Resubmissions

02/03/2024, 23:24

240302-3dxh7sac7x 7

02/03/2024, 23:23

240302-3dfkpaag29 1

02/03/2024, 23:20

240302-3br6psac5v 6

02/03/2024, 23:18

240302-3acdvsac4w 8

02/03/2024, 23:12

240302-2663nsac2y 1

Analysis

  • max time kernel
    103s
  • max time network
    135s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/03/2024, 23:18

General

  • Target

    https://www.google.com/

Score
8/10

Malware Config

Signatures

  • Modifies Installed Components in the registry 2 TTPs 2 IoCs
  • Enumerates connected drives 3 TTPs 4 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 6 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 24 IoCs
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.google.com/
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4024
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8cf599758,0x7ff8cf599768,0x7ff8cf599778
      2⤵
        PID:4884
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1680 --field-trial-handle=1880,i,7166151925092308680,11383908116482682638,131072 /prefetch:2
        2⤵
          PID:1352
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1880,i,7166151925092308680,11383908116482682638,131072 /prefetch:8
          2⤵
            PID:4208
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2216 --field-trial-handle=1880,i,7166151925092308680,11383908116482682638,131072 /prefetch:8
            2⤵
              PID:3964
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2908 --field-trial-handle=1880,i,7166151925092308680,11383908116482682638,131072 /prefetch:1
              2⤵
                PID:2580
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2916 --field-trial-handle=1880,i,7166151925092308680,11383908116482682638,131072 /prefetch:1
                2⤵
                  PID:464
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4640 --field-trial-handle=1880,i,7166151925092308680,11383908116482682638,131072 /prefetch:1
                  2⤵
                    PID:4920
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5016 --field-trial-handle=1880,i,7166151925092308680,11383908116482682638,131072 /prefetch:8
                    2⤵
                      PID:2088
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 --field-trial-handle=1880,i,7166151925092308680,11383908116482682638,131072 /prefetch:8
                      2⤵
                        PID:3092
                    • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                      "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                      1⤵
                        PID:368
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
                        1⤵
                        • Enumerates system info in registry
                        • Modifies registry class
                        • Suspicious behavior: EnumeratesProcesses
                        • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                        • Suspicious use of FindShellTrayWindow
                        • Suspicious use of SendNotifyMessage
                        PID:3444
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ff8ced546f8,0x7ff8ced54708,0x7ff8ced54718
                          2⤵
                            PID:4092
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,11297853462879289605,4049664888644776602,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:2
                            2⤵
                              PID:648
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,11297853462879289605,4049664888644776602,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
                              2⤵
                              • Suspicious behavior: EnumeratesProcesses
                              PID:764
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2032,11297853462879289605,4049664888644776602,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:8
                              2⤵
                                PID:4996
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,11297853462879289605,4049664888644776602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
                                2⤵
                                  PID:2860
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,11297853462879289605,4049664888644776602,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
                                  2⤵
                                    PID:2832
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,11297853462879289605,4049664888644776602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4276 /prefetch:1
                                    2⤵
                                      PID:2456
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,11297853462879289605,4049664888644776602,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4272 /prefetch:1
                                      2⤵
                                        PID:4708
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,11297853462879289605,4049664888644776602,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5308 /prefetch:8
                                        2⤵
                                          PID:4476
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,11297853462879289605,4049664888644776602,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5308 /prefetch:8
                                          2⤵
                                          • Suspicious behavior: EnumeratesProcesses
                                          PID:2720
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,11297853462879289605,4049664888644776602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3564 /prefetch:1
                                          2⤵
                                            PID:3320
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,11297853462879289605,4049664888644776602,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
                                            2⤵
                                              PID:4360
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,11297853462879289605,4049664888644776602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
                                              2⤵
                                                PID:3596
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,11297853462879289605,4049664888644776602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
                                                2⤵
                                                  PID:2092
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,11297853462879289605,4049664888644776602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
                                                  2⤵
                                                    PID:1332
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2032,11297853462879289605,4049664888644776602,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5496 /prefetch:8
                                                    2⤵
                                                      PID:948
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2032,11297853462879289605,4049664888644776602,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5524 /prefetch:8
                                                      2⤵
                                                      • Modifies registry class
                                                      • Suspicious behavior: EnumeratesProcesses
                                                      PID:4312
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,11297853462879289605,4049664888644776602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
                                                      2⤵
                                                        PID:5056
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,11297853462879289605,4049664888644776602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
                                                        2⤵
