d016fcbdb988d56df4c26d75a12e87a61010ed2366b52eefb8b409a1d8bcbaab

Resubmissions

08-04-2023 15:54

230408-tcfdvsdh99 7

28-01-2023 14:39

28-01-2023 12:12

28-01-2023 11:33

28-01-2023 11:17

Analysis

max time kernel
148s
max time network
163s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
08-04-2023 15:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Hwid Spoofer Eac Rust Cleaner‮nls..scr
Size

658KB
MD5

556084cf64aec63e0babdf10a61afaa6
SHA1

b7fa21295db0657d1767c05bb440b218cecdf521
SHA256

d016fcbdb988d56df4c26d75a12e87a61010ed2366b52eefb8b409a1d8bcbaab
SHA512

6c896594ea47228f71f1dea7d9fd9f9842b5f178748a39c785ded34fb9dfd574c9bd781f1f65176e436453257078255803d729b79d823c01c6629fddfb3ce33e
SSDEEP

12288:LC/74rdbHgVBnqvFprkrUolVATWZXYm7ljg9hG80NEKXo1Y1UHC+O:LC/UGTWrkrUovUKfhkQNEwUnO

Score

7^/10

upx

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.

Query Registry
T1012

System Information Discovery
T1082

Processes:

RegAsm.exe

description ioc process

Key value queried \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Control Panel\International\Geo\Nation RegAsm.exe
Executes dropped EXE 1 IoCs

Processes:

HJDS32.EXE

pid process

4608 HJDS32.EXE

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Control Panel\International\Geo\Nation	RegAsm.exe

pid	process
4608	HJDS32.EXE

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Roaming\HJDS32.EXE	upx
C:\Users\Admin\AppData\Roaming\HJDS32.EXE	upx
C:\Users\Admin\AppData\Roaming\HJDS32.EXE	upx
behavioral1/memory/4608-151-0x00007FF6F18D0000-0x00007FF6F1A2F000-memory.dmp	upx
behavioral1/memory/4608-153-0x00007FF6F18D0000-0x00007FF6F1A2F000-memory.dmp	upx

Suspicious use of SetThreadContext 1 IoCs

Processes:

Hwid Spoofer Eac Rust Cleaner‮nls..scr

description pid process target process

PID 380 set thread context of 912 380 Hwid Spoofer Eac Rust Cleaner‮nls..scr RegAsm.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

description	pid	process	target process
PID 380 set thread context of 912	380	Hwid Spoofer Eac Rust Cleaner‮nls..scr	RegAsm.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

taskmgr.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

taskmgr.exeperfmon.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	perfmon.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	perfmon.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133254501706695285"	chrome.exe

Modifies registry class 3 IoCs

Processes:

RegAsm.exeOpenWith.exechrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings	RegAsm.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

taskmgr.exeperfmon.exechrome.exe

pid	process
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4048	perfmon.exe
4048	perfmon.exe
4044	taskmgr.exe
4048	perfmon.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
1128	chrome.exe
1128	chrome.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

LOIC.exe

pid process

4692 LOIC.exe

pid	process
4692	LOIC.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 26 IoCs

Processes:

chrome.exe

pid	process
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

taskmgr.exeperfmon.exechrome.exe

description	pid	process
Token: SeDebugPrivilege	4044	taskmgr.exe
Token: SeSystemProfilePrivilege	4044	taskmgr.exe
Token: SeCreateGlobalPrivilege	4044	taskmgr.exe
Token: SeDebugPrivilege	4048	perfmon.exe
Token: SeSystemProfilePrivilege	4048	perfmon.exe
Token: SeCreateGlobalPrivilege	4048	perfmon.exe
Token: 33	4048	perfmon.exe
Token: SeIncBasePriorityPrivilege	4048	perfmon.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe
Token: SeShutdownPrivilege	1128	chrome.exe
Token: SeCreatePagefilePrivilege	1128	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

taskmgr.exechrome.exe

pid	process
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
1128	chrome.exe
4044	taskmgr.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

taskmgr.exechrome.exe

pid	process
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
4044	taskmgr.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe
1128	chrome.exe

Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

OpenWith.exeLOIC.exe

pid process

2160 OpenWith.exe
4692 LOIC.exe
4692 LOIC.exe

pid	process
2160	OpenWith.exe
4692	LOIC.exe
4692	LOIC.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

Hwid Spoofer Eac Rust Cleaner‮nls..scrRegAsm.exeHJDS32.EXEtaskmgr.exeresmon.exechrome.exe

description	pid	process	target process
PID 380 wrote to memory of 912	380	Hwid Spoofer Eac Rust Cleaner‮nls..scr	RegAsm.exe
PID 380 wrote to memory of 912	380	Hwid Spoofer Eac Rust Cleaner‮nls..scr	RegAsm.exe
PID 380 wrote to memory of 912	380	Hwid Spoofer Eac Rust Cleaner‮nls..scr	RegAsm.exe
PID 380 wrote to memory of 912	380	Hwid Spoofer Eac Rust Cleaner‮nls..scr	RegAsm.exe
PID 380 wrote to memory of 912	380	Hwid Spoofer Eac Rust Cleaner‮nls..scr	RegAsm.exe
PID 380 wrote to memory of 912	380	Hwid Spoofer Eac Rust Cleaner‮nls..scr	RegAsm.exe
PID 380 wrote to memory of 912	380	Hwid Spoofer Eac Rust Cleaner‮nls..scr	RegAsm.exe
PID 380 wrote to memory of 912	380	Hwid Spoofer Eac Rust Cleaner‮nls..scr	RegAsm.exe
PID 380 wrote to memory of 912	380	Hwid Spoofer Eac Rust Cleaner‮nls..scr	RegAsm.exe
PID 380 wrote to memory of 912	380	Hwid Spoofer Eac Rust Cleaner‮nls..scr	RegAsm.exe
PID 912 wrote to memory of 4608	912	RegAsm.exe	HJDS32.EXE
PID 912 wrote to memory of 4608	912	RegAsm.exe	HJDS32.EXE
PID 4608 wrote to memory of 224	4608	HJDS32.EXE	cmd.exe
PID 4608 wrote to memory of 224	4608	HJDS32.EXE	cmd.exe
PID 4044 wrote to memory of 1212	4044	taskmgr.exe	resmon.exe
PID 4044 wrote to memory of 1212	4044	taskmgr.exe	resmon.exe
PID 1212 wrote to memory of 4048	1212	resmon.exe	perfmon.exe
PID 1212 wrote to memory of 4048	1212	resmon.exe	perfmon.exe
PID 1128 wrote to memory of 960	1128	chrome.exe	chrome.exe
PID 1128 wrote to memory of 960	1128	chrome.exe	chrome.exe
PID 1128 wrote to memory of 2376	1128	chrome.exe	chrome.exe
PID 1128 wrote to memory of 2376	1128	chrome.exe	chrome.exe
PID 1128 wrote to memory of 2376	1128	chrome.exe	chrome.exe
PID 1128 wrote to memory of 2376	1128	chrome.exe	chrome.exe
PID 1128 wrote to memory of 2376	1128	chrome.exe	chrome.exe
PID 1128 wrote to memory of 2376	1128	chrome.exe	chrome.exe
PID 1128 wrote to memory of 2376	1128	chrome.exe	chrome.exe
PID 1128 wrote to memory of 2376	1128	chrome.exe	chrome.exe
PID 1128 wrote to memory of 2376	1128	chrome.exe	chrome.exe
PID 1128 wrote to memory of 2376	1128	chrome.exe	chrome.exe
PID 1128 wrote to memory of 2376	1128	chrome.exe	chrome.exe
PID 1128 wrote to memory of 2376	1128	chrome.exe	chrome.exe
PID 1128 wrote to memory of 2376	1128	chrome.exe	chrome.exe
PID 1128 wrote to memory of 2376	1128	chrome.exe	chrome.exe
PID 1128 wrote to memory of 2376	1128	chrome.exe	chrome.exe
PID 1128 wrote to memory of 2376	1128	chrome.exe	chrome.exe
PID 1128 wrote to memory of 2376	1128	chrome.exe	chrome.exe
PID 1128 wrote to memory of 2376	1128	chrome.exe	chrome.exe
PID 1128 wrote to memory of 2376	1128	chrome.exe	chrome.exe
PID 1128 wrote to memory of 2376	1128	chrome.exe	chrome.exe
PID 1128 wrote to memory of 2376	1128	chrome.exe	chrome.exe
PID 1128 wrote to memory of 2376	1128	chrome.exe	chrome.exe
PID 1128 wrote to memory of 2376	1128	chrome.exe	chrome.exe
PID 1128 wrote to memory of 2376	1128	chrome.exe	chrome.exe
PID 1128 wrote to memory of 2376	1128	chrome.exe	chrome.exe
PID 1128 wrote to memory of 2376	1128	chrome.exe	chrome.exe
PID 1128 wrote to memory of 2376	1128	chrome.exe	chrome.exe
PID 1128 wrote to memory of 2376	1128	chrome.exe	chrome.exe
PID 1128 wrote to memory of 2376	1128	chrome.exe	chrome.exe
PID 1128 wrote to memory of 2376	1128	chrome.exe	chrome.exe
PID 1128 wrote to memory of 2376	1128	chrome.exe	chrome.exe
PID 1128 wrote to memory of 2376	1128	chrome.exe	chrome.exe
PID 1128 wrote to memory of 2376	1128	chrome.exe	chrome.exe
PID 1128 wrote to memory of 2376	1128	chrome.exe	chrome.exe
PID 1128 wrote to memory of 2376	1128	chrome.exe	chrome.exe
PID 1128 wrote to memory of 2376	1128	chrome.exe	chrome.exe
PID 1128 wrote to memory of 2376	1128	chrome.exe	chrome.exe
PID 1128 wrote to memory of 2376	1128	chrome.exe	chrome.exe
PID 1128 wrote to memory of 2420	1128	chrome.exe	chrome.exe
PID 1128 wrote to memory of 2420	1128	chrome.exe	chrome.exe
PID 1128 wrote to memory of 2276	1128	chrome.exe	chrome.exe
PID 1128 wrote to memory of 2276	1128	chrome.exe	chrome.exe
PID 1128 wrote to memory of 2276	1128	chrome.exe	chrome.exe
PID 1128 wrote to memory of 2276	1128	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\Hwid Spoofer Eac Rust Cleaner‮nls..scr
"C:\Users\Admin\AppData\Local\Temp\Hwid Spoofer Eac Rust Cleaner‮nls..scr" /S
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:380
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  #cmd
  2⤵
  - Checks computer location settings
  - Modifies registry class
  - Suspicious use of WriteProcessMemory
  PID:912
- - C:\Users\Admin\AppData\Roaming\HJDS32.EXE
    "C:\Users\Admin\AppData\Roaming\HJDS32.EXE"
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:4608
  - - C:\Windows\system32\cmd.exe
      "cmd" /C C:\Users\Admin\AppData\Local\Temp\0.exe
      4⤵
      PID:224

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2160

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4044
- C:\Windows\system32\resmon.exe
  "C:\Windows\system32\resmon.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1212
- - C:\Windows\System32\perfmon.exe
    "C:\Windows\System32\perfmon.exe" /res
    3⤵
    - Checks processor information in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:4048

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xd8,0xa0,0xa4,0x104,0x128,0x7fffe24e9758,0x7fffe24e9768,0x7fffe24e9778
  2⤵
  PID:960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1788 --field-trial-handle=1840,i,9745276376830151995,16014811997651326124,131072 /prefetch:2
  2⤵
  PID:2376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 --field-trial-handle=1840,i,9745276376830151995,16014811997651326124,131072 /prefetch:8
  2⤵
  PID:2420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2248 --field-trial-handle=1840,i,9745276376830151995,16014811997651326124,131072 /prefetch:8
  2⤵
  PID:2276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3200 --field-trial-handle=1840,i,9745276376830151995,16014811997651326124,131072 /prefetch:1
  2⤵
  PID:2972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3324 --field-trial-handle=1840,i,9745276376830151995,16014811997651326124,131072 /prefetch:1
  2⤵
  PID:224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4520 --field-trial-handle=1840,i,9745276376830151995,16014811997651326124,131072 /prefetch:1
  2⤵
  PID:2536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4648 --field-trial-handle=1840,i,9745276376830151995,16014811997651326124,131072 /prefetch:8
  2⤵
  PID:1616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4792 --field-trial-handle=1840,i,9745276376830151995,16014811997651326124,131072 /prefetch:8
  2⤵
  PID:4664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5036 --field-trial-handle=1840,i,9745276376830151995,16014811997651326124,131072 /prefetch:8
  2⤵
  PID:4776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5024 --field-trial-handle=1840,i,9745276376830151995,16014811997651326124,131072 /prefetch:8
  2⤵
  PID:5116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5084 --field-trial-handle=1840,i,9745276376830151995,16014811997651326124,131072 /prefetch:8
  2⤵
  PID:4392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5008 --field-trial-handle=1840,i,9745276376830151995,16014811997651326124,131072 /prefetch:1
  2⤵
  PID:4860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3312 --field-trial-handle=1840,i,9745276376830151995,16014811997651326124,131072 /prefetch:1
  2⤵
  PID:2848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3432 --field-trial-handle=1840,i,9745276376830151995,16014811997651326124,131072 /prefetch:1
  2⤵
  PID:2436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5080 --field-trial-handle=1840,i,9745276376830151995,16014811997651326124,131072 /prefetch:1
  2⤵
  PID:4612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5712 --field-trial-handle=1840,i,9745276376830151995,16014811997651326124,131072 /prefetch:1
  2⤵
  PID:2720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5428 --field-trial-handle=1840,i,9745276376830151995,16014811997651326124,131072 /prefetch:1
  2⤵
  PID:1796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5728 --field-trial-handle=1840,i,9745276376830151995,16014811997651326124,131072 /prefetch:1
  2⤵
  PID:4776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4484 --field-trial-handle=1840,i,9745276376830151995,16014811997651326124,131072 /prefetch:1
  2⤵
  PID:3272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5368 --field-trial-handle=1840,i,9745276376830151995,16014811997651326124,131072 /prefetch:1
  2⤵
  PID:4336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5732 --field-trial-handle=1840,i,9745276376830151995,16014811997651326124,131072 /prefetch:1
  2⤵
  PID:4892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5716 --field-trial-handle=1840,i,9745276376830151995,16014811997651326124,131072 /prefetch:1
  2⤵
  PID:3488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=3472 --field-trial-handle=1840,i,9745276376830151995,16014811997651326124,131072 /prefetch:1
  2⤵
  PID:4512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=6516 --field-trial-handle=1840,i,9745276376830151995,16014811997651326124,131072 /prefetch:1
  2⤵
  PID:4132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=6892 --field-trial-handle=1840,i,9745276376830151995,16014811997651326124,131072 /prefetch:1
  2⤵
  PID:1744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7040 --field-trial-handle=1840,i,9745276376830151995,16014811997651326124,131072 /prefetch:8
  2⤵
  PID:3936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=6708 --field-trial-handle=1840,i,9745276376830151995,16014811997651326124,131072 /prefetch:1
  2⤵
  PID:376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=7228 --field-trial-handle=1840,i,9745276376830151995,16014811997651326124,131072 /prefetch:1
  2⤵
  PID:4692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=7416 --field-trial-handle=1840,i,9745276376830151995,16014811997651326124,131072 /prefetch:1
  2⤵
  PID:2396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=4420 --field-trial-handle=1840,i,9745276376830151995,16014811997651326124,131072 /prefetch:1
  2⤵
  PID:4904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=4356 --field-trial-handle=1840,i,9745276376830151995,16014811997651326124,131072 /prefetch:1
  2⤵
  PID:1996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=2860 --field-trial-handle=1840,i,9745276376830151995,16014811997651326124,131072 /prefetch:1
  2⤵
  PID:4060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=5788 --field-trial-handle=1840,i,9745276376830151995,16014811997651326124,131072 /prefetch:1
  2⤵
  PID:1944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=7120 --field-trial-handle=1840,i,9745276376830151995,16014811997651326124,131072 /prefetch:1
  2⤵
  PID:632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=7800 --field-trial-handle=1840,i,9745276376830151995,16014811997651326124,131072 /prefetch:1
  2⤵
  PID:4532

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3880

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2304

C:\Users\Admin\Desktop\LOIC.exe
"C:\Users\Admin\Desktop\LOIC.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4692

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
PID:5248

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
d81126aaf325992ad6b117b8d9fd996d

SHA1
e37d298bd9e147bf7b025b987eacf2828d722b37

SHA256
8e7739772f06f04d8f6596689ce6f2223c50e8ea9f70733e0be6ea3b0231df6b

SHA512
60df37ea3acbb9977c1beae1e1677538a8389acb567f1fc42743a44d1e3820c8a01495424b842be2c0ed8668c20ac5c015ff35145d204b8fd6ccb09ffb671a01

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
471B

MD5
854c230592df6d3e8ca2bf4d404d2a8d

SHA1
b8bfe5b1074f06145a6679ab3686484690df2c6d

SHA256
811bf3c74185cef3bfdabf0c2bb6e69bfd0dc749b96615e1e9b0d59d2d93c053

SHA512
9a107e5217b3f3da1b5687d843ec203cdee9010874da6f92c3e7109f7eec607f74df92a3c508035f09459921943470ad8106f86148850efcb87ca20049a3634d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
030827fb72a94e56a20087233f2065cb

SHA1
c5c9d6f5bb8ea40f14788b707f1020bd84540a58

SHA256
ec8ee95bbbb13b7d988202f13eba71b98648cd774fb08501983f4272f6747841

SHA512
f737c4196f5001b0e45d5b4fc9c21dc0e917d7a8c04ff41822fce70b6da9e351b2e4701f2a82e8ef6b5d8e307e03bb9283ac5250658b51c4308ee6904468d95e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
430B

MD5
586a7a2ce559e91825606f9d0902497f

SHA1
52f69d4d16335891cb8d37c75af813e0026f5bd9

SHA256
a1fbd11a7f3d947cb68e317045e6cc1871572788117d0e2d1d53365531f7c067

SHA512
6e36193c0b6898fc2a23f48601f644fe582b68a51cc42b1ea538e4204277e6d641f4c036df23ede00e8b30602ce2cfcdea1bdc95682459816ae2cc224c439c75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

Filesize
24KB

MD5
344ee6eaad74df6b72dec90b1b888aab

SHA1
490e2d92c7f8f3934c14e6c467d8409194bb2c9a

SHA256
a3cf4861c7d0c966f0ed6564f6aad6b28cbd3421a9ca4f60e2246848d249f196

SHA512
2a9a9162d610376512a8fae2cf9eb7e5146cc44c8ebde7a12e9a3985da1718c62ae517c25b00de7c0269efab61b4850a0becfbf04382a25730dbe9cf59825a62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

Filesize
24KB

MD5
5366c57b20a86f1956780da5e26aac90

SHA1
927dca34817d3c42d9647a846854dad3cbcdb533

SHA256
f254eb93b015455a3c89aaf970631bc989fe2bd387f79e871b514992359651aa

SHA512
15d7127970436f2510344600f3acecc19c39a05f8e82c8a7950095386382b2e2da55883a5a9faa97b84452e67315b9ac1693b6592274c8c1c35c813dfeb543a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

Filesize
39KB

MD5
d5ac3487f44e75ac3b8c9a9b65aa9901

SHA1
08052729e22ef0bd89d912d15eb9e1ad13159b36

SHA256
53dfdf8f035a5d5a3d0a06a50bea5d84bb7b9dfac3ce3cd1d9a3ee1fae3eabe3

SHA512
793bc192579ae3c7f2e1af9a36635699b9d9406e6a6a7fc65a5901c3a4915c8dd3456ea8a4dcd37127b895e1a81fa554ab847189e916ffd463c058d1ae5407cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

Filesize
60KB

MD5
8422c819d28efd3fce7cb1223556abaf

SHA1
d28af6ba1bb10ae2020d0780ee2ff6ef9b4ac2af

SHA256
7ffa29f3b8a21410d1b5f66f83db4c0fea0983316941f4aa595bf4d2b66aace6

SHA512
10437b796d4a49f9b1e2704d92efa077b063ec1239ae5595a4a4f367c8f14677e7c26cdc71e0fcdee54d6396af762a8871cd1b4c8e97e693e5eff6424196b7cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

Filesize
83KB

MD5
ee66c4b6726cae5bb0ec73a2a4163f16

SHA1
c6c7379913906407eb2de2e490030c75bfc80e8e

SHA256
fe042321b5ff4450c96e3d6d7050a4d15b70b4cb52a370a32a19d66649b083a6

SHA512
1d7678993355f8ff401856836ba45fdbbdc0c38a907ff00575804a0b3279573ca79e60767eecabb9f9d6ed5a4c95834d2ab89078f451f7851194f88f395387fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
9a723f01aa7065ae50c2fd5172abd3c8

SHA1
e4e4d1534eb4f5ca5cc9ea7c8ee73949f8f83cc5

SHA256
c18f103134f727f721112c1cef96ff3d9d6695df9c1180611e0a682a0ff87026

SHA512
0d5d20547904aff7c9c34f96c7de9b68ecafb192e202862bea66d615027cd11982afe1fee49118b2ea2676def5fe57a3338dbeb398cad734d95bd86f0f6fb70a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
fc0de4ab64fc80408ebf73f80db50d50

SHA1
ccf9694a6d82c1517537f90822bd8cc54c14c64e

SHA256
f73a504a747208a35e84d38dbac8fe59ddb2adbb656d08beb0021084fd1d896a

SHA512
caaf5485fcdbdb234f5b5a3dc7d4c6e07d65782dc8d547c40585c3540c1f8046f8f6b344b475c3388a461aca427e103ec5e67f025ca4698b43d54ea520175dd2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
365B

MD5
266a98c3098e26612307a3fd2c19a44b

SHA1
19f2b846f4ff8e241ccad1efb289323b0002fd8c

SHA256
5ae52956aeaf3e8b75ed429c8e754ab1a6ba3ec8affa14540f6620e0df1e5e2e

SHA512
3021d0dbc16d71f102e3f65cc19a472783570d2b0db83279c876be99d132034ffe76e9d52bb41590cc2b6a1efebbbb0bfc7f564a6aa4b5c87e34d1104c690e4d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
104837d1f2c7a78a20941fa5a68d9672

SHA1
a39595d3e71aaf8123b356001d48baf85a32e83e

SHA256
4e942b39670a1e678c1ce3507fd948879783869bbac84fc419971ca3a796c4b1

SHA512
76f2efc4bcea48c28f546613b7465a8ac200591ff8025a999706d5b15c913fb0368057cbeb50c50ee2103a1cdbbfd8fa445ff6e6a7025bd5cae89458e72f023f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f7118f3cdc1e7fd155b405be29a2e29e

SHA1
0a46406cfb0b9bbfb71e5482e113a2bd32c2d149

SHA256
a0b5080ab7b4e13fc3d1df65f1147f088e4d99ee41fd61936b2f329f1ec5aefc

SHA512
5147a36f87b8a5216fb600a8dea073b6e0c35f477538c07135dd4b0aab14ab572c3913a98680d0d6ecaffaeee5d21b1f9c4443c79bd58bf1320c82079e878fac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
242d1bc765fcae24e2c0a38691b4aac6

SHA1
15ab1ed5b4af651868256ceabbc8f8974d7b1797

SHA256
6c0fcfcdb69fffa40c85bf4cd3bd5f5f19833871f55c670fdf934041217974d6

SHA512
898643e2548b3f7db20a55364c09cab1f03c9de1933bced73de539d1d3a27495bd7e0725d3109b54013701f6ebdd679b42cd61fb7552828515f92b171df07f45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
db011e58aa831b679d8ddadabc27860f

SHA1
17c97c481cb7e54f69a11cdb5daecbdb44ad8d23

SHA256
29f5da9b300a9bae22e978e7775d23f2bb31ac8d9a02ea898c144d97c5c2fb97

SHA512
d7db6496881d40f96ae3e14e6c70c4be85550f19f251f4cc17bb9a8a67abd1c864032a7425df5387fc56cc62faaad1fddbe0b332a08eabbadfa20f5258dabd8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe57f397.TMP

Filesize
120B

MD5
35ad42623461cae8935ccae2b194e196

SHA1
bce2ef37687a0cf5f64490445af011ad5fa6408f

SHA256
be99f647263fa6350d7323e47d3b311f30e150902f768020ba10c5bb586fbc83

SHA512
59ee9dbaa6137b0aeae69104b07dae4c17cbc7c02ea22bee7dc19da46800bfbe207de38e65e149a3bf33319294de596742bd448580409d237f3b7bb069416190

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
200KB

MD5
c9ce3f3edbcafa5dee9ce1be3cb489b9

SHA1
269094362414cf794114eeebc3e992bc1ea9838f

SHA256
d0601a23e7a25afcee4d8855cc7857eec57f55fee5536021c76f8b97f277650b

SHA512
74d37919bbebc4c43fbe4cee5f9340b90af914b968d8a68b4bff01243c3511bfd9b22b89456de134575d2f538c4b9459a5a186da26e4d52c392efa74e1ad76f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

Filesize
28KB

MD5
a6374b4b5767d473c968cd115acebeaf

SHA1
9d220c9f340dde6d8708662a67daf33deccfcbd8

SHA256
46b601f2a17dee6132cbd2dd03aebed345a7c48e3c19a8d7a25d194045989550

SHA512
3df3934f178ceef392983db5784c649ff4a8758e75d9a5675ad5cfd3ef13716b26997e95a30930f42e3121fcc194dce32f3356dfbdb34468a9d406f5e9142d1b

Download Submit
C:\Users\Admin\AppData\Local\Temp\0.exe

Filesize
298B

MD5
3861a3795095fe81fcb8382d2b9066bd

SHA1
2cef2af9a35d636c3af48902c20891ec49a8e791

SHA256
b19463cb9b847bdfc7dbf8133d9702d0a0ecc4175335c4a75db211e0196f84b3

SHA512
8e881d7f7a8236d36aef500473a3dbc5a98d46c1596d33ab76e4669f858d86c6b4881c0882c37d2d32b888fcaf6280385932ca5ffc6a5143d625c71b8fc8b294

Download Submit
C:\Users\Admin\AppData\Roaming\HJDS32.EXE

Filesize
532KB

MD5
89d77a6e1e3a08f6cbb5b440c8f47e29

SHA1
b9f2db35241435b4ceed98b58b63918a6f4ce2e2

SHA256
9f6badc3fdae2eec00ce41e5c07ccaef97eb9805d13328a1589e36fd1890181c

SHA512
c6102fd3cc8438292a222583f40358e2039fab534765ed2f07e056df36c8f609ef51b55c782baaeeb1d2124b3aed5ebfbb9875dc136e560220a8339393c594e2

Download Submit
C:\Users\Admin\AppData\Roaming\HJDS32.EXE

Filesize
532KB

MD5
89d77a6e1e3a08f6cbb5b440c8f47e29

SHA1
b9f2db35241435b4ceed98b58b63918a6f4ce2e2

SHA256
9f6badc3fdae2eec00ce41e5c07ccaef97eb9805d13328a1589e36fd1890181c

SHA512
c6102fd3cc8438292a222583f40358e2039fab534765ed2f07e056df36c8f609ef51b55c782baaeeb1d2124b3aed5ebfbb9875dc136e560220a8339393c594e2

Download Submit
C:\Users\Admin\AppData\Roaming\HJDS32.EXE

Filesize
532KB

MD5
89d77a6e1e3a08f6cbb5b440c8f47e29

SHA1
b9f2db35241435b4ceed98b58b63918a6f4ce2e2

SHA256
9f6badc3fdae2eec00ce41e5c07ccaef97eb9805d13328a1589e36fd1890181c

SHA512
c6102fd3cc8438292a222583f40358e2039fab534765ed2f07e056df36c8f609ef51b55c782baaeeb1d2124b3aed5ebfbb9875dc136e560220a8339393c594e2

Download Submit
C:\Users\Admin\Downloads\LOIC-1.0.8-binary.zip

Filesize
100KB

MD5
c615da1584cf050cf81a08d40309d735

SHA1
ff00f68b03f7bbc785284abd95a54d5b98f7db9b

SHA256
b6d6e0d1dce867836a684a0af278e46ed4a50be49a784ab7bfcb3ed59841c9d0

SHA512
127429a243595b572a3bc9153243f39e4bdb088b72ca5b9d3962fb36c031bd42ae7a8a326aaae76e11bb33df56925e3591a4c07a7cbe2459b336a1074b8e9113

Download Submit
\??\pipe\crashpad_1128_CPBTZLWQFDMIOPRU

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/380-133-0x0000000000160000-0x000000000020A000-memory.dmp

Filesize
680KB

Download
memory/912-150-0x0000000000400000-0x0000000000497000-memory.dmp

Filesize
604KB

Download
memory/912-144-0x0000000000400000-0x0000000000497000-memory.dmp

Filesize
604KB

Download
memory/912-137-0x0000000000400000-0x0000000000497000-memory.dmp

Filesize
604KB

Download
memory/912-136-0x0000000000400000-0x0000000000497000-memory.dmp

Filesize
604KB

Download
memory/912-134-0x0000000000400000-0x0000000000497000-memory.dmp

Filesize
604KB

Download
memory/4044-157-0x0000017184F40000-0x0000017184F41000-memory.dmp

Filesize
4KB

Download
memory/4044-162-0x0000017184F40000-0x0000017184F41000-memory.dmp

Filesize
4KB

Download
memory/4044-166-0x0000017184F40000-0x0000017184F41000-memory.dmp

Filesize
4KB

Download
memory/4044-165-0x0000017184F40000-0x0000017184F41000-memory.dmp

Filesize
4KB

Download
memory/4044-164-0x0000017184F40000-0x0000017184F41000-memory.dmp

Filesize
4KB

Download
memory/4044-163-0x0000017184F40000-0x0000017184F41000-memory.dmp

Filesize
4KB

Download
memory/4044-155-0x0000017184F40000-0x0000017184F41000-memory.dmp

Filesize
4KB

Download
memory/4044-156-0x0000017184F40000-0x0000017184F41000-memory.dmp

Filesize
4KB

Download
memory/4044-161-0x0000017184F40000-0x0000017184F41000-memory.dmp

Filesize
4KB

Download
memory/4044-167-0x0000017184F40000-0x0000017184F41000-memory.dmp

Filesize
4KB

Download
memory/4608-151-0x00007FF6F18D0000-0x00007FF6F1A2F000-memory.dmp

Filesize
1.4MB

Download
memory/4608-153-0x00007FF6F18D0000-0x00007FF6F1A2F000-memory.dmp

Filesize
1.4MB

Download
memory/4692-574-0x000000001D510000-0x000000001DC67000-memory.dmp

Filesize
7.3MB

Download
memory/4692-580-0x000000001B030000-0x000000001B040000-memory.dmp

Filesize
64KB

Download
memory/4692-575-0x000000001B030000-0x000000001B040000-memory.dmp

Filesize
64KB

Download
memory/4692-576-0x000000001B030000-0x000000001B040000-memory.dmp

Filesize
64KB

Download
memory/4692-577-0x000000001B030000-0x000000001B040000-memory.dmp

Filesize
64KB

Download
memory/4692-578-0x000000001B030000-0x000000001B040000-memory.dmp

Filesize
64KB

Download
memory/4692-579-0x000000001B030000-0x000000001B040000-memory.dmp

Filesize
64KB

Download
memory/4692-561-0x000000001B030000-0x000000001B040000-memory.dmp

Filesize
64KB

Download
memory/4692-560-0x000000001B030000-0x000000001B040000-memory.dmp

Filesize
64KB

Download
memory/4692-598-0x000000001D510000-0x000000001DC67000-memory.dmp

Filesize
7.3MB

Download
memory/4692-559-0x000000001B030000-0x000000001B040000-memory.dmp

Filesize
64KB

Download
memory/4692-558-0x000000001B030000-0x000000001B040000-memory.dmp

Filesize
64KB

Download
memory/4692-557-0x000000001B030000-0x000000001B040000-memory.dmp

Filesize
64KB

Download
memory/4692-556-0x0000000000380000-0x00000000003A8000-memory.dmp

Filesize
160KB

Download