hxxp://tria[.]ge

Analysis

max time kernel
651s
max time network
665s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
23/04/2024, 15:52

Sharing

Reason

Machine shutdown: "{\"level\":\"info\",\"time\":\"2024-04-23T16:04:05Z\",\"message\":\"Dirty snapshot: /var/lib/sandbox/hatchvm/win10v2004-20240412-en/instance_30-dirty.qcow2\"}"

Report Analysis Logs

General

Target

http://tria.ge

Score

8^/10

discovery evasion

Malware Config

Signatures

Disables RegEdit via registry modification 1 IoCs

evasion

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1"	LogonFuck.exe

Disables Task Manager via registry modification
evasion

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000\Control Panel\International\Geo\Nation	LogonFuck.exe

Executes dropped EXE 1 IoCs

pid	Process
2884	LogonFuck.exe

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
3876	takeown.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
271	raw.githubusercontent.com
272	raw.githubusercontent.com

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\LogonUI.exe	LogonFuck.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133583611882904478"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1808	chrome.exe
1808	chrome.exe
5108	chrome.exe
5108	chrome.exe
2884	LogonFuck.exe
2884	LogonFuck.exe
4940	msedge.exe
4940	msedge.exe
2660	msedge.exe
2660	msedge.exe
3948	identity_helper.exe
3948	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 35 IoCs

pid	Process
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1808	chrome.exe
Token: SeCreatePagefilePrivilege	1808	chrome.exe
Token: SeShutdownPrivilege	1808	chrome.exe
Token: SeCreatePagefilePrivilege	1808	chrome.exe
Token: SeShutdownPrivilege	1808	chrome.exe
Token: SeCreatePagefilePrivilege	1808	chrome.exe
Token: SeShutdownPrivilege	1808	chrome.exe
Token: SeCreatePagefilePrivilege	1808	chrome.exe
Token: SeShutdownPrivilege	1808	chrome.exe
Token: SeCreatePagefilePrivilege	1808	chrome.exe
Token: SeShutdownPrivilege	1808	chrome.exe
Token: SeCreatePagefilePrivilege	1808	chrome.exe
Token: SeShutdownPrivilege	1808	chrome.exe
Token: SeCreatePagefilePrivilege	1808	chrome.exe
Token: SeShutdownPrivilege	1808	chrome.exe
Token: SeCreatePagefilePrivilege	1808	chrome.exe
Token: SeShutdownPrivilege	1808	chrome.exe
Token: SeCreatePagefilePrivilege	1808	chrome.exe
Token: SeShutdownPrivilege	1808	chrome.exe
Token: SeCreatePagefilePrivilege	1808	chrome.exe
Token: SeShutdownPrivilege	1808	chrome.exe
Token: SeCreatePagefilePrivilege	1808	chrome.exe
Token: SeShutdownPrivilege	1808	chrome.exe
Token: SeCreatePagefilePrivilege	1808	chrome.exe
Token: SeShutdownPrivilege	1808	chrome.exe
Token: SeCreatePagefilePrivilege	1808	chrome.exe
Token: SeShutdownPrivilege	1808	chrome.exe
Token: SeCreatePagefilePrivilege	1808	chrome.exe
Token: SeShutdownPrivilege	1808	chrome.exe
Token: SeCreatePagefilePrivilege	1808	chrome.exe
Token: SeShutdownPrivilege	1808	chrome.exe
Token: SeCreatePagefilePrivilege	1808	chrome.exe
Token: SeShutdownPrivilege	1808	chrome.exe
Token: SeCreatePagefilePrivilege	1808	chrome.exe
Token: SeShutdownPrivilege	1808	chrome.exe
Token: SeCreatePagefilePrivilege	1808	chrome.exe
Token: SeShutdownPrivilege	1808	chrome.exe
Token: SeCreatePagefilePrivilege	1808	chrome.exe
Token: SeShutdownPrivilege	1808	chrome.exe
Token: SeCreatePagefilePrivilege	1808	chrome.exe
Token: SeShutdownPrivilege	1808	chrome.exe
Token: SeCreatePagefilePrivilege	1808	chrome.exe
Token: SeShutdownPrivilege	1808	chrome.exe
Token: SeCreatePagefilePrivilege	1808	chrome.exe
Token: SeShutdownPrivilege	1808	chrome.exe
Token: SeCreatePagefilePrivilege	1808	chrome.exe
Token: SeShutdownPrivilege	1808	chrome.exe
Token: SeCreatePagefilePrivilege	1808	chrome.exe
Token: SeShutdownPrivilege	1808	chrome.exe
Token: SeCreatePagefilePrivilege	1808	chrome.exe
Token: SeShutdownPrivilege	1808	chrome.exe
Token: SeCreatePagefilePrivilege	1808	chrome.exe
Token: SeShutdownPrivilege	1808	chrome.exe
Token: SeCreatePagefilePrivilege	1808	chrome.exe
Token: SeShutdownPrivilege	1808	chrome.exe
Token: SeCreatePagefilePrivilege	1808	chrome.exe
Token: SeShutdownPrivilege	1808	chrome.exe
Token: SeCreatePagefilePrivilege	1808	chrome.exe
Token: SeShutdownPrivilege	1808	chrome.exe
Token: SeCreatePagefilePrivilege	1808	chrome.exe
Token: SeShutdownPrivilege	1808	chrome.exe
Token: SeCreatePagefilePrivilege	1808	chrome.exe
Token: SeShutdownPrivilege	1808	chrome.exe
Token: SeCreatePagefilePrivilege	1808	chrome.exe