                                                          PID:4840
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,11297853462879289605,4049664888644776602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
                                                          2⤵
                                                            PID:1632
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,11297853462879289605,4049664888644776602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
                                                            2⤵
                                                              PID:1320
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,11297853462879289605,4049664888644776602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
                                                              2⤵
                                                                PID:4444
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2032,11297853462879289605,4049664888644776602,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3792 /prefetch:8
                                                                2⤵
                                                                  PID:5076
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,11297853462879289605,4049664888644776602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
                                                                  2⤵
                                                                    PID:3596
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2032,11297853462879289605,4049664888644776602,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6712 /prefetch:8
                                                                    2⤵
                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                    PID:1480
                                                                • C:\Windows\System32\CompPkgSrv.exe
                                                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                  1⤵
                                                                    PID:2484
                                                                  • C:\Windows\System32\CompPkgSrv.exe
                                                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                    1⤵
                                                                      PID:2080
                                                                    • C:\Windows\system32\werfault.exe
                                                                      werfault.exe /h /shared Global\677f32100aa6401d9e0ce75e79e7f826 /t 3576 /p 3496
                                                                      1⤵
                                                                        PID:4712
                                                                      • C:\Windows\explorer.exe
                                                                        explorer.exe
                                                                        1⤵
                                                                        • Modifies Installed Components in the registry
                                                                        • Enumerates connected drives
                                                                        • Checks SCSI registry key(s)
                                                                        • Modifies registry class
                                                                        • Suspicious behavior: GetForegroundWindowSpam
                                                                        • Suspicious use of AdjustPrivilegeToken
                                                                        • Suspicious use of FindShellTrayWindow
                                                                        • Suspicious use of SendNotifyMessage
                                                                        PID:3476
                                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                        1⤵
                                                                        • Modifies registry class
                                                                        • Suspicious use of SetWindowsHookEx
                                                                        PID:1368
                                                                      • C:\Windows\explorer.exe
                                                                        explorer.exe
                                                                        1⤵
                                                                        • Modifies Installed Components in the registry
                                                                        • Enumerates connected drives
                                                                        • Checks SCSI registry key(s)
                                                                        • Modifies registry class
                                                                        • Suspicious use of AdjustPrivilegeToken
                                                                        • Suspicious use of SendNotifyMessage
                                                                        PID:4720
                                                                      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                        1⤵
                                                                        • Modifies registry class
                                                                        • Suspicious use of SetWindowsHookEx
                                                                        PID:3156
                                                                      • C:\Windows\explorer.exe
                                                                        explorer.exe
                                                                        1⤵
                                                                          PID:5108
                                                                        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                          1⤵
                                                                            PID:4388
                                                                          • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                                                                            "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                                                                            1⤵
                                                                              PID:5048
                                                                            • C:\Windows\explorer.exe
                                                                              explorer.exe
                                                                              1⤵
                                                                                PID:4368
                                                                              • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                                                                "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                                                                1⤵
                                                                                  PID:4956
                                                                                • C:\Windows\explorer.exe
                                                                                  explorer.exe
                                                                                  1⤵
                                                                                    PID:3752

