abf4be

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5	2c1dc39c1d8b7616f69fdd4629855abc
SHA1	00d3df1702abf89e7464e792a1cd56451999c7ea
SHA256	418bb9f8574f460999e31b4359f6cec32f06e0d5d341ec9cd3ca8f3426816174
SHA512	45bc58500c82cfce3f932b4c2f3bd30a231a42219a1e5d57456e8365719c2d17edafd423a3d248c5638b426d2c6f82f1a05898a5df988341cc28095fd8c6b69d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5	c8708c766de49e8d6cca893630b997b4
SHA1	c09cac77904b45e6a619677dbce600e426d2f7c6
SHA256	dd7ffa3699c5c356251179ec949051178a355b36163589702115cc1c2bf292eb
SHA512	2f920ae884e7b2c0a8c0f25f1c69189377c2adb6aa1f9d6677b5023751e3947005fa542b16d9d997872afcd3c47eb3b39c2fc9bc3a3b3503709e9790d03903cf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5	71866353eb1b92606c4c9d656e95ce12
SHA1	e53b6cd799cfddd027939851c6211a5777f00ce7
SHA256	59f6680e368bdcc4fa870fc8a2197366e0aede78a07e776121667065ea79c89a
SHA512	2562ea32b3fa60aff97e6eaedd8c2c0a079e15104403fb197939b72b5a9dbb6fefdaf6f6b427ef5d0ed7f1c11075bc53e0b457980239a42a981d21af8ec03d66

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5	4a9c4300026bc9c74b8b3075dfc9e160
SHA1	a67d933427cb9f20069f270c5e7666755dfe0f2b
SHA256	5cb64475ad3a7b9eeddaa67ca26aa3df87842824f1518870ff63535155b28831
SHA512	e49b0f58915a805ae569758c6441ff2c1eac7967ad513212c940c5de03164965f50239feb3e45fb98268248d67b59b48c1b5d5bf439d9e6b4490eb6b9b3b0dac

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5	bb705a8d05121bfa636b1cc03002af49
SHA1	7b300f3c9fa9a45e1026f2e9b46a4186908e8840
SHA256	edbb4c1768b59d7640014445dd53e84c00725705ed2a0208c8767e55ab8c8cb8
SHA512	e30d1397fa37f9c6e161cbdc5ef3a83437b73203d3f955106a9e06207c7535ac11ba5049c5f69e66b21b40a27bb00d54506c9439f80ddcc19a9cc0cccf0bdf2d

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5	e334e92532e902645aa36aa2b3d89ea6
SHA1	a95f511e7ea7506738b6a6e111813e4270246c92
SHA256	a22f9d2ed22ab35cd5d4eb50246c15bcad5d050570119b139ded39ace5d940fd
SHA512	860e177c7e951ebb55aa039570a932d6a6da2b647e7bad5beb09c5cb664a26dc11fb8968d579a429f4ecc6094a136883ddb2c9ecd7a41267f39a4706b20b414b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5	80c127e9baa37c8014088557fa71c0dd
SHA1	ddc81ea7db61a5ed08989801d20b720a29764915
SHA256	797d478846c1687749d5a76fd4782077a9a296e03bedd6c6238249c3ba04c150
SHA512	117f61f9d8540f36d63e20c45491e825728f305def1ccc5bc0b4232e822ef37cf20a71ebd118e29f76e0edd2cc147c022b058f88bb3cd37d6f149589c5b863bb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5	fa9bac2310329b6b404025bedb7b9f57
SHA1	d1a47ed51e0a41cdef178a1d292746cac8da6da9
SHA256	c47ba804773478e5ca2ae9b49ef4593554abf4da8d2cf9d11479446c72a780cd
SHA512	73ffd245cd2fa5dab32aa8e4aa70741e008a7c6e502cc69cb2e464def25a56088bd1df437f9908356df0b704216d546a0ebdc627709657292730239e8680ef6e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5	aa38cd9b64094dc7cb3cbde132987023
SHA1	c35f6d6dbf738e39c4d26f7860e9a7ebb43a6357
SHA256	9b30df0d49310ace1d3d634d8c32e457a609bb1a33213f2b0ee3f1850240b9c3
SHA512	96e654069ce9b76474c76d8c350e76cf0ea5567d7f0e340030225a95f78b674037284bd50297f04c092daa24d7a971dbe52a45ca32b85249fe57fa16463720aa

