9d059fe6ada9d5860401ea028e40dbf231b9e41f3f88a7d0d04136214c596a96

Resubmissions

07/05/2023, 19:40

230507-ydqnfaff43 8

07/05/2023, 19:37

230507-yb1qmahd4y 8

07/05/2023, 19:33

230507-x919daff27 1

07/05/2023, 19:30

230507-x7y18sfe98 1

Analysis

max time kernel
77s
max time network
149s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
07/05/2023, 19:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

FREEEEEEE
Size

3KB
MD5

b67b3eaa163ae4edf089f487e40b351e
SHA1

c57eee377f00bcbaf84b2cc3102a725daadbf8c7
SHA256

9d059fe6ada9d5860401ea028e40dbf231b9e41f3f88a7d0d04136214c596a96
SHA512

c4f5af4346f87e6e3454b889e53fd0a7b54e2d3fdadc7a71ba9f50f4ac88c1aee6563a745282059a94218926b7861d8cd0f88ea30ef351b319fabd6d286bfb71

Score

8^/10

bootkit persistence

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 2 IoCs

pid	Process
532	Monoxidex86.exe
244	艀椗劔靀悄壺遫晇槦茲抢損紒絉鱞冤.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Windows\CurrentVersion\Run	chrome.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1067

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	艀椗劔靀悄壺遫晇槦茲抢損紒絉鱞冤.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2276	3280	WerFault.exe	127