                                                                                  Network

                                                                                        MITRE ATT&CK Enterprise v15

                                                                                        Replay Monitor

                                                                                        Loading Replay Monitor...

                                                                                        Downloads

                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

                                                                                          Filesize

                                                                                          195KB

                                                                                          MD5

                                                                                          89d79dbf26a3c2e22ddd95766fe3173d

                                                                                          SHA1

                                                                                          f38fd066eef4cf4e72a934548eafb5f6abb00b53

                                                                                          SHA256

                                                                                          367ef9ec8dc07f84fed51cac5c75dc1ac87688bbf8f5da8e17655e7917bd7b69

                                                                                          SHA512

                                                                                          ab7ce168e6f59e2250b82ec62857c2f2b08e5a548de85ac82177ac550729287ead40382a7c8a92fbce7f53b106d199b1c8adbb770e47287fc70ea0ea858faba6

                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                          Filesize

                                                                                          144B

                                                                                          MD5

                                                                                          d893f44a1d9385ea14de19f5fe94cd6e

                                                                                          SHA1

                                                                                          9381806beabbde7bdafaa8fecaa989b9721a5f74

                                                                                          SHA256

                                                                                          49e4a92ff0f75d989de88a3ff35ff0e3149fbdf967996062a557c2f737cf6a3b

                                                                                          SHA512

                                                                                          89c0617d21b47588d59505ecdb88adc596940ba0ce1e7dbe38233b4275aac9f3fd12fc34d9c0f3535ad1b9dfc56c9076b32fb4dd85ae90c314aadf98a77cc958

                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                                          Filesize

                                                                                          1KB

                                                                                          MD5

                                                                                          343c667693d38cdc53f43b680c9569d1

                                                                                          SHA1

                                                                                          af9dbea275b7645cfb4318feb6351875a70f17d5

                                                                                          SHA256

                                                                                          331c5468267a64a361dedd4eee4fef7c7afa3c0327f5b626a1f57d98ee284d3b

                                                                                          SHA512

                                                                                          4ffa59b21f38b22c3c89c40f239de6998e95bd0d4bee8df157d469fdece44bea00039e86de9e3b39daf9e192d9c7174488165ccaca5a8219ac552af3e8e4817b

                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                          Filesize

                                                                                          371B

                                                                                          MD5

                                                                                          6d6010dca756a3caab03f34ab78c203f

                                                                                          SHA1

                                                                                          812702bf880cf5d46a25921713149ae7a50274f3

                                                                                          SHA256

                                                                                          9a50812275afc171be2bd38c1832bd926a883870d3d0a837c970feba2db22e51

                                                                                          SHA512

                                                                                          bd30d780158b522423aac42e0096392f4a9e881733c98e29657977a029611b6fa463f9e659d1b298f45fb0c385c31742fd7e8aa88177d3fa5aa37a8813ab3f76

                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                          Filesize

                                                                                          6KB

                                                                                          MD5

                                                                                          c4cff8b6284c42c3fb045ca9d8664b1f

                                                                                          SHA1

                                                                                          b18846422531f5a9bb6db7a2860c5d98c1c6d80b

                                                                                          SHA256

                                                                                          a3cacfc5608f5045ce8ab003c4976f39d043202732a7aac453a1031c9c7dcc06

                                                                                          SHA512

                                                                                          a1f7970021514c7c15197f0bd420d34f27b5a35092d3d55d61877b66726cd616827113950da2f1a1b4805b75e47a9b41a66fab2d0b0a77ef67f47ea90822804e

                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                          Filesize

                                                                                          6KB

                                                                                          MD5

                                                                                          a5543e3757ace8ff9b7aff32aaee6921

                                                                                          SHA1

                                                                                          2fbfba775e4a73f8326cb3c9fb84f06778a4431b

                                                                                          SHA256

                                                                                          1355547c1ca383169f39682f3cae3fe1ba604ebb8baca26f267ec248e716beab

                                                                                          SHA512

                                                                                          67ca73c3d2c3c3f0109bdbf64548d9d247cf92a56b04204e7af647fc4068df580d4c7723c1076a41e5a37b498250f313086227c9d495137649b4ea83d9ac9575

                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                          Filesize

                                                                                          128KB

                                                                                          MD5

                                                                                          1a9056937db0baf5336f0e9209bf00ff

                                                                                          SHA1

                                                                                          a4e1199667b0b10c1b9aac2d9a54142adf1b16f4

                                                                                          SHA256

                                                                                          cf160fcdc69c4beab03b934183df104da96100d23814ca55cca157d5934f11b8

                                                                                          SHA512

                                                                                          9f16153de0d244659df349e8a97b24704c8e744f1c698b487d69dfe7e8d37724a2cf690c45b9f1a0e9be813136b10ae946e168c7a8e24d7fd4b6d282c4065a3d

                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                          Filesize

                                                                                          128KB

                                                                                          MD5

                                                                                          36f8c8eac4361417a47acc73063fbeb0

                                                                                          SHA1

                                                                                          10e7478abd76f1f05f1bd2fcbcdb00b0556570ea

                                                                                          SHA256

                                                                                          2b5c3e517d0675498c4cd0138d700bd742af341130622f969257cd571fadc86a

                                                                                          SHA512

                                                                                          22d8ff0c7d890a0bfc92c1a40449f209cec4453fa62bf412511773ba0f4931ac797ec886f162b3d18fa0c3aaf2629cb23ce8fe367ac8408980f809bd851543b2

                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

                                                                                          Filesize

                                                                                          264KB

                                                                                          MD5

                                                                                          f50f89a0a91564d0b8a211f8921aa7de

                                                                                          SHA1

                                                                                          112403a17dd69d5b9018b8cede023cb3b54eab7d

                                                                                          SHA256

                                                                                          b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

                                                                                          SHA512

                                                                                          bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

                                                                                          Filesize

                                                                                          2B

                                                                                          MD5

                                                                                          99914b932bd37a50b983c5e7c90ae93b

                                                                                          SHA1

                                                                                          bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                                                                          SHA256

                                                                                          44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                                                                          SHA512

                                                                                          27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                          Filesize

                                                                                          152B

                                                                                          MD5

                                                                                          0764f5481d3c05f5d391a36463484b49

                                                                                          SHA1

                                                                                          2c96194f04e768ac9d7134bc242808e4d8aeb149

                                                                                          SHA256

                                                                                          cc773d1928f4a87e10944d153c23a7b20222b6795c9a0a09b81a94c1bd026ac3

                                                                                          SHA512

                                                                                          a39e4cb7064fdd7393ffe7bb3a5e672b1bdc14d878cac1c5c9ceb97787454c5a4e7f9ae0020c6d524920caf7eadc9d49e10bee8799d73ee4e8febe7e51e22224

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                          Filesize

                                                                                          152B

                                                                                          MD5

                                                                                          e494d16e4b331d7fc483b3ae3b2e0973

                                                                                          SHA1

                                                                                          d13ca61b6404902b716f7b02f0070dec7f36edbf

                                                                                          SHA256

                                                                                          a43f82254638f7e05d1fea29e83545642f163a7a852f567fb2e94f0634347165

                                                                                          SHA512

                                                                                          016b0ed886b33d010c84ca080d74fa343da110db696655c94b71a4cb8eb8284748dd83e06d0891a6e1e859832b0f1d07748b11d4d1a4576bbe1bee359e218737

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                          Filesize

                                                                                          4KB

                                                                                          MD5

                                                                                          aa46451d5407d33526ad41dd5086ef2e

                                                                                          SHA1

                                                                                          89f7bcbb466b258dacec5d7e6bc11634a54d3389

                                                                                          SHA256

                                                                                          1c59590e644b0113487e858fa8967671bd4b629a24f9c3031d3707e021d5756c

                                                                                          SHA512

                                                                                          42fc24cf9d633359770b1b5878b481b030d806bbadd181d89e030d9e5f283c1edd45da8d937fc874472a3d44198c234f9f776b8de3d904713c799999bc68dc7b

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                                          Filesize

                                                                                          1KB

                                                                                          MD5

                                                                                          0a41a6ab4425fb68264448e832ddb63b

                                                                                          SHA1

                                                                                          441b33580d375c83c8b86d21f3c329a5e97bc6f2

                                                                                          SHA256

                                                                                          a32c085bf964c47065ec49c91eebf14d971dc303c329fefdb8b187308581c270

                                                                                          SHA512

                                                                                          811f8f913f83dd6bb884156bf239843e517d7fb6f37e6df053d86005ee59de71954477024f4e3ce6656926bf00a5d5b535cadeaa215843d33cff6f01a565febb

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                                          Filesize