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\S143F6TG.txt

MD5	1868976d152db5c1fbf135e28a23247d
SHA1	d074c7d7e61705043722acd1ef09fdf548cff3e2
SHA256	96575a26e260e2aa4aec1188cd5472e0ca9349805590f73ebd7f9b3d6bafd2cd
SHA512	a0b830c816a611c7b600c94992aa1c88f4acc7d0c7805f4b6a3e05588ff72d35b6e6ef7d5e56c3df9135b12fccd4487db38c8e14d4a675844281450fa5b9c488

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S7FIT0B8\suggestions[1].en-US

MD5	5a34cb996293fde2cb7a4ac89587393a
SHA1	3c96c993500690d1a77873cd62bc639b3a10653f
SHA256	c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512	e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Analysis: behavioral2

Detonation Overview

Submitted

2023-02-22 02:43

Reported

2023-02-22 02:45

Platform

win10v2004-20230220-en

Max time kernel

87s

Max time network

76s

Command Line

"C:\Users\Admin\AppData\Local\Temp\511c1021fad76670d6d407139e5fef62b34ca9656fb735bd7d406728568fa280.exe"

Signatures

Quantum Ransomware

ransomware quantum

Modifies extensions of user files

ransomware

Description	Indicator	Process	Target
File renamed	C:\Users\Admin\Pictures\CopyReset.tif => \??\c:\Users\Admin\Pictures\CopyReset.tif.quantum	C:\Users\Admin\AppData\Local\Temp\511c1021fad76670d6d407139e5fef62b34ca9656fb735bd7d406728568fa280.exe	N/A
File opened for modification	\??\c:\Users\Admin\Pictures\CopySuspend.tiff	C:\Users\Admin\AppData\Local\Temp\511c1021fad76670d6d407139e5fef62b34ca9656fb735bd7d406728568fa280.exe	N/A
File renamed	C:\Users\Admin\Pictures\CopySuspend.tiff => \??\c:\Users\Admin\Pictures\CopySuspend.tiff.quantum	C:\Users\Admin\AppData\Local\Temp\511c1021fad76670d6d407139e5fef62b34ca9656fb735bd7d406728568fa280.exe	N/A
File opened for modification	\??\c:\Users\Admin\Pictures\MergeSubmit.tiff	C:\Users\Admin\AppData\Local\Temp\511c1021fad76670d6d407139e5fef62b34ca9656fb735bd7d406728568fa280.exe	N/A
File renamed	C:\Users\Admin\Pictures\MergeSubmit.tiff => \??\c:\Users\Admin\Pictures\MergeSubmit.tiff.quantum	C:\Users\Admin\AppData\Local\Temp\511c1021fad76670d6d407139e5fef62b34ca9656fb735bd7d406728568fa280.exe	N/A
File renamed	C:\Users\Admin\Pictures\SaveSkip.png => \??\c:\Users\Admin\Pictures\SaveSkip.png.quantum	C:\Users\Admin\AppData\Local\Temp\511c1021fad76670d6d407139e5fef62b34ca9656fb735bd7d406728568fa280.exe	N/A
File renamed	C:\Users\Admin\Pictures\SkipResolve.tiff => \??\c:\Users\Admin\Pictures\SkipResolve.tiff.quantum	C:\Users\Admin\AppData\Local\Temp\511c1021fad76670d6d407139e5fef62b34ca9656fb735bd7d406728568fa280.exe	N/A
File renamed	C:\Users\Admin\Pictures\ConnectRevoke.png => \??\c:\Users\Admin\Pictures\ConnectRevoke.png.quantum	C:\Users\Admin\AppData\Local\Temp\511c1021fad76670d6d407139e5fef62b34ca9656fb735bd7d406728568fa280.exe	N/A
File opened for modification	\??\c:\Users\Admin\Pictures\UninstallOut.tiff	C:\Users\Admin\AppData\Local\Temp\511c1021fad76670d6d407139e5fef62b34ca9656fb735bd7d406728568fa280.exe	N/A
File renamed	C:\Users\Admin\Pictures\UninstallOut.tiff => \??\c:\Users\Admin\Pictures\UninstallOut.tiff.quantum	C:\Users\Admin\AppData\Local\Temp\511c1021fad76670d6d407139e5fef62b34ca9656fb735bd7d406728568fa280.exe	N/A
File renamed	C:\Users\Admin\Pictures\WriteRedo.png => \??\c:\Users\Admin\Pictures\WriteRedo.png.quantum	C:\Users\Admin\AppData\Local\Temp\511c1021fad76670d6d407139e5fef62b34ca9656fb735bd7d406728568fa280.exe	N/A
File opened for modification	\??\c:\Users\Admin\Pictures\SkipResolve.tiff	C:\Users\Admin\AppData\Local\Temp\511c1021fad76670d6d407139e5fef62b34ca9656fb735bd7d406728568fa280.exe	N/A

