Overview

overview

10

Static

static

1

URLScan

urlscan

https://github.com/D...

windows10-2004-x64

10

Analysis

  • max time kernel
    600s
  • max time network
    602s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15-04-2024 02:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://github.com/Da2dalus/The-MALWARE-Repo/blob/master/Joke/DesktopBoom.exe

Score
10/10
chimeraaspackv2ransomwarespywarestealer

Malware Config

Signatures

  • Chimera 64 IoCs

    Ransomware which infects local and network files, often distributed via Dropbox links.

    ransomwarechimera
  • Suspicious use of NtCreateProcessExOtherParentProcess 2 IoCs
  • Renames multiple (3256) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Downloads MZ/PE file
  • ASPack v2.12-2.42 1 IoCs

    Detects executables packed with ASPack v2.12-2.42

    aspackv2
  • Executes dropped EXE 10 IoCs
  • Loads dropped DLL 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops desktop.ini file(s) 27 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 6 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 52 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • NTFS ADS 6 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/Da2dalus/The-MALWARE-Repo/blob/master/Joke/DesktopBoom.exe
    1⤵
    • Enumerates system info in registry
    • NTFS ADS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2812
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9d3cb46f8,0x7ff9d3cb4708,0x7ff9d3cb4718
      2⤵
        PID:1720
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,16011280671907233406,8506152881311616658,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2220 /prefetch:2
        2⤵
          PID:2920
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,16011280671907233406,8506152881311616658,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:940
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,16011280671907233406,8506152881311616658,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8
          2⤵
            PID:2528
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16011280671907233406,8506152881311616658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
            2⤵
              PID:2396
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16011280671907233406,8506152881311616658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
              2⤵
                PID:3552
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,16011280671907233406,8506152881311616658,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5196 /prefetch:8
                2⤵
                  PID:2656
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,16011280671907233406,8506152881311616658,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5196 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:1896
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16011280671907233406,8506152881311616658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
                  2⤵
                    PID:4400
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16011280671907233406,8506152881311616658,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
                    2⤵
                      PID:4640
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16011280671907233406,8506152881311616658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
                      2⤵
                        PID:2764
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16011280671907233406,8506152881311616658,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
                        2⤵
                          PID:1156
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2108,16011280671907233406,8506152881311616658,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=1956 /prefetch:8
                          2⤵
                            PID:948
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16011280671907233406,8506152881311616658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2196 /prefetch:1
                            2⤵
                              PID:1116
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2108,16011280671907233406,8506152881311616658,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6020 /prefetch:8
                              2⤵
                                PID:2328
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2108,16011280671907233406,8506152881311616658,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6164 /prefetch:8
                                2⤵
                                • Suspicious behavior: EnumeratesProcesses
                                PID:228
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,16011280671907233406,8506152881311616658,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1692 /prefetch:2
                                2⤵
                                • Suspicious behavior: EnumeratesProcesses
                                PID:2764
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16011280671907233406,8506152881311616658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
                                2⤵
                                  PID:1828
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2108,16011280671907233406,8506152881311616658,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6244 /prefetch:8
                                  2⤵
                                    PID:1216
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2108,16011280671907233406,8506152881311616658,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5492 /prefetch:8
                                    2⤵
                                    • Suspicious behavior: EnumeratesProcesses
                                    PID:1120
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16011280671907233406,8506152881311616658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
                                    2⤵
                                      PID:4512
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2108,16011280671907233406,8506152881311616658,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1708 /prefetch:8
                                      2⤵
                                        PID:4056
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2108,16011280671907233406,8506152881311616658,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5256 /prefetch:8
                                        2⤵
                                          PID:4112
                                        • C:\Users\Admin\Downloads\Time.exe
                                          "C:\Users\Admin\Downloads\Time.exe"
                                          2⤵
                                          • Executes dropped EXE
                                          • Suspicious use of AdjustPrivilegeToken
                                          PID:2104
                                        • C:\Users\Admin\Downloads\Time.exe
                                          "C:\Users\Admin\Downloads\Time.exe"
                                          2⤵
                                          • Executes dropped EXE
                                          • Suspicious use of AdjustPrivilegeToken
                                          PID:2776
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16011280671907233406,8506152881311616658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
                                          2⤵
                                            PID:856
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2108,16011280671907233406,8506152881311616658,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4568 /prefetch:8
                                            2⤵
                                              PID:4460
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2108,16011280671907233406,8506152881311616658,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6336 /prefetch:8
                                              2⤵
                                                PID:3940
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16011280671907233406,8506152881311616658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6436 /prefetch:1
                                                2⤵
                                                  PID:1464
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2108,16011280671907233406,8506152881311616658,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6312 /prefetch:8
                                                  2⤵
                                                    PID:4900
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2108,16011280671907233406,8506152881311616658,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4828 /prefetch:8
                                                    2⤵
                                                      PID:4520
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,16011280671907233406,8506152881311616658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1
                                                      2⤵
                                                        PID:3936
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2108,16011280671907233406,8506152881311616658,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6312 /prefetch:8
                                                        2⤵
                                                          PID:5024
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2108,16011280671907233406,8506152881311616658,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6336 /prefetch:8
                                                          2⤵
                                                            PID:4588
                                                          • C:\Users\Admin\Downloads\HawkEye.exe
                                                            "C:\Users\Admin\Downloads\HawkEye.exe"
                                                            2⤵
                                                            • Executes dropped EXE
                                                            • Suspicious use of AdjustPrivilegeToken
                                                            PID:2704
                                                        • C:\Windows\System32\CompPkgSrv.exe
                                                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                          1⤵
                                                            PID:2536
                                                          • C:\Windows\System32\CompPkgSrv.exe
                                                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                            1⤵
                                                              PID:3172
                                                            • C:\Windows\System32\rundll32.exe
                                                              C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                              1⤵
                                                                PID:2996
                                                              • C:\Users\Admin\Downloads\DesktopBoom.exe
                                                                "C:\Users\Admin\Downloads\DesktopBoom.exe"
                                                                1⤵
                                                                • Executes dropped EXE
                                                                • Suspicious behavior: GetForegroundWindowSpam
                                                                PID:3328
                                                              • C:\Windows\system32\taskmgr.exe
                                                                "C:\Windows\system32\taskmgr.exe" /7
                                                                1⤵
                                                                • Loads dropped DLL
                                                                • Checks SCSI registry key(s)
                                                                • Suspicious behavior: EnumeratesProcesses
                                                                • Suspicious use of AdjustPrivilegeToken
                                                                • Suspicious use of FindShellTrayWindow
                                                                • Suspicious use of SendNotifyMessage
                                                                PID:2908
                                                              • C:\Users\Admin\Downloads\Popup.exe
                                                                "C:\Users\Admin\Downloads\Popup.exe"
                                                                1⤵
                                                                • Executes dropped EXE
                                                                • Modifies registry class
                                                                • Suspicious behavior: GetForegroundWindowSpam
                                                                • Suspicious use of SetWindowsHookEx
                                                                PID:2168
                                                              • C:\Windows\SysWOW64\DllHost.exe
                                                                C:\Windows\SysWOW64\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
                                                                1⤵
                                                                  PID:1944
                                                                • C:\Windows\system32\rundll32.exe
                                                                  C:\Windows\system32\rundll32.exe C:\Windows\system32\PcaSvc.dll,PcaPatchSdbTask
                                                                  1⤵
                                                                    PID:3876
                                                                  • C:\Users\Admin\Downloads\Time.exe
                                                                    "C:\Users\Admin\Downloads\Time.exe"
                                                                    1⤵
                                                                    • Executes dropped EXE
                                                                    • Suspicious use of AdjustPrivilegeToken
                                                                    PID:180
                                                                  • C:\Users\Admin\Downloads\Time.exe
                                                                    "C:\Users\Admin\Downloads\Time.exe"
                                                                    1⤵
                                                                    • Chimera
                                                                    • Executes dropped EXE
                                                                    • Drops desktop.ini file(s)
                                                                    • Drops file in Program Files directory
                                                                    • Suspicious use of AdjustPrivilegeToken
                                                                    PID:368
                                                                    • C:\Program Files\Internet Explorer\iexplore.exe
                                                                      "C:\Program Files\Internet Explorer\iexplore.exe" -k "C:\Users\Admin\Music\YOUR_FILES_ARE_ENCRYPTED.HTML"
                                                                      2⤵
                                                                      • Modifies Internet Explorer settings
                                                                      • Suspicious use of SetWindowsHookEx
                                                                      PID:4476
                                                                      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                                                                        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4476 CREDAT:17410 /prefetch:2
                                                                        3⤵
                                                                        • Modifies Internet Explorer settings
                                                                        • Suspicious use of SetWindowsHookEx
                                                                        PID:5092
                                                                  • C:\Users\Admin\Downloads\Time.exe
                                                                    "C:\Users\Admin\Downloads\Time.exe"
                                                                    1⤵
                                                                    • Executes dropped EXE
                                                                    • Suspicious use of AdjustPrivilegeToken
                                                                    PID:4008
                                                                  • C:\Users\Admin\Downloads\CookieClickerHack.exe
                                                                    "C:\Users\Admin\Downloads\CookieClickerHack.exe"
                                                                    1⤵
                                                                    • Executes dropped EXE
                                                                    PID:1968
                                                                  • C:\Windows\system32\taskmgr.exe
                                                                    "C:\Windows\system32\taskmgr.exe" /7
                                                                    1⤵
                                                                    • Suspicious use of NtCreateProcessExOtherParentProcess
                                                                    • Checks SCSI registry key(s)
                                                                    • Checks processor information in registry
                                                                    • Suspicious use of AdjustPrivilegeToken
                                                                    PID:384
                                                                  • C:\Windows\system32\werfault.exe
                                                                    werfault.exe /h /shared Global\7ab8e0ca617a4bec86f0791ff0b079e0 /t 5072 /p 1968
                                                                    1⤵
                                                                      PID:2764
                                                                    • C:\Users\Admin\Downloads\Curfun.exe
                                                                      "C:\Users\Admin\Downloads\Curfun.exe"
                                                                      1⤵
                                                                      • Executes dropped EXE
                                                                      PID:2284