Suspicious use of FindShellTrayWindow 60 IoCs

pid	Process
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1996	7zG.exe
3500	7zG.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
1808	chrome.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1808 wrote to memory of 1064	1808	chrome.exe	86
PID 1808 wrote to memory of 1064	1808	chrome.exe	86
PID 1808 wrote to memory of 3916	1808	chrome.exe	87
PID 1808 wrote to memory of 3916	1808	chrome.exe	87
PID 1808 wrote to memory of 3916	1808	chrome.exe	87
PID 1808 wrote to memory of 3916	1808	chrome.exe	87
PID 1808 wrote to memory of 3916	1808	chrome.exe	87
PID 1808 wrote to memory of 3916	1808	chrome.exe	87
PID 1808 wrote to memory of 3916	1808	chrome.exe	87
PID 1808 wrote to memory of 3916	1808	chrome.exe	87
PID 1808 wrote to memory of 3916	1808	chrome.exe	87
PID 1808 wrote to memory of 3916	1808	chrome.exe	87
PID 1808 wrote to memory of 3916	1808	chrome.exe	87
PID 1808 wrote to memory of 3916	1808	chrome.exe	87
PID 1808 wrote to memory of 3916	1808	chrome.exe	87
PID 1808 wrote to memory of 3916	1808	chrome.exe	87
PID 1808 wrote to memory of 3916	1808	chrome.exe	87
PID 1808 wrote to memory of 3916	1808	chrome.exe	87
PID 1808 wrote to memory of 3916	1808	chrome.exe	87
PID 1808 wrote to memory of 3916	1808	chrome.exe	87
PID 1808 wrote to memory of 3916	1808	chrome.exe	87
PID 1808 wrote to memory of 3916	1808	chrome.exe	87
PID 1808 wrote to memory of 3916	1808	chrome.exe	87
PID 1808 wrote to memory of 3916	1808	chrome.exe	87
PID 1808 wrote to memory of 3916	1808	chrome.exe	87
PID 1808 wrote to memory of 3916	1808	chrome.exe	87
PID 1808 wrote to memory of 3916	1808	chrome.exe	87
PID 1808 wrote to memory of 3916	1808	chrome.exe	87
PID 1808 wrote to memory of 3916	1808	chrome.exe	87
PID 1808 wrote to memory of 3916	1808	chrome.exe	87
PID 1808 wrote to memory of 3916	1808	chrome.exe	87
PID 1808 wrote to memory of 3916	1808	chrome.exe	87
PID 1808 wrote to memory of 3916	1808	chrome.exe	87
PID 1808 wrote to memory of 4872	1808	chrome.exe	88
PID 1808 wrote to memory of 4872	1808	chrome.exe	88
PID 1808 wrote to memory of 1812	1808	chrome.exe	89
PID 1808 wrote to memory of 1812	1808	chrome.exe	89
PID 1808 wrote to memory of 1812	1808	chrome.exe	89
PID 1808 wrote to memory of 1812	1808	chrome.exe	89
PID 1808 wrote to memory of 1812	1808	chrome.exe	89
PID 1808 wrote to memory of 1812	1808	chrome.exe	89
PID 1808 wrote to memory of 1812	1808	chrome.exe	89
PID 1808 wrote to memory of 1812	1808	chrome.exe	89
PID 1808 wrote to memory of 1812	1808	chrome.exe	89
PID 1808 wrote to memory of 1812	1808	chrome.exe	89
PID 1808 wrote to memory of 1812	1808	chrome.exe	89
PID 1808 wrote to memory of 1812	1808	chrome.exe	89
PID 1808 wrote to memory of 1812	1808	chrome.exe	89
PID 1808 wrote to memory of 1812	1808	chrome.exe	89
PID 1808 wrote to memory of 1812	1808	chrome.exe	89
PID 1808 wrote to memory of 1812	1808	chrome.exe	89
PID 1808 wrote to memory of 1812	1808	chrome.exe	89
PID 1808 wrote to memory of 1812	1808	chrome.exe	89
PID 1808 wrote to memory of 1812	1808	chrome.exe	89
PID 1808 wrote to memory of 1812	1808	chrome.exe	89
PID 1808 wrote to memory of 1812	1808	chrome.exe	89
PID 1808 wrote to memory of 1812	1808	chrome.exe	89
PID 1808 wrote to memory of 1812	1808	chrome.exe	89
PID 1808 wrote to memory of 1812	1808	chrome.exe	89
PID 1808 wrote to memory of 1812	1808	chrome.exe	89
PID 1808 wrote to memory of 1812	1808	chrome.exe	89
PID 1808 wrote to memory of 1812	1808	chrome.exe	89
PID 1808 wrote to memory of 1812	1808	chrome.exe	89
PID 1808 wrote to memory of 1812	1808	chrome.exe	89

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://tria.ge
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe3aa2ab58,0x7ffe3aa2ab68,0x7ffe3aa2ab78
  2⤵
  PID:1064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1756 --field-trial-handle=1892,i,10978585574685739840,18305380113708101136,131072 /prefetch:2
  2⤵
  PID:3916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1892,i,10978585574685739840,18305380113708101136,131072 /prefetch:8
  2⤵
  PID:4872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2176 --field-trial-handle=1892,i,10978585574685739840,18305380113708101136,131072 /prefetch:8
  2⤵
  PID:1812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2928 --field-trial-handle=1892,i,10978585574685739840,18305380113708101136,131072 /prefetch:1
  2⤵
  PID:1588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2944 --field-trial-handle=1892,i,10978585574685739840,18305380113708101136,131072 /prefetch:1
  2⤵
  PID:1640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4304 --field-trial-handle=1892,i,10978585574685739840,18305380113708101136,131072 /prefetch:1
  2⤵
  PID:3388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3176 --field-trial-handle=1892,i,10978585574685739840,18305380113708101136,131072 /prefetch:8
  2⤵
  PID:4016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3248 --field-trial-handle=1892,i,10978585574685739840,18305380113708101136,131072 /prefetch:8
  2⤵
  PID:4780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4632 --field-trial-handle=1892,i,10978585574685739840,18305380113708101136,131072 /prefetch:1
  2⤵
  PID:3932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3540 --field-trial-handle=1892,i,10978585574685739840,18305380113708101136,131072 /prefetch:1
  2⤵
  PID:4556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4304 --field-trial-handle=1892,i,10978585574685739840,18305380113708101136,131072 /prefetch:8
  2⤵
  PID:4600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4704 --field-trial-handle=1892,i,10978585574685739840,18305380113708101136,131072 /prefetch:1
  2⤵
  PID:4016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3056 --field-trial-handle=1892,i,10978585574685739840,18305380113708101136,131072 /prefetch:1
  2⤵
  PID:3060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3196 --field-trial-handle=1892,i,10978585574685739840,18305380113708101136,131072 /prefetch:1
  2⤵
  PID:2836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5112 --field-trial-handle=1892,i,10978585574685739840,18305380113708101136,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4504 --field-trial-handle=1892,i,10978585574685739840,18305380113708101136,131072 /prefetch:1
  2⤵
  PID:4544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4740 --field-trial-handle=1892,i,10978585574685739840,18305380113708101136,131072 /prefetch:1
  2⤵
  PID:516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5092 --field-trial-handle=1892,i,10978585574685739840,18305380113708101136,131072 /prefetch:1
  2⤵
  PID:4120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4424 --field-trial-handle=1892,i,10978585574685739840,18305380113708101136,131072 /prefetch:1
  2⤵
  PID:4348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4624 --field-trial-handle=1892,i,10978585574685739840,18305380113708101136,131072 /prefetch:1
  2⤵
  PID:4816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=2916 --field-trial-handle=1892,i,10978585574685739840,18305380113708101136,131072 /prefetch:1
  2⤵
  PID:3948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4292 --field-trial-handle=1892,i,10978585574685739840,18305380113708101136,131072 /prefetch:8
  2⤵
  PID:2296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4500 --field-trial-handle=1892,i,10978585574685739840,18305380113708101136,131072 /prefetch:8
  2⤵
  PID:2292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5172 --field-trial-handle=1892,i,10978585574685739840,18305380113708101136,131072 /prefetch:8
  2⤵
  PID:4036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5304 --field-trial-handle=1892,i,10978585574685739840,18305380113708101136,131072 /prefetch:8
  2⤵
  PID:3888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=3540 --field-trial-handle=1892,i,10978585574685739840,18305380113708101136,131072 /prefetch:1
  2⤵
  PID:2656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=5116 --field-trial-handle=1892,i,10978585574685739840,18305380113708101136,131072 /prefetch:1
  2⤵
  PID:4052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5556 --field-trial-handle=1892,i,10978585574685739840,18305380113708101136,131072 /prefetch:8
  2⤵
  PID:3248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5948 --field-trial-handle=1892,i,10978585574685739840,18305380113708101136,131072 /prefetch:8
  2⤵
  PID:676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4784 --field-trial-handle=1892,i,10978585574685739840,18305380113708101136,131072 /prefetch:8
  2⤵
  PID:3864