Drops desktop.ini file(s)

Description	Indicator	Process	Target
File opened for modification	\??\c:\Users\Admin\Searches\desktop.ini	C:\Users\Admin\AppData\Local\Temp\511c1021fad76670d6d407139e5fef62b34ca9656fb735bd7d406728568fa280.exe	N/A
File opened for modification	\??\c:\Users\Admin\Videos\desktop.ini	C:\Users\Admin\AppData\Local\Temp\511c1021fad76670d6d407139e5fef62b34ca9656fb735bd7d406728568fa280.exe	N/A
File opened for modification	\??\c:\Users\Admin\3D Objects\desktop.ini	C:\Users\Admin\AppData\Local\Temp\511c1021fad76670d6d407139e5fef62b34ca9656fb735bd7d406728568fa280.exe	N/A
File opened for modification	\??\c:\Users\Admin\Contacts\desktop.ini	C:\Users\Admin\AppData\Local\Temp\511c1021fad76670d6d407139e5fef62b34ca9656fb735bd7d406728568fa280.exe	N/A
File opened for modification	\??\c:\Users\Admin\Documents\desktop.ini	C:\Users\Admin\AppData\Local\Temp\511c1021fad76670d6d407139e5fef62b34ca9656fb735bd7d406728568fa280.exe	N/A
File opened for modification	\??\c:\Users\Admin\Favorites\desktop.ini	C:\Users\Admin\AppData\Local\Temp\511c1021fad76670d6d407139e5fef62b34ca9656fb735bd7d406728568fa280.exe	N/A
File opened for modification	\??\c:\Users\Admin\Links\desktop.ini	C:\Users\Admin\AppData\Local\Temp\511c1021fad76670d6d407139e5fef62b34ca9656fb735bd7d406728568fa280.exe	N/A
File opened for modification	\??\c:\Users\Admin\Pictures\Saved Pictures\desktop.ini	C:\Users\Admin\AppData\Local\Temp\511c1021fad76670d6d407139e5fef62b34ca9656fb735bd7d406728568fa280.exe	N/A
File opened for modification	\??\c:\Users\Public\desktop.ini	C:\Users\Admin\AppData\Local\Temp\511c1021fad76670d6d407139e5fef62b34ca9656fb735bd7d406728568fa280.exe	N/A
File opened for modification	\??\c:\Users\Public\Documents\desktop.ini	C:\Users\Admin\AppData\Local\Temp\511c1021fad76670d6d407139e5fef62b34ca9656fb735bd7d406728568fa280.exe	N/A
File opened for modification	\??\c:\Users\Public\Libraries\desktop.ini	C:\Users\Admin\AppData\Local\Temp\511c1021fad76670d6d407139e5fef62b34ca9656fb735bd7d406728568fa280.exe	N/A
File opened for modification	\??\c:\Users\Public\Videos\desktop.ini	C:\Users\Admin\AppData\Local\Temp\511c1021fad76670d6d407139e5fef62b34ca9656fb735bd7d406728568fa280.exe	N/A
