9d059fe6ada9d5860401ea028e40dbf231b9e41f3f88a7d0d04136214c596a96

Resubmissions

07/05/2023, 19:40

230507-ydqnfaff43 8

07/05/2023, 19:37

230507-yb1qmahd4y 8

07/05/2023, 19:33

230507-x919daff27 1

07/05/2023, 19:30

230507-x7y18sfe98 1

Analysis

max time kernel
103s
max time network
79s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
07/05/2023, 19:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

FREEEEEEE
Size

3KB
MD5

b67b3eaa163ae4edf089f487e40b351e
SHA1

c57eee377f00bcbaf84b2cc3102a725daadbf8c7
SHA256

9d059fe6ada9d5860401ea028e40dbf231b9e41f3f88a7d0d04136214c596a96
SHA512

c4f5af4346f87e6e3454b889e53fd0a7b54e2d3fdadc7a71ba9f50f4ac88c1aee6563a745282059a94218926b7861d8cd0f88ea30ef351b319fabd6d286bfb71

Score

8^/10

bootkit persistence

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 2 IoCs

pid	Process
2624	Monoxidex86.exe
4732	侎鱺纥濯嫎糮侴訒禼韰嵼鲞鷝羵桽腵.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000\Software\Microsoft\Windows\CurrentVersion\Run	chrome.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1067

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	侎鱺纥濯嫎糮侴訒禼韰嵼鲞鷝羵桽腵.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133279692491498045"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings	侎鱺纥濯嫎糮侴訒禼韰嵼鲞鷝羵桽腵.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4732	侎鱺纥濯嫎糮侴訒禼韰嵼鲞鷝羵桽腵.exe
4844	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4100 wrote to memory of 4488	4100	chrome.exe	69
PID 4100 wrote to memory of 4488	4100	chrome.exe	69
PID 4100 wrote to memory of 4664	4100	chrome.exe	72
PID 4100 wrote to memory of 4664	4100	chrome.exe	72
PID 4100 wrote to memory of 4664	4100	chrome.exe	72
PID 4100 wrote to memory of 4664	4100	chrome.exe	72
PID 4100 wrote to memory of 4664	4100	chrome.exe	72
PID 4100 wrote to memory of 4664	4100	chrome.exe	72
PID 4100 wrote to memory of 4664	4100	chrome.exe	72
PID 4100 wrote to memory of 4664	4100	chrome.exe	72
PID 4100 wrote to memory of 4664	4100	chrome.exe	72
PID 4100 wrote to memory of 4664	4100	chrome.exe	72
PID 4100 wrote to memory of 4664	4100	chrome.exe	72
PID 4100 wrote to memory of 4664	4100	chrome.exe	72
PID 4100 wrote to memory of 4664	4100	chrome.exe	72
PID 4100 wrote to memory of 4664	4100	chrome.exe	72
PID 4100 wrote to memory of 4664	4100	chrome.exe	72
PID 4100 wrote to memory of 4664	4100	chrome.exe	72
PID 4100 wrote to memory of 4664	4100	chrome.exe	72
PID 4100 wrote to memory of 4664	4100	chrome.exe	72
PID 4100 wrote to memory of 4664	4100	chrome.exe	72
PID 4100 wrote to memory of 4664	4100	chrome.exe	72
PID 4100 wrote to memory of 4664	4100	chrome.exe	72
PID 4100 wrote to memory of 4664	4100	chrome.exe	72
PID 4100 wrote to memory of 4664	4100	chrome.exe	72
PID 4100 wrote to memory of 4664	4100	chrome.exe	72
PID 4100 wrote to memory of 4664	4100	chrome.exe	72
PID 4100 wrote to memory of 4664	4100	chrome.exe	72
PID 4100 wrote to memory of 4664	4100	chrome.exe	72
PID 4100 wrote to memory of 4664	4100	chrome.exe	72
PID 4100 wrote to memory of 4664	4100	chrome.exe	72
PID 4100 wrote to memory of 4664	4100	chrome.exe	72
PID 4100 wrote to memory of 4664	4100	chrome.exe	72
PID 4100 wrote to memory of 4664	4100	chrome.exe	72
PID 4100 wrote to memory of 4664	4100	chrome.exe	72
PID 4100 wrote to memory of 4664	4100	chrome.exe	72
PID 4100 wrote to memory of 4664	4100	chrome.exe	72
PID 4100 wrote to memory of 4664	4100	chrome.exe	72
PID 4100 wrote to memory of 4664	4100	chrome.exe	72
PID 4100 wrote to memory of 4664	4100	chrome.exe	72
PID 4100 wrote to memory of 4260	4100	chrome.exe	71
PID 4100 wrote to memory of 4260	4100	chrome.exe	71
PID 4100 wrote to memory of 2804	4100	chrome.exe	73
PID 4100 wrote to memory of 2804	4100	chrome.exe	73
PID 4100 wrote to memory of 2804	4100	chrome.exe	73
PID 4100 wrote to memory of 2804	4100	chrome.exe	73
PID 4100 wrote to memory of 2804	4100	chrome.exe	73
PID 4100 wrote to memory of 2804	4100	chrome.exe	73
PID 4100 wrote to memory of 2804	4100	chrome.exe	73
PID 4100 wrote to memory of 2804	4100	chrome.exe	73
PID 4100 wrote to memory of 2804	4100	chrome.exe	73
PID 4100 wrote to memory of 2804	4100	chrome.exe	73
PID 4100 wrote to memory of 2804	4100	chrome.exe	73
PID 4100 wrote to memory of 2804	4100	chrome.exe	73
PID 4100 wrote to memory of 2804	4100	chrome.exe	73
PID 4100 wrote to memory of 2804	4100	chrome.exe	73
PID 4100 wrote to memory of 2804	4100	chrome.exe	73
PID 4100 wrote to memory of 2804	4100	chrome.exe	73
PID 4100 wrote to memory of 2804	4100	chrome.exe	73
PID 4100 wrote to memory of 2804	4100	chrome.exe	73
PID 4100 wrote to memory of 2804	4100	chrome.exe	73
PID 4100 wrote to memory of 2804	4100	chrome.exe	73
PID 4100 wrote to memory of 2804	4100	chrome.exe	73
PID 4100 wrote to memory of 2804	4100	chrome.exe	73