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4876

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1284

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\LogonFuck\" -spe -an -ai#7zMap28912:80:7zEvent6792
1⤵
- Suspicious use of FindShellTrayWindow
PID:1996

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\LogonFuck\" -spe -an -ai#7zMap31433:80:7zEvent22303
1⤵
- Suspicious use of FindShellTrayWindow
PID:3500

C:\Users\Admin\Downloads\LogonFuck\LogonFuck.exe
"C:\Users\Admin\Downloads\LogonFuck\LogonFuck.exe"
1⤵
- Disables RegEdit via registry modification
- Checks computer location settings
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
PID:2884
- C:\Windows\System32\takeown.exe
  "C:\Windows\System32\takeown.exe" /f C:\Windows\System32\LogonUI.exe
  2⤵
  - Modifies file permissions
  PID:3876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://kaspersky.com/
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:2660
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffe2a4a46f8,0x7ffe2a4a4708,0x7ffe2a4a4718
    3⤵
    PID:1520
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,12516025668911659445,4466225042161136939,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
    3⤵
    PID:3988
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,12516025668911659445,4466225042161136939,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4940
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,12516025668911659445,4466225042161136939,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:8
    3⤵
    PID:1444
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12516025668911659445,4466225042161136939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
    3⤵
    PID:932
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12516025668911659445,4466225042161136939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
    3⤵
    PID:3724
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12516025668911659445,4466225042161136939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
    3⤵
    PID:5092
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12516025668911659445,4466225042161136939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3916 /prefetch:1
    3⤵
    PID:960
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12516025668911659445,4466225042161136939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
    3⤵
    PID:4452
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,12516025668911659445,4466225042161136939,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6004 /prefetch:8
    3⤵
    PID:1928
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,12516025668911659445,4466225042161136939,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6004 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3948
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12516025668911659445,4466225042161136939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
    3⤵
    PID:4028
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12516025668911659445,4466225042161136939,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
    3⤵
    PID:4616
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12516025668911659445,4466225042161136939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
    3⤵
    PID:1380
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12516025668911659445,4466225042161136939,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
    3⤵
    PID:436
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12516025668911659445,4466225042161136939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
    3⤵
    PID:1388
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12516025668911659445,4466225042161136939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
    3⤵
    PID:5032
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12516025668911659445,4466225042161136939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6328 /prefetch:1
    3⤵
    PID:4728
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12516025668911659445,4466225042161136939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5940 /prefetch:1
    3⤵
    PID:5184
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12516025668911659445,4466225042161136939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6644 /prefetch:1
    3⤵
    PID:5812
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12516025668911659445,4466225042161136939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1292 /prefetch:1
    3⤵
    PID:3644
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12516025668911659445,4466225042161136939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1436 /prefetch:1
    3⤵
    PID:5752
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2120,12516025668911659445,4466225042161136939,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=7148 /prefetch:8
    3⤵
    PID:5196
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12516025668911659445,4466225042161136939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7088 /prefetch:1
    3⤵
    PID:5632
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12516025668911659445,4466225042161136939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7608 /prefetch:1
    3⤵
    PID:5280
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12516025668911659445,4466225042161136939,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6220 /prefetch:1
    3⤵
    PID:6076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.norton.com/
  2⤵
  PID:452
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe2a4a46f8,0x7ffe2a4a4708,0x7ffe2a4a4718
    3⤵
    PID:1656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.avg.com/
  2⤵
  PID:5028
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe2a4a46f8,0x7ffe2a4a4708,0x7ffe2a4a4718
    3⤵
    PID:1088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.malwarebytes.com/
  2⤵
  PID:5744
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe2a4a46f8,0x7ffe2a4a4708,0x7ffe2a4a4718
    3⤵
    PID:5760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.avira.com/
  2⤵
  PID:5704
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe2a4a46f8,0x7ffe2a4a4708,0x7ffe2a4a4718
    3⤵
    PID:5712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mcafee.com/
  2⤵
  PID:760
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe2a4a46f8,0x7ffe2a4a4708,0x7ffe2a4a4718
    3⤵
    PID:5584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.bitdefender.com/
  2⤵
  PID:984
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe2a4a46f8,0x7ffe2a4a4708,0x7ffe2a4a4718
    3⤵
    PID:6012

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x338 0x154
1⤵
PID:4492

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3668

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2488

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
17KB

MD5
868f1c2cbe6f6335e9526108b93b85ea

SHA1
ab894b8655b55724140516c9717ec90134186bbc

SHA256
0e993dfb76c08813b09f952cc2fe16a3b32caf5ca333093a88c231e09944584f

SHA512
21d76233f7fadfaf838f9cd18caf341986fc0bcd81e3135e9c6a5efbc0790173b55166ce04e26de4190d981f557a690d1a1352bd1d0d2e191912b7903802403c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
19KB

MD5
1972b3df4ebb295fcc3ff76696ded3c3

SHA1
9c61bb9965b82391685b64631e8622e3fa94d82b

SHA256
0e99d08426be6356e9a025a6d8b0864ce4f2f1f2ef77739c5cc675481ecddfc4

SHA512
b6327f004952d250164de4220629b6e0837af30a210b19a46e802d6f749b8af5e3385295ea52315f0f6a8620cfe1b330742ce97fdc87321d8777e217aa27e7ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
17KB

MD5
c0a5a0e67eb1daf568e7cd375c40d2aa

SHA1
a65f3df46a42a0c58c3edd06c11d86e374de4384

SHA256
4c9d7b64f6e39ac78b21f19dc5b4b669141729a5ab78ffc7a0a53506e35a8cdd

SHA512
7705d43dee52fedfd5b68407a861252debeb8107d24eeb842880c771b4215f0504b6eeb00838a7cf1948dee3d1d9d65d91798fda2f2650a105760c592373f6cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
17KB

MD5
fb5a5952be07c7caea3f3ba4b93a2634

SHA1
9c8c8324dca4190d0acaebcdda03d99eee2599fa

SHA256
b86105cdb2f03d802b69e0eb735a73a67621f6160218c7de483a84e6d7dfaabd

SHA512
1f4edab4415f82268a40d0ead26db7c7083d131b933f5d43ea5928967386e7e9e7b954c95b88e45911a3a3ac6c965ef7765921103bf7ed5571604c3748882b14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
16KB

MD5
22026eb00d2d70eeb63cbe14d75f8355

SHA1
5d1cabc0387f4eccaef9baee4f4237c57eea15fe

SHA256
74216ef799be77d9538ee3c99daa11dd18fa6cbaa5c2034dcf9b758c98d0f284

SHA512
d0cd848ecce7fb3d207adbcaf67e65b090c5ad8132da4b745683180fa7a571573866bac6371c9d7b27cf69d53d5820861059399f2f52491af9fe2e6eee8af188

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
17KB

MD5
8b4c25adad144b4e4de96b2e2e783890

SHA1
32448f5fa6d6c617a7181c27d34c0d455bc407e1

SHA256
fa753e2c8392c0fda3779ec04d159c2ecf7001d2e8df3a878b6c5f28cc76ce54

SHA512
dc359eae665e1f9c08cfcf31bfea409a36f1ae458d6cf526a04104265fdc5077a261841cbb4b965232463461013a25ccc77d608949c0dfaa4d11d2999dbaa58c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
c9a3e6c907b678f7cb20fe45d68aa665