                                                                    Network

                                                                    MITRE ATT&CK Enterprise v15

                                                                    Replay Monitor

                                                                    Loading Replay Monitor...

                                                                    Downloads

                                                                    • C:\Program Files\Java\jdk-1.8\jre\lib\YOUR_FILES_ARE_ENCRYPTED.HTML
                                                                      Filesize

                                                                      4KB

                                                                      MD5

                                                                      31b6ebb4cdd3823ac6e4b75d9c0842be

                                                                      SHA1

                                                                      547fe41814b395e3f1a66f1bc187947e4338dd9d

                                                                      SHA256

                                                                      1bc323d3745d5ea387f0223f7dfa1717d6693f930ba449f5247851e1b7704de9

                                                                      SHA512

                                                                      d20d94ca1d7cc9c600e0b04f0569059f61d6ea4dabad944fe6b2c44c854c7f037abc1699ad8c31c65e3b7fcba02a713389589eacd1bc79b5ed9de4c684eeb5f2

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx
                                                                      Filesize

                                                                      64KB

                                                                      MD5

                                                                      d2fb266b97caff2086bf0fa74eddb6b2

                                                                      SHA1

                                                                      2f0061ce9c51b5b4fbab76b37fc6a540be7f805d

                                                                      SHA256

                                                                      b09f68b61d9ff5a7c7c8b10eee9447d4813ee0e866346e629e788cd4adecb66a

                                                                      SHA512

                                                                      c3ba95a538c1d266beb83334af755c34ce642a4178ab0f2e5f7822fd6821d3b68862a8b58f167a9294e6d913b08c1054a69b5d7aec2efdb3cf9796ed84de21a8

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
                                                                      Filesize

                                                                      4B

                                                                      MD5

                                                                      f49655f856acb8884cc0ace29216f511

                                                                      SHA1

                                                                      cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

                                                                      SHA256

                                                                      7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

                                                                      SHA512

                                                                      599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val
                                                                      Filesize

                                                                      944B

                                                                      MD5

                                                                      6bd369f7c74a28194c991ed1404da30f

                                                                      SHA1

                                                                      0f8e3f8ab822c9374409fe399b6bfe5d68cbd643

                                                                      SHA256

                                                                      878947d0ec814fe7c343cdebc05eebf00eb14f3023bdb3809a559e17f399fe5d

                                                                      SHA512

                                                                      8fc5f073dc9fa1e1ae47c60a5f06e0a48709fd6a4302dffaa721858409e7bde64bc6856d3fb28891090516d1a7afc542579de287778b5755eafe75cc67d45d93