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\FREEEEEEE
1⤵
PID:4300

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffcf4809758,0x7ffcf4809768,0x7ffcf4809778
  2⤵
  PID:4488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1968 --field-trial-handle=1700,i,4753258440653197425,11854086816207644137,131072 /prefetch:8
  2⤵
  PID:4260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1620 --field-trial-handle=1700,i,4753258440653197425,11854086816207644137,131072 /prefetch:2
  2⤵
  PID:4664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1980 --field-trial-handle=1700,i,4753258440653197425,11854086816207644137,131072 /prefetch:8
  2⤵
  PID:2804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3012 --field-trial-handle=1700,i,4753258440653197425,11854086816207644137,131072 /prefetch:1
  2⤵
  PID:3512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3064 --field-trial-handle=1700,i,4753258440653197425,11854086816207644137,131072 /prefetch:1
  2⤵
  PID:3660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4432 --field-trial-handle=1700,i,4753258440653197425,11854086816207644137,131072 /prefetch:1
  2⤵
  PID:4764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4512 --field-trial-handle=1700,i,4753258440653197425,11854086816207644137,131072 /prefetch:8
  2⤵
  PID:4704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4688 --field-trial-handle=1700,i,4753258440653197425,11854086816207644137,131072 /prefetch:8
  2⤵
  PID:3188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4836 --field-trial-handle=1700,i,4753258440653197425,11854086816207644137,131072 /prefetch:8
  2⤵
  PID:4944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4680 --field-trial-handle=1700,i,4753258440653197425,11854086816207644137,131072 /prefetch:8
  2⤵
  PID:5064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5308 --field-trial-handle=1700,i,4753258440653197425,11854086816207644137,131072 /prefetch:8
  2⤵
  PID:412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5404 --field-trial-handle=1700,i,4753258440653197425,11854086816207644137,131072 /prefetch:1
  2⤵
  PID:4768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4512 --field-trial-handle=1700,i,4753258440653197425,11854086816207644137,131072 /prefetch:1
  2⤵
  PID:1608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5256 --field-trial-handle=1700,i,4753258440653197425,11854086816207644137,131072 /prefetch:8
  2⤵
  PID:348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4660 --field-trial-handle=1700,i,4753258440653197425,11854086816207644137,131072 /prefetch:1
  2⤵
  PID:1756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3764 --field-trial-handle=1700,i,4753258440653197425,11854086816207644137,131072 /prefetch:1
  2⤵
  PID:4608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5600 --field-trial-handle=1700,i,4753258440653197425,11854086816207644137,131072 /prefetch:1
  2⤵
  PID:3264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5872 --field-trial-handle=1700,i,4753258440653197425,11854086816207644137,131072 /prefetch:1
  2⤵
  PID:812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6016 --field-trial-handle=1700,i,4753258440653197425,11854086816207644137,131072 /prefetch:8
  2⤵
  PID:1724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4956 --field-trial-handle=1700,i,4753258440653197425,11854086816207644137,131072 /prefetch:8
  2⤵
  PID:1824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6108 --field-trial-handle=1700,i,4753258440653197425,11854086816207644137,131072 /prefetch:8
  2⤵
  PID:60