SHA1
13b83ad0428fc264ebfe4a66d229d4f5a38c4400

SHA256
f5345f306c5256d3ccf47860614230ae6a706456a5af231c87451047e9174da5

SHA512
7deb9a5ebffcd4a4a550ab489fd56e9cc4a10e8f04fa61eb0628ee5a65ce761a5a08b125e9cac5b3c679e450ede8fb46b092bf0c162f1964f6f5b3bbe7f1abef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
8657618ecfe6b66ca970fc19829c8e8f

SHA1
d04699eccd4b6a994e74dfb8368ab24b46b2c577

SHA256
21046215b082c1a75bd0c89d19afa6add23e5463434aab5f97484c31588d8a3e

SHA512
2b3ed066985bd7850b433057331dc89872967f1da168f688b3306dc229a2f64a66b48f687c17ee935154df754d8b19d2a324851d131e5e9469a57abf83069e2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
5203b448741ca0ae151a65e552c89456

SHA1
d364b21d57312028a89cb60d13d81cb224174af6

SHA256
dff87298071791085ed4de6595e8087d5b46ce7b981bfa4df30c9d975cc9bfed

SHA512
2b91f2e656f7ad41c7ebf446ae0a55b907f1d100e2ed9d9cb3ae33b3b307d76c631b7ddf8615fb90d8d5ef4cd74287b8b5807e9e04a8dc80c04b916d81455b36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
69a704c5d0690b527859c5f851202693

SHA1
2ea85cbacad3c72cbd990cc1b97a07c3d1d422a5

SHA256
8c6abce828406ebfd677f4251a0a446d6fa165f75f4e68c1ea30b9d844403b69

SHA512
b2fe0d641a5c58725d290eae348b682989b08eda2ef21d14e878f871aef2b55be0cc15a4c49a373796e13bafcca211bb7358d0dff6e47f18d70415844cd24789

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
2e60944d4a2a48318af1b184a96f4cd3

SHA1
9b6446d2da69a28c25c0c6ba7eaef362d9609777

SHA256
1ffe4d9994e2778b966e4e29b38e61296ce2e1a78148997ae90f57e00710f9af

SHA512
02e9735454a26abecbaab36217f3b38bdc71871c41b7d35d9db738cc33ce4769469a3cef589db0474090c3873d1ba9f412fe61c5cc0bc4ac746369c6d5471e91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
07d7c30d001d9af73314e2df574583fe

SHA1
9871550dccb8d95cc83e60997c082613fc6aea1e

SHA256
40194d28cc3ffa07958baa36ad86c60fd0f626b693f8eceabf3dc564d3cda6e5

SHA512
f14a640d6ca97eb6416d53daa3da535cf290a82e502662ef6be38c93c66221ca1e45999c0dfde2ada0f3390b2c2e1d66072cda2c9d4e0a6301e5cf4f85fe6e48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
840B

MD5
ee7fa052c31b64476c7bec19f576716b

SHA1
552313a4e283af0b1ad0a744fe44a51624a4f368

SHA256
cb4a9d13ad683b0bb8346e8400a7894baa5958f4c007a314043e321ffb99b7ba

SHA512
29cf2a7b4141e2362c383e5b72cffc877687b336f000680c9c4e87809dc80ae85172370cea3217d082a47f0b680a4ef7030cdf2392369b720a380ae0d8fb308b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
2399b0aef023a559c8ce38fba1e307cf

SHA1
5b65a3e52c86ea3a3d6501c1d581c305bb4f625d

SHA256
a7210f8634e13688969aa6983677fecf1afdc1e8c71dd83618497d6223e03b9c

SHA512
f8207b613b3e05ca85d7bc713a38f73310473806da5d7a758540fba70fcb22409d3a990f0ec8b41982ff6c70d01cd03ac2c625963861d12a624cda9ce37646a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
0ef1d2d0540c59f133ead3cbc3f4bb2d

SHA1
b6a6cc8310e62b79484d9fff9aad6672cd09f181

SHA256
6a706ffa16353cd1f66b5b1862d92ed6fc126b61cfcd3368a88e6b15c5df8d24

SHA512
b52e86eda192c45c1553644acd0df2765e4f650ee92a204727f5486241a97d02acace8b94916ec740174b5d1d347b49cbf64b142f9f3ef16fc1c894c00d1e14a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
d181328de36e96097797cce94608e566

SHA1
15f425827065df7c9b87ad33b2331e92838a42e4

SHA256
86dd7cd19eb1f004915a1961bf26ac6c64009d1a2b0f8a44b6ffe3e8d4eb9587

SHA512
1ef1de6196944d7a58878d41f84758885d3f04b586b28ff62e6590be7738557d1a24ae13446adefa69212e17072b160bccd3d58c97c4ec12fb66a5a9efd32191

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
73bc0c73cd0f79fb0b2d764e9f2cbf00

SHA1
401f18ccefd3c58a6c67795f3dcfe73c68f60999

SHA256
c824c3dbd02f426bcaac70200c6409b33cec08c93c3e702b1a49d006a62cbb89

SHA512
760b6eeb472d6e6252c275c0bce8fc1c7eb8976d9d119a51c3fbcf828af9459ec082dabab6c46e8b160178e1e8f12bb47bc141d22ef898686da75461c5f7dd63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
c384f66901d5fa733a549ad72952b570

SHA1
8c3d6795bad1950a3687d14cf1384e4eaabc2e4c

SHA256
595968f77a8007c9bf46b3c9df00ab0c792335e7df47f54fe50638cb7d0d9a31

SHA512
ef364c226428edaf68b3c1611a9957fe237c6cc7256c29eac2d439034f39c545fb456125e60e0a889cdfafbc23057dbff2208757f441f5d9ba92ebb5d6dfed32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
bf510b73e5f19e7dab6177e2eef5504a

SHA1
2f3bb30d979332afff2ccfc734828a3588eb256e

SHA256
f3b117499f6f0bf3e6d829c8b8dae3938fd6895a213a602623569a77ab503b86

SHA512
6e802471f260d7d89ba7557d91eb127eab0327e9f2d241eecefa1b38493588cf82ee39ec4138394f1d49023d1f180e4579ff07bb050de8b43a1ce75fcc3a427e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
e5ce88eab3f01f6e1f3d569de112133c

SHA1
6a3c0c07a22e92f770ed1acc1dc41f1a3f70608a

SHA256
ef396622afe1b8c0b6970849366c925a9d8f6377d219a61386da8ad9cc4a4e0c

SHA512
c66378924a41faeb3419baee4a91482cfdd22f4744c5f56cde8d32414a87e8dcac051aa168783e979457e047be3301b06b027167bfdcfbee33374b30f7e221ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
c772d9098dad42041704607f5e2644a4

SHA1
82b88edb48e04da861c8881b029e8045963ddd50

SHA256
da8c4d388661a7fa872de5479bd0fae55f1487f71854db960471b09833314448

SHA512
7a0b6119ec4f96d1da754601d1c91e37252fa6cbfe33bc701e15e9e84513e1a90ebee42a949f8cc023f9ff731355a3bd52b658b3084dd1f3060d710e03f61057

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
04e4747f82b9be8da6c97276f3fe5ece

SHA1
f82e403d16f56a4871e6b539a6fa02e4b328ad0c

SHA256
0fd79643c9b0d077697359a5897fd99ab1428c12185488b88efc6206cb453352

SHA512
ef93b22c344bc90d9f9b03e02e2a97d3e9a43d8ed3a99a6c6854008ec07b37cb860505d64847535d2c5013707149414f4ff45037f6045d0061a33c8fa07d4293