                                                                                          111B

                                                                                          MD5

                                                                                          285252a2f6327d41eab203dc2f402c67

                                                                                          SHA1

                                                                                          acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

                                                                                          SHA256

                                                                                          5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

                                                                                          SHA512

                                                                                          11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                          Filesize

                                                                                          6KB

                                                                                          MD5

                                                                                          250f977e3b9a67fdaad45a53b4bcef2f

                                                                                          SHA1

                                                                                          07224388650422d015b5d9b186f327d60a966fbb

                                                                                          SHA256

                                                                                          d436b0568e5268805d94e474740a76c630a6dba8638d4cf369b031a478c6112f

                                                                                          SHA512

                                                                                          82900d5e0a594b208752f8038d8d5725afd3cf759462f6da2108f0789b9ba5538ec28e1a2eb0f0da23f4c20d333726a24157e2a71319b7c1e30a5e116e325084

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                          Filesize

                                                                                          7KB

                                                                                          MD5

                                                                                          292d7a399c1784c8f4a56f62a66d7cd0

                                                                                          SHA1

                                                                                          dde2ba910882b3b59ed957735207cd45b882a5da

                                                                                          SHA256

                                                                                          ae1d10aed3806f5c0ff765feaf6d3b56467082d2fc6361c8b16d92b5ff2c057b

                                                                                          SHA512

                                                                                          959b0b6fa22a28c1d223ee2bf17db3fae09409c470411e72faf18217292c3d35f1480ba36b30c392e1982812d868f38e906bb30876ec4a6bbce6bb38cbe1a92c

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                          Filesize

                                                                                          6KB

                                                                                          MD5

                                                                                          3d39f2b5425df1ba9f91e1a4bdd4779d

                                                                                          SHA1

                                                                                          c7c5567af0d4a29410de8da75c1135d2d1ff3d50

                                                                                          SHA256

                                                                                          22f6a302cb6a7eb1f6483e326e4eb125985ada693d8a8be4c8765d4ad869bbe6

                                                                                          SHA512

                                                                                          013c4853fb1bcbbba4d70e4e7aef24d207dcd7578d941a59d621094def5f14b9928b85285c908aba449c6c30ef7f814331db0a26fcbcfbab7cac9439c97fa8d3

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                          Filesize

                                                                                          7KB

                                                                                          MD5

                                                                                          b431be58876068a5b01c2de8e6973e8a

                                                                                          SHA1

                                                                                          c8befd7f8f888cb7d76a9844f44d10affb1ca2e3

                                                                                          SHA256

                                                                                          ad0f40b6a1e38c40b948301fe85008d3e79b02a65f7de1d0c17f4843a30bcf00

                                                                                          SHA512

                                                                                          b241dad4b177e712c9b255edcbd5a837917467a1c0d90ed6fe7f8691fb6f28b010ce5223ba54471a8953262616207f232155f60506a6c4b173b7ff97d62dcd6a

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                          Filesize

                                                                                          7KB

                                                                                          MD5

                                                                                          602a415d70beb3c453c91ca1942452bd

                                                                                          SHA1

                                                                                          0d1b41ce1f71032c695991afe22fd68c64eeb46f

                                                                                          SHA256

                                                                                          5b471baadaf30cc334a11acf3e13b4dd5d80f2a5c69b0c31a4eaa759421aaec7

                                                                                          SHA512

                                                                                          e3dbe673e2600c7c581fe576692fe0b5b9f84883ef33cd48190f5d02e483b7af37a8af54756b3066c022e1fd776b2ce38e78e0c63bfeea6e66ca9ae9972f6485

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                          Filesize

                                                                                          7KB

                                                                                          MD5

                                                                                          d2cb43ed644169eb51fda43469b9f981

                                                                                          SHA1

                                                                                          f4265a18f3baa8171acc0a234169a9ea6eeb6722

                                                                                          SHA256

                                                                                          0e8befea0f58f0ac6e3e95bfbc53d39889480d03d433b01c692658b73bd46270

                                                                                          SHA512

                                                                                          cc57c14fd300ec4e7d96221969e3793f5fe2bc41e702c1ff80438c6789dd26bb789552e468ea91d5860843ceb415f7fa6232d90bb90a36406fb3b9e44f31cf90

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                          Filesize

                                                                                          1KB

                                                                                          MD5

                                                                                          00c9be75f31453a58d73dcff0446f1d8

                                                                                          SHA1

                                                                                          4f0fa863ef71a0b729491e2761c312500dbb1916

                                                                                          SHA256

                                                                                          5ed0d4f22918f20ca0d7e348d5663cdcd30bdc370bf5ad40e1f3eec0c7eb29d1

                                                                                          SHA512

                                                                                          cd0b768fd8379b58551ea67c1e36f5f1bdac8f2e6f27bab7d1db3282d3b3ded967b2eca6645ecef1ba86952d13591b5671c7a296f30bc625fc122efa16d962b4

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                          Filesize

                                                                                          1KB

                                                                                          MD5

                                                                                          7ee7f014c410e21dff9b4927ca7e7b1a

                                                                                          SHA1

                                                                                          d7636dcffa1d623dcb38bef7ecc32106413700aa

                                                                                          SHA256

                                                                                          df3dcc22f75ce58ec8593fe7f8e747a0f7fbeed82526cec16335d8c7b2ae2deb

                                                                                          SHA512

                                                                                          62de92a0d0f793f8414574abe22c494d97e4b2e8f399276d3130af600ead0a73b17d9f3b8dacfbdf57fae250d903dcd468edc30e18b23a6b0540f0f869b0b320

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                          Filesize

                                                                                          1KB

                                                                                          MD5

                                                                                          35a69a1d0e804f05da6bb75e3c2c7edf

                                                                                          SHA1

                                                                                          7dbb464a1a7ebf344edc9dededc037baaaaa7e76

                                                                                          SHA256

                                                                                          05c079c12fbb6c7f0bc9d7df8fc7fb5f0f8099c222018e293eaa6e02a901164f

                                                                                          SHA512

                                                                                          81d364c9839b45029d3912f4b98ce825fd0387baa6334c833e340300f8849fbd3d353aea25598ce5cc5c9f84e1b47d88efe2e59c157b153fe23ace118040bea8

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58393b.TMP

                                                                                          Filesize

                                                                                          873B

                                                                                          MD5

                                                                                          d4fbac8a42f750b09b8e463c1559aab5

                                                                                          SHA1

                                                                                          7ab2562820ac8369b04983680d89dae733955a10

                                                                                          SHA256

                                                                                          71328e689363fe1311013cd39c4a2714dabd9872f958af3e01e83c00b24e2421

                                                                                          SHA512

                                                                                          a5dcb02745deea46c93bfb30ec279a72ebc434ff0b0af49d360a0b69162eed331f1d66ac0189e868113307ef8e72f556586f2d29e2ea17ea9627d159fbf07699

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                                                          Filesize

                                                                                          16B

                                                                                          MD5

                                                                                          6752a1d65b201c13b62ea44016eb221f

                                                                                          SHA1

                                                                                          58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                                                          SHA256

                                                                                          0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                                                          SHA512

                                                                                          9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                          Filesize

                                                                                          11KB

                                                                                          MD5

                                                                                          3c4e75feacc39c6f3738fb64170d6081

                                                                                          SHA1

                                                                                          cafe167e98b04c520da296acd0bb3a91ebdeddb4

                                                                                          SHA256

                                                                                          6152fcaa51ec2b046b3aaefa63a5914dc2953dc2269fe751ec1a2f84282d7116

                                                                                          SHA512

                                                                                          dcea21526cca99bde116e40131589284a17d200677a3e1dbf130c48f39ffe1deb3f51acfe9d8955577d3f762c701e698b72da833c2e439ddb3a0c194d5e3006a

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                          Filesize

                                                                                          12KB

                                                                                          MD5

                                                                                          961fafc85d0f38f2bde20660391720d0

                                                                                          SHA1

                                                                                          e1a003b1841592ba56391bf50716a67c26ef4d60

                                                                                          SHA256

                                                                                          5d8288d70bfadf8cde4c5e8af799757c3d4dc772fcdca25041d6f4f9c2b89d41

                                                                                          SHA512

                                                                                          72e19c735febd09b6d514b710457a19f00d680c00a9e16926100a383dba34dd9b3bd23d9e2f8e477b5228409cf60beff2f8e5338536de73b17596554dd42ea6c

                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                          Filesize

                                                                                          12KB

                                                                                          MD5

                                                                                          ef52b51705acb0307cc3d1f2ace72d4a

                                                                                          SHA1

                                                                                          8fbf7b996d860ebbb1f3688c93941850052b98bc

                                                                                          SHA256

                                                                                          5a21d4ef19a82eb146f56862e7a6a941fcd444892675ecf6efde951c736b25b7

                                                                                          SHA512

                                                                                          cce79a8a2487cc0d8a329502de0ae2d4c5f021f56f9869fa88fb453b21c6639cc458bdfca346767b1e53b9b8caaf75c56b8fe3f577870db1cd406c86170c326b

                                                                                        • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133538952165196963.txt

                                                                                          Filesize

                                                                                          75KB

                                                                                          MD5

                                                                                          e99ff4c8e55ef521ea025982a54888e3

                                                                                          SHA1

                                                                                          c00b34b71cdbd476ae55969b0e6fc49f3be5c0cc

                                                                                          SHA256

                                                                                          387b81b8a12110ff19c04a4c50d141404459510fb4f0b1af2c81709ee4bc5f13

                                                                                          SHA512

                                                                                          730d39a125ac48968a3d26a114aaf88d7e16168b194ce9fd7827b0503f80ebd25c345bfc7b70c22771a8aeccab558b3c39379edc6c1abfb409b15be29d52b3cd

                                                                                        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

                                                                                          Filesize

                                                                                          10KB

                                                                                          MD5

                                                                                          f47aacd1eeef1a8d7349d1192033af38

                                                                                          SHA1

                                                                                          20788b7bd6453a657dc8deec29ff47dccb075106

                                                                                          SHA256

                                                                                          6aaeadafcc6b36b6059e03be5d6f8bd3b0605e36b641d4f997e078e3fe212d54

                                                                                          SHA512

                                                                                          4b1bd062037490aedd9a2d4491f9282a5f8017dd710193bd76a7fd5cd64e0955adcaeaecf2f7d7e309b36c1a27b8692b2d8ecb2d9c7e8925f2ae5a5d38c71197

                                                                                        • C:\Users\Admin\Downloads\MEMZ-4.0-master.zip

                                                                                          Filesize

                                                                                          31KB

                                                                                          MD5

                                                                                          743b44c0fc9f2e3773f1fec13a6e5ccc

                                                                                          SHA1

                                                                                          a3a597d14d166a70ebc92af81e34d2beff61fdbd

                                                                                          SHA256

                                                                                          8b79f7d48f5178b2cf887a06a18d8d010ed588a9d4cbc4e1b0f8f06f25a42a68

                                                                                          SHA512

                                                                                          b7d564287a479a9b77d8b3b46437a361390b11b798c31c2d28e4ffb83952e9aad0a794f2613c7da7b2cddf5706826db23f6a549519bb00d86e65239d0a049c2a

                                                                                        • memory/3752-832-0x0000000004AD0000-0x0000000004AD1000-memory.dmp

                                                                                          Filesize

                                                                                          4KB

                                                                                        • memory/5048-808-0x0000017A9C480000-0x0000017A9C4A0000-memory.dmp

                                                                                          Filesize

                                                                                          128KB

                                                                                        • memory/5048-810-0x0000017A9C460000-0x0000017A9C480000-memory.dmp

                                                                                          Filesize

                                                                                          128KB

                                                                                        • memory/5048-816-0x0000017A9C890000-0x0000017A9C8B0000-memory.dmp

                                                                                          Filesize

                                                                                          128KB

                                                                                        • memory/5108-802-0x00000000040D0000-0x00000000040D1000-memory.dmp

                                                                                          Filesize

                                                                                          4KB