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5204 --field-trial-handle=1700,i,4753258440653197425,11854086816207644137,131072 /prefetch:1
  2⤵
  PID:4080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5360 --field-trial-handle=1700,i,4753258440653197425,11854086816207644137,131072 /prefetch:1
  2⤵
  PID:4668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=6184 --field-trial-handle=1700,i,4753258440653197425,11854086816207644137,131072 /prefetch:1
  2⤵
  PID:4932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=6468 --field-trial-handle=1700,i,4753258440653197425,11854086816207644137,131072 /prefetch:1
  2⤵
  PID:4704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=6200 --field-trial-handle=1700,i,4753258440653197425,11854086816207644137,131072 /prefetch:1
  2⤵
  PID:4832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5496 --field-trial-handle=1700,i,4753258440653197425,11854086816207644137,131072 /prefetch:8
  2⤵
  PID:2848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5432 --field-trial-handle=1700,i,4753258440653197425,11854086816207644137,131072 /prefetch:8
  2⤵
  PID:2976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2704 --field-trial-handle=1700,i,4753258440653197425,11854086816207644137,131072 /prefetch:8
  2⤵
  PID:2616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3268 --field-trial-handle=1700,i,4753258440653197425,11854086816207644137,131072 /prefetch:8
  2⤵
  PID:3884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2704 --field-trial-handle=1700,i,4753258440653197425,11854086816207644137,131072 /prefetch:8
  2⤵
  PID:3160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5736 --field-trial-handle=1700,i,4753258440653197425,11854086816207644137,131072 /prefetch:8
  2⤵
  PID:4984
- C:\Users\Admin\Downloads\Monoxidex86.exe
  "C:\Users\Admin\Downloads\Monoxidex86.exe"
  2⤵
  - Executes dropped EXE
  PID:2624
- - C:\Users\Admin\AppData\Local\Temp\侎鱺纥濯嫎糮侴訒禼韰嵼鲞鷝羵桽腵.exe
    "C:\Users\Admin\AppData\Local\Temp\侎鱺纥濯嫎糮侴訒禼韰嵼鲞鷝羵桽腵.exe"
    3⤵
    - Executes dropped EXE
    - Writes to the Master Boot Record (MBR)
    - Modifies registry class
    - Suspicious use of SetWindowsHookEx
    PID:4732
  - - C:\Windows\SysWOW64\NOTEPAD.EXE
      "C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\7-Zip\Lang\pl.txt
      4⤵
      PID:4836
  - - C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe
      "C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe"
      4⤵
      PID:4848
  - - C:\Program Files\Internet Explorer\ExtExport.exe
      "C:\Program Files\Internet Explorer\ExtExport.exe"
      4⤵
      PID:1180
  - - C:\Program Files\Java\jdk1.8.0_66\bin\idlj.exe
      "C:\Program Files\Java\jdk1.8.0_66\bin\idlj.exe"
      4⤵
      PID:4084
  - - C:\Program Files\Java\jdk1.8.0_66\bin\wsgen.exe
      "C:\Program Files\Java\jdk1.8.0_66\bin\wsgen.exe"
      4⤵
      PID:2008
  - - C:\Program Files\Java\jdk1.8.0_66\bin\unpack200.exe
      "C:\Program Files\Java\jdk1.8.0_66\bin\unpack200.exe"
      4⤵
      PID:404
  - - C:\Program Files\Java\jdk1.8.0_66\jre\bin\kinit.exe
      "C:\Program Files\Java\jdk1.8.0_66\jre\bin\kinit.exe"
      4⤵
      PID:1092
  - - C:\Windows\SysWOW64\NOTEPAD.EXE
      "C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt
      4⤵
      PID:4796
  - - C:\Windows\SysWOW64\NOTEPAD.EXE
      "C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_basestyle.css
      4⤵
      PID:2644
  - - C:\Program Files\Java\jre1.8.0_66\bin\tnameserv.exe
      "C:\Program Files\Java\jre1.8.0_66\bin\tnameserv.exe"
      4⤵
      PID:1620

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2912

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0xf8
1⤵
PID:4816

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4844

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2700

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4080

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2624

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1952

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4876

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4724

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3876

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4388

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4384

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1588

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:940

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2424

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4892

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3836

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
PID:3996

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
PID:2792

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1600

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3724

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:4960

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:4068

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:696

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:3536

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4080

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4360

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2164

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

T1067

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Web Service

T1102

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002a

Filesize
1024KB

MD5
b676bbfe8d3288ac81a85caea4e814ed

SHA1
e56492d86868914b4a5b66844092865bb668118a

SHA256
6eb0ef6f1a77c2dc72038ecb7508e9eb1b73e59e9a2bc2a394a5b3bb585e2286

SHA512
97cd4ee7de00eeb476a7470ca2c218d4ce953f73ce0f2af3c4f77f0143b59619736f952c3ecc648e366926878e54d3d7039c0acdefe42e6c01a3df50c1ed3009

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002e

Filesize
28KB

MD5
ea01650fe277a662fa711bff3d728ece

SHA1
e0377db116edfed741845e01998174da5040e78b

SHA256
fa78f44d1e5621a8d85ba33012031837f6c0dfe111c13ab93f8d447327c199cb

SHA512
5ab4e05327e3880d44fe97d6cf2f0781174bc010eab35bfca56c8e904a0d9ac5886a6635c2fd0ce6916692179346e78d79c9804c884ff72f97f6b0c215ff629b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
3f07b3b3247155004bed7a3f4ae07f55

SHA1
70c91555e2518ed0dcff140f43cd6ce1bff4d534

SHA256
eaef2fc8b9d0a36c3258c3c327271a68e286110078c675bfc14160d6abbb04fc

SHA512
a1ed5986ee16c5262aca09d557be6abc378028c61fd792902b7c804fae405bb0132645d570fccd55495f39d17f33b8927025437cfcdfd81c89950a7e2fc66658

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
0099c9e59a162c31c5e69c195a77e33d

SHA1
3dcc8f5d51a3f37fd1ce01b02dfea946cbac8557

SHA256
67854c1a23bb07a55db6ecb89dd4900e794430b4d1b831a51ba88291e1c09870

SHA512
3fb1c1132ace9db6cd53ce881beb736e0fe826899e9e374ac1b4ca534d98ae09645253a230a9ee1956cd7b9c10c849d4c7e775d0e44916684e7065283a4a2d7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
3cdb2d7cde2b61c5dcfedc9f53a82932

SHA1
48444a4d847ad8ae30027f3ae359a788ab5e459a

SHA256
01d331c870f66811ae971468216d80fa4b70c30e25a28a7d23ec3a17bab716eb

SHA512
b1cfb56241ffcc9dfe79106027c41e0857f7290da53df739e755576d67f04555eae88b2b5c7a41f8968889430ce10e83731882cedf5615c66e55f191784ddaf3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
dcf8fafae9fd74eba391e5e3587b5868

SHA1
9362487173f268b6bde83cb30f374809536e55b3

SHA256
cac0da559112e96151d79ef6a59768a69bd37ae611fabbfc647f111f70400979

SHA512
392e5c6be04892514f2406064ffc4fa8f87266badc7f7bc89060e34decf77f26eaf285b884a8990a0a11ffad36295c9d79f4ac55061d3e94690e0917bdb0005a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
17a6d4a98f80ae0e5b07d9917ef5c889

SHA1
0dcbeff8d47157824d840b24b378e8512ce32321

SHA256
015bb0908c202c590c948c4cfbb1439e8130aff2b3e63df90072de56074988ec

SHA512
b8552d2513f33745867ae0c7cea6c307effdd0ae7dbbb62b5efc7ef3af9e79ab6a4aa59b3f466c31e4853f421e2bf06140322133a40b723649f037d707e78fc8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
707B

MD5
cf666bf3c579e0277e90f1dc1e518505

SHA1
71d8c0dc3fd87e19e9fcb5a065501de5546711df

SHA256
0a5b510dcf0beb72a2093836dd4865d25593a64bd89052cf968f11c8ade37e07

SHA512
9314bc146b326971ee3c90b702ef4fd0ed966c53eff02724e7a7e196332b912556ebac32beeae69e81d000c1463d7a0714d4d42a96daa7055a4bc8482752f94d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
875B

MD5
032391cd0ee8c4f1ba8440036cc6300b

SHA1
0cdba1e3daf5450c3bba11c4ce88ae1c8f9389eb

SHA256
cee4e55ec1385a768b611cb831b3520fb5df920dbc2f2470ac28d17f4666e2f0

SHA512
083ebe89f67a579b9b8680d12908b039e772c484cfea05f30ddb951915f0728a0f1c75bf5e0aa1b72f0d453963aa64d5772f0f30fbdd2e97a6e0c2bb339992a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
697deb23ad48a5e933fe9fc2d48cb790

SHA1
7487b03854359128a16ed8626854a4f6ee9d3ee9

SHA256
02ba9ff9016873d424ff52e8476aa3dc22ec012986c68e0ce37f69f1edd25b45

SHA512
cbca21069481f535a1501efe56a6043f4256537539f825c34fdbc8168fe292c8283d6b41a0aae35d322ae4dd9d06563996c9466c9ef52662fa23871bed7718c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
707B

MD5
41a1f89307d2d5983e6a7506ad30db1a

SHA1
a64a94807e512d6aaf2c6cb50c6c5ae4f71adb55

SHA256
5e04de742e0def34c8a8bed2f4dd2643a088e267fc64613d184fbbab3d836462

SHA512
3144e15b74ef92b1bd3204bf24ca47c21d48d7a83402c91a82e0aacf453a209fa601f2b2aa50f37cc5811e999bd52f095ce0eaadcb24296541b4b68a3fe1da85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
bccffa9aea4ee87b77747123e18c3b3e

SHA1
e479cfe4801f2a14ec4724dc1e0dd58853d55378

SHA256
ea84c968b4b27f1894477b01fa9adedebe6f4ccfb3aa286aedcf20ca3dc59499

SHA512
2fe07b8169fe63c93db4c2b0a0409def48bffe3c9cd0d9cd1e9541519ff0d0431585a6008543293fe76809631000b7cdc970c0cb643290b00f9c56c45a06885d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
8426e02870eafa3dbd0fccb699cf3bb2

SHA1
a481851c34b7198d435b8728b5bd0b46950ef380

SHA256
810a3cf344e4de1ce7679d217f15d7c25794b570a210255d31cb6fd3c3e0da5a

SHA512
d938f07ab5478e402a87dae0212d2f1e8952ad7f789fe510d82478e68673d1e58a5dd8b98f55481fde674b3a276ade186acfef5eed20e03bf1764427671da40a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b951f41cc3d9cf1280f62846c112923f

SHA1
7d5229607ba86b9bc0b3b97c76a8a2c9c0dd7d3e

SHA256
3c2749b248c4268f6e9c13be4136cd7ac62d86207470c77c14253d88b6b17673

SHA512
2fc26f38783dd5caa4940626805171dbe1c2962442d2d3784425b8070bcd3e28a08428abc6c229de32673450ad459a9f44f7a2731aa0dbe4587241055997f77c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
c4237bed5fafc33007eb53382f3eaa8b

SHA1
0fd65086c279593611fcf38e5be302e9fbeb169f

SHA256
27b8eb5969962759a7c78cc418a8e16a9c63e2f5d878f2bc90f4a10034aed8df

SHA512
c5ee4a3ed5ec8846b7a1a62628d5e322bed8a9ce2e55bc83d7a8e60d13ffa9c4e5db35af9223a46720765b971c04bb33def252ba6a561b65b59e407e4374bc0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7d1f9be2a8c26fa84eee22d62ff48447

SHA1
2c84847ee63c309bb14451f2c0374eba8fd32bd0

SHA256
f8ef08f50a2c86a601df35af6e31e7213f82135f7dde018b559e8bcebf74b05e

SHA512
18d92c6c429a2e82dc96ed11878d19f96118144c80c572c3823899f13a73db99bc97047c6170dec4e8f79715539853ea31820c5921a934e53bf31effbd37c148

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
150KB

MD5
cdd5dbffd45577dc1c97543bf1a8c748

SHA1
b9b1490f195f3dc0a6440ebb0a6c39f094a18a29

SHA256
cadaf3cdc4a17e2abaf93c0d75a2b717e5b6148aab6e55ff9a496a6d0cf21167

SHA512
5424f7f1b4ebabe35403797c6bed9d2267f5cd728468ca52bd89925ed3a0210e45eb4e9016f91b1f363114e2260fec3a880a5febfb4b5d19dfea21cef3622f99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
160KB

MD5
d3898391e436e4a546754cf852f00aef

SHA1
dde2be15eee453ec668e2712a69a81a5a5aff185

SHA256
ba6f689cc74ba4d081cd1ab967d245c941efdd29ab06eaff5a351296b7897376

SHA512
f80ca6f0bb6e003a76951a36464fce998131509c69cb92ce9da72a4146685cad8a082b847ed90aab6411547246b95442185e8e26e75299c1e6b7adcb2464a06a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
150KB

MD5
53bf864571dec418b210ed0656864f9c

SHA1
c14023afcfda8d536b1a53bf81f17687784305a8

SHA256
04f74a830d9b7ac5906cd3c1131526ef44d8d8c3c30031adfa886c17c0914ec1

SHA512
0953983cc99e57658dfa4b541caa319bf1ecee0febfa74116360e95a5bc51184a83884b8db3827d65e787aa2fda0c45194d214f73f74b046bc92a5b58872420c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
150KB

MD5
7865877c73995e55735de5fd6f1f027b

SHA1
b4f0314222fdbee90f8ca72a98781b24553e0d0c

SHA256
f26882d66164d8954958e9e782e757449299fa7fd5226d9c681b1e8702734e8d

SHA512
a8543287b730c05d0d012e693b7fc2425878e738d3f5c5e8916b551f32ad1efc8b1338e0a9cd0c7ba0bf855603053e1a3c8d2c170d9239671fadd32c369ff7bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
72KB

MD5
56ee991ebeeec604daa2cc3fa4fffda6

SHA1
c4557085b1de23b33f512c05e98b81934ea807f4

SHA256
f60beed8c1778433b61c75d0045ef164d8121981e96fd4e3a0160d46124345ea

SHA512
f5a6e74266468632e580d69099b8d0f1ed1a64d35ffc4305237e5e88cc152f60b03a355207e47a1c3a03b723073f434ce2b9d09783711f4029103d366a4a3783

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!121\Microsoft\Windows\3720402701\2219095117.pri

Filesize
207KB

MD5
e2b88765ee31470114e866d939a8f2c6

SHA1
e0a53b8511186ff308a0507b6304fb16cabd4e1f

SHA256
523e419d2fa2e780239812d36caa37e92f8c3e6a5cd9f18f0d807c593effa45e

SHA512
462e8e6b4e63fc6781b6a9935b332a1dc77bfb88e1de49134f86fd46bd1598d2e842902dd9415a328e325bd7cdee766bd9473f2695acdfa769ffe7ba9ae1953d

Download Submit
C:\Users\Admin\AppData\Local\Temp\侎鱺纥濯嫎糮侴訒禼韰嵼鲞鷝羵桽腵.exe

Filesize
289KB

MD5
5c378b11848ac59704c2000b4e711c30

SHA1
6a46c53fd89b1f66d3fdab7653181e8a3e56d418

SHA256
bd764fe2f9734d5ac56933ce68df0a175bfa98dc0266ae3cd3a5c963267ea77e

SHA512
c6fe33ff3825e9018abea99ea49dc5221f2abd96bd1099def898425b82c05f9b9ca1aacaba0b7ffb7d09a7d097eae9937abdc13bbf3e7643e24e37edc7841c48

Download Submit
C:\Users\Admin\AppData\Local\Temp\侎鱺纥濯嫎糮侴訒禼韰嵼鲞鷝羵桽腵.exe

Filesize
289KB

MD5
5c378b11848ac59704c2000b4e711c30

SHA1
6a46c53fd89b1f66d3fdab7653181e8a3e56d418

SHA256
bd764fe2f9734d5ac56933ce68df0a175bfa98dc0266ae3cd3a5c963267ea77e

SHA512
c6fe33ff3825e9018abea99ea49dc5221f2abd96bd1099def898425b82c05f9b9ca1aacaba0b7ffb7d09a7d097eae9937abdc13bbf3e7643e24e37edc7841c48

Download Submit
C:\Users\Admin\AppData\Local\Temp\侎鱺纥濯嫎糮侴訒禼韰嵼鲞鷝羵桽腵.txt

Filesize
260B

MD5
85b28acb825a8cf9be9da81a02ea2391

SHA1
e1d9f895f37bade054ff5a52bd148666254806f3

SHA256
060e2b2613bdae348d28f8ae2e27724a7702be7be90662b941cf0f5c0eefbe97

SHA512
be260feae32f3954812dc86cbabbd5d8287ed8206632913aea886dbc6b242138bf380a9f670c975d580ad705446a01c789f4e58c936bccd5dd7ff0ea6a86a168

Download Submit
C:\Users\Admin\Downloads\Monoxidex86.exe

Filesize
289KB

MD5
5c378b11848ac59704c2000b4e711c30

SHA1
6a46c53fd89b1f66d3fdab7653181e8a3e56d418

SHA256
bd764fe2f9734d5ac56933ce68df0a175bfa98dc0266ae3cd3a5c963267ea77e

SHA512
c6fe33ff3825e9018abea99ea49dc5221f2abd96bd1099def898425b82c05f9b9ca1aacaba0b7ffb7d09a7d097eae9937abdc13bbf3e7643e24e37edc7841c48

Download Submit
C:\Users\Admin\Downloads\Monoxidex86.exe

Filesize
289KB

MD5
5c378b11848ac59704c2000b4e711c30

SHA1
6a46c53fd89b1f66d3fdab7653181e8a3e56d418

SHA256
bd764fe2f9734d5ac56933ce68df0a175bfa98dc0266ae3cd3a5c963267ea77e

SHA512
c6fe33ff3825e9018abea99ea49dc5221f2abd96bd1099def898425b82c05f9b9ca1aacaba0b7ffb7d09a7d097eae9937abdc13bbf3e7643e24e37edc7841c48

Download Submit
C:\Users\Admin\Downloads\Monoxidex86.exe

Filesize
289KB

MD5
5c378b11848ac59704c2000b4e711c30

SHA1
6a46c53fd89b1f66d3fdab7653181e8a3e56d418

SHA256
bd764fe2f9734d5ac56933ce68df0a175bfa98dc0266ae3cd3a5c963267ea77e

SHA512
c6fe33ff3825e9018abea99ea49dc5221f2abd96bd1099def898425b82c05f9b9ca1aacaba0b7ffb7d09a7d097eae9937abdc13bbf3e7643e24e37edc7841c48

Download Submit
memory/696-745-0x00000198C5C90000-0x00000198C5C92000-memory.dmp

Filesize
8KB

Download
memory/696-743-0x00000198C5BD0000-0x00000198C5BD2000-memory.dmp

Filesize
8KB

Download
memory/696-741-0x00000198C5BB0000-0x00000198C5BB2000-memory.dmp

Filesize
8KB

Download
memory/696-738-0x00000198C5B80000-0x00000198C5B82000-memory.dmp

Filesize
8KB

Download
memory/3996-721-0x0000015F5C8C0000-0x0000015F5C8C1000-memory.dmp

Filesize
4KB

Download
memory/3996-726-0x0000015F610F0000-0x0000015F610F2000-memory.dmp

Filesize
8KB

Download
memory/3996-725-0x0000015F610C0000-0x0000015F610C2000-memory.dmp

Filesize
8KB

Download
memory/3996-723-0x0000015F60F60000-0x0000015F60F62000-memory.dmp

Filesize
8KB

Download
memory/3996-700-0x0000015F5CE00000-0x0000015F5CE10000-memory.dmp

Filesize
64KB

Download
memory/3996-684-0x0000015F5C420000-0x0000015F5C430000-memory.dmp

Filesize
64KB

Download