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
e05d27eeef72997245da1fbf0a41479d

SHA1
46aca76b1517d791674b4babb4cbcb1b567994db

SHA256
c6f5976f569a303a0f28e6d39546cdd43095e1695a8261905160aa106375bdb6

SHA512
428242a8e6e9b93b6ecb4b2d03edf109ecd23a7aece042cac19932c59733f9f5be049ad6d5dd2b8d6c30ef0470ca1776b85dee7c8442940740304a8d2b4359f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
19e22a3fc0edec5b2f57f01b596fc529

SHA1
97ad4c56be549e72ccc7bf26ce9ebebd12367bd1

SHA256
0267e4dce69bf8cd6b045fbc1d27d4326d9177941a18810ca3050afab3076a0e

SHA512
509760e24e40eff2c7beb9b40eefb6cf40c87108743997ef80edd81343e1605f12818c3aa1e686a7232f213cb78f3d48efda2cb8bbebd2e9d84d56059d629385

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
8671ce147c36c7f371a11376767625b0

SHA1
f7564c8672bc271ea1e809150895a3fe1e0d0136

SHA256
79ec70e79a8086e60b144535ac613c6eda584da80a0f6795f9efb36c3077d11e

SHA512
0e14f82f29d7fe4f3ac6f1694f98c234930bdacf9710dabe36bea40244ed16687d6f08529f62c4ff0c12d82f4139d32a3232d141e23b60e44e83cdf3d49f8e80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
c3cceb204b2c755019ab7e0dd50c1e2b

SHA1
25492692f1bda44a7899d95f8be26fd127e5ee65

SHA256
c6ffff2ebaf7691eaeca686b38eb3db272b85e55045a7e79c0e50a54500db3fd

SHA512
47b84acab3882441d9bf9a82b68c670ba0c291bf24899e3d75d88668c9e9c98092c331fbdad7c8ac6ab4cf7964dafb470f40c3e7ee38d1892460d10481c798c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
3d149a5c9e7a710a734ec1e6f39fafe3

SHA1
77b8c0c09f51ce8eac1d76ffb031b59535cc3730

SHA256
7d1f926b596a6fcf9992e31a286b9d23021ba01676b1528e7359f9009524c47a

SHA512
20548c2fb8c9160015bcde9e402a6c5d6186c3f4110d4eec3b41fff6387de077bea3889a7cce496f90091e3f7e710b84834847beccb4256adfdfe45a88337874

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
758b8594f24b930b2c7f28768814d3da

SHA1
7a6596937ccc9dde7f2f6c9f3461842a3b5d8f62

SHA256
d513b31281ff42cf18370e60419c614397870699a397515c116d7e75710c29fd

SHA512
02c14d713a373591579ac855feb91a00a9eaee2c1bffa175727512deb693db5c3e260fabc370386e97982e961e8c99c8d5db20e624862647d849ca1bd0d17a0e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
fdd0a375001b525c5c2ec483e4ad38f4

SHA1
7f2f3fb5a0ea8208406c86d805e9424f7cbc0c5d

SHA256
5bb9512c984907be92bca5f82f9c248582b9e4b2b38956dee93560cfedc1c6ee

SHA512
0c45e9fe5a5c863c33428cf65522896b931e8b15811600aef3e95276594d1de4c580ca02fab025b0db23880076672a58b522018ac3174ef09a98d4cc5922d7fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
7d08f51d70979dbf4937f4eccf7e635a

SHA1
dd8e937bb378f458f30a29872bcff634ab491139

SHA256
642377484e81837990c7b7bbee38e3d4d0dbb74c0b582cd92605b776a2347d2e

SHA512
efacfe0389208cf4aa703cf19f97cdfbe1b95f8c58ce5cf530c75f32c23b3dcfc0e6b1ce205aa71e19c0d5bc3a3a0262d19eb767193dacb2ad2abef25164d21e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9c6183779aa556b7471d58455ba95bf3

SHA1
6ddb6ba8878500b1f5e77a4308b957daa577d63f

SHA256
6109a3ecdf24fe62cbcf6fb543a5372fe372d10f0f07648d4dbdda9972e83059

SHA512
6332624341f8ec01acfa50d1e7600f0b19f35996d3c3855df2465f098e0e66b8cf3ee17bda15114413c1be6d8a17de83088f3cb161b69a93cf9b48676a28082d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
ce8ac39dd167343d6aaa7c5b25609753

SHA1
68b1cfb36805700c8aae0af329d400d93715be42

SHA256
9b36052dda43535de7e5699b8fa1b16fb91138cd79cdcdbef7d47b720e4eb6d9

SHA512
833ac973c71ecef7d769541857be88ed8b16a790e9a3747177d54f1973ed8cad9682ee0d4041d12355c40fb476759d55828d9432c340030412aaae3a3d1a1d1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
49840cf51aebdec1ae396c1388090b85

SHA1
03567bb0906eb105bde3f5994e3c0df2169bc53a

SHA256
2ebb0d47fa6f3fb363622ac907b0798bb6e24efb4fbe76e12a61a3085586cdae

SHA512
f3033af3946694fbee01a49079ad78dbbf80b7f56c1b7e9d2811e28efe39ead548b0fb25b15b3c3ba365c58415cefd9f3505b00bc9cfa5f812a6c94209bea9db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
309d357c7ad384650ccfb68148cb36a9

SHA1
19f2753df3a894fd43e69db42de8b5f4ac845a5a

SHA256
54ed6aae9848b488c7186cee22084e8ad1b68f763b1e1ca296616747cd1a2af3

SHA512
01e0d56a0a9ca9a50485fcc66d2eb0e192e95a45cae88585d3cb696d7b650df6a17c6cca22724240ff8faff2759cc9da9df5ba59a9ab7bba7ebc5653f67fc440

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
13ada6e42771fcb1dcc62e0b49f06a1e

SHA1
1a3b7bf6dd323717d08af3b77f0f8f5354564eaf

SHA256
36518b4adae4b0cb8d14a88cf0bd263cadf8afe7226152a5528b8142e6892872

SHA512
96fc512635f345b291e336f4035f3ce9ad7cfeece44403f99006cbdbd444c4d893f72737895a636f64320861c03c957b168bf340b05b66a517f2f4bd991aa1bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
def581dfc363db5a475b1803b2b32e67

SHA1
23d38382466038bb9b3f24430eb41bd5c8e7e137

SHA256
3389525e14d041cee298a5d940ef946d71aeb9a0ebdf6991924593f48198dfca

SHA512
1555e8dcc759a801f9a6457db8025eebd7a5844c9e05f74de7a1e93d1e22eb5db369d46496704bdc947816eb267b25005bf8bba7f5824af37d48faddbd73f372

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
7f8f19bbc144c1261c5d3b96fb2e0a79

SHA1
ef27715134264649ebbee84b9dc203976d58df77

SHA256
f34ca6d24a97c5cc78e8e22b42b52286c88189490818dfdbe13fcf4da208a878

SHA512
db1e113f4be84ea409625891e3e8315b9b84247bbe6dc6ecabae9b452391507aeb2264bd200e43069f48a6b28a90e45e05b5d58a1d695ed2ddb2e31b32058adf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
759066124033004ca3315445469f6063

SHA1
eb60727119958deccb899c853996780c1524b8a9

SHA256
35675616d0141c74f9a436ad4747e3538958d34a42f5d592b53a63338f22737b

SHA512
cb2e4e4d01dbe7909e4635cf66ba5ac70d8e0a27dc8be436250e212f17b253cb941d02a624ac6d749432777d2b4af060da24f6503e2b9f6d40cc25012bd4d8d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
9b703535bd5e40025f65200c13579473

SHA1
e235cad0c84af692d58132090de9e23712880ad0

SHA256
b8a07a59b196c60d8592e7b1bc82f42c98cbc549e30db1b8e5fbf426d3ba8a19

SHA512
4e248a44f0620641bf5f1ab3c0e6bae1bab52988dcc70fad65ba99f684e264708cbd00abd7e2171ad9fe9090cf6888237fe2c6d9b19e38759c1f1e259aa64997

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
f2971afc3c846cdc965957c9c55fdef7

SHA1
102cb6b1ff879fa05abb6350a25f8483ee0fb708

SHA256
2aa89b1e7f1fda93369a72445be5ab20d5639339cc32a30135af1c67aeaeee56

SHA512
c6b515593e1ac4272f01eae9095bd2a4ff6f2f11a4951d793efc51d0a876c9690065b08b2a1d6936732c60f5f2b8dc3b96a759546fadede16ba102994c36fde0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
692d097c2545d34611262db2f7f35ca8

SHA1
89044837c56e76541a5bce06557f095af257caa2

SHA256
0023e59c5f9ab3aad7ba020b3b2a6e1f90248bf0c2e7273c9a435e190e7f08c6

SHA512
9ca05f1d41a7017c3b94a34c69796e2d44518895c6bd9f93904071b1cd156dbff9b2def508ab39c7a84beac643e740f710e164e1a9448c723a9b519502075fe4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
97614293cd737e6f2ecc5d0d8bd3912e

SHA1
18a81180017d7e927b0f7f2869fa6d6de81af5ed

SHA256
c8a9745decba36dafc7aba86571d1dee6a850d9b4e6b7e39a5a464b01e45a0d4

SHA512
048868a33f490e48ff7580e16d20f84d85064574324351a7e1f08292e3664748db79e1373f1c6fa9cc868dae3cfaffb97b2d5b62938808c05624b9c404616440

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
bd4704620336ea70c78c487ef3bb3e35

SHA1
6edff9b8c87482e3825b627712560c7b38d21dc6

SHA256
5107b5d9daf52ae70a0a63de867dc4e6d7d83cee37b08a851695071b92779432

SHA512
7c69ec08390a830d7f158311f8e2a620f4df99ae545ad6d7ede955e5f1a4e892de67afb554677bf9c57fce14a98ec817873e071fb19ff6ed350e1ceb7473897e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
98372c252f15d5d73981852327a2130a

SHA1
b95a8ace2663a1dc3c4ba239d3d1d5addd2844af

SHA256
dbea23513bcb43ffd1c2b77b6188dd9ba93bf0259727cddca6f579020e45f888

SHA512
0cb3582610b143f6fd359db302ef126cc9473a03ea57c8422573a805ab9a5ca243ac490bbc06ce50c45cd4599b0def60b11ef448e3d51607cc82ef8d76f0abc3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
5c1b9474e3af0f6cd87cdc3cfb90660c

SHA1
cd90fd4206f70a2d8e36715d8a2ad3d13ce3c0a9

SHA256
bd302327fae3bb9cb8f7df7d3c2ae43b514309059ee2eb34c1dbe2648fa4b745

SHA512
ae2ef37db8dae6db8d10561b420b06e9dc59dbf0243a930bf67f601aaa36451bb3697c3630472174dc6921f481c96a2f0f451d692d52f9f55ac5fb9413809361

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
0642fc96337f53ac65a6a5c98ca0566a

SHA1
6fe5ab6794f8780877e021206c748213aa19b51b

SHA256
faa7d5ef9efebe851a032e6040ddf0af520ad8639823d157f1fbcecacc1e5a1e

SHA512
593edcd0b202e78e219b9f95b3ce5df7daf8f9db638d2e49996cfc6ed86c170950b8857c0bf5deb091c2b108f5e06770162c4227a2afddce75e314d9200f0173

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
61b8fc8e12989ee12c3ad219ad990ab7

SHA1
170495ad48120f5c03c436043b43cd1d3882da0f

SHA256
a6ca43848f1b57d6633f3f299fdff2f83a852b6916c4dba3e7f2b8f711d924a3

SHA512
2f243cf440522210eab2e723df6a8bf16fd574a5cf7ba97831ef295e569c65e858c7a4f6614e3dff5ba764d46b70755254bc05266ba0149ad62b8785a70d65e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
e081cc1fbc100cd0f671b9533de57f72

SHA1
d87db9790557f5760d24ab1461a9a74bbc7e184a

SHA256
88d78525e3d54a0cb9e29abb19ec70164beb44a33b36c7b73d9a1f216273a7ec

SHA512
22726a0cb89592ff29cb297659330a909c111dcf7d379cbd151abc4149bf1eff235f338bd235d173960c68070880bad2edda5a15c9f3bb2fdc2d9473743b0799

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
386311179d29b27ee589a42a2847b8f9

SHA1
a23567c94b909e7ab8bd2fcc8c85049cf458c135

SHA256
36d90efae7369ad712e53b0cbf024c9c5df1f9ca6b4d6a4edab34c8ae5115722

SHA512
e5c98d68e50690b22b8a820b0bf717a0a2a1e9a17f4a11c0e67e6718217b38ca91d04bf27bdf86612434564afc4a48f9db8c1ceeb9a0fb0715fd3fe7e67f5eb8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
13f8203df560a1285b54c82b09ff8953

SHA1
2832b78defffd487438e268547393d58bce72ffe

SHA256
21511fbfd7b1294cbd706125283e8e88cc1cb5fadc278093d1247eb233a291e5

SHA512
ef270e74a3ea4f336c52352f209118766bd2fd41c0127092bff28ff69a6e8bfca99724240501a0f6eafffb2433a7b0c188cd6f1b144b933568111acd4e2c12c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
250KB

MD5
a60403a6288ceb3152390054706b3a5e

SHA1
e65df7fb215364bf13401e669e9029822dfff62c

SHA256
1c8cce7b530c818d7e0c0cca59b3fd5fd82fadddbd20739eff04046030c898d4

SHA512
7be6dab3b378f6355fe201efcb8f70d8803bea349da935257150a9fbfb4edc96fac855c171212abe101ad546a45f2aef17a73adb06091cf7f431804e9ef4acdd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
250KB

MD5
e97b218b9b80a107ba0edaabc7b34057

SHA1
8f81df17a279013bfac38b125c6a6d4ebebf93f9

SHA256
923224fef8ab9e7ec8b10eb3eeedff5b9d16c200489c8a3204730d8778c03d12

SHA512
d8540bcd00c8d0bc7b7ae49f80ad9fa499571fd8d40f5e2c0113135035c6406c470557fd867d465b00e0381fe5a482b581c84ce41b1f0d6d4b1e399590c806f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
99KB