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                      Filesize

                                                                      152B

                                                                      MD5

                                                                      e36b219dcae7d32ec82cec3245512f80

                                                                      SHA1

                                                                      6b2bd46e4f6628d66f7ec4b5c399b8c9115a9466

                                                                      SHA256

                                                                      16bc6f47bbfbd4e54c3163dafe784486b72d0b78e6ea3593122edb338448a27b

                                                                      SHA512

                                                                      fc539c461d87141a180cf71bb6a636c75517e5e7226e76b71fd64e834dcacc88fcaaa92a9a00999bc0afc4fb93b7304b068000f14653c05ff03dd7baef3f225c

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                      Filesize

                                                                      152B

                                                                      MD5

                                                                      559ff144c30d6a7102ec298fb7c261c4

                                                                      SHA1

                                                                      badecb08f9a6c849ce5b30c348156b45ac9120b9

                                                                      SHA256

                                                                      5444032cb994b90287c0262f2fba16f38e339073fd89aa3ab2592dfebc3e6f10

                                                                      SHA512

                                                                      3a45661fc29e312aa643a12447bffdab83128fe5124077a870090081af6aaa4cf0bd021889ab1df5cd40f44adb055b1394b31313515c2929f714824c89fd0f04

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                      Filesize

                                                                      1KB

                                                                      MD5

                                                                      77d9a759dca9a47bfb0348014c1327a7

                                                                      SHA1

                                                                      4a24c93ced5409ed147e69ccba79575e74165925

                                                                      SHA256

                                                                      d35f67aecd65480c82796fd5931981c6669c1001a5a64b2afdaa6a7d73a36a7a

                                                                      SHA512

                                                                      0b6330d09e73560eacf2b169a0326b19ac55d4c7ce963674c459aeda519249cd5d0cf975509bc108316405c7c1a0f1d3b869bcffd751b54fd1421e18688532eb

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                      Filesize

                                                                      579B

                                                                      MD5

                                                                      d01be2bc277307bf760669a4f350a984

                                                                      SHA1

                                                                      64859376f5718ae3b4e6979a9f029ceaebf91fe4

                                                                      SHA256

                                                                      de4ea8f1d2393892282b2e5ed049c0817630e9350e541f75ac9e9dc832967d41

                                                                      SHA512

                                                                      a901a5b217e43b9553b2dd6edcafea6a97ad56ea0e94726e578e167409fb8218d7cd5b029788186a5ceacc2ea706f37a6d498ed6915d40e25e662501d02df94f

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                      Filesize

                                                                      6KB

                                                                      MD5

                                                                      eeb82187fff1a7a64e021f790b4e8bfc

                                                                      SHA1

                                                                      a32c84c4fd70eaa11b8a075a67167033e861b6c7

                                                                      SHA256

                                                                      dad8d1c4f11a45d6ea5c25a7e49a5249b21605252d75ba38a9fa3299727c48d7

                                                                      SHA512

                                                                      a94f83cbf54456fc6f91cee958c625228c68bb9e04a3cb794552a1d1745bfd72fe67275d50685f5f5b49aa679e4dc7013d2ae775ea46764b01760c971243703b

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                      Filesize

                                                                      6KB

                                                                      MD5

                                                                      d69cdbb567ffb5b23e22f74af3a8e00a

                                                                      SHA1

                                                                      064150e323a6ca23df9175587f0ab51b34e528c0

                                                                      SHA256

                                                                      876a747c19a46a516e433bdf219a2a8ceff41db6ab7ab57c404b6f28836cea12

                                                                      SHA512

                                                                      7f74b3ffe53606a2e460f064d4d224b20bac11f1a00f7bfe16359b6d4e1e9e872b7f8d620c00b3abc46ef3205eb44a5dce731ac08eb3a9bb86b7db63ef58aec3

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                      Filesize

                                                                      6KB

                                                                      MD5

                                                                      6502e8672609ec848beb84fa8d2c3c67

                                                                      SHA1

                                                                      ab997e79368cfdf59603d0bd141d7259f920143f

                                                                      SHA256

                                                                      9a37da660be1ae56b1bdb44d500569ca5de853f526d89d3c07667afe4921489e

                                                                      SHA512

                                                                      3c9e2d1e4cfd826b428bd153628748adbd3333cb46fb4335162d4b75bd67f7efd6cbd613519d49e2ee2eb2c51d0118e5805218cddff88264273a66eb175628e9

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                      Filesize

                                                                      6KB

                                                                      MD5

                                                                      0bb746adcc4fe73cda5229a915624ce6

                                                                      SHA1

                                                                      3f6d78f6b7aa502552ad1c70cd8cc34668b58891

                                                                      SHA256

                                                                      58da51c3580bf4058f809d7c0648ff05b2ae7dac195ef1b848c85e5351ae5000

                                                                      SHA512

                                                                      5cb2ef27419840615f3869bf6332cec5a163661ec7270030e49a7bd0930b88bdc850f8dd579dc6db2e875e916071bc114085e504c0171dee7d44f1138d560839

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                      Filesize

                                                                      6KB

                                                                      MD5

                                                                      3ce1a4a1ccbea7dfde9cb761690381ee

                                                                      SHA1

                                                                      5ce7d49335bbfdd484bfa264cea2b2683109685e

                                                                      SHA256

                                                                      aa2ed2491f937838519e47a0be3a6e8ad37f9a3345a7e70363d96c77f2c0a93f

                                                                      SHA512

                                                                      e08647451bfa78fbf0ed23957452a0ab82b781f4ec6079f2ad7e81224c80e5a1ac9b2c95a607bd07aa58f470021a17da933feed3390bbc0a495262bb344f96ab

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                      Filesize

                                                                      6KB

                                                                      MD5

                                                                      4c1c84f244a5084993a7e9020771dff4

                                                                      SHA1

                                                                      8d01951cf26677bbd3a3c20dcbce566b42dac606

                                                                      SHA256

                                                                      901be7b94a3e229bd38327d40be44a3d6f7e21bba6f9c3d9f0c10c42b6348f2a

                                                                      SHA512

                                                                      dfac58b35c2326f3123594e3f529a7bdab64d503982c2946270edc4d5aec05c7822cf9527357c30b16ecd463902ea5adb987f7af5a054e8d1ec878327ab1e58e

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                      Filesize

                                                                      1KB

                                                                      MD5

                                                                      78636de2bf6185906728c06a1b50e36e

                                                                      SHA1

                                                                      72418ca4dd617a864bf51536fbfb61fe02509e68

                                                                      SHA256

                                                                      0500ba80b7f6690fbab0cf103b887fbbdd7fc1b1f4e52b3ef06e39e7935eace3

                                                                      SHA512

                                                                      bf8cef6912ec2795694d4db783115f5e472973963fa632632ad97ac7491d81396a96b1d876011ae43b20a92fbb041ac29548d8c6fbc3529277744bb822a03cae

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                      Filesize

                                                                      1KB

                                                                      MD5

                                                                      4823559bdc75e29f9f3cd8afa8d58c65

                                                                      SHA1

                                                                      ec96cead6f932a4ef996dd65edaccc3dd8decb90

                                                                      SHA256

                                                                      432d314603e33f47b7b572c0975b91537715d25189b25deed006961e4c452e22

                                                                      SHA512

                                                                      e1e17a88fe9b7a8c3a0d9f2705e8ba1fcd7dea24cb02ab5c8210d45b4b03f464ede550e2fe207a9df9925fdf34bd685e3a95a4de0cc2f435ea86b83707648441

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                      Filesize

                                                                      1KB

                                                                      MD5

                                                                      8ac89658f8e32e56ecd27a0facaa9377

                                                                      SHA1

                                                                      4977bf3d60516d3ac6282976db2e7e9146705ab0

                                                                      SHA256

                                                                      d71d14d20acdb4c98642b1beab4c2fe678892d08ce7adf46eb1fe7a04edbee1c

                                                                      SHA512

                                                                      5904c35626533448b48bc2907506746111aa2167758130060712dce9ab06f395ee5e5c9f8ce48698a6fb760e43306c856b5198e6d6f1a80790546fe34849ceff

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                      Filesize

                                                                      1KB

                                                                      MD5

                                                                      f7af223ff5961b3948bdcde0630cdf1f

                                                                      SHA1

                                                                      f3a69e42456a6e6948e48958206bdfe8e3024951

                                                                      SHA256

                                                                      2ec550a35fcdae214445338c8c82f5e6f81f048fee12b2b1d3f398e5334d6af4

                                                                      SHA512

                                                                      02881d5cfc5cfe66eacc9f9b3882b0ea8f27a9db43808bfc236e1274de8da6a88a2f71e841465be7bc12091d3715facd05ff10bd729f89b2c1402990290082ca

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                      Filesize

                                                                      1KB

                                                                      MD5

                                                                      9a492431a386772d22d2553daa908bb9

                                                                      SHA1

                                                                      58be12a44edb6bc0b9a1672034bd45c0db7d0e68

                                                                      SHA256

                                                                      642e68a2161b90d98e59ebe5c009cff41f0f9e19d2b48da570194d21eca03fef

                                                                      SHA512

                                                                      a168ee5226bb1c72e74d736ba979bf47b58d867d9f7c90daf6ec312462e4d6a81d6a148fc5db391b91b4b1e0ff0428a49e16290766a8d6870dfc3be5ba40921c

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                      Filesize

                                                                      1KB

                                                                      MD5

                                                                      c59903efcabfdce9038cf97ecc28d3cc

                                                                      SHA1

                                                                      700d081c65ab65d838b937913918f23056241051

                                                                      SHA256

                                                                      6a8a6cb8335edd7fbf7037391b93acf67022f5148f841e769742de5597350674

                                                                      SHA512

                                                                      efc570bb53b03baf978ede815c8809907be262210aacb20cee964318024daec162eb103d979719911384defeeaf1bd771f4d574ad241f670d8b587f255f3065d

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                      Filesize

                                                                      1KB

                                                                      MD5

                                                                      8b99d9dcc5699d1d11b2a7f821fd7310

                                                                      SHA1

                                                                      b5dfedcb0996d1510a33932068a6f58d1f71464b

                                                                      SHA256

                                                                      032b5073367b6eff0f5b777dd502e18c52c877443f6e7587c0d201f7cd239648

                                                                      SHA512

                                                                      89f5a85e9923011d17e13e4df41fb4f6e2acf556d83cf760aced6d4285ef38b516ccacb1ddf1eb5a8812e84aabfe8e17a8b457188aef3f1a122d0950c67f0ac9

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                      Filesize

                                                                      1KB

                                                                      MD5

                                                                      a1351cb3f5ea98ebc1aea8bae593f821

                                                                      SHA1

                                                                      dd3763c459f4a73e25a7309ade311455107702f9

                                                                      SHA256

                                                                      3a68e7cc0c47e09c3e2b7e6ca91220ea2bbb4a1062c527dde42edec6f50a9a83

                                                                      SHA512

                                                                      d3eff5a4654362fc0a934d9ca94ae4138310fc99645bce5e2df8d85138cd1ac3a608e8bf98df4876a8651bec8f3006203a1d8b802d823eafdf426ef25502f67f

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                      Filesize

                                                                      1KB

                                                                      MD5

                                                                      66cbf9f2e43d4f6779e15b7869d8dcfb

                                                                      SHA1

                                                                      2ebfc8ec0fe0ba323fba9c2ff4c021f8471ea3b7

                                                                      SHA256

                                                                      56d85494ee45e9826062008cdcc7ea07bf874183908b3f51aea80affea749631

                                                                      SHA512

                                                                      d149438704f6370622bb7a7d5c739783790d4d37b845caa3942e05af1a5614906ee2dc5f9af391aa0bd59273520de5a27af7149f04155e403cb9eee37e41214d

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f443.TMP
                                                                      Filesize

                                                                      874B

                                                                      MD5

                                                                      795bcafc810c36c8bc9f0ff66ffbaf5b

                                                                      SHA1

                                                                      1d8794fa6aec101ccfc6382def92cb65278f5070

                                                                      SHA256

                                                                      2ad6708e9f60d5b47b31c506ddf036fb0afd5029f4eebd6a942cc04ec51521c8

                                                                      SHA512

                                                                      ba460ba6ef2164469e9e1619ae9757b47dba4c66651073bd71389b60058c8e93c2841849bd3b22d94d47ef13fd6f24ad66e2761058b9fad197e6a5993f4dbf97

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                      Filesize

                                                                      16B

                                                                      MD5

                                                                      6752a1d65b201c13b62ea44016eb221f

                                                                      SHA1

                                                                      58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                                      SHA256

                                                                      0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                                      SHA512

                                                                      9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                      Filesize

                                                                      12KB

                                                                      MD5

                                                                      5e4c28f1490965505a147625cc1bd80e

                                                                      SHA1

                                                                      ff8fa71b1e520fde63f7022fcdcf4fc2fba53549

                                                                      SHA256

                                                                      73185629214d395ea06e7a0b1934205c9dbea74c40f935c8ea5c1659144fb792

                                                                      SHA512

                                                                      c201206b3536cd81de5c2f9e5c6b926e2ea82f597d9c3120c657ba23afd4c1ed4bfc80527615d70cd60fa2f4bacd100c9a65e0901479465271031d4582d1d932

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                      Filesize

                                                                      12KB

                                                                      MD5

                                                                      365bbf9f269e3120821ea5e8b7577cd3

                                                                      SHA1

                                                                      5f1991ce79f9e31c1739b7ccff02d4c1fb35a9df

                                                                      SHA256

                                                                      c37550082b1f07720ce1214094c7bedf5d1aeb6011bfa3f2a26ca863d923833e

                                                                      SHA512

                                                                      8844816f1a7f39daf71259896c72141fb4368c502506e75273dc3470bc04c2ea59e147c3dd3822c74cb7f22446b5c78f4c62482a7a189888cd2fc2653e0cf7d7

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                      Filesize

                                                                      12KB

                                                                      MD5

                                                                      1d3db3e34e175cbfe6eb31895969b91a

                                                                      SHA1

                                                                      a1c6a5d1342bfffabcf498bc20b1827f1a48aa5e

                                                                      SHA256

                                                                      43297447bfb330f17d53b6315120b59c0a6f8d15316164807f5a7ed743c18c54

                                                                      SHA512

                                                                      c34e250a85f7c0eb187595d5eaef70967d7815b7b3536993022f92ec11d61651535424075498fc9f9cae139f192e15d4cbc6a8aa92266e5afdcb54ea5fc7b3a6

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                      Filesize

                                                                      12KB

                                                                      MD5

                                                                      ff2bac181ada426724df4e768d50fcb6

                                                                      SHA1

                                                                      6c23b726a0b423a97187c3938bda025a277957e1

                                                                      SHA256

                                                                      187a230e1e09e39cbbed664cff5c63d4167da94b9cd7d6c7775e032d940193cf

                                                                      SHA512

                                                                      2113aae43058745180bb3c565674baa11a8fe9e556d19f3130fad71d2e9cdc417bdba1457f483673f94b2630b604354584356eb2509c4cec2b39aa5012e77a45

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                      Filesize

                                                                      11KB

                                                                      MD5

                                                                      e9060a09fc1f7ce3e83d8f632225c5b1

                                                                      SHA1

                                                                      aa166dea63232659da9cb0c3dfc32425a90d4a57

                                                                      SHA256

                                                                      ef4b55709764dcb7cc27ba9c52023b32c2337cafdd48ffb03b226caf95b54153

                                                                      SHA512

                                                                      1b63ad8a7dd9d3e4a3b10d4c6369345ae0b16fafb64b34674c25845638ede2dd41f9d35f87359a4c35d2439a59c9d6c640fdc8dda0f362043f13fec2ce12ecc4

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\ver53C6.tmp
                                                                      Filesize

                                                                      15KB

                                                                      MD5

                                                                      1a545d0052b581fbb2ab4c52133846bc

                                                                      SHA1

                                                                      62f3266a9b9925cd6d98658b92adec673cbe3dd3

                                                                      SHA256

                                                                      557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1

                                                                      SHA512

                                                                      bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\9lwfa4j\imagestore.dat
                                                                      Filesize

                                                                      6KB

                                                                      MD5

                                                                      7a2dff76dca8ebb36b3b38f6f8403965

                                                                      SHA1

                                                                      80b922a99878319137030eff69361997f91e6d80

                                                                      SHA256

                                                                      c342fe0bdd97c1cb5a30bcb53062593e1df45e8966f0341a20961f25d24e864d

                                                                      SHA512

                                                                      4acddc7ef2b6124540f6aa3b6ca1f83676f336860661f7a85d153f8f1119ff24b69db8be3bd49e3b54ffcae382a0096f242c80182a59d07ea98cbd71622b4a8a

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4VGQYVGM\favicon[1].ico
                                                                      Filesize

                                                                      6KB

                                                                      MD5

                                                                      72f13fa5f987ea923a68a818d38fb540

                                                                      SHA1

                                                                      f014620d35787fcfdef193c20bb383f5655b9e1e

                                                                      SHA256

                                                                      37127c1a29c164cdaa75ec72ae685094c2468fe0577f743cb1f307d23dd35ec1

                                                                      SHA512

                                                                      b66af0b6b95560c20584ed033547235d5188981a092131a7c1749926ba1ac208266193bd7fa8a3403a39eee23fcdd53580e9533803d7f52df5fb01d508e292b3

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\UM8YFV59\suggestions[1].en-US
                                                                      Filesize

                                                                      17KB

                                                                      MD5

                                                                      5a34cb996293fde2cb7a4ac89587393a

                                                                      SHA1

                                                                      3c96c993500690d1a77873cd62bc639b3a10653f

                                                                      SHA256

                                                                      c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

                                                                      SHA512

                                                                      e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries\CameraRoll.library-ms
                                                                      Filesize

                                                                      2KB

                                                                      MD5

                                                                      466cef186e5e78f2498a1cf7cbb6a173

                                                                      SHA1

                                                                      e477411284d42c698ae23870728dcbfa1342e15a

                                                                      SHA256

                                                                      9757be63713da7bf63ed2d74e93ee8ec33db6775582e3af6a449ae7b5db3ee2b

                                                                      SHA512

                                                                      6127832fd260038faea1eee09382063f274b434905b572b1e1c9d46c19db357810282f97c8063610504dcd5793f9f892825bd93d780ec34eade1793574b6158e

                                                                      Download Submit

                                                                    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries\SavedPictures.library-ms
                                                                      Filesize

                                                                      2KB

                                                                      MD5

                                                                      2d161b43ab1b156088f0f5c9b3fc2d40

                                                                      SHA1

                                                                      5e519a0d4ffe80a1ec40185e8c463b06d431792f

                                                                      SHA256

                                                                      b6cb9a7017a1ea6e79e1c3ea6349d1601a625bcb28029b86b75257db132a48bb

                                                                      SHA512

                                                                      79aa018714ab1de413d78616131a68f411bcfb151a920549f21e9449a76ed31097d20982fda9bab9410d958a7ea0e9c070687d1d6a2eb0e1c62a21c076e01dfb

                                                                      Download Submit

                                                                    • C:\Users\Admin\Downloads\Unconfirmed 130464.crdownload
                                                                      Filesize

                                                                      1.1MB

                                                                      MD5

                                                                      f0a661d33aac3a3ce0c38c89bec52f89

                                                                      SHA1

                                                                      709d6465793675208f22f779f9e070ed31d81e61

                                                                      SHA256

                                                                      c20e78ce9028299d566684d35b1230d055e5ea0e9b94d0aff58f650e0468778a

                                                                      SHA512

                                                                      57cdb3c38f2e90d03e6dc1f9d8d1131d40d3919f390bb1783343c82465461319e70483dc3cd3efdbd9a62dfc88d74fc706f05d760ffd8506b16fd7686e414443

                                                                      Download Submit

                                                                    • C:\Users\Admin\Downloads\Unconfirmed 153871.crdownload
                                                                      Filesize

                                                                      138KB

                                                                      MD5

                                                                      0b3b2dff5503cb032acd11d232a3af55

                                                                      SHA1

                                                                      6efc31c1d67f70cf77c319199ac39f70d5a7fa95

                                                                      SHA256

                                                                      ef878461a149024f3065121ff4e165731ecabef1b94b0b3ed2eda010ad39202b

                                                                      SHA512

                                                                      484014d65875e706f7e5e5f54c2045d620e5cce5979bf7f37b45c613e6d948719c0b8e466df5d8908706133ce4c4b71a11b804417831c9dbaf72b6854231ea17

                                                                      Download Submit

                                                                    • C:\Users\Admin\Downloads\Unconfirmed 153871.crdownload:SmartScreen
                                                                      Filesize

                                                                      7B

                                                                      MD5

                                                                      4047530ecbc0170039e76fe1657bdb01

                                                                      SHA1

                                                                      32db7d5e662ebccdd1d71de285f907e3a1c68ac5

                                                                      SHA256

                                                                      82254025d1b98d60044d3aeb7c56eed7c61c07c3e30534d6e05dab9d6c326750

                                                                      SHA512

                                                                      8f002af3f4ed2b3dfb4ed8273318d160152da50ee4842c9f5d9915f50a3e643952494699c4258e6af993dc6e1695d0dc3db6d23f4d93c26b0bc6a20f4b4f336e

                                                                      Download Submit

                                                                    • C:\Users\Admin\Downloads\Unconfirmed 362759.crdownload
                                                                      Filesize

                                                                      68KB

                                                                      MD5

                                                                      bc1e7d033a999c4fd006109c24599f4d

                                                                      SHA1

                                                                      b927f0fc4a4232a023312198b33272e1a6d79cec

                                                                      SHA256

                                                                      13adae722719839af8102f98730f3af1c5a56b58069bfce8995acd2123628401

                                                                      SHA512

                                                                      f5d9b8c1fd9239894ec9c075542bff0bcef79871f31038e627ae257b8c1db9070f4d124448a78e60ccc8bc12f138102a54825e9d7647cd34832984c7c24a6276

                                                                      Download Submit

                                                                    • C:\Users\Admin\Downloads\Unconfirmed 652079.crdownload
                                                                      Filesize

                                                                      111KB

                                                                      MD5

                                                                      9d0d2fcb45b1ff9555711b47e0cd65e5

                                                                      SHA1

                                                                      958f29a99cbb135c92c5d1cdffb9462be35ee9fd

                                                                      SHA256

                                                                      dc476ae39effdd80399b6e36f1fde92c216a5bbdb6b8b2a7ecbe753e91e4c993

                                                                      SHA512

                                                                      8fd4ce4674cd52a3c925149945a7a50a139302be17f6ee3f30271ebe1aa6d92bcb15a017dca989cd837a5d23cd56eaacc6344dc7730234a4629186976c857ca9

                                                                      Download Submit

                                                                    • C:\Users\Admin\Downloads\Unconfirmed 660916.crdownload
                                                                      Filesize

                                                                      373KB

                                                                      MD5

                                                                      9c3e9e30d51489a891513e8a14d931e4

                                                                      SHA1

                                                                      4e5a5898389eef8f464dee04a74f3b5c217b7176

                                                                      SHA256

                                                                      f8f7b5f20ca57c61df6dc8ff49f2f5f90276a378ec17397249fdc099a6e1dcd8

                                                                      SHA512

                                                                      bf45677b7dd6c67ad350ec6ecad5bc3f04dea179fae0ff0a695c69f7de919476dd7a69c25b04c8530a35119e4933f4a8c327ed6dcef892b1114dfd7e494a19a7

                                                                      Download Submit

                                                                    • C:\Users\Admin\Downloads\Unconfirmed 94998.crdownload
                                                                      Filesize

                                                                      232KB

                                                                      MD5

                                                                      60fabd1a2509b59831876d5e2aa71a6b

                                                                      SHA1

                                                                      8b91f3c4f721cb04cc4974fc91056f397ae78faa

                                                                      SHA256

                                                                      1dacdc296fd6ef6ba817b184cce9901901c47c01d849adfa4222bfabfed61838

                                                                      SHA512

                                                                      3e842a7d47b32942adb936cae13293eddf1a6b860abcfe7422d0fb73098264cc95656b5c6d9980fad1bf8b5c277cd846c26acaba1bef441582caf34eb1e5295a

                                                                      Download Submit

                                                                    • \??\pipe\LOCAL\crashpad_2812_DCTUXUPMBEIQDICO
                                                                      MD5

                                                                      d41d8cd98f00b204e9800998ecf8427e

                                                                      SHA1

                                                                      da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                                      SHA256

                                                                      e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                                      SHA512

                                                                      cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                                                      Download Submit

                                                                    • memory/180-607-0x0000000000400000-0x000000000044A000-memory.dmp

                                                                      Filesize

                                                                      296KB

                                                                      Download

                                                                    • memory/180-548-0x0000000000400000-0x000000000044A000-memory.dmp

                                                                      Filesize

                                                                      296KB

                                                                      Download

                                                                    • memory/180-456-0x0000000000400000-0x000000000044A000-memory.dmp

                                                                      Filesize

                                                                      296KB

                                                                      Download

                                                                    • memory/180-440-0x0000000002170000-0x0000000002171000-memory.dmp

                                                                      Filesize

                                                                      4KB

                                                                      Download

                                                                    • memory/180-475-0x0000000002170000-0x0000000002171000-memory.dmp

                                                                      Filesize

                                                                      4KB

                                                                      Download

                                                                    • memory/180-479-0x0000000000400000-0x000000000044A000-memory.dmp

                                                                      Filesize

                                                                      296KB

                                                                      Download

                                                                    • memory/368-507-0x0000000000400000-0x000000000044A000-memory.dmp

                                                                      Filesize

                                                                      296KB

                                                                      Download

                                                                    • memory/368-469-0x0000000002070000-0x0000000002071000-memory.dmp

                                                                      Filesize

                                                                      4KB

                                                                      Download

                                                                    • memory/368-8710-0x0000000000780000-0x000000000079A000-memory.dmp

                                                                      Filesize

                                                                      104KB

                                                                      Download

                                                                    • memory/368-812-0x0000000000780000-0x000000000079A000-memory.dmp

                                                                      Filesize

                                                                      104KB

                                                                      Download

                                                                    • memory/368-477-0x0000000000400000-0x000000000044A000-memory.dmp

                                                                      Filesize

                                                                      296KB

                                                                      Download

                                                                    • memory/368-811-0x00000000001D0000-0x00000000001E6000-memory.dmp

                                                                      Filesize

                                                                      88KB

                                                                      Download

                                                                    • memory/368-584-0x0000000000400000-0x000000000044A000-memory.dmp

                                                                      Filesize

                                                                      296KB

                                                                      Download

                                                                    • memory/368-492-0x0000000002070000-0x0000000002071000-memory.dmp

                                                                      Filesize

                                                                      4KB

                                                                      Download

                                                                    • memory/384-594-0x000001F6F3A00000-0x000001F6F3A01000-memory.dmp

                                                                      Filesize

                                                                      4KB

                                                                      Download

                                                                    • memory/384-593-0x000001F6F3A00000-0x000001F6F3A01000-memory.dmp

                                                                      Filesize

                                                                      4KB

                                                                      Download

                                                                    • memory/384-595-0x000001F6F3A00000-0x000001F6F3A01000-memory.dmp

                                                                      Filesize

                                                                      4KB

                                                                      Download

                                                                    • memory/384-600-0x000001F6F3A00000-0x000001F6F3A01000-memory.dmp

                                                                      Filesize

                                                                      4KB

                                                                      Download

                                                                    • memory/384-601-0x000001F6F3A00000-0x000001F6F3A01000-memory.dmp

                                                                      Filesize

                                                                      4KB

                                                                      Download

                                                                    • memory/384-602-0x000001F6F3A00000-0x000001F6F3A01000-memory.dmp

                                                                      Filesize

                                                                      4KB

                                                                      Download

                                                                    • memory/384-603-0x000001F6F3A00000-0x000001F6F3A01000-memory.dmp

                                                                      Filesize

                                                                      4KB

                                                                      Download

                                                                    • memory/384-604-0x000001F6F3A00000-0x000001F6F3A01000-memory.dmp

                                                                      Filesize

                                                                      4KB

                                                                      Download

                                                                    • memory/384-605-0x000001F6F3A00000-0x000001F6F3A01000-memory.dmp

                                                                      Filesize

                                                                      4KB

                                                                      Download

                                                                    • memory/1968-552-0x0000000000F20000-0x0000000000F30000-memory.dmp

                                                                      Filesize

                                                                      64KB

                                                                      Download

                                                                    • memory/1968-589-0x0000000000F20000-0x0000000000F30000-memory.dmp

                                                                      Filesize

                                                                      64KB

                                                                      Download

                                                                    • memory/1968-553-0x00007FF9BA260000-0x00007FF9BAC01000-memory.dmp

                                                                      Filesize

                                                                      9.6MB

                                                                      Download

                                                                    • memory/1968-554-0x000000001BB50000-0x000000001C01E000-memory.dmp

                                                                      Filesize

                                                                      4.8MB

                                                                      Download

                                                                    • memory/1968-555-0x000000001C0D0000-0x000000001C16C000-memory.dmp

                                                                      Filesize

                                                                      624KB

                                                                      Download

                                                                    • memory/1968-556-0x0000000000E80000-0x0000000000E88000-memory.dmp

                                                                      Filesize

                                                                      32KB

                                                                      Download

                                                                    • memory/1968-557-0x000000001C330000-0x000000001C37C000-memory.dmp

                                                                      Filesize

                                                                      304KB

                                                                      Download

                                                                    • memory/1968-558-0x0000000000F20000-0x0000000000F30000-memory.dmp

                                                                      Filesize

                                                                      64KB

                                                                      Download

                                                                    • memory/1968-632-0x0000000000F20000-0x0000000000F30000-memory.dmp

                                                                      Filesize

                                                                      64KB

                                                                      Download

                                                                    • memory/1968-551-0x00007FF9BA260000-0x00007FF9BAC01000-memory.dmp

                                                                      Filesize

                                                                      9.6MB

                                                                      Download

                                                                    • memory/1968-633-0x00007FF9BA260000-0x00007FF9BAC01000-memory.dmp

                                                                      Filesize

                                                                      9.6MB

                                                                      Download

                                                                    • memory/1968-550-0x000000001B5D0000-0x000000001B676000-memory.dmp

                                                                      Filesize

                                                                      664KB

                                                                      Download

                                                                    • memory/1968-588-0x00007FF9BA260000-0x00007FF9BAC01000-memory.dmp

                                                                      Filesize

                                                                      9.6MB

                                                                      Download

                                                                    • memory/1968-590-0x0000000000F20000-0x0000000000F30000-memory.dmp

                                                                      Filesize

                                                                      64KB

                                                                      Download

                                                                    • memory/2104-418-0x00000000005D0000-0x00000000005D1000-memory.dmp

                                                                      Filesize

                                                                      4KB

                                                                      Download

                                                                    • memory/2104-474-0x0000000000400000-0x000000000044A000-memory.dmp

                                                                      Filesize

                                                                      296KB

                                                                      Download

                                                                    • memory/2104-587-0x0000000000400000-0x000000000044A000-memory.dmp

                                                                      Filesize

                                                                      296KB

                                                                      Download

                                                                    • memory/2104-441-0x0000000000400000-0x000000000044A000-memory.dmp

                                                                      Filesize

                                                                      296KB

                                                                      Download

                                                                    • memory/2104-466-0x00000000005D0000-0x00000000005D1000-memory.dmp

                                                                      Filesize

                                                                      4KB

                                                                      Download

                                                                    • memory/2104-531-0x0000000000400000-0x000000000044A000-memory.dmp

                                                                      Filesize

                                                                      296KB

                                                                      Download

                                                                    • memory/2168-347-0x0000000000400000-0x00000000004DF000-memory.dmp

                                                                      Filesize

                                                                      892KB

                                                                      Download

                                                                    • memory/2168-348-0x0000000000400000-0x00000000004DF000-memory.dmp

                                                                      Filesize

                                                                      892KB

                                                                      Download

                                                                    • memory/2168-349-0x0000000002380000-0x0000000002381000-memory.dmp

                                                                      Filesize

                                                                      4KB

                                                                      Download

                                                                    • memory/2168-367-0x0000000000400000-0x00000000004DF000-memory.dmp

                                                                      Filesize

                                                                      892KB

                                                                      Download

                                                                    • memory/2168-359-0x0000000000400000-0x00000000004DF000-memory.dmp

                                                                      Filesize

                                                                      892KB

                                                                      Download

                                                                    • memory/2168-337-0x0000000002380000-0x0000000002381000-memory.dmp

                                                                      Filesize

                                                                      4KB

                                                                      Download

                                                                    • memory/2284-724-0x0000000000520000-0x0000000000521000-memory.dmp

                                                                      Filesize

                                                                      4KB

                                                                      Download

                                                                    • memory/2284-690-0x0000000000520000-0x0000000000521000-memory.dmp

                                                                      Filesize

                                                                      4KB

                                                                      Download

                                                                    • memory/2704-804-0x0000000073D60000-0x0000000074311000-memory.dmp

                                                                      Filesize

                                                                      5.7MB

                                                                      Download

                                                                    • memory/2704-802-0x0000000073D60000-0x0000000074311000-memory.dmp

                                                                      Filesize

                                                                      5.7MB

                                                                      Download

                                                                    • memory/2704-813-0x0000000073D60000-0x0000000074311000-memory.dmp

                                                                      Filesize

                                                                      5.7MB

                                                                      Download

                                                                    • memory/2704-803-0x00000000006B0000-0x00000000006C0000-memory.dmp

                                                                      Filesize

                                                                      64KB

                                                                      Download

                                                                    • memory/2776-532-0x0000000000400000-0x000000000044A000-memory.dmp

                                                                      Filesize

                                                                      296KB

                                                                      Download

                                                                    • memory/2776-470-0x0000000000500000-0x0000000000501000-memory.dmp

                                                                      Filesize

                                                                      4KB

                                                                      Download

                                                                    • memory/2776-591-0x0000000000400000-0x000000000044A000-memory.dmp

                                                                      Filesize

                                                                      296KB

                                                                      Download

                                                                    • memory/2776-476-0x0000000000400000-0x000000000044A000-memory.dmp

                                                                      Filesize

                                                                      296KB

                                                                      Download

                                                                    • memory/2776-429-0x0000000000500000-0x0000000000501000-memory.dmp

                                                                      Filesize

                                                                      4KB

                                                                      Download

                                                                    • memory/2776-445-0x0000000000400000-0x000000000044A000-memory.dmp

                                                                      Filesize

                                                                      296KB

                                                                      Download

                                                                    • memory/2908-269-0x0000021DFC520000-0x0000021DFC521000-memory.dmp

                                                                      Filesize

                                                                      4KB

                                                                      Download

                                                                    • memory/2908-270-0x0000021DFC520000-0x0000021DFC521000-memory.dmp

                                                                      Filesize

                                                                      4KB

                                                                      Download

                                                                    • memory/2908-271-0x0000021DFC520000-0x0000021DFC521000-memory.dmp

                                                                      Filesize

                                                                      4KB

                                                                      Download

                                                                    • memory/2908-260-0x0000021DFC520000-0x0000021DFC521000-memory.dmp

                                                                      Filesize

                                                                      4KB

                                                                      Download

                                                                    • memory/2908-266-0x0000021DFC520000-0x0000021DFC521000-memory.dmp

                                                                      Filesize

                                                                      4KB

                                                                      Download

                                                                    • memory/2908-261-0x0000021DFC520000-0x0000021DFC521000-memory.dmp

                                                                      Filesize

                                                                      4KB

                                                                      Download

                                                                    • memory/2908-259-0x0000021DFC520000-0x0000021DFC521000-memory.dmp

                                                                      Filesize

                                                                      4KB

                                                                      Download

                                                                    • memory/2908-268-0x0000021DFC520000-0x0000021DFC521000-memory.dmp

                                                                      Filesize

                                                                      4KB

                                                                      Download

                                                                    • memory/2908-267-0x0000021DFC520000-0x0000021DFC521000-memory.dmp

                                                                      Filesize

                                                                      4KB

                                                                      Download

                                                                    • memory/2908-265-0x0000021DFC520000-0x0000021DFC521000-memory.dmp

                                                                      Filesize

                                                                      4KB

                                                                      Download

                                                                    • memory/4008-586-0x0000000000400000-0x000000000044A000-memory.dmp

                                                                      Filesize

                                                                      296KB

                                                                      Download

                                                                    • memory/4008-473-0x0000000002070000-0x0000000002071000-memory.dmp

                                                                      Filesize

                                                                      4KB

                                                                      Download

                                                                    • memory/4008-480-0x0000000000400000-0x000000000044A000-memory.dmp

                                                                      Filesize

                                                                      296KB

                                                                      Download

                                                                    • memory/4008-512-0x0000000000400000-0x000000000044A000-memory.dmp

                                                                      Filesize

                                                                      296KB

                                                                      Download

                                                                    • memory/4008-496-0x0000000002070000-0x0000000002071000-memory.dmp

                                                                      Filesize

                                                                      4KB

                                                                      Download