File opened for modification	\??\c:\Users\Admin\Downloads\desktop.ini	C:\Users\Admin\AppData\Local\Temp\511c1021fad76670d6d407139e5fef62b34ca9656fb735bd7d406728568fa280.exe	N/A
File opened for modification	\??\c:\Users\Admin\Favorites\Links\desktop.ini	C:\Users\Admin\AppData\Local\Temp\511c1021fad76670d6d407139e5fef62b34ca9656fb735bd7d406728568fa280.exe	N/A
File opened for modification	\??\c:\Users\Admin\OneDrive\desktop.ini	C:\Users\Admin\AppData\Local\Temp\511c1021fad76670d6d407139e5fef62b34ca9656fb735bd7d406728568fa280.exe	N/A
File opened for modification	\??\c:\Users\Admin\Pictures\Camera Roll\desktop.ini	C:\Users\Admin\AppData\Local\Temp\511c1021fad76670d6d407139e5fef62b34ca9656fb735bd7d406728568fa280.exe	N/A
File opened for modification	\??\c:\Users\Admin\Pictures\desktop.ini	C:\Users\Admin\AppData\Local\Temp\511c1021fad76670d6d407139e5fef62b34ca9656fb735bd7d406728568fa280.exe	N/A
File opened for modification	\??\c:\Users\Public\Pictures\desktop.ini	C:\Users\Admin\AppData\Local\Temp\511c1021fad76670d6d407139e5fef62b34ca9656fb735bd7d406728568fa280.exe	N/A
File opened for modification	\??\c:\Users\Admin\Desktop\desktop.ini	C:\Users\Admin\AppData\Local\Temp\511c1021fad76670d6d407139e5fef62b34ca9656fb735bd7d406728568fa280.exe	N/A
File opened for modification	\??\c:\Users\Admin\Music\desktop.ini	C:\Users\Admin\AppData\Local\Temp\511c1021fad76670d6d407139e5fef62b34ca9656fb735bd7d406728568fa280.exe	N/A
File opened for modification	\??\c:\Users\Admin\Saved Games\desktop.ini	C:\Users\Admin\AppData\Local\Temp\511c1021fad76670d6d407139e5fef62b34ca9656fb735bd7d406728568fa280.exe	N/A
File opened for modification	\??\c:\Users\Public\AccountPictures\desktop.ini	C:\Users\Admin\AppData\Local\Temp\511c1021fad76670d6d407139e5fef62b34ca9656fb735bd7d406728568fa280.exe	N/A
File opened for modification	\??\c:\Users\Public\Music\desktop.ini	C:\Users\Admin\AppData\Local\Temp\511c1021fad76670d6d407139e5fef62b34ca9656fb735bd7d406728568fa280.exe	N/A
File opened for modification	\??\c:\Users\Public\Desktop\desktop.ini	C:\Users\Admin\AppData\Local\Temp\511c1021fad76670d6d407139e5fef62b34ca9656fb735bd7d406728568fa280.exe	N/A
File opened for modification	\??\c:\Users\Public\Downloads\desktop.ini	C:\Users\Admin\AppData\Local\Temp\511c1021fad76670d6d407139e5fef62b34ca9656fb735bd7d406728568fa280.exe	N/A

Drops file in Program Files directory

Description	Indicator	Process	Target
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\af48ef3e-6d5c-41ca-8f40-00d4e2ebc3b8.tmp	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe	N/A
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230222034427.pma	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe	N/A

Enumerates system info in registry

Description	Indicator	Process	Target
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A

Modifies registry class

Description	Indicator	Process	Target
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\.quantum\shell\Open\command	C:\Users\Admin\AppData\Local\Temp\511c1021fad76670d6d407139e5fef62b34ca9656fb735bd7d406728568fa280.exe	N/A
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\.quantum	C:\Users\Admin\AppData\Local\Temp\511c1021fad76670d6d407139e5fef62b34ca9656fb735bd7d406728568fa280.exe	N/A
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\.quantum\shell	C:\Users\Admin\AppData\Local\Temp\511c1021fad76670d6d407139e5fef62b34ca9656fb735bd7d406728568fa280.exe	N/A
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\.quantum\shell\Open	C:\Users\Admin\AppData\Local\Temp\511c1021fad76670d6d407139e5fef62b34ca9656fb735bd7d406728568fa280.exe	N/A
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\.quantum\shell\Open\command\ = "explorer.exe README_TO_DECRYPT.html"	C:\Users\Admin\AppData\Local\Temp\511c1021fad76670d6d407139e5fef62b34ca9656fb735bd7d406728568fa280.exe	N/A

Suspicious behavior: EnumeratesProcesses

Description	Indicator	Process	Target
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\511c1021fad76670d6d407139e5fef62b34ca9656fb735bd7d406728568fa280.exe	N/A
N/A	N/A	C:\Users\Admin\AppData\Local\Temp\511c1021fad76670d6d407139e5fef62b34ca9656fb735bd7d406728568fa280.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe	N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description	Indicator	Process	Target
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A

Suspicious use of AdjustPrivilegeToken

Description	Indicator	Process	Target
Token: SeRestorePrivilege	N/A	C:\Users\Admin\AppData\Local\Temp\511c1021fad76670d6d407139e5fef62b34ca9656fb735bd7d406728568fa280.exe	N/A
Token: SeDebugPrivilege	N/A	C:\Users\Admin\AppData\Local\Temp\511c1021fad76670d6d407139e5fef62b34ca9656fb735bd7d406728568fa280.exe	N/A

Suspicious use of FindShellTrayWindow

Description	Indicator	Process	Target
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A

Suspicious use of SendNotifyMessage

Description	Indicator	Process	Target
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A
N/A	N/A	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	N/A

Suspicious use of WriteProcessMemory

Processes

C:\Users\Admin\AppData\Local\Temp\511c1021fad76670d6d407139e5fef62b34ca9656fb735bd7d406728568fa280.exe

"C:\Users\Admin\AppData\Local\Temp\511c1021fad76670d6d407139e5fef62b34ca9656fb735bd7d406728568fa280.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\README_TO_DECRYPT.html

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xe0,0x74,0x7ffb93d046f8,0x7ffb93d04708,0x7ffb93d04718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,16485669479020393513,1463554804167729830,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,16485669479020393513,1463554804167729830,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,16485669479020393513,1463554804167729830,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2928 /prefetch:8

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16485669479020393513,1463554804167729830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3720 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16485669479020393513,1463554804167729830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3724 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16485669479020393513,1463554804167729830,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3516 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16485669479020393513,1463554804167729830,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,16485669479020393513,1463554804167729830,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5860 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x228,0x22c,0x230,0x224,0x234,0x7ff668555460,0x7ff668555470,0x7ff668555480

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16485669479020393513,1463554804167729830,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16485669479020393513,1463554804167729830,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1

Network

Country	Destination	Domain	Proto
IE	20.50.80.210:443		tcp
US	8.8.8.8:53	250.255.255.239.in-addr.arpa	udp
N/A	224.0.0.251:5353		udp
NL	8.238.179.126:80		tcp
NL	173.223.113.164:443		tcp
NL	8.238.179.126:80		tcp
US	8.8.8.8:53	0.77.109.52.in-addr.arpa	udp

Files

C:\Users\Admin\.oracle_jre_usage\README_TO_DECRYPT.html

MD5	9d1ea4a8e30e5d421f810fdcbb25022f
SHA1	f7b7173124d295db4bbfbe7c0c4644662437ea76
SHA256	8ccbac59a2d86a88a9e455228df5e4b49fb3a916d5be6e58e7ef9410d140e32e
SHA512	2fdb323ee4a62c680489dbcfb90402715f8a09f775c4a1e22347f261a73c6ab91d5fff740ed1434f2c97f02132c85a4c18dd3ed996c80a500cf24b72072128d2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5	b8c9383861d9295966a7f745d7b76a13
SHA1	d77273648971ec19128c344f78a8ffeb8a246645
SHA256	b75207c223dfc38fbb3dbf03107043a7dce74129d88053c9316350c97ac26d2e
SHA512	094e6978e09a6e762022e8ff57935a26b3171a0627639ca91a373bddd06092241d695b9f3b609ba60bc28e78a5c78cf0f072d79cd5769f1b9f6d873169f0df14

memory/2396-383-0x00007FFBB01A0000-0x00007FFBB01A1000-memory.dmp

\??\pipe\LOCAL\crashpad_3284_VSSHHBSMHPLEENKX

MD5	d41d8cd98f00b204e9800998ecf8427e
SHA1	da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256	e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512	cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

MD5	e5e3377341056643b0494b6842c0b544
SHA1	d53fd8e256ec9d5cef8ef5387872e544a2df9108
SHA256	e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25
SHA512	83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5	d41d8cd98f00b204e9800998ecf8427e
SHA1	da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256	e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512	cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\Desktop\README_TO_DECRYPT.html

MD5	9d1ea4a8e30e5d421f810fdcbb25022f
SHA1	f7b7173124d295db4bbfbe7c0c4644662437ea76
SHA256	8ccbac59a2d86a88a9e455228df5e4b49fb3a916d5be6e58e7ef9410d140e32e
SHA512	2fdb323ee4a62c680489dbcfb90402715f8a09f775c4a1e22347f261a73c6ab91d5fff740ed1434f2c97f02132c85a4c18dd3ed996c80a500cf24b72072128d2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

MD5	46295cac801e5d4857d09837238a6394
SHA1	44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256	0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512	8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5	bad4b833847900837048b1b3e3b63097
SHA1	bc0bb11d9c0fda8dd05a49e6de976b2035170a49
SHA256	56c1a7be6f15c4ddfcb62feb421eb7ae6bf0aa99f604944fb9ef443ed6f9f9d4
SHA512	7415f7a4c1c37a36236727ec1c1aee79c9485400ec567b6fb1e3cb7054c99c517cb33376b59af4f033c8946b42709f23b21e585f07d3f9d93038a58673268ad5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

MD5	60b345592703258c513cb5fc34a2f835
SHA1	39991bd7ea37e2fc394be3b253ef96ce04088a6d
SHA256	7e358b4f7553c9385e8eb2c5692d426bc257bbd4c0213e6c69294459734f6300
SHA512	0346fb4096eb285ab0fdf7e7ec38c4daf7bbb0c506f09975eb2290121d169a34c886fca342c3e06371cb697f2753a697ca4f72af7817ed340eee6063897110a5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

MD5	5af87dfd673ba2115e2fcf5cfdb727ab
SHA1	d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256	f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512	de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk

MD5	9ad50c07aa8235d87f46ec474fdeaaca
SHA1	edf3ad0820cbcd2e1febf213b720add9fe0c2142
SHA256	8b88d39f0ea622dfd2ce62a273cf1740067b9597804be379948c27992d778d60
SHA512	f5e664820dff3613dd77742e6b90e0beebd20b6a0dd04528d080de7ec8b45131cf0caf39f2be7b8978a5a500067718cef598302e324f260164cb4101fac05b96

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5	4f2b91ab3d8f260de5855185ced85953
SHA1	8d6590a11edc9b9df566f03496607171d9140929
SHA256	6edcf6698acf199a420b0e57197904aa3db9e8cfe8d0baacdaf0f3f7ebe64f3c
SHA512	72cbb6ad0a833aa40fbba0c55e2b8f0f60ec2cc7dc7b10e949890031b976c6968b10475b354cb5e9e529a103f3c61a83677a5004f3b2dc1b0849c419188ce8e0

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

MD5	82c7a1cb8efe2fc562ae229522ee392f
SHA1	9189d056d143d9739b3bc38cd21985716d68619e
SHA256	680a836b371bfaa1ef8b2bcf5df820afe907f6f3fd7eff70618c187e286e5a8e
SHA512	352e2ec8f4f0a04db4253171bddf679698d70ad189c73a052d1a88cf112fbf58519f06a54c73e865509e9e714078bbe9b999cc3a75906c61391ce09074ce982c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5	206702161f94c5cd39fadd03f4014d98
SHA1	bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256	1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512	0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5	b8e1158943f6f925b90ed265eb393d86
SHA1	c1bce45efe64f2cff1086c1f45b6e34a2182c589
SHA256	044c612ef3d1242e0f325beeb6fead17fa4c61eb37e9e957541ba4f2f2e7a1d9
SHA512	ccc3d6adae37c00864ef91485407544ee1cd7d408e8bee9eb022ef889db65bd809b1af82feabd861fa62332e5bff887dadc6b8b8ded82bfb9c78056de4010015

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5	285252a2f6327d41eab203dc2f402c67
SHA1	acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA256	5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA512	11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5	f65e4605ae692f9f0398230f3f3b7c0f
SHA1	c4070dd3d53c3d76224c576ef272af9b39b37a2e
SHA256	29d6994ca3e629c33c26c3cd8c415b3f5e9a953fd263648ec1c78fdd712b82ef
SHA512	17dc4a3c9a2f41187750f47520ca50d2fa7f2441e17eca5911e126328d7705b4a2b4a9c9d5e1cdaec5fb6e7fe94240fae5d4bef4ee389afa884841f89c54cad5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5	b8246a6d1bf1bec996a345f6746a09f6
SHA1	915c7b24708e104dc5cdd2fb4b1191dfe901f575
SHA256	f0d076dbe31bc2b5c74ec9cf80734f12e9d5adb040e52d3a8fe254f527d1e67e
SHA512	12b78c1c94c33109e2dfa48789f1a1f9bc0ebcf74436a331ec8477b3e024e0f1b555ba8f6b9a677c8221f2ac2fe77679c0e01403c1a7cf1ed8a681447f5adc9c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5	03fa4950a18299bae774e07d25e64006
SHA1	8412cc82e2eff16d8d136c1f4b3e08f5167a1c7b
SHA256	df8319e35cb878ce7d518e8d1c56a9f2afd86055fcd3553dba463366fe1b363b
SHA512	de5e579e0b148fc882aa0b6675d5ca6db4e27c3a215032f4df0000afbd2477ecacc5a0796722084065816f83bddcf363b4f461c564123b050b59ccc55d9a21bc

Sample ID	230222-c74lhabd5x
Target	511c1021fad76670d6d407139e5fef62b34ca9656fb735bd7d406728568fa280
SHA256	511c1021fad76670d6d407139e5fef62b34ca9656fb735bd7d406728568fa280
Tags	quantum ransomware

Malware Analysis Report

2024-09-11 01:37

Table of Contents

Analysis Overview

Threat Level: Known bad

Malicious Activity Summary

MITRE ATT&CK Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files