MD5
b112583d52a3e07316bb2febc70e8a1b

SHA1
911b6c1d5b24ceba51432ff77a209b81065a8554

SHA256
30a543a937244c2b65459cebb7570dba1bed69b63af7c063fa535c263f221cd2

SHA512
ec7980a0a66a1b96e3f516978677376b0ebc7333060cee044d95cb5486cde8cdfbb6882e5185291fbd4fabfa294683be52a4e5c08bec6d5c45da9a71ef953ca4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
89KB

MD5
3272fa13907f22222f6e937291fffb48

SHA1
be5494f9bcd077ef3c2f8621c19273e8caddf8eb

SHA256
7f225a03968c15e5b96685394bb75b0a4ab7e0c2b733d8d30e9b8cffcbfb0285

SHA512
0fa158e57f918519cf3c221e9336bb1fda81b503ddef2ac2a74ba519371a8d6162e2dded418c1acd61ebb5d3bd5c99cb5106487a43643075d6a0e1c6864c6f51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57d254.TMP

Filesize
88KB

MD5
88cfcbf1614964bcaf2b4e305a70791f

SHA1
d3e088cd0f3b87d09d42c7101d5b2d0c2144438e

SHA256
7404ec0db52c73c6db70e24d7df4c7faa72018c56651ccf9a736d1deafa2afd1

SHA512
78c1450cede4f5d84ffd93fb03ea8dff056f7f792fc7e69c66534c5784295a568a30c59c82597dc6bba4f4d13a3d70df864e4a6d6975556ac3c88606f3d83e40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7e0880992c640aca08737893588a0010

SHA1
6ceec5cb125a52751de8aeda4bab7112f68ae0fe

SHA256
8649a39877c190ec740a5422284ec5f9ff509b30b2d7896635476873dd8824e2

SHA512
52bd0a38ca7f43b26731966035045b1cbd8b60b2d81bdf9aad791cf444da8af8b722ebf3cb364a6e660bebdf23084eb0e30bc23562575b704801669817549f8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5e2f0fe48e7ee1aad1c24db5c01c354a

SHA1
5bfeb862e107dd290d87385dc9369bd7a1006b36

SHA256
f13b3ebe8d71bd0086d5bb82364c35f59a95d32b39753af251e8639360e291a9

SHA512
140d026437fd5e8a874cd00b03950c8f010e1a0732a0a1cc5bdde477e7f8315ccb95790bb4c15b8dbaab9468ad532eb885b6c429300a64e39412d976d079324e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
36KB

MD5
62fd1704573f0a1ae4c7db83f9f5b470

SHA1
09d03a37492cfd0580ed3b819386bbc4ff64d960

SHA256
3b14ad4d4df0e681fd5aba556473e39e52b31ab98f51dc3db4937bb641a6d667

SHA512
c8108393f8bb91c018ee06ad51d746a33e24ad9041d5cd84792e4c59fb55639b8042ed5c1a424b47263652182ceafe516d0b6adab147e33bbf261d6aee1d3f84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.avira.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
20699e5c5427f95b4ee890de5551caad

SHA1
8046c32feec8eebff59256f934bea1a0e6f9c527

SHA256
213ea08ed0d317c832d973bf67fbb95e98369a49d461823bbf4b5eb2cdf66e37

SHA512
7d289c7ef42c22602c44837ec77668307bbb96494c01582a4d7295cc2df10360527638a2f07cbf0826ee338457560dfe1a36ea0000a71fe24032683899088c0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
21e94aefdec08a989997b9b0af1e3504

SHA1
966d82fd9308f8d3c4516ca0e617c9ee1051c8d7

SHA256
352c58cc90dd27ce0ce8a59bf06da7b80444e1da77f75396f32ee56f2b20017a

SHA512
35d2a9e4566bb2b0448eeaae8eb00a059ce3e974670f1d0eea59aa242a9f97e2d6b8513e1c3f141edcd029cd54d37f170d3cda54daa953c977941755a3f23afc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
152103787f3baef2bed4e3a3d6d4c2a8

SHA1
f897eeae9be84d9ae7567d2f3da846aba1ceebbd

SHA256
647dead368dfb7f26eee4174da9eec06f98ca32ffd90742108bf579ca4b39295

SHA512
989fbf8b97cf86a8e7d6a0f6a7b95457e9c0a6f7dec10889bb1a9c02bfe31cea4b58442abbe20d33f84f1639a9e68d8d333d40545eae4abb2635ed61f8e162a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
d111ad12a056c3edd9992335f007e741

SHA1
8eb77fbdf6a5e05184ee525fc673ce04b143eeb3

SHA256
170f79c931dc356af4efdd7bc7b25d733a5912582ec71aaefca1f0568b3b1551

SHA512
90f79fb52a9b7888a9c63021fffdba34b33da211ded8905f2aa9fea7a335226d5b85ce92c0ba77b321f87047e6cad0b1a629e63a51cc1d01b4910d26a32a54ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
83d42f0a4eeda05b8ca215cf3a91eedb

SHA1
31f793d264e9374189a073695ad333febeee9a49

SHA256
1eb48425fcd305300041dbd3aad8d9ccf6d20e042641d574a83c160139268c41

SHA512
771c2fe7366eea5950ce9c4e4c32fa65f5c8b6d67b51190c994de3712a53995074103b19270ca261dfe97b3d5909aee75a88c434d73f845e0e693ce24bc610d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
00bd0ed4935909570f91cca1f6720a7d

SHA1
c5d065bc7fe1cb65fc99840f970ea252e62c599a

SHA256
9c5d06f785dccc663e4598e80aa759bbdb867285f454fc9b73a25a306bc57d24

SHA512
aaa98818eacad2117092726bc54df8eee2ca00d0789fe5c5828309df7228facbde1f8121d7af2375f411c1411b00895a65c55935fe4b82c695cc75eee212d884

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ab0d9f143b33fa5b998e83ecefe365f6

SHA1
32d51f596b7f5d622654ac5ccbc30c1c38e08017

SHA256
3bc311b35f9a49bcef33cfe030033e93ff079a3289701cc866213128df967e2e

SHA512
79ad24ed77844153d6a66db0ecf1f2b04eb5179db8d5ab4a0988a84bdf6a717d0735a77bd2807c63f8803913f4cf4879221e0ffe3a85a1e6a34c1f4cb36a9627

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
2cce3bdefa9cc08db21e0e1c1f138620

SHA1
80c0d515b2e762c62d00d8d39c7706c921c57796

SHA256
46c8b6e11a697fe3070febc6372690168bbb8003322ce3efc90550c6b215a257

SHA512
e55a942c9a45184fc83ba5a78ac1b087c6f7ebb9d25614ee6492772789e1efa17c5ca6db4041871e456d0943002844132b5a95b67f6b1037eb1f25ffdac4255f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
0d3146a085baa36aab3194ab3355732a

SHA1
e2ed7f0e7b8d171ded54bf5e8fdaa17b2d73a9c5

SHA256
f47f15b526afb5c897fd7ff50dd12b9e6cd0628316ff36f12568ee10e8879f6e

SHA512
fc1512fa94d82a9582289908003b51c1f6e00152401c5f4cb8582b41753874bea971316fb4e84b88280ea11ea40a48ac1b4fa1dcac7e6a73526caa77b09f4b80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
b60b9032c199e7c847c90712b6c9a65a

SHA1
f1d398dfb065e999de7896f9c7dcd41ce9533662

SHA256
c52939ea9a17935f5672a254513067a3673cf23ae6a63b4a8c1fac0bd15c2382

SHA512
0c41993f3ce761dd9c22000379fc1f0ede4ef4f6b6c696403021c4a685b9933840a2e8035e0c48c0ea8ba9fe4adf5c67a7cc07e1fb5bf444618ea9ac649e88ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe603e74.TMP

Filesize
48B

MD5
376b1bd92a3e47cd6f43698c75d48785

SHA1
51732bb6bc3f8d3655e3fefd636a100ca218437a

SHA256
a52278f1e5bc293df9599e5a5fe9ab6cb0abfc90a6e3e7388327aa6e0282d638

SHA512
48cc3cb073f19af3aca80a984f31744ae2506fa887277678d8a89d4f5815b5c8171fbe3d3cb0b09094cee83e72c071e8186b48df6363a85f14494534c6139cac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
6b7c64a9db43a79ed111abfe41ee5a46

SHA1
5ad9d5dcbea829bf63e12a44414e5af4b9f06c6a

SHA256
e8f9474db0c98bad2165837a822d9363add69f434356bf743ee181323182be5c

SHA512
aa479ca048beee5a24d51f29dda3ba94ac45a3ad03ba91a61f92fe46c6fc8f7562fec17b9f3df643dd96f716186340cac64be14f72598f3136986a5876f32488

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
8KB

MD5
a67686a00f3fa5e5867e0e7450de47e9

SHA1
c454d10844cf1369832802741f12c456963a669e

SHA256
486124aef19bc5750651215b1ac1c0dc7a7e63a94799d77c26f372e25584a382

SHA512
341b1a350f2398cffc76d79d4082f6b936a7baddbbf20a28c76943caafff125fd3f67ef8b94ae272fab718cfce89774459e2cc7f7325cf3afca1d3fac3364f74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
6a1f9213c63b0da0ec22e29aec3a2582

SHA1
002494d180d1c0cb997eee793d20d78d380bcbf6

SHA256
dbeaae730ff94b511a2143d7ec778720e1339cb5daf273eb89616acb60c72f4e

SHA512
ae5fc70b19bedca970a8b1e346d168f3f8e57c20358ba4355398d047423399144ed2a4b7b754b5008e0b84d1c87c619b2724e616272a55931e1fbe549c16f221

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
233370d90820abc2e559dd8dcc2ddb2e

SHA1
0d0d48c973b100d9895246ffd014910f661c8010

SHA256
914aa7ae91b6dea1ca1c41812fd331087c5b06f1067fac1eeb27bcabfcd10428

SHA512
4650494f5aa24001d6ca34dbbfa64e43f29d562eb8e5cf3110bce1dfab8579696780712445e752add06258c9cdc54bf0feaa7890cb96ae4e9de43b55c23534f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
bd55baa1900e214b9af2402ea382c27e

SHA1
b3d2a14e259695412b4a44da9b24e9919ec3dd1d

SHA256
80772cc2c3d1877cc1aeda0fe1b1755eef30db4929908fa7098a7aa4a5273bf9

SHA512
f22f09e9b5538044d48142462442942a25df321b6dd5feb2369fec07fb6d0717b3be227e48d88417ffd415f3fef39572a6e4eb69e8c89554b61746f4987d9d06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
8KB

MD5
d4fef1f1a98e46dab542cc1cb56c7151

SHA1
5be16d11e8300804c5b477e537ecf1bbdd46dcf3

SHA256
6e9f0ac8683b6caf572568b51afd5f6634fad5e927e1f41307308108e3f27a85

SHA512
a06a9230c271fc2e0754a992ebfe128a6264c275ce4a0b06591ca8ab529e0861e199175741dd53b1b03bd475964e5b6f5a56f5f8988828b5ad2e26f8c542805c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe60089f.TMP

Filesize
1KB

MD5
bc558bd1788ac3f63d5d1fe2ef5b8b3a

SHA1
6a19b56d29411d9365997dd423176e15006ea50a

SHA256
d66549c7c048c968d20237eeef6933ab1d8a645f5593db256658ee9c60e68d77

SHA512
a48341d0919cd69bbcf58df69b50ac8c03e49a716f676e539ecf77ae851c824f2afada381823ad83fe9678e719d7a7600a937ccea90483b4fd441d6d40971a1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c31edbde7ddf39d903163293a6bd7d5a

SHA1
dda14d5ab9bc2cecb3481720d34bf6b6fac4bc21

SHA256
dc7849a8946b96cc74456bddc96b5430f708331bf60c1aa0bfd2e670354a9a9d

SHA512
fea730d37caa4812da7fec4861caa54ee426344513c73ec9aa9d2237b50b195426f308faa61d20f44e9c075461252c37c92c42822de20054acd88a64a51e8d65

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\LogonFuck.zip.crdownload

Filesize
8.1MB

MD5
8d5a151ef3c69ccf03d06adb331c3810

SHA1
cb82197bb42110fe95e9e130e1e5edb72ab6f75d

SHA256
3a45d7f9dae3f80ca329e0f12096d88cb10e4301b035a654ffac5f24f6814184

SHA512
3cc52f2d50642002b60818a50c79fae405d97d85b306b47be5946b24145f16c8e6f467ed691977e94c0644b29dfc3bdd0242b11173515ae13f7192c4b794ba9f

Download Submit
C:\Users\Admin\Downloads\LogonFuck\LogonFuck.exe

Filesize
8.1MB

MD5
7ee3aeb93b0fa8dc34893e8b3c0f5510

SHA1
faedf76ced4d16de8832d084be985ed8b32cf20d

SHA256
78a7a05316929dddcba6788429eeec08b5428590b89b8d272bd79471f0b6a4d8

SHA512
fba2326c80a69841fa9c97198aa69b0b019fffa591a5f7bd8b38da99f8eb8baa0662c8a4dc751ec38dc7892097175f3b760a7d7e1116aaeeb4b2ffe04b821d29

Download Submit
memory/2884-912-0x000002D3924E0000-0x000002D3924F0000-memory.dmp

Filesize
64KB

Download
memory/2884-914-0x000002D3924E0000-0x000002D3924F0000-memory.dmp

Filesize
64KB

Download
memory/2884-910-0x000002D3918D0000-0x000002D3920EC000-memory.dmp

Filesize
8.1MB

Download
memory/2884-1051-0x000002D3AD0D0000-0x000002D3AD279000-memory.dmp

Filesize
1.7MB

Download
memory/2884-911-0x00007FFE26780000-0x00007FFE27241000-memory.dmp

Filesize
10.8MB

Download
memory/2884-913-0x000002D3AC760000-0x000002D3AD0D0000-memory.dmp

Filesize
9.4MB

Download
memory/2884-1173-0x000002D3924E0000-0x000002D3924F0000-memory.dmp

Filesize
64KB

Download
memory/2884-916-0x000002D3924E0000-0x000002D3924F0000-memory.dmp

Filesize
64KB

Download
memory/2884-1143-0x000002D3924E0000-0x000002D3924F0000-memory.dmp

Filesize
64KB

Download
memory/2884-1113-0x000002D3924E0000-0x000002D3924F0000-memory.dmp

Filesize
64KB

Download
memory/2884-1104-0x00007FFE26780000-0x00007FFE27241000-memory.dmp

Filesize
10.8MB

Download

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads