Analysis
-
max time kernel
368s -
max time network
365s -
platform
windows11-21h2_x64 -
resource
win11-20240221-en -
resource tags
-
submitted
25-02-2024 13:12
General
-
Target
https://stableapp.online/AirServerConnect3
Malware Config
Extracted
stealc
http://147.45.47.72
-
url_path
/eb6f29c6a60b3865.php
Signatures
-
Locky
Ransomware strain released in 2016, with advanced features like anti-analysis.
-
Stealc
Stealc is an infostealer written in C++.
-
Downloads MZ/PE file
-
Executes dropped EXE 5 IoCs
-
Loads dropped DLL 3 IoCs
-
Reads data files stored by FTP clients 2 TTPs
Tries to access configuration files associated with programs like FileZilla.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Registers COM server for autorun 1 TTPs 3 IoCs
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext 1 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 22 IoCs
-
NTFS ADS 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 20 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 23 IoCs
-
Suspicious use of AdjustPrivilegeToken 6 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 14 IoCs
-
Suspicious use of SetWindowsHookEx 5 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://stableapp.online/AirServerConnect31⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffcb8ee3cb8,0x7ffcb8ee3cc8,0x7ffcb8ee3cd82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1916,11347853270976668836,13203173053085924996,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1916,11347853270976668836,13203173053085924996,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2536 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,11347853270976668836,13203173053085924996,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1844 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,11347853270976668836,13203173053085924996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,11347853270976668836,13203173053085924996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,11347853270976668836,13203173053085924996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,11347853270976668836,13203173053085924996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1916,11347853270976668836,13203173053085924996,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5756 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1916,11347853270976668836,13203173053085924996,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5884 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,11347853270976668836,13203173053085924996,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,11347853270976668836,13203173053085924996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,11347853270976668836,13203173053085924996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1816 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,11347853270976668836,13203173053085924996,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1916,11347853270976668836,13203173053085924996,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6800 /prefetch:82⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,11347853270976668836,13203173053085924996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6840 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,11347853270976668836,13203173053085924996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4828 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,11347853270976668836,13203173053085924996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7100 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,11347853270976668836,13203173053085924996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6192 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,11347853270976668836,13203173053085924996,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6184 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,11347853270976668836,13203173053085924996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,11347853270976668836,13203173053085924996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2100 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,11347853270976668836,13203173053085924996,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,11347853270976668836,13203173053085924996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6972 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,11347853270976668836,13203173053085924996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6496 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,11347853270976668836,13203173053085924996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6916 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,11347853270976668836,13203173053085924996,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3380 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1916,11347853270976668836,13203173053085924996,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3368 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1916,11347853270976668836,13203173053085924996,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6832 /prefetch:82⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\Downloads\7z2301-x64.exe"C:\Users\Admin\Downloads\7z2301-x64.exe"2⤵
- Executes dropped EXE
- Registers COM server for autorun
- Drops file in Program Files directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1916,11347853270976668836,13203173053085924996,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=1720 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,11347853270976668836,13203173053085924996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1908 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,11347853270976668836,13203173053085924996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,11347853270976668836,13203173053085924996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1916,11347853270976668836,13203173053085924996,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5040 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,11347853270976668836,13203173053085924996,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:12⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\AirServerConnect3__Application_65db3cbe9aceb\" -spe -an -ai#7zMap27615:150:7zEvent313381⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\Downloads\AirServerConnect3__Application_65db3cbe9aceb\Setup.exe"C:\Users\Admin\Downloads\AirServerConnect3__Application_65db3cbe9aceb\Setup.exe"1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\lickeyactivated\TPJDGFMKOG.exeC:\lickeyactivated\TPJDGFMKOG.exe2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"3⤵
- Loads dropped DLL
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=UZfBnXM8WuY2⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffcb8ee3cb8,0x7ffcb8ee3cc8,0x7ffcb8ee3cd83⤵
-
C:\Users\Admin\Downloads\AirServerConnect3__Application_65db3cbe9aceb\lic.exe"C:\Users\Admin\Downloads\AirServerConnect3__Application_65db3cbe9aceb\lic.exe"1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x00000000000004DC 0x00000000000004D41⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc1⤵
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\AirServerConnect3__Application_65db3cbe9aceb\Defender Settings.vbs"1⤵
- Modifies registry class
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Downloads\AirServerConnect3__Application_65db3cbe9aceb\INSTRUCTION.html1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ffcb8ee3cb8,0x7ffcb8ee3cc8,0x7ffcb8ee3cd82⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files\7-Zip\7z.dllFilesize
1.8MB
MD54e35a902ca8ed1c3d4551b1a470c4655
SHA1ad9a9b5dbe810a6d7ea2c8430c32417d87c5930c
SHA25677222e81cb7004e8c3e077aada02b555a3d38fb05b50c64afd36ca230a8fd5b9
SHA512c7966f892c1f81fbe6a2197bd229904d398a299c53c24586ca77f7f657529323e5a7260ed32da9701fce9989b0b9a2463cd45c5a5d77e56a1ea670e02e575a30
-
C:\Program Files\7-Zip\7zG.exeFilesize
684KB
MD550f289df0c19484e970849aac4e6f977
SHA13dc77c8830836ab844975eb002149b66da2e10be
SHA256b9b179b305c5268ad428b6ae59de10b4fe99cf0199bbc89b7017181905e97305
SHA512877d852ea1062b90e2fd2f3c4dc7d05d9697e9a9b2929c830a770b62741f6a11e06de73275eb871113f11143faf1cb40d99f7c247862ffb778d26833ed5d7e38
-
C:\ProgramData\mozglue.dllFilesize
593KB
MD5c8fd9be83bc728cc04beffafc2907fe9
SHA195ab9f701e0024cedfbd312bcfe4e726744c4f2e
SHA256ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a
SHA512fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040
-
C:\ProgramData\nss3.dllFilesize
2.0MB
MD51cc453cdf74f31e4d913ff9c10acdde2
SHA16e85eae544d6e965f15fa5c39700fa7202f3aafe
SHA256ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5
SHA512dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5a0407c5de270b9ae0ceee6cb9b61bbf1
SHA1fb2bb8184c1b8e680bf873e5537e1260f057751e
SHA256a56989933628f6a677ad09f634fc9b7dd9cf7d06c72a76ddbb8221bc4a62ffcd
SHA51265162bf07705dfdd348d4eaf0a3feba08dc2c0942a3a052b4492d0675ab803b104c03c945f5608fac9544681e0fe8b81d1aaca859663e79aa87fcb591ddb8136
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5ded21ddc295846e2b00e1fd766c807db
SHA1497eb7c9c09cb2a247b4a3663ce808869872b410
SHA25626025f86effef56caa2ee50a64e219c762944b1e50e465be3a6b454bc0ed7305
SHA512ddfaa73032590de904bba398331fdbf188741d96a17116ada50298b42d6eb7b20d6e50b0cfae8b17e2f145997b8ebce6c8196e6f46fbe11f133d3d82ce3656db
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\94c2c338-5187-48ef-9d19-ca8218fb1aae.tmpFilesize
7KB
MD57f94320d06769a7aee612ca1150cd720
SHA19ae2217e83f663a8666e35ce7eb23679b942a5ee
SHA25607d4d327f227bb387044a737526c0b6a04f11ccc28516934aa8a08ece8044ab2
SHA5125ff93957335cabbf603c6443828e63e581022c9836ba3ea3c8ef404cc96d2d3282129676cef8de0655b6d31ad8c7ea8fa866e0f7ba88796bfc842a38baa4df76
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
72B
MD5b6b8ed1b38a398508ce169c3488ee5b9
SHA1250ac59114384d1b74a7e5f1e766851e8d963d0c
SHA256af37564052318d4144e57029da84442b204f5891cba56518016f475285e142cf
SHA51214ffd2c05862b77a1cf4dfe415151912c5dc9292761168d7a54bfc96260d23ffa33d9171618428b8213c038fd0b073eecb8089737489d9557a355bc9d54b9852
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
384B
MD51b671eaa1bf1bc170d8c0b0c7f6ed233
SHA11c96da162b78ad6bc006a904e66c641d939502d1
SHA256ce1a9d1f50925aa955899b8cd88885941a3d2ee7934ba4b0361c3cf8c8754951
SHA5121d383af8f91661d599d533ddbe600f49ef661daeb71837051eedeeecdfab6f55699eb34a81dd5a7455f81a52262ff61be9677909914715831f1c77822c6b3467
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
96B
MD53e114e878beee3c4a2f420ea21b8124a
SHA164de3dd7e32f083831aa38f88db223bd12b28c52
SHA25690373849096a03d9bfad7da28b449e16e11215210ff6246dbe40a7987548a2cc
SHA51206fdcf62fab47d6cc8a5bf08b5de91889d142992ec0cf0c94d263c9d69e06899ed1196f5db85f290d365c2b1ce3399dc5c9f94d1f39e1673e65ee249c42d75e9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
816B
MD5612ff441ecd33badebbffde0a937f6a7
SHA1d41dba8b28c9f152f6d1a5949ab59899c5a38c0d
SHA25694b470f09f222838c43e6042c1f48bb981fc2778da7f59dce16a48c19369a3e0
SHA5129ece75f5abadaced33aae6791696636f4031fa9addaa6a5f546e5ac24518bdda65306257862cc0e0d12b3a5d4dec4270ec0906d793935488353bd122650b791c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\CookiesFilesize
20KB
MD5039434bc8d9dbd0b488067afa08a80ab
SHA104a2f6681185d4808fe9255aacc37db2273e9ed7
SHA256b63f9a26221eb936f2982c2cf7211877da257ad35ced42411b00b227eb1f5d78
SHA512733689c9a2e2c2166ff318b21d0c2a0f114f1f1ba17a8e26adf36b1a8b7ac611c2653912684d0ee4f906911a9f101d920010c52d3c40ed1f4ce132c6e3ece400
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HistoryFilesize
116KB
MD5a171cae04f4186083c5fcc151ad63bee
SHA1d6c25cdbc35ecde8d26c9adb0c7cd66e5d7b9afe
SHA25640831f8a3f24313905463ba6f7134b3f69fe52f403f51a7a4a3653c6cefd1cd4
SHA512655849e4acd014fe2fd3ddb5730d4d3e9c4182b978615109a5a0f296c040733082f7431608de643411f2fc22060e453a9a6d8a7267a0391653f476abb8b18065
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
690B
MD56b51e13bf81833f0a7e29504395f3521
SHA1c9a4470ffcab404496a107bf7f7ce04d41208e7a
SHA256a4871df09fc3b27eca08060b86f48e835884a410e952023e489c7fb04a393f26
SHA512a20bab6d3d7ad9649b30b13700731498d7f561d526c196934bbf181f8546b1f333b2d8cf32403b0e2bc4d1403dc7f47e55f7427ce00b0b0a4834af04e86cbe2f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
2KB
MD5061f216ada5135315637d567d0d4ebf5
SHA1959950f9b05e49e7e1e9c5eab84888abd6b4076e
SHA256d8ae09663f2841aee5b4f28c8a9d90fee4d77fa047cd39f92fc334e5a3416c82
SHA512dc8ac0bb7b6dff95b7612db496428f67ce07cd814d3c1e904a2c962869f9fd3d6a8b25ff818ef8c01c238b1357661f9b424575daef9956112e3e6999352893da
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
1KB
MD52b5d9c5b223a890ac510bd8614595236
SHA11b743b5869f770fc58d439ad54ad883ed7ea98cc
SHA2562ccde762efafdc06c0c31d1912865ad3c3e31ef478176a4d393e952cf296f52a
SHA512b7dc25ae475722723d764501c37eca71d1f11a37fe524575f3219b9e2ecc72a5cfae5561229b66dde82f956cd10a1c81bc89e95c72e8e9c2879ff1eeb67a5f91
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD528c858b80118bfe5e7e095efe8eb0010
SHA1d610552ace1c52bb9e74048f352f28f2bf7d3f33
SHA256ba8dab6b7aa961ae5917bd8c934766f9e936e864a5d8af4891ab53f27f11983b
SHA5123c351b926e4c38815b1ed9f6e56cff1847f2975276d41986430608e6ed0983430178a0cee7ea1eed8b0ff6d4b686085809bf47b00abd7d6e4c7d3f41b6e922ca
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD531b5cce53c763a52bc3e4895288e1cb5
SHA1d72dae1838371d8245c576ff33230238607abe19
SHA25664009e2fbc1c51e8fd23db38b76ea3e8e2a213e63f06fba419280de20048d55b
SHA512487a32b96da682bf8c10c37e59f8aa18b3d6eab9522de176a24af456f47dbd999538cad264a4fadcb44a7ab76741636c88e76cd7898efc422675232100f83bc8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
8KB
MD50536c844ed05681c2182aa21e1f1eb27
SHA1042b59069fe25941194b82444dbf1c6c11fed7ad
SHA256b8090f230cb7c303262a5acaa2aac7a92eb27f2bf1a0f3eaccda2b41095bf14b
SHA51277976a9a7920a9db88efa4cdbbe34e65ba0060658ed3905e9b1c30a94b4fc9bb37f48e4e8508407072bb8dafe0f6be8287c8e1ce07dccf92cdea6f097ac2883d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
8KB
MD5ec127e47b53789f2ac0eac2169b1d076
SHA1073a211508b20820cb18829d697f11cd102cc898
SHA2567e76edf97df75df14c4c35cfe183a8ad095c072d7c83d2ef9c0fd6153616e2c9
SHA512ec82962c64f03c803f76c30dc501939fb47f86410b1d7f1d4e6e080fb0207183519c08e9c9030ad6186aff5833794e853821753f23849b60e09a5a8ba5a8d85f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD562c80c6a4d32d63803a0db7cfa82b86a
SHA1151eda0750fc2dd83d4e460d8361263e453cad73
SHA256d321871063e231e0d4463f62522d942a87794fcdefb115c7215c6f6d6fe708ad
SHA512a7681630f24810a13e99866776e9e26973aac47a5fa8a87caf38706aa186c0015c307563dd940c0ace17aa61f277c63b97a806797247aa016e978cf4bbcea078
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD51ea8a14212c4fc30d2d8e4b2c1795acf
SHA1d99763a4d8255a17cc15cc5db39585ee762d597c
SHA2562061d12d53fb73e4eb66104f92776a1d192e4bd5ac5a5b30e61b1039e3b04f78
SHA51235a6b834cf174af52e740ff860a6bfbb839aa2ce5c8ba89a9fa48e4e03cc3edc33e485239c16c5a8f7a831b43a24828ebf4f815035d31877fa647c58c123eead
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD57d1acfc9692137667ec44a8cdd474bd6
SHA1bc95e8a558a2e99d512332113bd408165de8b85c
SHA25625d106f59386cc72f6cc2bcae77a681af70e9fb013673755a7dd5165ffc6ebd9
SHA5122c951dd326526036ae5b71043dcc65f0152fff03a61062d908f663ec074a12adafb82626d0dd8ed432c4a780da505f3c239bbd5f790d6ae434da16a012ff6bc0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
538B
MD525c92085b8870e27748e0aafc4a4314a
SHA1260f9b029d564663e0e9a709780e304248f5615f
SHA256cec7d823998520dace4d3b2272328cc18c56bd1ee9481cf3a79c469c121c8d38
SHA5127516a13f82101079a2754f2c9c366c92a65845247c75df6e8e11a892a84f401a6bc822daebcf4dace542bfe3a1c7f40f5da6be112fe88aa8a44f1da29fda74cc
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD5c48ea3aec9a838e94849d9868b97b8e1
SHA154fc40d9b2a443a1ae1d992d559b78f4be76e9ae
SHA256a9580b7778fe50fd5c4ce1ce8fde3b1c551c8feacbdf29cb9a1b3c760740fd2b
SHA5123089be3cd2b9b246e9804d03269bf60f946a5d7cdb4c871cfb5cf75ea07fadae953538b9219d0f969557989edb8056ff512df8fce12b33a4dde707729619b969
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58eba3.TMPFilesize
204B
MD5a083bfd7ea49b439d0a8c3643332a937
SHA12ef3a9e85be8dc6be5ce2a24a6cec3e34ea23aaa
SHA25659e0ade77cdedaf80c7fbda4d1d03b78321cd86736e07d3097ba770ef1cb08cc
SHA512e791cecefb7b9578523229a193a59d8ab998b9ac68e7bbd6761050ca03f94f5a49677d59bbe451b9116ebbf5d249bb20d0b8c0294dd8ad21d8b5d671649da302
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD597dbf8b271db6698678562d81f53e554
SHA19c3a652bf39e56f3839ee65fe73a401f1632e9c5
SHA256cb7ef24c8df057cafb61502c0eb037564fcc805e50283e7e8fb2522d363463ff
SHA512958aed863d8c559de17dbd92733ba4a9dfdf2746b868921eec664ddecf54c5b94649e340bcf44a77eff091aada18f06370fc5e81e6680037b63862f786e347db
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
12KB
MD5939acd4131182c2380467302dcfaa1ad
SHA1ca73299658c1a0aef13da86bf19c4c7e72daf907
SHA2560103672ae971ab0f50f4fb789a708de531a9890b226147b5a59c40f2edc7d2bb
SHA5122ee645a039ba6cbf6d46b2cc093526c0da47d4c990cbda8ec2b88884f027fae6b54aeeef94293183ae0d698005a84747e346883eefcb0a3114be457be3e4b7e0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5e481de59b95c167e14a7b2c41b15097c
SHA1d7ac974ed80def1bc4aea6102f0f4a968c76da9c
SHA256806b09c1da4e527d5161823024b4d4950312e750e95086c7609feecdc17ded78
SHA512169a7a899c4c74c0664229b64ba35e8e1037cba374833612d89e5f40fc677703cf782d214bc5ed8c2dec0fecba5c1cc0986561104d8dc6c2dd5944920ab29806
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
12KB
MD58e69804aedce6aa1751081fdf44ff646
SHA1df9e1bfed8f2f426650c5788ed211ef953c3333b
SHA256c4744c3c882004132594f3d5622135bfa19e44e5792b204f1386dc90f95fa06a
SHA5121bb5e59f5553ee867e7ff7d64d88febd1f3d6e766444da0a2fafe78f886d4a54edc678abdb34664db87fed9f9f85ec4ae8720c7d3f14a432a68192ac5f893998
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
12KB
MD5f3d0bd977ee83c3793714036c7240473
SHA12b32de38336dfa82ca3b40d79e3fe79b0bd2979b
SHA256a04eb640432e5023be5909122649504a327a475424fdfc2b4b4e92456fac73ae
SHA512182e146c9901ffa6d89f24e66d89df92382ff35476e028f0cfdc44e28610e96035bc991a8f4cd407857f5de70b120e6c074761f70a9e2ab0e02eeac07c99dfb3
-
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.datFilesize
11KB
MD5f2de638a4259125fdc63c3e174803714
SHA1c2dc76d32dbc368e8b576a5dd9e0a2a7a5d6fa66
SHA256c76921cb128864fa1ede8f5f96285a688474149a4d0ef6f15ae131250649a297
SHA512625a76f433d1b50172950eea73425706e5be7547d589f0b660d7ffab6440f9f1542acc1944d20d64ba493c15c420593b12b53e6ad8fe181c0134001581aa7b19
-
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.datFilesize
11KB
MD531490a459c198da08ac2babda98140fe
SHA17d0ce403bc81bf92be58d7ad48763948920e8737
SHA256f1cbb3423476a4c6fac691d9dd20e577518781c4ca79874e74d52f2961a62276
SHA5121ff445b321634318fdca6fd7f946088a8309d283824205b5d1f9ac4d544d492bd608aa324e292ce99d332c747be3f49a59090b91e46e296335822d5d400fc715
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-msFilesize
14KB
MD57db2942b85740c49838d7372946c1492
SHA11ecd8e21f472295cdb50b6c20cfb83fe9c6ce204
SHA2561a417c7542f1911ae2d41fc5b205fdfd3cf36aa31543dc36b1399f4b2752bb47
SHA512dfb9b8ca7903857e613722ea65d2399518cab73dade5fa098c293c66088bce082a22415de4eb31fd34c8143ba179b6c864e85d84f1340c7e452dc80622d20426
-
C:\Users\Admin\Downloads\7z2301-x64.exe:Zone.IdentifierFilesize
58B
MD537da88b521d433509b41a4f658730dbe
SHA12ea39c5e0b87a0717eac738f9ae92be8771fd576
SHA25662ba564e8b8b6fba4ae004166cddac5e232f0b2d06dd97c0e4656571adfe7d84
SHA51298a00650022e0e36e748714b92b6beaebc3afa3c7a5baab8cecd155091d7acac94dbec0fb9c7c2c24c07e0ac7068058926de85bf10ed4e7a3b634d47119ea832
-
C:\Users\Admin\Downloads\AirServerConnect3__Application_65db3cbe9aceb.zipFilesize
23.4MB
MD508b9ff116c048499fb0464d484efb397
SHA10b33665e1007b3f1e4e8211ac4160b0f98a417bc
SHA2567ff6d5d5fd37c8787c1c23b1b790c6c830801400507e092ffe20f0823ca210d5
SHA512c018b88fdab5f8882746a6108bd460480dd77e87b5ca70e7288e630d29b20dcbad18f39f0e14bb2f941f9f6ddcc85b272c913b213c80422a8af30e5d0c8d15ae
-
C:\Users\Admin\Downloads\AirServerConnect3__Application_65db3cbe9aceb\Defender Settings.vbsFilesize
313B
MD5b0bf0a477bcca312021177572311e666
SHA1ea77332d7779938ae8e92ad35d6dea4f4be37a92
SHA256af42a17d428c8e9d6f4a6d3393ec268f4d12bbfd01a897d87275482a45c847e9
SHA51209366608f2670d2eb0e8ddcacd081a7b2d7b680c4cdd02494d08821dbdf17595b30e88f6ce0888591592e7caa422414a895846a268fd63e8243074972c9f52d8
-
C:\Users\Admin\Downloads\AirServerConnect3__Application_65db3cbe9aceb\INSTRUCTION.htmlFilesize
4KB
MD5b0e1a89f526686c61c41355a30092e13
SHA17fdca917d70a20c3e5d3cffe14c8d45be112e19d
SHA256eda941b8de3d4ea77ac0137d63b5c71aa0847a6eab170bf661cd19d71442212a
SHA512acb38e40eea7d052a8b2d3bbb4fbdd3a758255f03d4974d792eeedc881c4d7c3856d3fbc8b80baa490ccdb4ed8c91a719b1f3073e6db2e2e3cfe4315dce0b250
-
C:\Users\Admin\Downloads\AirServerConnect3__Application_65db3cbe9aceb\Setup.exeFilesize
76.2MB
MD5a86ff6689278f3396ce8d9948d358d94
SHA1bcbf106e63ec89e0322c3afe1e17af3056fa153b
SHA2565d1859c1ac9dd0ea6731d7f07057669af2bd04ce066b33635a15159da2a3f726
SHA512d0272d2ac98463b55fd8fe9dddbe6131159dc609adb7f6f8f7eb98a2fb96ebf31e6b2aaa602372780a970babe07db99d986fc5fdf75fcc2018bb44a4b9cd299d
-
C:\Users\Admin\Downloads\AirServerConnect3__Application_65db3cbe9aceb\Setup.exeFilesize
164.4MB
MD51d6b278ed9bd7642cf6c75786fee82c0
SHA191da771e9cccbeb927166a343bc6a3c1ca07df2d
SHA2560062582fd6a9f0155348d70c74f5ac11612fc1b976c0d1d397818e16ad8ccb31
SHA5123152e303c9daff6397f73e09c60dbc945bda749f091472a3ddad8685cdf721534ca1d8f5c4b060ae87aff1d984059259d3c3c4a0370191d14ab672713cfe2164
-
C:\Users\Admin\Downloads\AirServerConnect3__Application_65db3cbe9aceb\data\data.datFilesize
1.2MB
MD5f2d3bcb9a38dfa4a90daccb9ca2a3b54
SHA17867f9902cd17d7af4e6a671a6e50c3dfd3ef9ad
SHA256f073ec203af3d6f8aeddcd8e0c2cc003009224fc3b3c5545eb3add89bcab0890
SHA512c3411d08305b6c46cfb1d1faa5e280e3a202859c54b2f4fa8383544085d8a13ec6ba2ff31bc8ba7719152ec5de9e03bc8170e73b04b9a76b54c9136ac8fe9186
-
C:\Users\Admin\Downloads\AirServerConnect3__Application_65db3cbe9aceb\data\img\1.pngFilesize
114KB
MD589a33d88e2aa6a46fa4f0b7b683241e1
SHA1b62c580644a42338302b34612e01090f0a45fa51
SHA256a493f8b980d4e09ce1cd4e3ce156ab20d40c2ef11fa497300b76fbec2aaa73f9
SHA51283848e65f6061b382906ba455d23054862a22d29204e5b106849537514b60d2f5222720efd8d4e7705dbf07125e1fc53cc7c3dc085414083404c546c355e4c49
-
C:\Users\Admin\Downloads\AirServerConnect3__Application_65db3cbe9aceb\data\img\2.pngFilesize
114KB
MD50870c1db5e925505aa2797b5ad07a6b5
SHA14c579d7a0fd635199211ffce53d2e20b3fb8c283
SHA2560f83d55e6867da94a7506ac3d2542cea30f96dc51647fe2d6639a6a1fe0dcfb4
SHA512df23bb4ac3f6f42a530d6dd177b5d98aebd8e882f0ec513660e8ff706774260d7619fc885861311eda28d8108a44139accd0c2ff598fded090a10830d0e91a96
-
C:\Users\Admin\Downloads\AirServerConnect3__Application_65db3cbe9aceb\data\img\3.pngFilesize
113KB
MD56a763d41c5992c965bf373204e61c133
SHA165dec8d0a7f966cb74a1b9a2c0cd774fa367cfea
SHA256ae5ce85a742481df2a84d94c1bdcc74046a9ca395ac2d01f905afff7843d6131
SHA5127a29d92cb621a5f9d71dd9167fff7a7610e62aa08b60d18e7f84799f05a7f3d386090f41abf6ca1ecc52ca1f4300ea348ac92aeb412e36c48063b93ad403aac9
-
C:\Users\Admin\Downloads\AirServerConnect3__Application_65db3cbe9aceb\data\img\4.pngFilesize
69KB
MD5bdc950c8611a6bc19ac75c5b1712f103
SHA13e23ca79264af842eb93253b6623b7f9d6b38c62
SHA256883e7ea2d1b2e1bb2436b198777854d4b060ada02965002ebd61a77c590d94a6
SHA51220636a91708a78ab37b5a47687863662fa7ebd411cf44d98a1780798d0b30e39cbf7953c4d18105579ede1bd4ce25774a13da08909500946bf7d9add8813d0ee
-
C:\Users\Admin\Downloads\AirServerConnect3__Application_65db3cbe9aceb\data\img\5.pngFilesize
1KB
MD58b20bd00fdebffb9e0adde12c7c73ded
SHA185b43dca0348c9fc29f13f93474ff7b65a8b32ac
SHA25624e9722b2e370cb11615aa1bc8d4576a2bb738442d5e9fb264e5a54b74ac292f
SHA512d2e9c499c19ffe610e78911cff84584b0df74b75ceb89b4ce4c6f8bdd1b5869d185ab5ffcf212cbe1f628f7ba3e83911776d9bbe35c36a12301b11766b131164
-
C:\Users\Admin\Downloads\AirServerConnect3__Application_65db3cbe9aceb\data\img\6.pngFilesize
27KB
MD57766360527c4e1dec139797a33e1e274
SHA1e89ce902ec3f24d30f041058abb149afb3ae607f
SHA256f681226c609dba73ec92e93b28109ab5b8417785c68b1cfddaa53f3e2915f358
SHA5120d05727f4341ef0e097fbdefb7bf812bda3820977784b308ecb7ec0800be191c5df449bf858a08dea33dfbbd1f8cfcdb3f8152927ccbfb9b7b5772e2ac6cfb11
-
C:\Users\Admin\Downloads\AirServerConnect3__Application_65db3cbe9aceb\data\img\7.pngFilesize
31KB
MD558bf9a342aef1fb74fc91d91b7334432
SHA11553492f93c54c63843cd79146b1dda587bb2612
SHA256d1d3c6254d8e0f2f23a167c26d72599c574216fa0439ccea2e3790939df4647a
SHA5127d855445fb3f4991c374970b61fc65a320e21fa216d3c966df98400f6a0a5999c413c78a8da5b5315f1697f4eff927369243d153202127bf05362171bf04716a
-
C:\Users\Admin\Downloads\AirServerConnect3__Application_65db3cbe9aceb\data\program.PNGFilesize
696KB
MD5a3d4494188555fd642820346806fd1d8
SHA153a37fb21d1fdc91cdea14721eeecac83cc2825c
SHA256ace20dad2b8ef82a5f8674afc8e9ca05f5f3f63efc798d66b43eb7124dc802ca
SHA512a4265bf8fb50fbdb1b13b3d03126b2ec354cbd4c0ee9baa51911700e1be73753f549b1a8cdace269b674afaab04b03f545a2a383f3fd8a0b7898b8498a4a25e4
-
C:\Users\Admin\Downloads\AirServerConnect3__Application_65db3cbe9aceb\lic.exeFilesize
3.9MB
MD51e2d2f3f618279ed722045f6342793f6
SHA14b80a65885b4eb69fd6e240db592a8da8d7ad334
SHA256400a80b5166f7ad96f834fecea54ba07244ef90a40a9878ecf843c3e140f304c
SHA512dcec0fc10ba64fa47ea005fd9edc4b0396d613daba5723054e960766a3fa87b4dab06c522b200ab13dc135006f3f7adbb44c43c93fa9f0b2564c6d034dd41143
-
C:\Users\Admin\Downloads\Unconfirmed 445219.crdownloadFilesize
1.5MB
MD5e5788b13546156281bf0a4b38bdd0901
SHA17df28d340d7084647921cc25a8c2068bb192bdbb
SHA25626cb6e9f56333682122fafe79dbcdfd51e9f47cc7217dccd29ac6fc33b5598cd
SHA5121f4da167ff2f1d34eeaf76c3003ba5fcabfc7a7da40e73e317aa99c6e1321cdf97e00f4feb9e79e1a72240e0376af0c3becb3d309e5bb0385e5192da17ea77ff
-
C:\lickeyactivated\TPJDGFMKOG.exeFilesize
245KB
MD56c665b4b83eeb786e9d8020b9e67b26d
SHA1285d5de7bfedcfdadf8f8d0202a3ef11ccacd852
SHA256c7a098672b01ceda0b7da3be9c1eca5814b63849e0f32f5cf64e80ee48886f13
SHA512746eb5101054a2cbba2974a1f2a59424368d3b11cd9e6b57c2cf786b00fb391527dc4fc0a1a927bb3c59c9a99f75ffd23a6397593c94eab06e0943e91018d4bb
-
\??\pipe\LOCAL\crashpad_4732_VDRIHTUDSEHCPWUIMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/928-753-0x00000000004E0000-0x0000000002479000-memory.dmpFilesize
31.6MB
-
memory/928-847-0x00000000004E0000-0x0000000002479000-memory.dmpFilesize
31.6MB
-
memory/928-710-0x0000000004CB0000-0x0000000004CB1000-memory.dmpFilesize
4KB
-
memory/928-850-0x00000000004E0000-0x0000000002479000-memory.dmpFilesize
31.6MB
-
memory/928-739-0x00000000004E0000-0x0000000002479000-memory.dmpFilesize
31.6MB
-
memory/928-843-0x00000000004E0000-0x0000000002479000-memory.dmpFilesize
31.6MB
-
memory/928-871-0x00000000004E0000-0x0000000002479000-memory.dmpFilesize
31.6MB
-
memory/928-873-0x00000000004E0000-0x0000000002479000-memory.dmpFilesize
31.6MB
-
memory/928-879-0x00000000004E0000-0x0000000002479000-memory.dmpFilesize
31.6MB
-
memory/928-747-0x00000000004E0000-0x0000000002479000-memory.dmpFilesize
31.6MB
-
memory/928-744-0x0000000004CB0000-0x0000000004CB1000-memory.dmpFilesize
4KB
-
memory/928-742-0x00000000004E0000-0x0000000002479000-memory.dmpFilesize
31.6MB
-
memory/1192-766-0x0000000000400000-0x0000000000647000-memory.dmpFilesize
2.3MB
-
memory/1192-757-0x0000000000400000-0x0000000000647000-memory.dmpFilesize
2.3MB
-
memory/1192-767-0x0000000061E00000-0x0000000061EF3000-memory.dmpFilesize
972KB
-
memory/1192-842-0x0000000000400000-0x0000000000647000-memory.dmpFilesize
2.3MB
-
memory/1192-761-0x0000000000400000-0x0000000000647000-memory.dmpFilesize
2.3MB
-
memory/3436-764-0x0000000002F30000-0x0000000004F30000-memory.dmpFilesize
32.0MB
-
memory/3436-754-0x0000000000A10000-0x0000000000A4E000-memory.dmpFilesize
248KB
-
memory/3436-760-0x00000000727A0000-0x0000000072F51000-memory.dmpFilesize
7.7MB
-
memory/3436-763-0x00000000727A0000-0x0000000072F51000-memory.dmpFilesize
7.7MB
-
memory/3436-849-0x0000000002F30000-0x0000000004F30000-memory.dmpFilesize
32.0MB
-
memory/3620-748-0x0000000000AB0000-0x0000000000AB1000-memory.dmpFilesize
4KB
-
memory/3620-765-0x0000000000400000-0x00000000007FB000-memory.dmpFilesize
4.0MB
-
memory/3620-846-0x0000000000AB0000-0x0000000000AB1000-memory.dmpFilesize
4KB