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133279618716104969"	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2816	chrome.exe
2816	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeCreatePagefilePrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeCreatePagefilePrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeCreatePagefilePrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeCreatePagefilePrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeCreatePagefilePrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeCreatePagefilePrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeCreatePagefilePrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeCreatePagefilePrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeCreatePagefilePrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeCreatePagefilePrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeCreatePagefilePrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeCreatePagefilePrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeCreatePagefilePrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeCreatePagefilePrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeCreatePagefilePrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeCreatePagefilePrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeCreatePagefilePrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeCreatePagefilePrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeCreatePagefilePrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeCreatePagefilePrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeCreatePagefilePrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeCreatePagefilePrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeCreatePagefilePrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeCreatePagefilePrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeCreatePagefilePrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeCreatePagefilePrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeCreatePagefilePrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeCreatePagefilePrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeCreatePagefilePrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeCreatePagefilePrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeCreatePagefilePrivilege	2816	chrome.exe
Token: SeShutdownPrivilege	2816	chrome.exe
Token: SeCreatePagefilePrivilege	2816	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe
2816	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
244	艀椗劔靀悄壺遫晇槦茲抢損紒絉鱞冤.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2816 wrote to memory of 2124	2816	chrome.exe	69
PID 2816 wrote to memory of 2124	2816	chrome.exe	69
PID 2816 wrote to memory of 972	2816	chrome.exe	72
PID 2816 wrote to memory of 972	2816	chrome.exe	72
PID 2816 wrote to memory of 972	2816	chrome.exe	72
PID 2816 wrote to memory of 972	2816	chrome.exe	72
PID 2816 wrote to memory of 972	2816	chrome.exe	72
PID 2816 wrote to memory of 972	2816	chrome.exe	72
PID 2816 wrote to memory of 972	2816	chrome.exe	72
PID 2816 wrote to memory of 972	2816	chrome.exe	72
PID 2816 wrote to memory of 972	2816	chrome.exe	72
PID 2816 wrote to memory of 972	2816	chrome.exe	72
PID 2816 wrote to memory of 972	2816	chrome.exe	72
PID 2816 wrote to memory of 972	2816	chrome.exe	72
PID 2816 wrote to memory of 972	2816	chrome.exe	72
PID 2816 wrote to memory of 972	2816	chrome.exe	72
PID 2816 wrote to memory of 972	2816	chrome.exe	72
PID 2816 wrote to memory of 972	2816	chrome.exe	72
PID 2816 wrote to memory of 972	2816	chrome.exe	72
PID 2816 wrote to memory of 972	2816	chrome.exe	72
PID 2816 wrote to memory of 972	2816	chrome.exe	72
PID 2816 wrote to memory of 972	2816	chrome.exe	72
PID 2816 wrote to memory of 972	2816	chrome.exe	72
PID 2816 wrote to memory of 972	2816	chrome.exe	72
PID 2816 wrote to memory of 972	2816	chrome.exe	72
PID 2816 wrote to memory of 972	2816	chrome.exe	72
PID 2816 wrote to memory of 972	2816	chrome.exe	72
PID 2816 wrote to memory of 972	2816	chrome.exe	72
PID 2816 wrote to memory of 972	2816	chrome.exe	72
PID 2816 wrote to memory of 972	2816	chrome.exe	72
PID 2816 wrote to memory of 972	2816	chrome.exe	72
PID 2816 wrote to memory of 972	2816	chrome.exe	72
PID 2816 wrote to memory of 972	2816	chrome.exe	72
PID 2816 wrote to memory of 972	2816	chrome.exe	72
PID 2816 wrote to memory of 972	2816	chrome.exe	72
PID 2816 wrote to memory of 972	2816	chrome.exe	72
PID 2816 wrote to memory of 972	2816	chrome.exe	72
PID 2816 wrote to memory of 972	2816	chrome.exe	72
PID 2816 wrote to memory of 972	2816	chrome.exe	72
PID 2816 wrote to memory of 972	2816	chrome.exe	72
PID 2816 wrote to memory of 1272	2816	chrome.exe	71
PID 2816 wrote to memory of 1272	2816	chrome.exe	71
PID 2816 wrote to memory of 4424	2816	chrome.exe	73
PID 2816 wrote to memory of 4424	2816	chrome.exe	73
PID 2816 wrote to memory of 4424	2816	chrome.exe	73
PID 2816 wrote to memory of 4424	2816	chrome.exe	73
PID 2816 wrote to memory of 4424	2816	chrome.exe	73
PID 2816 wrote to memory of 4424	2816	chrome.exe	73
PID 2816 wrote to memory of 4424	2816	chrome.exe	73
PID 2816 wrote to memory of 4424	2816	chrome.exe	73
PID 2816 wrote to memory of 4424	2816	chrome.exe	73
PID 2816 wrote to memory of 4424	2816	chrome.exe	73
PID 2816 wrote to memory of 4424	2816	chrome.exe	73
PID 2816 wrote to memory of 4424	2816	chrome.exe	73
PID 2816 wrote to memory of 4424	2816	chrome.exe	73
PID 2816 wrote to memory of 4424	2816	chrome.exe	73
PID 2816 wrote to memory of 4424	2816	chrome.exe	73
PID 2816 wrote to memory of 4424	2816	chrome.exe	73
PID 2816 wrote to memory of 4424	2816	chrome.exe	73
PID 2816 wrote to memory of 4424	2816	chrome.exe	73
PID 2816 wrote to memory of 4424	2816	chrome.exe	73
PID 2816 wrote to memory of 4424	2816	chrome.exe	73
PID 2816 wrote to memory of 4424	2816	chrome.exe	73
PID 2816 wrote to memory of 4424	2816	chrome.exe	73

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\FREEEEEEE
1⤵
PID:2440

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xd0,0xd4,0xd8,0xac,0xdc,0x7ffc90a49758,0x7ffc90a49768,0x7ffc90a49778
  2⤵
  PID:2124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1960 --field-trial-handle=1784,i,6576162816231640121,3702336556933520067,131072 /prefetch:8
  2⤵
  PID:1272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1652 --field-trial-handle=1784,i,6576162816231640121,3702336556933520067,131072 /prefetch:2
  2⤵
  PID:972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2104 --field-trial-handle=1784,i,6576162816231640121,3702336556933520067,131072 /prefetch:8
  2⤵
  PID:4424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3076 --field-trial-handle=1784,i,6576162816231640121,3702336556933520067,131072 /prefetch:1
  2⤵
  PID:1012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3040 --field-trial-handle=1784,i,6576162816231640121,3702336556933520067,131072 /prefetch:1
  2⤵
  PID:4896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4424 --field-trial-handle=1784,i,6576162816231640121,3702336556933520067,131072 /prefetch:8
  2⤵
  PID:4716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4560 --field-trial-handle=1784,i,6576162816231640121,3702336556933520067,131072 /prefetch:1
  2⤵
  PID:4728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4552 --field-trial-handle=1784,i,6576162816231640121,3702336556933520067,131072 /prefetch:8
  2⤵
  PID:4772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4852 --field-trial-handle=1784,i,6576162816231640121,3702336556933520067,131072 /prefetch:8
  2⤵
  PID:4276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5008 --field-trial-handle=1784,i,6576162816231640121,3702336556933520067,131072 /prefetch:8
  2⤵
  PID:4636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4776 --field-trial-handle=1784,i,6576162816231640121,3702336556933520067,131072 /prefetch:8
  2⤵
  PID:4228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4864 --field-trial-handle=1784,i,6576162816231640121,3702336556933520067,131072 /prefetch:8
  2⤵
  PID:396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4740 --field-trial-handle=1784,i,6576162816231640121,3702336556933520067,131072 /prefetch:1
  2⤵
  PID:3640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3216 --field-trial-handle=1784,i,6576162816231640121,3702336556933520067,131072 /prefetch:1
  2⤵
  PID:204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3140 --field-trial-handle=1784,i,6576162816231640121,3702336556933520067,131072 /prefetch:1
  2⤵
  PID:4796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5268 --field-trial-handle=1784,i,6576162816231640121,3702336556933520067,131072 /prefetch:1
  2⤵
  PID:4392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3196 --field-trial-handle=1784,i,6576162816231640121,3702336556933520067,131072 /prefetch:1
  2⤵
  PID:4608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3136 --field-trial-handle=1784,i,6576162816231640121,3702336556933520067,131072 /prefetch:1
  2⤵
  PID:4740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5744 --field-trial-handle=1784,i,6576162816231640121,3702336556933520067,131072 /prefetch:1
  2⤵
  PID:4196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5864 --field-trial-handle=1784,i,6576162816231640121,3702336556933520067,131072 /prefetch:1
  2⤵
  PID:1860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6224 --field-trial-handle=1784,i,6576162816231640121,3702336556933520067,131072 /prefetch:8
  2⤵
  PID:1664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4528 --field-trial-handle=1784,i,6576162816231640121,3702336556933520067,131072 /prefetch:8
  2⤵
  PID:3088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=3204 --field-trial-handle=1784,i,6576162816231640121,3702336556933520067,131072 /prefetch:1
  2⤵
  PID:4056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=3328 --field-trial-handle=1784,i,6576162816231640121,3702336556933520067,131072 /prefetch:1
  2⤵
  PID:1072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=4768 --field-trial-handle=1784,i,6576162816231640121,3702336556933520067,131072 /prefetch:1
  2⤵
  PID:396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5224 --field-trial-handle=1784,i,6576162816231640121,3702336556933520067,131072 /prefetch:8
  2⤵
  PID:4516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5808 --field-trial-handle=1784,i,6576162816231640121,3702336556933520067,131072 /prefetch:8
  2⤵
  PID:4640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3548 --field-trial-handle=1784,i,6576162816231640121,3702336556933520067,131072 /prefetch:8
  2⤵
  PID:3352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5992 --field-trial-handle=1784,i,6576162816231640121,3702336556933520067,131072 /prefetch:8
  2⤵
  PID:684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5180 --field-trial-handle=1784,i,6576162816231640121,3702336556933520067,131072 /prefetch:8
  2⤵
  PID:4460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5276 --field-trial-handle=1784,i,6576162816231640121,3702336556933520067,131072 /prefetch:8
  2⤵
  PID:4604
- C:\Users\Admin\Downloads\Monoxidex86.exe
  "C:\Users\Admin\Downloads\Monoxidex86.exe"
  2⤵
  - Executes dropped EXE
  PID:532
- - C:\Users\Admin\AppData\Local\Temp\艀椗劔靀悄壺遫晇槦茲抢損紒絉鱞冤.exe
    "C:\Users\Admin\AppData\Local\Temp\艀椗劔靀悄壺遫晇槦茲抢損紒絉鱞冤.exe"
    3⤵
    - Executes dropped EXE
    - Writes to the Master Boot Record (MBR)
    - Suspicious use of SetWindowsHookEx
    PID:244
  - - C:\Windows\SysWOW64\NOTEPAD.EXE
      "C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\7-Zip\Lang\an.txt
      4⤵
      PID:236
  - - C:\Windows\SysWOW64\NOTEPAD.EXE
      "C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\7-Zip\Lang\ar.txt
      4⤵
      PID:4700
  - - C:\Windows\SysWOW64\NOTEPAD.EXE
      "C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\7-Zip\Lang\ja.txt
      4⤵
      PID:96
  - - C:\Program Files\7-Zip\Uninstall.exe
      "C:\Program Files\7-Zip\Uninstall.exe"
      4⤵
      PID:2312
    - - C:\Users\Admin\AppData\Local\Temp\7z7EFFC908\Uninst.exe
        
        C:\Users\Admin\AppData\Local\Temp\7z7EFFC908\Uninst.exe /N /D="C:\Program Files\7-Zip\"
        5⤵
        
        PID:3060
  - - C:\Windows\SysWOW64\NOTEPAD.EXE
      "C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\7-Zip\Lang\lv.txt
      4⤵
      PID:3784
  - - C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe
      "C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe"
      4⤵
      PID:844
  - - C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe
      "C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe"
      4⤵
      PID:4468
  - - C:\Windows\SysWOW64\NOTEPAD.EXE
      "C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\Java\jdk1.8.0_66\bin\jmc.ini
      4⤵
      PID:3828
  - - C:\Program Files\Java\jdk1.8.0_66\bin\jps.exe
      "C:\Program Files\Java\jdk1.8.0_66\bin\jps.exe"
      4⤵
      PID:3776
  - - C:\Program Files\Java\jdk1.8.0_66\bin\rmid.exe
      "C:\Program Files\Java\jdk1.8.0_66\bin\rmid.exe"
      4⤵
      PID:4776
  - - C:\Program Files\Java\jdk1.8.0_66\bin\wsgen.exe
      "C:\Program Files\Java\jdk1.8.0_66\bin\wsgen.exe"
      4⤵
      PID:5048

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4516

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3d8
1⤵
PID:3228

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2792

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2052

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Desktop\ExportResize.jpeg" /ForceBootstrapPaint3D
1⤵
PID:5048

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Desktop\ExportResize.jpeg" /ForceBootstrapPaint3D
1⤵
PID:1860

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4132

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4416

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s DsSvc
1⤵
PID:2744

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4152

C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe
"C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe" -ServerName:Microsoft.MSPaint.AppX437q68k2qc2asvaagas2prv9tjej6ja9.mca
1⤵
PID:3280
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3280 -s 4204
  2⤵
  - Program crash
  PID:2276

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4348

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2792

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5048

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1416

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4988

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\8de5582645b0418eaf64bb29a121601e /t 2108 /p 2112
1⤵
PID:3556

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

T1067

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Web Service

T1102

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\4dc902e8-6bfe-437a-b7e2-196f5c57a003.tmp

Filesize
6KB

MD5
0e541457fc1d788a120e175a31c452fb

SHA1
6c6e3ab4b82a86368b371b708bd4712ce8bbcf96

SHA256
c79f1eb740ad782bb9b7e20f7d1a445ec30e125810bebbf19aa56c7087bf07be

SHA512
dab849d12bb4603ff39f18df7573ca61ec332fe0bfbf2339f7a3ead29f8a409c6602241f6125f4dbb7d9c0d99c6d3d7f68831faab6abe700b0cca689ddf8822f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000026

Filesize
52KB

MD5
881fb3fecd7d81b7bf5e2749ae35e24d

SHA1
9522b43547dfe136f9143bd37d6d5830ff97ad57

SHA256
f96eb4e2d39c49ace77a50d5e7b0804b35f320f95f88117600ccef12498bb5e4

SHA512
48726bef458d40136b0c8c9b1fe0765af42a1d4aad1a664f41a87409182b8e0f06cc963fdfe3ec1338e41b7e6313979345704a026e55c35aa8adfb586836e89c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000037

Filesize
27KB

MD5
7a08f106ea23acfd18e64bc2718f75ce

SHA1
8d3191f170c274fbf1413f52b7cd836f71378bbe

SHA256
58e12718b2768298d786ac7509deee5da283ac9b7312fd814c43366b25e3d195

SHA512
44f0afed49ffa38660e52d4518f671c495b14fe4d58dd43034f28d5458929cb9b793d69cd24e8d68bb2819b16ecb0fb45ee956c9119f3af4e22fcc182b9b43c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003f

Filesize
289KB

MD5
5c378b11848ac59704c2000b4e711c30

SHA1
6a46c53fd89b1f66d3fdab7653181e8a3e56d418

SHA256
bd764fe2f9734d5ac56933ce68df0a175bfa98dc0266ae3cd3a5c963267ea77e

SHA512
c6fe33ff3825e9018abea99ea49dc5221f2abd96bd1099def898425b82c05f9b9ca1aacaba0b7ffb7d09a7d097eae9937abdc13bbf3e7643e24e37edc7841c48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
f401eab4f8398970d9f6d05b0224f48b

SHA1
ec3dd00b4a4fc2e1b3966b681706f22c35ed8555

SHA256
0f2d27238e2dda3092216abdee6568409521323c9bb42eac2af55f32aab0ddeb

SHA512
b8eef864f939253e17c4e2c16dd92abe6b8886350cf60fdcffcd8f1fbcf5ed915e351a7b485c376ab6592c9f358e6b47c7fd677d3673b3b31cf532e720032a3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
2941a881a638dfc6ed46dcbe6f2575a4

SHA1
cdf7fd8594914b87090fbbab2e24bb8b22ac9dae

SHA256
fd051f15faee3f7b92756e0238d7c0a211f2db21d8fae9c335819ac2b5426025

SHA512
08d52beecbb683a92701fefe8a2ff9a224bc9a8d5be0e06191730bdac69f0b69e5e352236276c47c88dcd3e2eddad4e71d53f9b10c6e3377972937fb179a73c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
3bbe7cb2cd460116534e6f88ad3525dd

SHA1
2c05efdc2f17e78a4f92150fd27f3636685b5165

SHA256
8d14aaccb5ec35550e93df10e22251443f89afb3085b5c6bf06d72003c873d8e

SHA512
8f142df36a32994472ea0709213a7b90f7281f93a75b436f3208e88116dfcfeadfda68b7facb63607100cd3a2496b49685097b37c5d8adc9952c7f02d741938e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
a5908967edc49ad7c348cec668c7302f

SHA1
5556a7b62b8433a99acd1d6d692d7012a6f4a686

SHA256
70203aba6924b62324ec1e810904460231ef60c7b2b239b189576304c16bf703

SHA512
2b8d76546675af4a218bb3701b03f5bc507e6b4e15dd7efd1f1c62cc6ae246ddbc84963f3aa9f76187cb717963d19d154373a8f7e8c8275ddd17710ab59806fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
875B

MD5
b040a677bd21c91e7b9fdc5daa4e752f

SHA1
9b9835c3b87140fa594ac52d2a85d337bf15bf6f

SHA256
ed97f88fc44035bdac7e246ea49e44ce92ea4771a3a4682845ae8aa0e883c526

SHA512
e9c37ad660ac10d849e3cd7ad3b22cfcbbdb0e8bddc9a60df3e51ea287b38f210c343d4ad8d587cedacaf51f3d8f960ad2db98a0e6e3021fe20a104ceff24224

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
875B

MD5
3fb9b776ad42548926e7594867bc6b69

SHA1
0a6cbe9d9eba4b3210bcdcfa78ff35a46e33373f

SHA256
c23664ed1c4b167b9ce0cb2f2745daf9adf26f01ac806ec98ffea3564d3be37a

SHA512
00c181d831037a419a9873287074ab12cc51c397bcc7db580941c86fa1a56cd3099c0de8ffce7fee38796eb9d599099a455aedacd3b035e47a0a9df57277722e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
6711ee01cb2091cd6ed3b5c2eb29cb51

SHA1
d5f09a061c4ec0a7cf6a9944f06d5937eb5d0127

SHA256
0de1b75ef69caa0bad0e6f3692860f7d46d70025fcbd1347bfce5780b9d35887

SHA512
b1b9b4e6f4f7c9f23a2206bc7419e8676e662ded81405080633656be9d23b51c94895506917447fd7cb971f9c16cc2ddca71cf023fb59b402740ed3243347832

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
404258e031c6d427b7ca5afccce555f5

SHA1
9dcff14a684417ce22275424a07064de40488c82

SHA256
ab0fed404f19351d25a49496622f15ca5aefc4e2f52f55af674b0e6de5fad89c

SHA512
baa00616e68b5b475b15db0a6540d6d57bf0bd9b3af596ce7cc4e3f8a583ed9a5fb08175ed3666c947a4e0aa55b10607740669b93818b5116df3ee55f41c3a2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
bf835fd86b12284cdb79b7cfb84c2f4a

SHA1
0ea5d8a9f1c75bcea448f389bbaf27b730f90916

SHA256
c62ebc89f98d186445a34b3991533b9b03437ac564d84205f78cd5272902c1df

SHA512
ff8f5056cac1c0367be09b0032030d7c336ac91bb3e0aa1209bb1704f25acb47c7a7871a28d8fc65f427df3cdd04781940ae4c751339cf92493173e2f64fb47d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
9b587d1cec2d3ae48cfeadb3ba4f7122

SHA1
f8f4e5a19d76fc0e20c3070e63c4a8d672d80719

SHA256
7723497fd6192cc23ec8025373b24e931121848077b7fd43e31f8bb4668dd75a

SHA512
438fcb143662f212fe7c433dd8fc533568e74519767737f66873b86dc24533b7c3e6c1a025c7164b5d44d050622bf931ee4a9456d932b8b044c677854d7c42c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
71e75e30af74d95189b4a20fffb18a59

SHA1
6a85c026d60dd4e7321c08a13b34170c6ca867ca

SHA256
56ce6b30569f3c6fb1a44a6a9812597bf603a5cb42d5a0fd54700b7ca7324206

SHA512
164581fcc31bf2da80c036c70bec32e6c0cd516c1f4770b2bdd2c5c56b44aef44c4b0a9781b5270ffc411ae0fc65f366c0de123fa7e7790a13577a438ba2a1d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
117f5d1c8c3dbdddc46c7320526d82fb

SHA1
088de3c370de6041c493db10b3d2bbbe1d5ba4c7

SHA256
c8b0854aec514659a3b50f516670314b5593a05173a354f65f4660b4aa1335d4

SHA512
ecf4a046be68256471c5c50b49c83c26041f5e735aa991faffae14e2b41152b10070ed60e984776ee353ebaa6b483277104b20a979b5902db46ea7f6e232e01d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a4de17172bb085e12830a95204707cf7

SHA1
0b4b4085b4578b3679e5ed3819586b39dd8a310d

SHA256
bca4069de2b0f30339ae394d8b3ea07a856789f33fb1693da5cf243e8b49cc6e

SHA512
a75fb2740c29c6ba18a11a5f6ce36d1ba80fb9d3c3de07064f6dc6c97cd2656f1e6a14bd42c2dd1a9d849e8556bd11721adbf94d92374f14f0b3313e17496a1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2b0afa9ab453293b98908df0e4af8ddb

SHA1
b57d1bf168e23a51579ee14ff87762dec6c4256d

SHA256
0a84f69c8569be5cdaeec88f58420117228d41cca74d4cc8704c52933803ceef

SHA512
98a58f36a836cb7f2e733e782d119213ef549e66e5a5e7dc4cdacd5973821a980c554a7932b41149add272deb8024407bd5d1d15649a13300af4e49d33ecc0a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
113B

MD5
2b69816b3b36f37724ac0346622004c9

SHA1
83c5bff9a25a5ea9b6cd6631fa0e6005a8d1df59

SHA256
d6caf39c3f1a4024dd98abd1d69244148a71e3279954b004dbb8da95f403229f

SHA512
ab4ad075d25c7ecc59a58d4c8e251df8e78508b28791f5a3976cc05213bb401a543065c1e0a24261165a14fa73b35dbc496ca90d954c0bbd7458ba75972768e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe575fb4.TMP

Filesize
120B

MD5
477ee0dd86910258ade3b63f56f98be3

SHA1
f48f95226dbf0607440963aa555757fa8abcaffc

SHA256
09421d4f7280f7f7a281e47e4d3500189c6b111f2485decc9ef55be13f5f29b8

SHA512
4b897d39b66daf23d07cf8cd6d5ef87d1ac0192bf4a7ba9bd42c2104ecec32cbec73a7826ba7e4f022cdc5d8ff7987ad0d12f021807c61df7ffe2d80e7f76a2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
149KB

MD5
8452daff6c965aaef6fe889c934dc8da

SHA1
fb638a12a5d7f78c1a72fdbba92ad51d44942e40

SHA256
da784bb31a8533cbd990ac1c1f49ea8e4cb8da2c1ea621591eced38ed48ca5df

SHA512
b196845c497c065c3eeb8ded8361f5d6d812495061b58014f88bc8622236d6078eff26b250b70797444b6326a5b56ce1090c5583dc4a033aba2a4dea91368765

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
149KB

MD5
f2c207931bd88e59f29b4fcc7ccdf3ba

SHA1
0155e017559bf42a6d0d910082003cead4d813f1

SHA256
dff1bdfae8400b0e88faa35280f7401766a1955a4ee6973f9a1289ff12b2c58e

SHA512
cb5957edd4225f8a37d07553822291afd453ca9cbb3010a4cc909a54d22fd4ccdb922d4e0959228e071eb35963e01743ee01e3fe6a018a70970bebfc30720a3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
148KB

MD5
d0eb55b724f8def5a99e00332fcc801b

SHA1
f32b6ffbd9c61e1cbbaa901e072692cbea16efd4

SHA256
de43d956d83a13ff334ab3c871f1ea9438c61f9d4db85bfbbd76e5e22ca2d9c4

SHA512
ff36c5d1e42880f8789c0f8bd02eeb473e154ce5fc8c5de5a6e5abdde715b4ce66cd55a5c9cb8bc16bc134c49f313fe24a0b38c57753ef9a30e36a1f89a68746

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
99KB

MD5
556c6973c26849b8d560cbdbde4c640b

SHA1
e9618de12a080dfc7b2f7a1bacfaea166e1ddd58

SHA256
5878db136a6abef0859816c062d73332b68ce8ecca7721e6cbe2c77721efe851

SHA512
22a318b4a3114bd2316c2bf62c171c81a01f27711f3f47109a173cd658a9eb99318a72a97be7bdb622abbbc866296b5d3a57abbdbc367ea6af72432e41112a87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe575b6e.TMP

Filesize
92KB

MD5
4a4513fd7bedc70f02bf6dc40ba83a9f

SHA1
745e04b87fbcc2b9976979274d4d04d6a25007db

SHA256
0931e24f13cb577d947d9522a4fad27d6cb3eb2463668c25e0a3659e9188bb69

SHA512
5f07bf124e53f34bc60d0707e6e770d5b76a93cc3129fe760c1b8852d2e6ef775ccaab1ff34ee830e3e88d9c916e5ca4b70f4f9b437f4bac42879708ac17e149

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\Projects.json

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\Projects.json

Filesize
233B

MD5
5fe597750547ba9f7a8b8e9e27298fd5

SHA1
4790ca4f4f9642010fe45692cfee29b5a46a6b95

SHA256
26066d46dad9578f089e0eb0f9c0673e29962c848e4c24b958252b34cb456262

SHA512
2042f21d61a44ab74cc1edf31ec69a54d76da75cd76a1304afe3c37f0ec1dad467b991c5aed0fd3f64fa296cf48d374a783c2cfbc190a3e0e3936914a7558e9c

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\cloudCommunitySettings.json

Filesize
2KB

MD5
404a3ec24e3ebf45be65e77f75990825

SHA1
1e05647cf0a74cedfdeabfa3e8ee33b919780a61

SHA256
cc45905af3aaa62601a69c748a06a2fa48eca3b28d44d8ec18764a7e8e4c3da2

SHA512
a55382b72267375821b0a229d3529ed54cef0f295f550d1e95661bafccec606aa1cd72e059d37d78e7d2927ae72e2919941251d233152f5eeb32ffdfc96023e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z7EFFC908\Uninst.exe

Filesize
15KB

MD5
b0cec9f342bf95700b602ee376446577

SHA1
b955b1b64280bb0ea873538029cf5ea44081501b

SHA256
24a2472e3bd5016cb22ce14cefee112d5bc18354bf099e8e66ad9846aea15088

SHA512
05ebecfc8d3e2e7885d3cacc65bfd97db710c2cbc0fb76b19b7d6cc82b327b25df953a20affc8d84002167dd8ac7710622279d3579c6605e742a98fe7095aa4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\艀椗劔靀悄壺遫晇槦茲抢損紒絉鱞冤.exe

Filesize
289KB

MD5
5c378b11848ac59704c2000b4e711c30

SHA1
6a46c53fd89b1f66d3fdab7653181e8a3e56d418

SHA256
bd764fe2f9734d5ac56933ce68df0a175bfa98dc0266ae3cd3a5c963267ea77e

SHA512
c6fe33ff3825e9018abea99ea49dc5221f2abd96bd1099def898425b82c05f9b9ca1aacaba0b7ffb7d09a7d097eae9937abdc13bbf3e7643e24e37edc7841c48

Download Submit
C:\Users\Admin\AppData\Local\Temp\艀椗劔靀悄壺遫晇槦茲抢損紒絉鱞冤.exe

Filesize
289KB

MD5
5c378b11848ac59704c2000b4e711c30

SHA1
6a46c53fd89b1f66d3fdab7653181e8a3e56d418

SHA256
bd764fe2f9734d5ac56933ce68df0a175bfa98dc0266ae3cd3a5c963267ea77e

SHA512
c6fe33ff3825e9018abea99ea49dc5221f2abd96bd1099def898425b82c05f9b9ca1aacaba0b7ffb7d09a7d097eae9937abdc13bbf3e7643e24e37edc7841c48

Download Submit
C:\Users\Admin\AppData\Local\Temp\艀椗劔靀悄壺遫晇槦茲抢損紒絉鱞冤.txt

Filesize
260B

MD5
85b28acb825a8cf9be9da81a02ea2391

SHA1
e1d9f895f37bade054ff5a52bd148666254806f3

SHA256
060e2b2613bdae348d28f8ae2e27724a7702be7be90662b941cf0f5c0eefbe97

SHA512
be260feae32f3954812dc86cbabbd5d8287ed8206632913aea886dbc6b242138bf380a9f670c975d580ad705446a01c789f4e58c936bccd5dd7ff0ea6a86a168

Download Submit
C:\Users\Admin\Downloads\Monoxidex86.exe

Filesize
289KB

MD5
5c378b11848ac59704c2000b4e711c30

SHA1
6a46c53fd89b1f66d3fdab7653181e8a3e56d418

SHA256
bd764fe2f9734d5ac56933ce68df0a175bfa98dc0266ae3cd3a5c963267ea77e

SHA512
c6fe33ff3825e9018abea99ea49dc5221f2abd96bd1099def898425b82c05f9b9ca1aacaba0b7ffb7d09a7d097eae9937abdc13bbf3e7643e24e37edc7841c48

Download Submit
C:\Users\Admin\Downloads\Monoxidex86.exe

Filesize
289KB

MD5
5c378b11848ac59704c2000b4e711c30

SHA1
6a46c53fd89b1f66d3fdab7653181e8a3e56d418

SHA256
bd764fe2f9734d5ac56933ce68df0a175bfa98dc0266ae3cd3a5c963267ea77e

SHA512
c6fe33ff3825e9018abea99ea49dc5221f2abd96bd1099def898425b82c05f9b9ca1aacaba0b7ffb7d09a7d097eae9937abdc13bbf3e7643e24e37edc7841c48

Download Submit
memory/2744-762-0x00000288698C0000-0x00000288698D0000-memory.dmp

Filesize
64KB

Download
memory/2744-769-0x0000028872740000-0x0000028872741000-memory.dmp

Filesize
4KB

Download
memory/2744-771-0x00000288727C0000-0x00000288727C1000-memory.dmp

Filesize
4KB

Download
memory/2744-773-0x0000028872850000-0x0000028872851000-memory.dmp

Filesize
4KB

Download
memory/2744-774-0x0000028872860000-0x0000028872861000-memory.dmp

Filesize
4KB

Download
memory/2744-775-0x0000028872860000-0x0000028872861000-memory.dmp

Filesize
4KB

Download
memory/2744-758-0x0000028869880000-0x0000028869890000-memory.dmp

Filesize
64KB

Download