d1a04a6016487394e7008f34048dfe19bc858bea238ec652a3e5432663bb3b5d

Analysis

max time kernel
380s
max time network
636s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
24-11-2023 12:19

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

ganttproject.log
Size

1KB
MD5

568509136a1703a4ccb8f174d6a03ff1
SHA1

62df611ea972b5e177996f6ee66aa40342169a63
SHA256

d1a04a6016487394e7008f34048dfe19bc858bea238ec652a3e5432663bb3b5d
SHA512

2d0ab1dac2573df856caba02373eb1f1926e3d017bdb906e04c7d2695b3ca08f72f5ba0c07a57f44ba62ab24fa5a499b626b63140b2e6df8635e65fea1f8af1a

Score

8^/10

bootkit persistence

Malware Config

Signatures

Downloads MZ/PE file
Executes dropped EXE 2 IoCs

Processes:

Monoxidex64.exe祭烘虮荺蘰龝捦芤奂碫戉嫫觴莙騗摬.exe

pid process

4624 Monoxidex64.exe
4012 祭烘虮荺蘰龝捦芤奂碫戉嫫觴莙騗摬.exe
Enumerates connected drives 3 TTPs 1 IoCs
Attempts to read the root path of hard drives other than the default C: drive.

Query Registry
T1012

Peripheral Device Discovery
T1120

System Information Discovery
T1082

Processes:

祭烘虮荺蘰龝捦芤奂碫戉嫫觴莙騗摬.exe

description ioc process

File opened (read-only) \??\F: 祭烘虮荺蘰龝捦芤奂碫戉嫫觴莙騗摬.exe
Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1542.003

Processes:

祭烘虮荺蘰龝捦芤奂碫戉嫫觴莙騗摬.exe

description ioc process

File opened for modification \??\PhysicalDrive0 祭烘虮荺蘰龝捦芤奂碫戉嫫觴莙騗摬.exe

pid	process
4624	Monoxidex64.exe
4012	祭烘虮荺蘰龝捦芤奂碫戉嫫觴莙騗摬.exe

description	ioc	process
File opened (read-only)	\??\F:	祭烘虮荺蘰龝捦芤奂碫戉嫫觴莙騗摬.exe

description	ioc	process
File opened for modification	\??\PhysicalDrive0	祭烘虮荺蘰龝捦芤奂碫戉嫫觴莙騗摬.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133453022975923233"	chrome.exe

Modifies registry class 1 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2231940048-779848787-2990559741-1000\{EF7BDCAB-18B4-4760-822C-7F5254ACD378}	chrome.exe

Opens file in notepad (likely ransom note) 1 IoCs
ransomware

Processes:

NOTEPAD.EXE

pid process

3772 NOTEPAD.EXE
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

3776 chrome.exe
3776 chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

Processes:

chrome.exe

pid	process
3776	chrome.exe
3776	chrome.exe
3776	chrome.exe
3776	chrome.exe
3776	chrome.exe
3776	chrome.exe
3776	chrome.exe
3776	chrome.exe
3776	chrome.exe
3776	chrome.exe
3776	chrome.exe
3776	chrome.exe
3776	chrome.exe
3776	chrome.exe
3776	chrome.exe
3776	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exeAUDIODG.EXE

description	pid	process
Token: SeShutdownPrivilege	3776	chrome.exe
Token: SeCreatePagefilePrivilege	3776	chrome.exe
Token: SeShutdownPrivilege	3776	chrome.exe
Token: SeCreatePagefilePrivilege	3776	chrome.exe
Token: SeShutdownPrivilege	3776	chrome.exe
Token: SeCreatePagefilePrivilege	3776	chrome.exe
Token: SeShutdownPrivilege	3776	chrome.exe
Token: SeCreatePagefilePrivilege	3776	chrome.exe
Token: SeShutdownPrivilege	3776	chrome.exe
Token: SeCreatePagefilePrivilege	3776	chrome.exe
Token: SeShutdownPrivilege	3776	chrome.exe
Token: SeCreatePagefilePrivilege	3776	chrome.exe
Token: SeShutdownPrivilege	3776	chrome.exe
Token: SeCreatePagefilePrivilege	3776	chrome.exe
Token: SeShutdownPrivilege	3776	chrome.exe
Token: SeCreatePagefilePrivilege	3776	chrome.exe
Token: SeShutdownPrivilege	3776	chrome.exe
Token: SeCreatePagefilePrivilege	3776	chrome.exe
Token: SeShutdownPrivilege	3776	chrome.exe
Token: SeCreatePagefilePrivilege	3776	chrome.exe
Token: SeShutdownPrivilege	3776	chrome.exe
Token: SeCreatePagefilePrivilege	3776	chrome.exe
Token: SeShutdownPrivilege	3776	chrome.exe
Token: SeCreatePagefilePrivilege	3776	chrome.exe
Token: SeShutdownPrivilege	3776	chrome.exe
Token: SeCreatePagefilePrivilege	3776	chrome.exe
Token: SeShutdownPrivilege	3776	chrome.exe
Token: SeCreatePagefilePrivilege	3776	chrome.exe
Token: SeShutdownPrivilege	3776	chrome.exe
Token: SeCreatePagefilePrivilege	3776	chrome.exe
Token: SeShutdownPrivilege	3776	chrome.exe
Token: SeCreatePagefilePrivilege	3776	chrome.exe
Token: SeShutdownPrivilege	3776	chrome.exe
Token: SeCreatePagefilePrivilege	3776	chrome.exe
Token: SeShutdownPrivilege	3776	chrome.exe
Token: SeCreatePagefilePrivilege	3776	chrome.exe
Token: SeShutdownPrivilege	3776	chrome.exe
Token: SeCreatePagefilePrivilege	3776	chrome.exe
Token: SeShutdownPrivilege	3776	chrome.exe
Token: SeCreatePagefilePrivilege	3776	chrome.exe
Token: SeShutdownPrivilege	3776	chrome.exe
Token: SeCreatePagefilePrivilege	3776	chrome.exe
Token: SeShutdownPrivilege	3776	chrome.exe
Token: SeCreatePagefilePrivilege	3776	chrome.exe
Token: SeShutdownPrivilege	3776	chrome.exe
Token: SeCreatePagefilePrivilege	3776	chrome.exe
Token: SeShutdownPrivilege	3776	chrome.exe
Token: SeCreatePagefilePrivilege	3776	chrome.exe
Token: SeShutdownPrivilege	3776	chrome.exe
Token: SeCreatePagefilePrivilege	3776	chrome.exe
Token: SeShutdownPrivilege	3776	chrome.exe
Token: SeCreatePagefilePrivilege	3776	chrome.exe
Token: SeShutdownPrivilege	3776	chrome.exe
Token: SeCreatePagefilePrivilege	3776	chrome.exe
Token: SeShutdownPrivilege	3776	chrome.exe
Token: SeCreatePagefilePrivilege	3776	chrome.exe
Token: SeShutdownPrivilege	3776	chrome.exe
Token: SeCreatePagefilePrivilege	3776	chrome.exe
Token: 33	3716	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3716	AUDIODG.EXE
Token: SeShutdownPrivilege	3776	chrome.exe
Token: SeCreatePagefilePrivilege	3776	chrome.exe
Token: SeShutdownPrivilege	3776	chrome.exe
Token: SeCreatePagefilePrivilege	3776	chrome.exe

Suspicious use of FindShellTrayWindow 36 IoCs

Processes:

NOTEPAD.EXEchrome.exe

pid	process
3772	NOTEPAD.EXE
3776	chrome.exe
3776	chrome.exe
3776	chrome.exe
3776	chrome.exe
3776	chrome.exe
3776	chrome.exe
3776	chrome.exe
3776	chrome.exe
3776	chrome.exe
3776	chrome.exe
3776	chrome.exe
3776	chrome.exe
3776	chrome.exe
3776	chrome.exe
3776	chrome.exe
3776	chrome.exe
3776	chrome.exe
3776	chrome.exe
3776	chrome.exe
3776	chrome.exe
3776	chrome.exe
3776	chrome.exe
3776	chrome.exe
3776	chrome.exe
3776	chrome.exe
3776	chrome.exe
3776	chrome.exe
3776	chrome.exe
3776	chrome.exe
3776	chrome.exe
3776	chrome.exe
3776	chrome.exe
3776	chrome.exe
3776	chrome.exe
3776	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
3776	chrome.exe
3776	chrome.exe
3776	chrome.exe
3776	chrome.exe
3776	chrome.exe
3776	chrome.exe
3776	chrome.exe
3776	chrome.exe
3776	chrome.exe
3776	chrome.exe
3776	chrome.exe
3776	chrome.exe
3776	chrome.exe
3776	chrome.exe
3776	chrome.exe
3776	chrome.exe
3776	chrome.exe
3776	chrome.exe
3776	chrome.exe
3776	chrome.exe
3776	chrome.exe
3776	chrome.exe
3776	chrome.exe
3776	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

祭烘虮荺蘰龝捦芤奂碫戉嫫觴莙騗摬.exe

pid process

4012 祭烘虮荺蘰龝捦芤奂碫戉嫫觴莙騗摬.exe

pid	process
4012	祭烘虮荺蘰龝捦芤奂碫戉嫫觴莙騗摬.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 3776 wrote to memory of 3536	3776	chrome.exe	chrome.exe
PID 3776 wrote to memory of 3536	3776	chrome.exe	chrome.exe
PID 3776 wrote to memory of 760	3776	chrome.exe	chrome.exe
PID 3776 wrote to memory of 760	3776	chrome.exe	chrome.exe
PID 3776 wrote to memory of 760	3776	chrome.exe	chrome.exe
PID 3776 wrote to memory of 760	3776	chrome.exe	chrome.exe
PID 3776 wrote to memory of 760	3776	chrome.exe	chrome.exe
PID 3776 wrote to memory of 760	3776	chrome.exe	chrome.exe
PID 3776 wrote to memory of 760	3776	chrome.exe	chrome.exe
PID 3776 wrote to memory of 760	3776	chrome.exe	chrome.exe
PID 3776 wrote to memory of 760	3776	chrome.exe	chrome.exe
PID 3776 wrote to memory of 760	3776	chrome.exe	chrome.exe
PID 3776 wrote to memory of 760	3776	chrome.exe	chrome.exe
PID 3776 wrote to memory of 760	3776	chrome.exe	chrome.exe
PID 3776 wrote to memory of 760	3776	chrome.exe	chrome.exe
PID 3776 wrote to memory of 760	3776	chrome.exe	chrome.exe
PID 3776 wrote to memory of 760	3776	chrome.exe	chrome.exe
PID 3776 wrote to memory of 760	3776	chrome.exe	chrome.exe
PID 3776 wrote to memory of 760	3776	chrome.exe	chrome.exe
PID 3776 wrote to memory of 760	3776	chrome.exe	chrome.exe
PID 3776 wrote to memory of 760	3776	chrome.exe	chrome.exe
PID 3776 wrote to memory of 760	3776	chrome.exe	chrome.exe
PID 3776 wrote to memory of 760	3776	chrome.exe	chrome.exe
PID 3776 wrote to memory of 760	3776	chrome.exe	chrome.exe
PID 3776 wrote to memory of 760	3776	chrome.exe	chrome.exe
PID 3776 wrote to memory of 760	3776	chrome.exe	chrome.exe
PID 3776 wrote to memory of 760	3776	chrome.exe	chrome.exe
PID 3776 wrote to memory of 760	3776	chrome.exe	chrome.exe
PID 3776 wrote to memory of 760	3776	chrome.exe	chrome.exe
PID 3776 wrote to memory of 760	3776	chrome.exe	chrome.exe
PID 3776 wrote to memory of 760	3776	chrome.exe	chrome.exe
PID 3776 wrote to memory of 760	3776	chrome.exe	chrome.exe
PID 3776 wrote to memory of 760	3776	chrome.exe	chrome.exe
PID 3776 wrote to memory of 760	3776	chrome.exe	chrome.exe
PID 3776 wrote to memory of 760	3776	chrome.exe	chrome.exe
PID 3776 wrote to memory of 760	3776	chrome.exe	chrome.exe
PID 3776 wrote to memory of 760	3776	chrome.exe	chrome.exe
PID 3776 wrote to memory of 760	3776	chrome.exe	chrome.exe
PID 3776 wrote to memory of 760	3776	chrome.exe	chrome.exe
PID 3776 wrote to memory of 760	3776	chrome.exe	chrome.exe
PID 3776 wrote to memory of 2836	3776	chrome.exe	chrome.exe
PID 3776 wrote to memory of 2836	3776	chrome.exe	chrome.exe
PID 3776 wrote to memory of 4944	3776	chrome.exe	chrome.exe
PID 3776 wrote to memory of 4944	3776	chrome.exe	chrome.exe
PID 3776 wrote to memory of 4944	3776	chrome.exe	chrome.exe
PID 3776 wrote to memory of 4944	3776	chrome.exe	chrome.exe
PID 3776 wrote to memory of 4944	3776	chrome.exe	chrome.exe
PID 3776 wrote to memory of 4944	3776	chrome.exe	chrome.exe
PID 3776 wrote to memory of 4944	3776	chrome.exe	chrome.exe
PID 3776 wrote to memory of 4944	3776	chrome.exe	chrome.exe
PID 3776 wrote to memory of 4944	3776	chrome.exe	chrome.exe
PID 3776 wrote to memory of 4944	3776	chrome.exe	chrome.exe
PID 3776 wrote to memory of 4944	3776	chrome.exe	chrome.exe
PID 3776 wrote to memory of 4944	3776	chrome.exe	chrome.exe
PID 3776 wrote to memory of 4944	3776	chrome.exe	chrome.exe
PID 3776 wrote to memory of 4944	3776	chrome.exe	chrome.exe
PID 3776 wrote to memory of 4944	3776	chrome.exe	chrome.exe
PID 3776 wrote to memory of 4944	3776	chrome.exe	chrome.exe
PID 3776 wrote to memory of 4944	3776	chrome.exe	chrome.exe
PID 3776 wrote to memory of 4944	3776	chrome.exe	chrome.exe
PID 3776 wrote to memory of 4944	3776	chrome.exe	chrome.exe
PID 3776 wrote to memory of 4944	3776	chrome.exe	chrome.exe
PID 3776 wrote to memory of 4944	3776	chrome.exe	chrome.exe
PID 3776 wrote to memory of 4944	3776	chrome.exe	chrome.exe

C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\ganttproject.log
1⤵
- Opens file in notepad (likely ransom note)
- Suspicious use of FindShellTrayWindow
PID:3772

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3776

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff867e89758,0x7ff867e89768,0x7ff867e89778
2⤵
PID:3536

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1756 --field-trial-handle=1868,i,13960714739763561268,14551124606231412387,131072 /prefetch:2
2⤵
PID:760

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 --field-trial-handle=1868,i,13960714739763561268,14551124606231412387,131072 /prefetch:8
2⤵
PID:2836

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2284 --field-trial-handle=1868,i,13960714739763561268,14551124606231412387,131072 /prefetch:8
2⤵
PID:4944

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3224 --field-trial-handle=1868,i,13960714739763561268,14551124606231412387,131072 /prefetch:1
2⤵
PID:4788

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3232 --field-trial-handle=1868,i,13960714739763561268,14551124606231412387,131072 /prefetch:1
2⤵
PID:856

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4672 --field-trial-handle=1868,i,13960714739763561268,14551124606231412387,131072 /prefetch:1
2⤵
PID:1088

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4852 --field-trial-handle=1868,i,13960714739763561268,14551124606231412387,131072 /prefetch:8
2⤵
PID:1956

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4828 --field-trial-handle=1868,i,13960714739763561268,14551124606231412387,131072 /prefetch:8
2⤵
PID:1672

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5424 --field-trial-handle=1868,i,13960714739763561268,14551124606231412387,131072 /prefetch:8
2⤵
PID:1480

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5060 --field-trial-handle=1868,i,13960714739763561268,14551124606231412387,131072 /prefetch:8
2⤵
PID:2584

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4980 --field-trial-handle=1868,i,13960714739763561268,14551124606231412387,131072 /prefetch:1
2⤵
PID:436

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3920 --field-trial-handle=1868,i,13960714739763561268,14551124606231412387,131072 /prefetch:1
2⤵
PID:1976

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5860 --field-trial-handle=1868,i,13960714739763561268,14551124606231412387,131072 /prefetch:1
2⤵
PID:2260

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5488 --field-trial-handle=1868,i,13960714739763561268,14551124606231412387,131072 /prefetch:1
2⤵
PID:648

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5960 --field-trial-handle=1868,i,13960714739763561268,14551124606231412387,131072 /prefetch:1
2⤵
PID:5056

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4876 --field-trial-handle=1868,i,13960714739763561268,14551124606231412387,131072 /prefetch:1
2⤵
PID:2912

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=6176 --field-trial-handle=1868,i,13960714739763561268,14551124606231412387,131072 /prefetch:1
2⤵
PID:4228

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=6228 --field-trial-handle=1868,i,13960714739763561268,14551124606231412387,131072 /prefetch:1
2⤵
PID:3092

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=6108 --field-trial-handle=1868,i,13960714739763561268,14551124606231412387,131072 /prefetch:1
2⤵
PID:2160

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4876 --field-trial-handle=1868,i,13960714739763561268,14551124606231412387,131072 /prefetch:1
2⤵
PID:920

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5532 --field-trial-handle=1868,i,13960714739763561268,14551124606231412387,131072 /prefetch:1
2⤵
PID:1612

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4772 --field-trial-handle=1868,i,13960714739763561268,14551124606231412387,131072 /prefetch:8
2⤵
- Modifies registry class
PID:1456

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6116 --field-trial-handle=1868,i,13960714739763561268,14551124606231412387,131072 /prefetch:8
2⤵
PID:1772

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=6164 --field-trial-handle=1868,i,13960714739763561268,14551124606231412387,131072 /prefetch:1
2⤵
PID:3772

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1640 --field-trial-handle=1868,i,13960714739763561268,14551124606231412387,131072 /prefetch:8
2⤵
PID:1088

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=3236 --field-trial-handle=1868,i,13960714739763561268,14551124606231412387,131072 /prefetch:1
2⤵
PID:3028

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6796 --field-trial-handle=1868,i,13960714739763561268,14551124606231412387,131072 /prefetch:8
2⤵
PID:3264

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4904 --field-trial-handle=1868,i,13960714739763561268,14551124606231412387,131072 /prefetch:8
2⤵
PID:3376

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7252 --field-trial-handle=1868,i,13960714739763561268,14551124606231412387,131072 /prefetch:8
2⤵
PID:3472

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6888 --field-trial-handle=1868,i,13960714739763561268,14551124606231412387,131072 /prefetch:8
2⤵
PID:2968

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6860 --field-trial-handle=1868,i,13960714739763561268,14551124606231412387,131072 /prefetch:8
2⤵
PID:2224

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5464 --field-trial-handle=1868,i,13960714739763561268,14551124606231412387,131072 /prefetch:8
2⤵
PID:4816

C:\Users\Admin\Downloads\Monoxidex64.exe
"C:\Users\Admin\Downloads\Monoxidex64.exe"
2⤵
- Executes dropped EXE
PID:4624

C:\Users\Admin\AppData\Local\Temp\祭烘虮荺蘰龝捦芤奂碫戉嫫觴莙騗摬.exe
"C:\Users\Admin\AppData\Local\Temp\祭烘虮荺蘰龝捦芤奂碫戉嫫觴莙騗摬.exe"
3⤵
- Executes dropped EXE
- Enumerates connected drives
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetWindowsHookEx
PID:4012

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\ConfirmRepair.mp3"
4⤵
PID:5068

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\ConfirmRepair.mp3"
4⤵
PID:1488

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\7-Zip\Lang\ast.txt
4⤵
PID:4408

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\7-Zip\Lang\co.txt
4⤵
PID:5052

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\7-Zip\Lang\kaa.txt
4⤵
PID:4848

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\7-Zip\Lang\kab.txt
4⤵
PID:4464

C:\Program Files\Internet Explorer\IEXPLORE.EXE
"IEXPLORE.EXE" "C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pkeyconfig-office.xrm-ms"
4⤵
PID:4636

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4636 CREDAT:17410 /prefetch:2
5⤵
PID:3528

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4636 CREDAT:17414 /prefetch:2
5⤵
PID:3468

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4636 CREDAT:17416 /prefetch:2
5⤵
PID:1444

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4636 CREDAT:82954 /prefetch:2
5⤵
PID:2788

C:\Program Files\Internet Explorer\ieinstal.exe
"C:\Program Files\Internet Explorer\ieinstal.exe"
4⤵
PID:4356

C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe
"C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe"
4⤵
PID:3740

C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe
"C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe"
4⤵
PID:4640

C:\Program Files\Java\jre-1.8\bin\orbd.exe
"C:\Program Files\Java\jre-1.8\bin\orbd.exe"
4⤵
PID:3516

C:\Program Files\Internet Explorer\IEXPLORE.EXE
"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\AccessR_OEM_Perp-ul-oob.xrm-ms"
4⤵
PID:2036

C:\Program Files\Internet Explorer\IEXPLORE.EXE
"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019DemoR_BypassTrial180-ppd.xrm-ms"
4⤵
PID:1668

C:\Program Files\Internet Explorer\IEXPLORE.EXE
"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp2-pl.xrm-ms"
4⤵
PID:1112

C:\Program Files\Internet Explorer\IEXPLORE.EXE
"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Trial-pl.xrm-ms"
4⤵
PID:992

C:\Program Files\Internet Explorer\IEXPLORE.EXE
"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_OEM_Perp-pl.xrm-ms"
4⤵
PID:4480

C:\Program Files\Internet Explorer\IEXPLORE.EXE
"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp2-ppd.xrm-ms"
4⤵
PID:3572

C:\Program Files\Internet Explorer\IEXPLORE.EXE
"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail2-ul-oob.xrm-ms"
4⤵
PID:4348

C:\Program Files\Internet Explorer\IEXPLORE.EXE
"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Grace-ul-oob.xrm-ms"
4⤵
PID:1488

C:\Program Files\Internet Explorer\IEXPLORE.EXE
"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\MondoR_KMS_Automation-ul-oob.xrm-ms"
4⤵
PID:3564

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3564 CREDAT:17410 /prefetch:2
5⤵
PID:4108

C:\Program Files\Internet Explorer\IEXPLORE.EXE
"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\MondoR_OEM_Perp-ul-oob.xrm-ms"
4⤵
PID:3376

C:\Program Files\Internet Explorer\IEXPLORE.EXE
"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_MAK-ul-phn.xrm-ms"
4⤵
PID:3040

C:\Program Files\Internet Explorer\IEXPLORE.EXE
"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Grace-ppd.xrm-ms"
4⤵
PID:1948

C:\Program Files\Internet Explorer\IEXPLORE.EXE
"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Subscription-ul-oob.xrm-ms"
4⤵
PID:2528

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2528 CREDAT:17410 /prefetch:2
5⤵
PID:940

C:\Program Files\Internet Explorer\IEXPLORE.EXE
"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTest-pl.xrm-ms"
4⤵
PID:5108

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5108 CREDAT:17410 /prefetch:2
5⤵
PID:3100

C:\Program Files\Internet Explorer\IEXPLORE.EXE
"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremDemoR_BypassTrial365-ul-oob.xrm-ms"
4⤵
PID:1836

C:\Program Files\Internet Explorer\IEXPLORE.EXE
"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription4-ppd.xrm-ms"
4⤵
PID:4116

C:\Program Files\Internet Explorer\IEXPLORE.EXE
"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial5-ul-oob.xrm-ms"
4⤵
PID:4596

C:\Program Files\Internet Explorer\IEXPLORE.EXE
"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial2-ul-oob.xrm-ms"
4⤵
PID:3168

C:\Program Files\Internet Explorer\IEXPLORE.EXE
"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription2-pl.xrm-ms"
4⤵
PID:2376

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2376 CREDAT:17410 /prefetch:2
5⤵
PID:2060

C:\Program Files\Internet Explorer\IEXPLORE.EXE
"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial4-ppd.xrm-ms"
4⤵
PID:4564

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4564 CREDAT:17410 /prefetch:2
5⤵
PID:4788

C:\Program Files\Internet Explorer\IEXPLORE.EXE
"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Trial-ul-oob.xrm-ms"
4⤵
PID:4052

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4052 CREDAT:17410 /prefetch:2
5⤵
PID:4924

C:\Program Files\Internet Explorer\IEXPLORE.EXE
"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_MAK-ul-oob.xrm-ms"
4⤵
PID:2308

C:\Program Files\Internet Explorer\IEXPLORE.EXE
"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_OEM_Perp-ul-oob.xrm-ms"
4⤵
PID:2448

C:\Program Files\Internet Explorer\IEXPLORE.EXE
"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Grace-ul-oob.xrm-ms"
4⤵
PID:2792

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2792 CREDAT:17410 /prefetch:2
5⤵
PID:2200

C:\Program Files\Internet Explorer\IEXPLORE.EXE
"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\PersonalDemoR_BypassTrial180-ppd.xrm-ms"
4⤵
PID:4632

C:\Program Files\Internet Explorer\IEXPLORE.EXE
"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Retail-ul-oob.xrm-ms"
4⤵
PID:4932

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4932 CREDAT:17410 /prefetch:2
5⤵
PID:5352

C:\Program Files\Internet Explorer\IEXPLORE.EXE
"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalDemoR_BypassTrial180-ul-oob.xrm-ms"
4⤵
PID:5208

C:\Program Files\Internet Explorer\IEXPLORE.EXE
"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Retail-ul-oob.xrm-ms"
4⤵
PID:5244

C:\Program Files\Internet Explorer\IEXPLORE.EXE
"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Trial-pl.xrm-ms"
4⤵
PID:5300

C:\Program Files\Internet Explorer\IEXPLORE.EXE
"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_KMS_Client-ul.xrm-ms"
4⤵
PID:5336

C:\Program Files\Internet Explorer\IEXPLORE.EXE
"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Retail-ul-phn.xrm-ms"
4⤵
PID:5384

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5384 CREDAT:17410 /prefetch:2
5⤵
PID:5728

C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe C:\Windows\system32\inetcpl.cpl,ClearMyTracksByProcess Flags:276824072 WinX:0 WinY:0 IEFrame:0000000000000000
5⤵
PID:7160

C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe C:\Windows\system32\inetcpl.cpl,ClearMyTracksByProcess Flags:276824072 WinX:0 WinY:0 IEFrame:0000000000000000
5⤵
PID:7124

C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe C:\Windows\system32\inetcpl.cpl,ClearMyTracksByProcess Flags:8388616 WinX:0 WinY:0 IEFrame:0000000000000000
5⤵
PID:7100

C:\Program Files\Internet Explorer\IEXPLORE.EXE
"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Grace-ppd.xrm-ms"
4⤵
PID:5480

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5480 CREDAT:17410 /prefetch:2
5⤵
PID:5936

C:\Program Files\Internet Explorer\IEXPLORE.EXE
"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_KMS_ClientC2R-ppd.xrm-ms"
4⤵
PID:5600

C:\Program Files\Internet Explorer\IEXPLORE.EXE
"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019MSDNR_Retail-pl.xrm-ms"
4⤵
PID:5700

C:\Program Files\Internet Explorer\IEXPLORE.EXE
"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp-ul-oob.xrm-ms"
4⤵
PID:5772

C:\Program Files\Internet Explorer\IEXPLORE.EXE
"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp3-pl.xrm-ms"
4⤵
PID:5856

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5856 CREDAT:17410 /prefetch:2
5⤵
PID:4220

C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe C:\Windows\system32\inetcpl.cpl,ClearMyTracksByProcess Flags:8388616 WinX:0 WinY:0 IEFrame:0000000000000000
5⤵
PID:3444

C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe C:\Windows\system32\inetcpl.cpl,ClearMyTracksByProcess Flags:276824072 WinX:0 WinY:0 IEFrame:0000000000000000
5⤵
PID:4248

C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe C:\Windows\system32\inetcpl.cpl,ClearMyTracksByProcess Flags:276824072 WinX:0 WinY:0 IEFrame:0000000000000000
5⤵
PID:3900

C:\Program Files\Internet Explorer\IEXPLORE.EXE
"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp4-ul-oob.xrm-ms"
4⤵
PID:5988

C:\Program Files\Internet Explorer\IEXPLORE.EXE
"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_KMS_Client-ppd.xrm-ms"
4⤵
PID:6036

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:6036 CREDAT:17410 /prefetch:2
5⤵
PID:1636

C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe C:\Windows\system32\inetcpl.cpl,ClearMyTracksByProcess Flags:276824072 WinX:0 WinY:0 IEFrame:0000000000000000
5⤵
PID:4184

C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe C:\Windows\system32\inetcpl.cpl,ClearMyTracksByProcess Flags:276824072 WinX:0 WinY:0 IEFrame:0000000000000000
5⤵
PID:6224

C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe C:\Windows\system32\inetcpl.cpl,ClearMyTracksByProcess Flags:8388616 WinX:0 WinY:0 IEFrame:0000000000000000
5⤵
PID:7152

C:\Program Files\Internet Explorer\IEXPLORE.EXE
"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Grace-ul-oob.xrm-ms"
4⤵
PID:6092

C:\Program Files\Internet Explorer\IEXPLORE.EXE
"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_MAK-ul-phn.xrm-ms"
4⤵
PID:6136

C:\Program Files\Internet Explorer\IEXPLORE.EXE
"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_OEM_Perp-ul-oob.xrm-ms"
4⤵
PID:1768

C:\Program Files\Internet Explorer\IEXPLORE.EXE
"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_Subscription-ul-oob.xrm-ms"
4⤵
PID:5512

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5512 CREDAT:17410 /prefetch:2
5⤵
PID:5700

C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe C:\Windows\system32\inetcpl.cpl,ClearMyTracksByProcess Flags:276824072 WinX:0 WinY:0 IEFrame:0000000000000000
5⤵
PID:5804

C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe C:\Windows\system32\inetcpl.cpl,ClearMyTracksByProcess Flags:276824072 WinX:0 WinY:0 IEFrame:0000000000000000
5⤵
PID:5016

C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe C:\Windows\system32\inetcpl.cpl,ClearMyTracksByProcess Flags:8388616 WinX:0 WinY:0 IEFrame:0000000000000000
5⤵
PID:4204

C:\Program Files\Internet Explorer\IEXPLORE.EXE
"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Trial-ul-oob.xrm-ms"
4⤵
PID:3576

C:\Program Files\Internet Explorer\IEXPLORE.EXE
"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_MAKC2R-ul-phn.xrm-ms"
4⤵
PID:3612

C:\Program Files\Internet Explorer\IEXPLORE.EXE
"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Retail-ul-oob.xrm-ms"
4⤵
PID:3404

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3404 CREDAT:17410 /prefetch:2
5⤵
PID:3664

C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe C:\Windows\system32\inetcpl.cpl,ClearMyTracksByProcess Flags:8388616 WinX:0 WinY:0 IEFrame:0000000000000000
5⤵
PID:7016

C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe C:\Windows\system32\inetcpl.cpl,ClearMyTracksByProcess Flags:276824072 WinX:0 WinY:0 IEFrame:0000000000000000
5⤵
PID:7036

C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe C:\Windows\system32\inetcpl.cpl,ClearMyTracksByProcess Flags:276824072 WinX:0 WinY:0 IEFrame:0000000000000000
5⤵
PID:7080

C:\Program Files\Internet Explorer\IEXPLORE.EXE
"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_KMS_Client_AE-ppd.xrm-ms"
4⤵
PID:5884

C:\Program Files\Internet Explorer\IEXPLORE.EXE
"IEXPLORE.EXE" "C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Grace-ppd.xrm-ms"
4⤵
PID:6044

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:6044 CREDAT:17410 /prefetch:2
5⤵
PID:6284

C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe C:\Windows\system32\inetcpl.cpl,ClearMyTracksByProcess Flags:8388616 WinX:0 WinY:0 IEFrame:0000000000000000
5⤵
PID:6972

C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe C:\Windows\system32\inetcpl.cpl,ClearMyTracksByProcess Flags:276824072 WinX:0 WinY:0 IEFrame:0000000000000000
5⤵
PID:7028

C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe C:\Windows\system32\inetcpl.cpl,ClearMyTracksByProcess Flags:276824072 WinX:0 WinY:0 IEFrame:0000000000000000
5⤵
PID:7056

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\Microsoft Office\root\Office16\1033\AccessRuntime_eula.txt
4⤵
PID:4196

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\Microsoft Office\root\Office16\1033\ClientLangPack2019_eula.txt
4⤵
PID:380

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\Microsoft Office\root\Office16\1033\ClientLangPack_eula.txt
4⤵
PID:6152

C:\Windows\system32\rundll32.exe
"rundll32.exe" "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\vstoee.dll",InstallVstoSolution C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\MicrosoftDataStreamerforExcel.vsto
4⤵
PID:6408

C:\Windows\SysWOW64\rundll32.exe
"rundll32.exe" "c:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\vstoee.dll",InstallVstoSolution C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\MicrosoftDataStreamerforExcel.vsto
5⤵
PID:6436

C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX45.exe
"C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX45.exe"
4⤵
PID:6448

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:220

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x310 0x4e8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3716

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3492

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
PID:2300

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4808

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3328

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1604

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
1⤵
PID:4168

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4320

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:3532

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2444

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4788

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:184

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1812

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
PID:4652

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4672

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4352

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4776

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:992

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
PID:4736

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff867e89758,0x7ff867e89768,0x7ff867e89778
2⤵
PID:3932

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:2880

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4352

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:4920

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\86f173c3452a4df28fa2d8b60c479ab7 /t 3144 /p 3140
1⤵
PID:5460

C:\Windows\explorer.exe
explorer.exe
1⤵
PID:5560

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {9BA05972-F6A8-11CF-A442-00A0C90A8F39} -Embedding
1⤵
PID:5172

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 5728 -ip 5728
1⤵
PID:6864

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
471B

MD5
5b4d745bd294bec7a2af2fe32696c3a5

SHA1
dc113e5a517e6b11613d51ad18eea3df0703e60f

SHA256
ca61517067b336aa65ee6e0d568b296f96b758043e5907096fc923158dcb59b5

SHA512
12d797dc9326ceaabfc116f5914a4426e49b8edb31d7fe513c3a488212c85f59a4182803dc7ed53a037cb27592b4bbcab550e7c7eeeefe04d06a6d34e8989a16

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
404B

MD5
afc0008a7a3d4af05aa0c55ede001938

SHA1
42d6b4e39493f23ee8dfbdc3cfa1c048cf301d1d

SHA256
60fef991254251515a9e666e31bb7ffb684eb57e9177fe230b32b265e3488b88

SHA512
523803865d85ea37bcc893da07760fa708b1701911972e31f011b1a33a25f965e21fb4aeb443dd7907f3a9d6e99d03942ddbc7d3a3dbe5099fe351273d5269f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
3095cf3ce9201a9fbed5a042e4de4f7d

SHA1
f3405054ce8285ea792e826cd86027b5a3ac5014

SHA256
329c5c7366c030f5fe85e73abbf5fb4d1b76950b7dc76720be5dd8c7dbb03773

SHA512
b377ea305be4623a8dfb2c22e9a75d2455bc7cd1ee4063bbf4bc722eab9fdb1ee43a89c89a18ba6d841f1f5e4daa96a3bb16fb2194261691bf40fa7c4b259f74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
3095cf3ce9201a9fbed5a042e4de4f7d

SHA1
f3405054ce8285ea792e826cd86027b5a3ac5014

SHA256
329c5c7366c030f5fe85e73abbf5fb4d1b76950b7dc76720be5dd8c7dbb03773

SHA512
b377ea305be4623a8dfb2c22e9a75d2455bc7cd1ee4063bbf4bc722eab9fdb1ee43a89c89a18ba6d841f1f5e4daa96a3bb16fb2194261691bf40fa7c4b259f74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022

Filesize
63KB

MD5
8edb759bfdcc3114a4f8216e1c7dd5c4

SHA1
fe4b43eca82cd5fa5be69767e5d79406d83aeb41

SHA256
49ffb76589c1ad70745710486e8b35f7ee9c5f28d391ba699de71b6ea49d4ef7

SHA512
261727f576e806a3b4001c8b1d75d2cfcb8be9b0d3e5acdd3e3aa9e959eb068d9c9749f058dea2390586c130722ee622dededebdfffe70fa375c0fdff0754f71

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000032

Filesize
47KB

MD5
4d4b28daa30bbcfb5df4945f4a88d5bf

SHA1
6a8164de4de8721201dfbe46731954140bacb37f

SHA256
b044f5a929c22d84f69d774847659846f3b250b09a9eeb1a1a9ac7f485b62471

SHA512
a77f90bea58ceb9114db0b52af0ca5f4aa8510c16b383a9910e3c96a449e1ee9475761bfecf172ed197d18acadd01bfbd48e1a3e2bb3514e742ffc78a2a5ad41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000034

Filesize
762KB

MD5
0908bdba41cab6e5b853d264614fd79a

SHA1
8d3446349aebdd43610d342987245f89a7f089cb

SHA256
f960317b0ae19aa76f4dd7f6629e96527b5acea3e7b53240da533165637ffbd4

SHA512
b461fadd793a813a41757e2baf3558d7f114a0ec667351bb253be51de5884a77110e1cb255de486d08e9b4fa01d63e867728b95f45d5780dfde50a4d3faecbd4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000037

Filesize
32KB

MD5
bedec7fbeade1048087a72580e001068

SHA1
8912dc5d38e6687f0f5bd1965787a5bcd760dadf

SHA256
1516d82d25c4e8d7bf1a8161e96b39e027b6caad830717f982a0c9d3ca774237

SHA512
8eeb17a47ade7d7c0cb4ad339ff311e852b957d7234a8c1e88d68bbe954b71e679d266decd4f873b1275706fe1af787b9fc1f3bb217c40ba60c76a8d33642ac8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
501238e9e0f2032ef6ac1500744e9046

SHA1
d4bcafdd456e216fef1041f8eee098e366116af1

SHA256
0c4cc8503dd3e66b9b4d1067b6f3e617c12f5afdffd55dc96ac237a9f0f90057

SHA512
daeccfa3cc96fb71208e660da93186e8e90cc590f5aa1e362a4cd51801db4b5e42b7c44d38e4a86cfe5bae0740c9bc595c594bb7be36673ee954465769d8c900

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
fac92d9e10b1d24ded7c07b2e4d38ddb

SHA1
5a499cc41d09267fb36d44ff79ba1033fa02e591

SHA256
38b97c213c7e416c0e86792d19a2ecb0418edf342a1fb2d3a875a1c87e2d7dd1

SHA512
9c01cf161a600d0b290f8e2299253248dd2d4d3be1917c11e599db7380d99ad7343c50a16f2da6bef6d82bac7e9699e5c20721c713f26d5ae8b5afb184a68dd5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
8a06d22ccd6a1a77a24c7c99584416fe

SHA1
5ebf4d919269bec35b6c730357c8fa20b0ff1aae

SHA256
f4685ac2b99b9dcf20f75ce2c5ceef23d8a04e1fa2760994cedaff22d612bb61

SHA512
8f558c645de77e766867636f2cbe4738beac495090d96aec810ac809df09a0dfb93a6f525d6186fb5d89b7642606334cba9532348a145c8ffe1b906cd1991a31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
7431cb961f693f5b94335ec60498f13c

SHA1
4591a9222ebd9bdf6c07dc3894d19a759492fee6

SHA256
6dc3704bb376e72c3156076eacdfe82bad708c41120b5aa7209bf3d371e1b3e6

SHA512
d4fb698aa9476e400c17ae3b0a4302c94977ec8a5fc5a3d2510d4ef2e251986c23fd30fa51a39db796f4bdd9112b82f0e2710ad43a923131587fbf6a2e1988b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
369B

MD5
2f3f23ecd827c88fc201e0ed5341b567

SHA1
17355c400fd0583209a14f343937d7128a09ab02

SHA256
eb34b07ccb34a89f75e213ba47e08633e17993bbadb463d8458716f708d61869

SHA512
50d66312105407e77208d2684d7c17a96700211d3f4391007e8f7b7aee03425ffac2fb752402629e7084e27a373c66aeb34a06fbe61bc60f2a57cb092f2d0d38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
873B

MD5
f620d3048f6e263cacbd9da1879df209

SHA1
aa9ae28dcf2d0d024299723c630e7bc51ba80737

SHA256
5840a28865c5617ecb8c57e81a32e928dbbd8855f82a991a6d5b51c44bc454ed

SHA512
0176ad8f98b20737cb8525305cfe7b733c117807ec9393256fee2a2f25629c2a3590dc0503480c2db93bfd62da0ba6afa80e944fde3e96f2acfe3653b5c1dda7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
875B

MD5
7ee202a4e54f89a9b9a839aa5e7bb3ac

SHA1
f2ca7ec751cddef0b7e7d9c12b7325c485e838e4

SHA256
6492bf607d100de7841bfbf3c62308271a79e5d0d91a2fdf656f2bb3108e8365

SHA512
72e0d905396583986c4d2c0033ed2a9e00d943cead18ce6cf183d9ff81fec1a6f8bb7a28ad42b36254e02aa9523fab2a4ca523f0eb8b44b09c41d5a26605ebdd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0afe333e895847344ffd83d88c565765

SHA1
c7cd3ac7450869fac1351a5cdaf434d6c168d1eb

SHA256
30fb1277a11f7c525f50709afd194358a3408aaf5f055537f643c349167e2a6d

SHA512
67bae2516d0f0ab78b575f3084d96a52e2b950cfdcd51c09b7db7c7cf07839cbd75e9c091fdeba384fdf5b2d895e10c51ab8628934c07cf225d95887375d980f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
0273e4394251860d99c28445f2fa1efe

SHA1
be829133668d77c3125945c9b2f75170d2b815b6

SHA256
c7bbe311b7c563173196dababb26b8ae47b63d885ddc63b06bd2304b45c320c6

SHA512
97f75fe51b1aa90ab6abe66a1e550de2fe7f92ed77877e7113b082478a34fc085fc00e8ab868a2a9f3513ce30075fb1ab38e0888d516d100e859e64dfe375d04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
4679830e5528cfc17d742c8ce1293a2d

SHA1
7967511892839fc7c13c69106a36566dba34a752

SHA256
7edb54776baf3a1062f149cdb4bf2a8cd5593a67a97189ad1fa3a179354b7bce

SHA512
9a33932b307ab3c3f6d142ca5611e842015b33c1fc2596a24052c2cc7248093ef3f8727e55ef2d2831148dcc9afbe5d57d493fc6b7081d0a2e2c631ec07b1a12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d93330d61b98022a37247fdb8165fce9

SHA1
142f79d980630626411c4fd1d62bfe9e956904df

SHA256
2a7f4deaff079512266503323f2159ded3019f6f07bd4a42a4f2218495b3eb91

SHA512
bbb09a4988fd109b472658c6699cead45dfbab2ee3f7c869be4689b25bfc61248aa988e91e99fc0761885266d83343851e1663485b4407b9e0567f9c44c00544

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
649608c9abd318cb76cb6cc6d1b5af27

SHA1
bab016d03e515e43adc4acaeddb7e93524f550cd

SHA256
3fa1d056e02e47a6d28fbafc02fc6414225ca98ed84c2b1725d4ba3d9fc35fa2

SHA512
9cb5309eea64a961fc4467701a508e834bb107eaf68347454deef24a0bd3cdb6572ffec11fcd507d9ff2066625b407a94f32f4ebaa7bb5e8156f2c51460af579

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
67381ad48aeb70779750061b41dc8529

SHA1
9376cb145d75590c0b0158e50f878d522e78f169

SHA256
8818bf9dce37fcaac2cc196fee41e83eb20ff7c35e042694f775f4cdb646b55a

SHA512
ebef0383112e172eaa4e7caa1095e65784f28c5313c42fae5e9a7e9bacee15b5babf565671dcc0e13bcfe4e6f64b34a61444f038336248241d58b57ae396dacb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ca0ce4779acec1700d336f1ea49210b9

SHA1
e320103c8d5c6065efdc033b97165460bd64ecba

SHA256
f189ec68b726b73eecb0e4147e86c31e3c82646b0fbb6b3cc78390ca4002c2f2

SHA512
edc36d22bb0c4821b81732a5354718ad2982f7554454e28cf749badfdd246e6442c3b3995b75f1c49d1172cecb0c31f5d622a20c5e5ad85e4faac61e6da77307

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
ae02191e0ed506022acd8624094c9ae6

SHA1
9bbe23153e07fd0a2cbc854f9c79d44990edcc4b

SHA256
323c23fc085dc7e4748e6eeb36ad2dc44ee7c6c554719effa8a513cb9e0d8a05

SHA512
c84362572003f288dd902f6aacc920bf3cce22cbf04f60dfe5acaa1ceee57290595c0816d7fe5e1f222cdecb0f343f36e6da5ebd06e919eddb32343a4f66f698

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
89253852896478b775fb8ee61771be24

SHA1
13dfa17578e9f18d0ecffec3e7325c4d2cf24ecc

SHA256
2dc330a040f8547d0bc8f6c9f841998a7b3b16cb4eee8fa07f8db5df0d979485

SHA512
6b1c7687f74b36cc7cabe59259ddf2a8894f3bed3e10b8bd4f2c3b153588a92cd62b847316829853e725eacc3ce6989af030dddaa452366c85cb8948151e2402

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
b0bd0db1d33e94c262a93107c0f1237a

SHA1
9218e52a25ffbae11aded88363247928dec144c8

SHA256
186a7a6ca2e51fb1795d136432e37605bbcc4da7524723509eaa41a733656134

SHA512
1c5552c19b4f7a052ce82c1b73284fb901f82524590426a57e0b614d40c4b5810df155a4d12f65e9cf219fe0923bed8ac93604fe17a50550fde3bc2562ebc694

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\65827117-7959-4e48-b943-d850e5614727\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\65827117-7959-4e48-b943-d850e5614727\index-dir\the-real-index

Filesize
624B

MD5
8508cde545df712f447eddaa7be24e5f

SHA1
fcf2ee4bd2ae731a68bc9477b454340eb217b9a0

SHA256
c1e407a2457a84424abc11f4a46bd5e2dd241f5fc399674a56d32d0342682a10

SHA512
26f88881102d4263a1f2821b5b1b68c0546d58272781979ef32b3696d76c3b60a1e8cfb4a4f02ef674c7dc6b14f8a071db228425491c6b25062bbff2bcd925bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\65827117-7959-4e48-b943-d850e5614727\index-dir\the-real-index~RFe5d698a.TMP

Filesize
48B

MD5
e544b5967dab0b298dd83373be899b95

SHA1
d9d8018b8224ee4ddbd8c43fa227c2cdf60fae0c

SHA256
9248a925bdde934fadae4f4ec864913bcd86879056c4c7276f81719ad28737d4

SHA512
4e3761c05e1326f1d05e659e926713fd2db371f055c1218c4984c8873cf26e31de62109eeab4f86f192af8a144eeabbf02a97a17a837a3cc8af1b57735139889

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\8671859b-db8f-45d8-9013-7db17719fbc9\index-dir\the-real-index

Filesize
2KB

MD5
8a2b62ca679f792efe13cf89064d39ec

SHA1
f3fab4c6deb18666eca2bc9462877c5cb668b728

SHA256
849e8d7fa3ce49ede4e844bd0cdc6f3ef4acb29a2e324514627adc9b7e469ffe

SHA512
4a28a97b526962ae792f9b1440f81c2f0131ee7f732437c66a2e583620702b340257db7e74d273c0c017485d1d57b840f79383140e50277a4746796ef0dac73a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\8671859b-db8f-45d8-9013-7db17719fbc9\index-dir\the-real-index~RFe5d7c76.TMP

Filesize
48B

MD5
e6fdacbde47acf0728c969c1fc081aa6

SHA1
e3e38762e6a431453bd39ec6fd3830fb98e7a35b

SHA256
2be580ddb5ce5db11b2885225691f03d6c0aa472850b6fef6ca1e53d017a411d

SHA512
67ef3db7b1c71de3b0ec6cff662094fa6cb62c775423b5c3876339cebeb6faf17e146407e404293299ebd86a4260e1127141fd70941bde62a41147103f946944

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
176B

MD5
59b8c1dd641d78a82df55c7b9b6848f1

SHA1
25e821c5085e5d9e1140b0626c2ada803febe454

SHA256
c7fb17b0e8b59f096eb5ac2be26f80ba4f4cfb5a8dccb1d09fa08a471d395f19

SHA512
4e80ece203834da16f487b49e28d5251fa9d2fd657b348cbaae8ac16e56582d4828ec21081029a7fc6e1834eb5f4cbdb658a1775e0b77fa8efdb7fbc25896dec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
185B

MD5
7f4f6e2ec7d2d4888be5290f7901b1f7

SHA1
f4957fe246a94127b00ad75a04f395d4276c45d8

SHA256
e4ad1e23aef31ab441fa0ac86cccce72c5f9bd675ea2db8fb41197c76e8a8e6d

SHA512
b50dec869ce00e2320ab6c368f14f56a15acb053fb7c88359f40743927b8b3e04fd7d8f18d4fb5958368ce43bc17a001b03650a0b2dbc208d53941aa6edd163f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
183B

MD5
bfcc905c4df57432bd73184e18822bd5

SHA1
d45238338f50a8d5b93668b9483b1cf590211248

SHA256
90afa3079cdb8a1fd4f5f5640960b051c5a1039ccf2409901a19502c38cea7dc

SHA512
26690b861ad39658085ed84f29bf09d7e681285f19bb4c7f972fd8c77f8f93a216944a2d7807bb1421db423ba46b38de4a6c19af020b34c2ab2bcfc210cc09b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
119B

MD5
e095453fc6de39f90055482d5ec4c946

SHA1
6685e89234e791430fba323ce18a0fb6219c21ec

SHA256
c0d6053d5bc3333d1d6b331da591d1522c1b120e0ef286e0baa846ac2c21d48d

SHA512
0bebac170d5cfb4e5bc5580496922570c99521eddd3583a4b2c424ef24d60177a4bf1515cc7529fced7e70c669f083c1f938c44a3466276b3fdfcef93d5c2ba3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
910722699183a97417ea550ed31387de

SHA1
1e9e1f40b45f103d6d1dd26c46a50a4e54152708

SHA256
ee17ed0dc01f5d229570da7fd66106165c2a965472c9faf34680f380f6a54473

SHA512
8685597b2a6191090e38474e868845ceb0a2a5eb30d733264fb767261fb51d489486f4924bb3d2c3e7e86ee443903b9bbfec99c328e143de418b3abb2268b6f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5cea0a.TMP

Filesize
120B

MD5
e772e3edc1faec7f82dab1a9d317701c

SHA1
8d14b09c3bbcc6ccaea29ba1ca6228b62b7390dd

SHA256
9504549f73b64e70fbf043d0f4000f77ca6d76a8955cbad0120dbfa52f19102c

SHA512
c0194f7fe096182c1177af5c2b9d8e883a18454a7680d760b1af5bb191e06c30bc6f90eb7961ba2a6221d80d9b64c8c42d999a25a6ce1e3cf1125e66ad3e7ce9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000001.dbtmp

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
3ee0ea4210554582992e630351d63aad

SHA1
d71ba9b7e35c760f3fb7d86282a4cb60b067fe4c

SHA256
38c4e4b3b84a09e417e50d862c50756afe7afd63a523068400f1f47700e69b3c

SHA512
920446a4976085e20f111d9cef4fda6b1685bd19387b954b0cf5042971adf4258294326c7ec6cbb6586b8244c35ae1653dbe462913b4ec7dbe93e045a06d6bbc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5d5aa6.TMP

Filesize
48B

MD5
021e3a25f8afcdd9bbc977d3b9633013

SHA1
c30b14b3579256155d8783bfe93af862fa2405fe

SHA256
258281574d294cd49464a3dc63092e5de93730d4b042c7c5451d491a7cb631fc

SHA512
998f6e0c08f51b502e800752d6b3c8fd6c5e3dcaa3a7f898caf02d2920c87515e9984a91815796e0b4e816456ea805962bde2cfc156d751e916f8f7f2fd42654

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir3776_1992165699\Shortcuts Menu Icons\Monochrome\0\512.png

Filesize
2KB

MD5
12a429f9782bcff446dc1089b68d44ee

SHA1
e41e5a1a4f2950a7f2da8be77ca26a66da7093b9

SHA256
e1d7407b07c40b5436d78db1077a16fbf75d49e32f3cbd01187b5eaaa10f1e37

SHA512
1da99c5278a589972a1d711d694890f4fd4ec4e56f83781ab9dee91ba99530a7f90d969588fa24dce24b094a28bdecbea80328cee862031a8b289f3e4f38ce7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir3776_1992165699\Shortcuts Menu Icons\Monochrome\1\512.png

Filesize
10KB

MD5
7f57c509f12aaae2c269646db7fde6e8

SHA1
969d8c0e3d9140f843f36ccf2974b112ad7afc07

SHA256
1d5c9f67fe93f9fcc1a1b61ebc35bda8f98f1261e5005ae37af71f42aab1d90f

SHA512
3503a0f4939bed9e1fd5e086b17d6de1063220dffdab2d2373aa9582a2454a9d8f18c1be74442f4e597bdba796d2d69220bd9e6be632a15367225b804187ea18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir3776_687245707\Icons Monochrome\16.png

Filesize
216B

MD5
a4fd4f5953721f7f3a5b4bfd58922efe

SHA1
f3abed41d764efbd26bacf84c42bd8098a14c5cb

SHA256
c659d57841bb33d63f7b1334200548f207340d95e8e2ae25aac7a798a08071a3

SHA512
7fcc1ca4d6d97335e76faa65b7cfb381fb722210041bdcd3b31b0f94e15dc226eec4639547af86ae71f311f52a956dc83294c2d23f345e63b5e45e25956b2691

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
220KB

MD5
03dde24ff441e99722dbf8fc18ab724f

SHA1
ea184cf3295d30a49326c9177cf5da2d49abdbd7

SHA256
3129fc8b7d1e1e72de8c6c7139611ed0e4778f3858be63a3759412e53b074c02

SHA512
88f3131e622d28006cdcfe56f1be3fb05bd78ce89a4429206f0c296973bae1db12ca0bdd270ddee3378a0f0c31e9409d457c79a7a64213fab63164163d7a2c7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
220KB

MD5
0a2be6217b2f0dc6e56a0c9e3cc20ba5

SHA1
ed4113d857ad9b00972c2f2e0d4d7fc306a0be6f

SHA256
22ef2d41af906c25f1fe615dbf7fe1dcc319662ee4e41b742aae6c78b5d7ebc3

SHA512
b81ae1fd05734b7d322865fefd415df81f28da658c65830a556cf117f5e3c2b313f6effda7f95a232f1d6de21a908b0412d3b145004859b084faf2950a80f094

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
220KB

MD5
e527557f7ce11adc86763ac565a6bd1f

SHA1
81baa37969a2f133ffb3af5fdd1408e57794b025

SHA256
d8ba6bc4fcbc65fe92d9854fb5fa7d58312ab64fd499ca1b2c4d09a15bb1185c

SHA512
fe5f0774125e952a3273ae3d8a07e3d456c699aaf69376adb93029428a93d9283f79fd67a2fb6175d9205ced90e3e74aa9d6813d41b9f6d555580cc16a51bdb4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
220KB

MD5
6b666578e180e848ba6cfcb4fd299630

SHA1
d7c579d5b777c65c5ceeb2007c7ce5bea6ce3584

SHA256
9952c0fd6285a9dc1ad9ee188c38a3d17111da893db100ff652a336c26e46297

SHA512
cd6a35879137d029b00b7eb0d14a5aba43e4346fb061227658994f2ab0142fd6678759153ab6c79f2467ef19bfe870c7b35d3227bd852b6318289bfb76fb76a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
105KB

MD5
92c698b17d047a88587be48281ee18d1

SHA1
d493c4afa90a7d51b0dc6438f5e9a939035cb97f

SHA256
756243a6822c82ec6f28cb934609634f24da4c859191ba636d910b24fb906339

SHA512
23de3ffc7d45aafeb9a38fc6f3c0412c2e077f89b0b41504201fac76aace74057889ef26119cc02461a4a6c0029b3993a9c8a0edff9bde6abb3daec93f8b336b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5d3338.TMP

Filesize
104KB

MD5
04baedd7f3f17a07a0c5302b708cc7f8

SHA1
34de680688973610aa98260ab88a9cdc07f1f889

SHA256
ce6997a96e92a4e6a1017c85beddcb5b3723645b5048d58c31814dcc81cda5e0

SHA512
052d445017e7cad422e0829ecb1b36b88c7558e00cb584ab8662dfea0c2708f07de0602e7f6df204e06e7ae993ca97b7e9faa5c99204fd3fc9a344b432948f35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{00366BFD-8AC5-11EE-AEA7-DEB0972EFB2B}.dat

Filesize
3KB

MD5
3fabc433f6a51205d2d161aca3287696

SHA1
63b921b65b17147ed8950e0b36c5495aecff1487

SHA256
1248edbfa0825fa1259dc2238c984a1d28c31c6e0f31efa4153e87d734a04f6c

SHA512
f5c3c46690d4a0cf1f4beaad3e6e5f74c7bad906f6aa456fe9b7c4dff524dad3a5d36ff008e7a58fc9ff07e63a9e949ac76f3464826d47718900a1f7d30e030d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{02466B9C-8AC5-11EE-AEA7-DEB0972EFB2B}.dat

Filesize
5KB

MD5
3563f043bfb66d62ed7c0fbafb8337cc

SHA1
857aae3c1f34aae012dd8769295b1c96648a4cc1

SHA256
41d292c25c7a8c06304176ed00a11844a7aa70d7032283ac82ad216eafc23e03

SHA512
1ff07afca039f4f2c8198bc313300662afb98071f04f9d30a6eeffa119865ba75bcc667e4c89b46613d14812b1bc21440b9ca0c9630eefce7b30643194d74e81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{04766BDD-8AC5-11EE-AEA7-DEB0972EFB2B}.dat

Filesize
4KB

MD5
beca1f7214fe6fa4cdfd7740d24c3e1c

SHA1
28b8935552f951f8d86f4deae9e36c927d046e80

SHA256
74ae00b1547be4b4810de241d7e574509ee2d0c4a85700c62c7c0ced683b3638

SHA512
46f56ed7954af832f4ab6a34c133eaf41a51c28fb3b2485d46f4b6292ca6feef5388d82b8bab8d4f91e7d755228344c3262477309964c4b13c14422df46ed486

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{058D97BB-8AC5-11EE-AEA7-DEB0972EFB2B}.dat

Filesize
5KB

MD5
8f33d6a22e47d40406a5cb07c8067df2

SHA1
c3021fda0f19c0b430e41e7ba2e6949291910cad

SHA256
c86c94f93fadf8ba45df5ba721469cd1a769c67eae2582f54a9c382884d1ccf2

SHA512
f6445b51948c4ced98c47dd6251356d83547867ed0deb796c7323c35c88ba19b8c6b4e0c4cf358c784ed7a6c4505bea3a27c299d0281de4cc0f13a7cc2497d67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{0793A5BF-8AC5-11EE-AEA7-DEB0972EFB2B}.dat

Filesize
4KB

MD5
986cc8df557273b0fc47986098b3812f

SHA1
7d606a1d4af81172d5ddb5fe7926089f83d355ed

SHA256
5370ccc2a3feafe7f35bbb17f788b1e62ff4ede846cb715cdec1a4f74aa6c1bb

SHA512
7f20ab765e099b3c8491fbb52e12aa02820e68d063624dc374af102ef2865b1e6d582c3179c34cc59aaaf1b4975ce3d1fc225df03084fca14f95515ea869a940

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B5032AA7-8AC4-11EE-AEA7-DEB0972EFB2B}.dat

Filesize
6KB

MD5
726cfa4352e47b0ef6ec0fec5038b150

SHA1
4917fa932a2e00a744645b02fdb2d79bb1bae07c

SHA256
a31bc4826174a43aa9f858d4bf07953e7b2d32b44885d1294c6724479d9745f7

SHA512
021ecc837ed68d5970676f87c9b4b11111e66e7d44ff26de554b7f96c5bef995fe8e9292f1200e9cc98c6b1bac81248d456e77b0eb4139c9d89e3b0a8492d160

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B5032AA7-8AC4-11EE-AEA7-DEB0972EFB2B}.dat

Filesize
10KB

MD5
b25559c0f5cce76b7eb5d29aed059942

SHA1
299ca1740bc5c709f863d46133b52cbada3cb144

SHA256
05f94dd6646ba4bf6d23a9575310f94ea6b045d0901dbb9296f1077844208a15

SHA512
4934c9b4fae3d6465ee6e5ff15086becf984d657f6afdf92d7a722186ddf83e114b481dc5a2aadf237ba1f95431ec3bcb19dcba46012cedb31d588ab2060b512

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F81B3CFD-8AC4-11EE-AEA7-DEB0972EFB2B}.dat

Filesize
5KB

MD5
57a920f3aeb30ac95f0bef4a01107d21

SHA1
4349ebb206d18b74a43c4ad7966dc894d5d015e7

SHA256
fea092f51f8b94bad10675dc21a07e4c928596427dda4395b8c34c8d7667e273

SHA512
209e64fc7047c2906555471d182ec4150668f9ff33142b627407816f78b9ccc14656f0d2b610543ade0f77492ea4b34c730a240797d515df4eee6146a86981cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F95653D1-8AC4-11EE-AEA7-DEB0972EFB2B}.dat

Filesize
5KB

MD5
5f655c8547bd778ef572c0272b95dee1

SHA1
ba87618b5b9b103c88f381285a6201d0908962eb

SHA256
b6821785459eaa65bb919bac30f480e74755ec0322e1e277e6ad7299366e8ba3

SHA512
34073474036ff48c5b4e5d63809e95aef9a2f20567cfbc773f400918e69c7597796d09840e809ed3065d45f5553cdce2fcd2d850446d2bb7207bc09a5af1d052

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{FB34BF1C-8AC4-11EE-AEA7-DEB0972EFB2B}.dat

Filesize
5KB

MD5
fdb452328f2cb8515fb85b0992adc28c

SHA1
e2ef2a74b55cf6aed27c04651dbe2a09f00fc7fb

SHA256
3a29aa66b20cda467cf6e8e306b4a43a740136fc8cff738d3e21eaa495a66b32

SHA512
bfc2fda1e706e438483fb51722b78929c8e5c9a54a9dece0c96481fb3e5a206fc9dbd11e7b43c4155df703dbeae069a584ee34c6922c4571bb388aae22e96562

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{FBE605D3-8AC4-11EE-AEA7-DEB0972EFB2B}.dat

Filesize
5KB

MD5
9fd7305f3f5be27e60e7f264fdd3fcee

SHA1
02d79ede32f6efc084602241a9a979504d79c74c

SHA256
a2167861c254e5c8a26c06405995191f43d816d52fe678643a6802fbfefa2a3a

SHA512
6d32127eb1d76da9b467bbd1a681a6069d9d27058960e3194f967e0e6763421c422d6272c11c29a8fd91aff76c2d9cd8e441d3ddc1caed08a61e85e49743487a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{FC7D94B2-8AC4-11EE-AEA7-DEB0972EFB2B}.dat

Filesize
5KB

MD5
0dcdf946d6bfdab1b63e9dfdfedb5fcb

SHA1
9a9dbb237dbfd9f4cf63e47558861cd7964a58d5

SHA256
bbddc0d2e849449c0321838e2710cc09b5571aba897c9a51d2f475f3f61acfca

SHA512
d68324517424d56e545ac2ef5b3af01d4a9d4c9e88802ab1191f0a58ac993cb90b0312875108dcf5f0fa34b674f5a0bcbb9d3dc302fef8583ad9f44792ddbff3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{FE5FA9EA-8AC4-11EE-AEA7-DEB0972EFB2B}.dat

Filesize
3KB

MD5
ee54d099b39f63a08afd8b069de50b39

SHA1
60f5443b21a2d76b18b612465756e17a8ef783d6

SHA256
f58a8fdf7b7a536244cfac02c4e878869573f1a07158b3eee1b8473e02ee294b

SHA512
58c8c2902d603a3e5fcbb7586749b9b2a5c9208da725e1276abda4a9e81a9d075253afa6c741a3ba4bb6573795b6aa381dc316e923c41e651739bed2dc21fa08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\2JBMCFQZ\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\5T0U3BIO\xmltreeview[2]

Filesize
17KB

MD5
03710426ab25ad1280e197f61249f9de

SHA1
f5e7a6fd42503ae4758bc36c8dd78d98efb35047

SHA256
21e63f7c77896ed2b5f115957f2448e0a9e2dd738d7d487e471217421f6a93e1

SHA512
213cb55b8573335d1384ae704ff4267f224376056f71548660f9b2fdaa1203d8abddb787900aaf5d1e0ac6e5be261f713bdbefb67643d08e8d3672512a1af588

Download Submit
C:\Users\Admin\AppData\Local\Temp\~DF87C7527652A20A0A.TMP

Filesize
16KB

MD5
a92b0c4d3171779cc02f355f5f98836a

SHA1
d5000a6047c314dc108a597215b6f3e293d54422

SHA256
a8a5a94a5b01539b6dddc12757f00c53b870315061557ac9c0f9ed4e5fb104f4

SHA512
b4ba35a71c527cc4d49fc547786a27b1e9d882b19e6e99888ba37f0d7a3e881b222e3d0c6ee3ed2408ba3ea92ed85bbe47bcc55699313a14bf085b80c9ebbd94

Download Submit
C:\Users\Admin\AppData\Local\Temp\祭烘虮荺蘰龝捦芤奂碫戉嫫觴莙騗摬.exe

Filesize
330KB

MD5
692361071bbbb3e9243d09dc190fedea

SHA1
04894c41500859ea3617b0780f1cc2ba82a40daf

SHA256
ae9405b9556c24389ee359993f45926a895481c8d60d98b91a3065f5c026cffe

SHA512
cfdd627d228c89a4cc2eac27dcdc45507f1e4265eff108958de0e26e0d1abe7598a5347be77d1a52256de70c77129f1cd0e9b31c023e1263f4cf04dbc689c87e

Download Submit
C:\Users\Admin\AppData\Local\Temp\祭烘虮荺蘰龝捦芤奂碫戉嫫觴莙騗摬.exe

Filesize
330KB

MD5
692361071bbbb3e9243d09dc190fedea

SHA1
04894c41500859ea3617b0780f1cc2ba82a40daf

SHA256
ae9405b9556c24389ee359993f45926a895481c8d60d98b91a3065f5c026cffe

SHA512
cfdd627d228c89a4cc2eac27dcdc45507f1e4265eff108958de0e26e0d1abe7598a5347be77d1a52256de70c77129f1cd0e9b31c023e1263f4cf04dbc689c87e

Download Submit
C:\Users\Admin\AppData\Local\Temp\祭烘虮荺蘰龝捦芤奂碫戉嫫觴莙騗摬.txt

Filesize
260B

MD5
de9cc24f9cdb9b50e5713a854e7d2fe3

SHA1
da895eb00e8999da35f4bd3906b5c08cface6bff

SHA256
c0622c7e26ebaa79fb4950d39b656e29a2392b5fb3de15bb22ce031d8c6ceffa

SHA512
75d1ce72321502b35082c0191a7c8b4b171990c1a5f4f62be69153ee5e73f5c6b0bcd6014dbca7fdfa68021896af982873137722074290f6f5ba1fc22ea1fb09

Download Submit
C:\Users\Admin\Downloads\Monoxidex64.exe

Filesize
330KB

MD5
692361071bbbb3e9243d09dc190fedea

SHA1
04894c41500859ea3617b0780f1cc2ba82a40daf

SHA256
ae9405b9556c24389ee359993f45926a895481c8d60d98b91a3065f5c026cffe

SHA512
cfdd627d228c89a4cc2eac27dcdc45507f1e4265eff108958de0e26e0d1abe7598a5347be77d1a52256de70c77129f1cd0e9b31c023e1263f4cf04dbc689c87e

Download Submit
C:\Users\Admin\Downloads\Monoxidex64.exe

Filesize
330KB

MD5
692361071bbbb3e9243d09dc190fedea

SHA1
04894c41500859ea3617b0780f1cc2ba82a40daf

SHA256
ae9405b9556c24389ee359993f45926a895481c8d60d98b91a3065f5c026cffe

SHA512
cfdd627d228c89a4cc2eac27dcdc45507f1e4265eff108958de0e26e0d1abe7598a5347be77d1a52256de70c77129f1cd0e9b31c023e1263f4cf04dbc689c87e

Download Submit
C:\Users\Admin\Downloads\Monoxidex64.exe

Filesize
330KB

MD5
692361071bbbb3e9243d09dc190fedea

SHA1
04894c41500859ea3617b0780f1cc2ba82a40daf

SHA256
ae9405b9556c24389ee359993f45926a895481c8d60d98b91a3065f5c026cffe

SHA512
cfdd627d228c89a4cc2eac27dcdc45507f1e4265eff108958de0e26e0d1abe7598a5347be77d1a52256de70c77129f1cd0e9b31c023e1263f4cf04dbc689c87e

Download Submit
\??\pipe\crashpad_3776_ULDRIVSWHTXCBOAM

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1488-1202-0x00007FF7B2E60000-0x00007FF7B2F58000-memory.dmp

Filesize
992KB

Download
memory/1488-1207-0x00007FF867BE0000-0x00007FF867BF1000-memory.dmp

Filesize
68KB

Download
memory/1488-1205-0x00007FF867D00000-0x00007FF867D18000-memory.dmp

Filesize
96KB

Download
memory/1488-1206-0x00007FF867C00000-0x00007FF867C17000-memory.dmp

Filesize
92KB

Download
memory/1488-1204-0x00007FF8586C0000-0x00007FF858974000-memory.dmp

Filesize
2.7MB

Download
memory/1488-1203-0x00007FF86C520000-0x00007FF86C554000-memory.dmp

Filesize
208KB

Download
memory/2300-1220-0x0000021682DE0000-0x0000021682DE1000-memory.dmp

Filesize
4KB

Download
memory/2300-1219-0x0000021682DE0000-0x0000021682DE1000-memory.dmp

Filesize
4KB

Download
memory/2300-1218-0x0000021682DE0000-0x0000021682DE1000-memory.dmp

Filesize
4KB

Download
memory/2300-1214-0x0000021682DE0000-0x0000021682DE1000-memory.dmp

Filesize
4KB

Download
memory/2300-1217-0x0000021682DE0000-0x0000021682DE1000-memory.dmp

Filesize
4KB

Download
memory/2300-1216-0x0000021682DE0000-0x0000021682DE1000-memory.dmp

Filesize
4KB

Download
memory/2300-1208-0x0000021682DE0000-0x0000021682DE1000-memory.dmp

Filesize
4KB

Download
memory/2300-1209-0x0000021682DE0000-0x0000021682DE1000-memory.dmp

Filesize
4KB

Download
memory/2300-1210-0x0000021682DE0000-0x0000021682DE1000-memory.dmp

Filesize
4KB

Download
memory/2300-1215-0x0000021682DE0000-0x0000021682DE1000-memory.dmp

Filesize
4KB

Download
memory/5068-1255-0x00007FF85D230000-0x00007FF85D244000-memory.dmp

Filesize
80KB

Download
memory/5068-1259-0x00007FF8581C0000-0x00007FF8581D6000-memory.dmp

Filesize
88KB

Download
memory/5068-1240-0x00007FF8670E0000-0x00007FF867147000-memory.dmp

Filesize
412KB

Download
memory/5068-1241-0x00007FF860D30000-0x00007FF860D9F000-memory.dmp

Filesize
444KB

Download
memory/5068-1238-0x00007FF867660000-0x00007FF867678000-memory.dmp

Filesize
96KB

Download
memory/5068-1242-0x00007FF8675D0000-0x00007FF8675E1000-memory.dmp

Filesize
68KB

Download
memory/5068-1243-0x00007FF860CD0000-0x00007FF860D26000-memory.dmp

Filesize
344KB

Download
memory/5068-1244-0x00007FF8675A0000-0x00007FF8675C8000-memory.dmp

Filesize
160KB

Download
memory/5068-1228-0x00007FF867BA0000-0x00007FF867BB1000-memory.dmp

Filesize
68KB

Download
memory/5068-1245-0x00007FF8670B0000-0x00007FF8670D4000-memory.dmp

Filesize
144KB

Download
memory/5068-1246-0x00007FF867090000-0x00007FF8670A7000-memory.dmp

Filesize
92KB

Download
memory/5068-1248-0x00007FF860C70000-0x00007FF860CC7000-memory.dmp

Filesize
348KB

Download
memory/5068-1249-0x00007FF85D270000-0x00007FF85D29F000-memory.dmp

Filesize
188KB

Download
memory/5068-1247-0x00007FF867050000-0x00007FF867061000-memory.dmp

Filesize
68KB

Download
memory/5068-1250-0x00007FF867000000-0x00007FF867013000-memory.dmp

Filesize
76KB

Download
memory/5068-1251-0x00007FF866CD0000-0x00007FF866CE1000-memory.dmp

Filesize
68KB

Download
memory/5068-1252-0x00007FF858200000-0x00007FF8582C5000-memory.dmp

Filesize
788KB

Download
memory/5068-1253-0x00007FF860C50000-0x00007FF860C62000-memory.dmp

Filesize
72KB

Download
memory/5068-1254-0x00007FF85D250000-0x00007FF85D261000-memory.dmp

Filesize
68KB

Download
memory/5068-1237-0x00007FF867680000-0x00007FF867691000-memory.dmp

Filesize
68KB

Download
memory/5068-1256-0x00007FF858D90000-0x00007FF858DA2000-memory.dmp

Filesize
72KB

Download
memory/5068-1257-0x00007FF858D70000-0x00007FF858D84000-memory.dmp

Filesize
80KB

Download
memory/5068-1258-0x00007FF8581E0000-0x00007FF8581FE000-memory.dmp

Filesize
120KB

Download
memory/5068-1239-0x00007FF867630000-0x00007FF867660000-memory.dmp

Filesize
192KB

Download
memory/5068-1260-0x00007FF8581A0000-0x00007FF8581B5000-memory.dmp

Filesize
84KB

Download
memory/5068-1261-0x00007FF858180000-0x00007FF858194000-memory.dmp

Filesize
80KB

Download
memory/5068-1262-0x00007FF858150000-0x00007FF85817C000-memory.dmp

Filesize
176KB

Download
memory/5068-1264-0x00007FF858100000-0x00007FF858130000-memory.dmp

Filesize
192KB

Download
memory/5068-1263-0x00007FF858130000-0x00007FF858142000-memory.dmp

Filesize
72KB

Download
memory/5068-1265-0x00007FF8580E0000-0x00007FF8580F7000-memory.dmp

Filesize
92KB

Download
memory/5068-1266-0x00007FF8560A0000-0x00007FF857850000-memory.dmp

Filesize
23.7MB

Download
memory/5068-1267-0x00007FF8580C0000-0x00007FF8580DD000-memory.dmp

Filesize
116KB

Download
memory/5068-1268-0x00007FF8580A0000-0x00007FF8580B1000-memory.dmp

Filesize
68KB

Download
memory/5068-1232-0x00007FF867720000-0x00007FF867738000-memory.dmp

Filesize
96KB

Download
memory/5068-1231-0x00007FF867B70000-0x00007FF867B91000-memory.dmp

Filesize
132KB

Download
memory/5068-1229-0x00007FF8582D0000-0x00007FF8584D0000-memory.dmp

Filesize
2.0MB

Download
memory/5068-1230-0x00007FF867980000-0x00007FF8679BF000-memory.dmp

Filesize
252KB

Download
memory/5068-1227-0x00007FF867BC0000-0x00007FF867BD7000-memory.dmp

Filesize
92KB

Download
memory/5068-1226-0x00007FF867BE0000-0x00007FF867BF1000-memory.dmp

Filesize
68KB

Download
memory/5068-1236-0x00007FF8676A0000-0x00007FF8676BB000-memory.dmp

Filesize
108KB

Download
memory/5068-1235-0x00007FF8676C0000-0x00007FF8676D1000-memory.dmp

Filesize
68KB

Download
memory/5068-1234-0x00007FF8676E0000-0x00007FF8676F1000-memory.dmp

Filesize
68KB

Download
memory/5068-1233-0x00007FF867700000-0x00007FF867711000-memory.dmp

Filesize
68KB

Download
memory/5068-1225-0x00007FF867C00000-0x00007FF867C17000-memory.dmp

Filesize
92KB

Download
memory/5068-1224-0x00007FF867D00000-0x00007FF867D18000-memory.dmp

Filesize
96KB

Download
memory/5068-1223-0x00007FF8586C0000-0x00007FF858974000-memory.dmp

Filesize
2.7MB

Download
memory/5068-1222-0x00007FF86C520000-0x00007FF86C554000-memory.dmp

Filesize
208KB

Download
memory/5068-1221-0x00007FF7B2E60000-0x00007FF7B2F58000-memory.dmp

Filesize
992KB

Download

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads