hxxp://google[.]com

Resubmissions

01/05/2024, 18:23

240501-w1ylfsfd72 8

01/05/2024, 18:15

240501-wvzxbsfb99 8

Analysis

max time kernel
241s
max time network
257s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
01/05/2024, 18:23

Sharing

Copy URL Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

http://google.com

Score

8^/10

aspackv2 bootkit discovery evasion persistence upx

Malware Config

Signatures

Disables RegEdit via registry modification 1 IoCs

evasion

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1"	LogonFuck.exe

Disables Task Manager via registry modification
evasion
Downloads MZ/PE file

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
behavioral1/files/0x00070000000234d9-1149.dat	aspack_v212_v242

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation	PanKozaDestructive.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation	LogonFuck.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\Control Panel\International\Geo\Nation	cmd.exe

Executes dropped EXE 11 IoCs

pid	Process
5384	LogonFuck.exe
3800	Monoxidex64.exe
5196	邿鸋粖莢性醣鿁橵矗棙园崅瑈蔳遲亇.exe
1020	PanKozaDestructive.exe
3196	MBRPayload.exe
3076	melter.exe
4144	Craze.exe
1384	screenscrew.exe
212	lines.exe
4716	INV.exe
5580	Craze.exe

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
4692	takeown.exe

UPX packed file 15 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x00090000000234ca-839.dat	upx
behavioral1/memory/1020-840-0x0000000000400000-0x00000000004F8000-memory.dmp	upx
behavioral1/memory/1020-1038-0x0000000000400000-0x00000000004F8000-memory.dmp	upx
behavioral1/files/0x00070000000234db-1081.dat	upx
behavioral1/memory/4144-1082-0x0000000000400000-0x0000000000474000-memory.dmp	upx
behavioral1/memory/4144-1141-0x0000000000400000-0x0000000000474000-memory.dmp	upx
behavioral1/memory/5580-1279-0x0000000000400000-0x0000000000474000-memory.dmp	upx
behavioral1/memory/1020-1318-0x0000000000400000-0x00000000004F8000-memory.dmp	upx
behavioral1/memory/5580-1329-0x0000000000400000-0x0000000000474000-memory.dmp	upx
behavioral1/memory/5580-1413-0x0000000000400000-0x0000000000474000-memory.dmp	upx
behavioral1/memory/5580-1587-0x0000000000400000-0x0000000000474000-memory.dmp	upx
behavioral1/memory/5580-1635-0x0000000000400000-0x0000000000474000-memory.dmp	upx
behavioral1/memory/5580-1764-0x0000000000400000-0x0000000000474000-memory.dmp	upx
behavioral1/memory/5580-1880-0x0000000000400000-0x0000000000474000-memory.dmp	upx
behavioral1/memory/5580-1911-0x0000000000400000-0x0000000000474000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Update = "C:\\Users\\Admin\\AppData\\Local\\Temp\\3D2E.tmp\\MBRPayload.exe"	MBRPayload.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
95	camo.githubusercontent.com
93	raw.githubusercontent.com
94	raw.githubusercontent.com

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	MBRPayload.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\LogonUI.exe	LogonFuck.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Creates scheduled task(s) 1 TTPs 1 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence

Scheduled Task/Job

T1053

pid	Process
2816	schtasks.exe

Delays execution with timeout.exe 10 IoCs

evasion

pid	Process
4756	timeout.exe
692	timeout.exe
2112	timeout.exe
1900	timeout.exe
4872	timeout.exe
5008	timeout.exe
5840	timeout.exe
3392	timeout.exe
5012	timeout.exe
4768	timeout.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Kills process with taskkill 2 IoCs

evasion

pid	Process
5596	taskkill.exe
6044	taskkill.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133590614632025338"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings	cmd.exe

Modifies registry key 1 TTPs 1 IoCs

Modify Registry

T1112

pid	Process
3028	reg.exe

Suspicious behavior: EnumeratesProcesses 13 IoCs

pid	Process
4868	chrome.exe
4868	chrome.exe
5772	chrome.exe
5772	chrome.exe
5384	LogonFuck.exe
5384	LogonFuck.exe
3920	msedge.exe
3920	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
1280	identity_helper.exe
1280	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 30 IoCs

pid	Process
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe
Token: SeShutdownPrivilege	4868	chrome.exe
Token: SeCreatePagefilePrivilege	4868	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4784	7zG.exe
5536	7zG.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
4868	chrome.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe
3344	msedge.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3800	Monoxidex64.exe
5196	邿鸋粖莢性醣鿁橵矗棙园崅瑈蔳遲亇.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4868 wrote to memory of 4712	4868	chrome.exe	81
PID 4868 wrote to memory of 4712	4868	chrome.exe	81
PID 4868 wrote to memory of 828	4868	chrome.exe	83
PID 4868 wrote to memory of 828	4868	chrome.exe	83
PID 4868 wrote to memory of 828	4868	chrome.exe	83
PID 4868 wrote to memory of 828	4868	chrome.exe	83
PID 4868 wrote to memory of 828	4868	chrome.exe	83
PID 4868 wrote to memory of 828	4868	chrome.exe	83
PID 4868 wrote to memory of 828	4868	chrome.exe	83
PID 4868 wrote to memory of 828	4868	chrome.exe	83
PID 4868 wrote to memory of 828	4868	chrome.exe	83
PID 4868 wrote to memory of 828	4868	chrome.exe	83
PID 4868 wrote to memory of 828	4868	chrome.exe	83
PID 4868 wrote to memory of 828	4868	chrome.exe	83
PID 4868 wrote to memory of 828	4868	chrome.exe	83
PID 4868 wrote to memory of 828	4868	chrome.exe	83
PID 4868 wrote to memory of 828	4868	chrome.exe	83
PID 4868 wrote to memory of 828	4868	chrome.exe	83
PID 4868 wrote to memory of 828	4868	chrome.exe	83
PID 4868 wrote to memory of 828	4868	chrome.exe	83
PID 4868 wrote to memory of 828	4868	chrome.exe	83
PID 4868 wrote to memory of 828	4868	chrome.exe	83
PID 4868 wrote to memory of 828	4868	chrome.exe	83
PID 4868 wrote to memory of 828	4868	chrome.exe	83
PID 4868 wrote to memory of 828	4868	chrome.exe	83
PID 4868 wrote to memory of 828	4868	chrome.exe	83
PID 4868 wrote to memory of 828	4868	chrome.exe	83
PID 4868 wrote to memory of 828	4868	chrome.exe	83
PID 4868 wrote to memory of 828	4868	chrome.exe	83
PID 4868 wrote to memory of 828	4868	chrome.exe	83
PID 4868 wrote to memory of 828	4868	chrome.exe	83
PID 4868 wrote to memory of 828	4868	chrome.exe	83
PID 4868 wrote to memory of 828	4868	chrome.exe	83
PID 4868 wrote to memory of 3232	4868	chrome.exe	84
PID 4868 wrote to memory of 3232	4868	chrome.exe	84
PID 4868 wrote to memory of 1896	4868	chrome.exe	85
PID 4868 wrote to memory of 1896	4868	chrome.exe	85
PID 4868 wrote to memory of 1896	4868	chrome.exe	85
PID 4868 wrote to memory of 1896	4868	chrome.exe	85
PID 4868 wrote to memory of 1896	4868	chrome.exe	85
PID 4868 wrote to memory of 1896	4868	chrome.exe	85
PID 4868 wrote to memory of 1896	4868	chrome.exe	85
PID 4868 wrote to memory of 1896	4868	chrome.exe	85
PID 4868 wrote to memory of 1896	4868	chrome.exe	85
PID 4868 wrote to memory of 1896	4868	chrome.exe	85
PID 4868 wrote to memory of 1896	4868	chrome.exe	85
PID 4868 wrote to memory of 1896	4868	chrome.exe	85
PID 4868 wrote to memory of 1896	4868	chrome.exe	85
PID 4868 wrote to memory of 1896	4868	chrome.exe	85
PID 4868 wrote to memory of 1896	4868	chrome.exe	85
PID 4868 wrote to memory of 1896	4868	chrome.exe	85
PID 4868 wrote to memory of 1896	4868	chrome.exe	85
PID 4868 wrote to memory of 1896	4868	chrome.exe	85
PID 4868 wrote to memory of 1896	4868	chrome.exe	85
PID 4868 wrote to memory of 1896	4868	chrome.exe	85
PID 4868 wrote to memory of 1896	4868	chrome.exe	85
PID 4868 wrote to memory of 1896	4868	chrome.exe	85
PID 4868 wrote to memory of 1896	4868	chrome.exe	85
PID 4868 wrote to memory of 1896	4868	chrome.exe	85
PID 4868 wrote to memory of 1896	4868	chrome.exe	85
PID 4868 wrote to memory of 1896	4868	chrome.exe	85
PID 4868 wrote to memory of 1896	4868	chrome.exe	85
PID 4868 wrote to memory of 1896	4868	chrome.exe	85
PID 4868 wrote to memory of 1896	4868	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://google.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa1ec8ab58,0x7ffa1ec8ab68,0x7ffa1ec8ab78
  2⤵
  PID:4712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1664 --field-trial-handle=1932,i,2084739977286578310,12526311748107812450,131072 /prefetch:2
  2⤵
  PID:828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1932,i,2084739977286578310,12526311748107812450,131072 /prefetch:8
  2⤵
  PID:3232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2216 --field-trial-handle=1932,i,2084739977286578310,12526311748107812450,131072 /prefetch:8
  2⤵
  PID:1896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2996 --field-trial-handle=1932,i,2084739977286578310,12526311748107812450,131072 /prefetch:1
  2⤵
  PID:3568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3020 --field-trial-handle=1932,i,2084739977286578310,12526311748107812450,131072 /prefetch:1
  2⤵
  PID:1304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4368 --field-trial-handle=1932,i,2084739977286578310,12526311748107812450,131072 /prefetch:1
  2⤵
  PID:3092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4820 --field-trial-handle=1932,i,2084739977286578310,12526311748107812450,131072 /prefetch:8
  2⤵
  PID:856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4924 --field-trial-handle=1932,i,2084739977286578310,12526311748107812450,131072 /prefetch:8
  2⤵
  PID:2012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4248 --field-trial-handle=1932,i,2084739977286578310,12526311748107812450,131072 /prefetch:1
  2⤵
  PID:2384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5004 --field-trial-handle=1932,i,2084739977286578310,12526311748107812450,131072 /prefetch:1
  2⤵
  PID:2316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4380 --field-trial-handle=1932,i,2084739977286578310,12526311748107812450,131072 /prefetch:1
  2⤵
  PID:4192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4304 --field-trial-handle=1932,i,2084739977286578310,12526311748107812450,131072 /prefetch:1
  2⤵
  PID:1148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5428 --field-trial-handle=1932,i,2084739977286578310,12526311748107812450,131072 /prefetch:8
  2⤵
  PID:4456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5584 --field-trial-handle=1932,i,2084739977286578310,12526311748107812450,131072 /prefetch:8
  2⤵
  PID:4300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5872 --field-trial-handle=1932,i,2084739977286578310,12526311748107812450,131072 /prefetch:8
  2⤵
  PID:4996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5904 --field-trial-handle=1932,i,2084739977286578310,12526311748107812450,131072 /prefetch:8
  2⤵
  PID:2160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5692 --field-trial-handle=1932,i,2084739977286578310,12526311748107812450,131072 /prefetch:8
  2⤵
  PID:1328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5720 --field-trial-handle=1932,i,2084739977286578310,12526311748107812450,131072 /prefetch:8
  2⤵
  PID:4516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5880 --field-trial-handle=1932,i,2084739977286578310,12526311748107812450,131072 /prefetch:8
  2⤵
  PID:2420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6068 --field-trial-handle=1932,i,2084739977286578310,12526311748107812450,131072 /prefetch:8
  2⤵
  PID:1872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1552 --field-trial-handle=1932,i,2084739977286578310,12526311748107812450,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5772

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:5268

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2688

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\LogonFuck\" -spe -an -ai#7zMap24746:80:7zEvent29304
1⤵
- Suspicious use of FindShellTrayWindow
PID:4784

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\PanKozaDestructive\" -spe -an -ai#7zMap32288:98:7zEvent30001
1⤵
- Suspicious use of FindShellTrayWindow
PID:5536

C:\Users\Admin\Downloads\LogonFuck\LogonFuck.exe
"C:\Users\Admin\Downloads\LogonFuck\LogonFuck.exe"
1⤵
- Disables RegEdit via registry modification
- Checks computer location settings
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
PID:5384
- C:\Windows\System32\takeown.exe
  "C:\Windows\System32\takeown.exe" /f C:\Windows\System32\LogonUI.exe
  2⤵
  - Modifies file permissions
  PID:4692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://kaspersky.com/
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:3344
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xc4,0x128,0x7ffa1e5746f8,0x7ffa1e574708,0x7ffa1e574718
    3⤵
    PID:5180
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,17287762113841506961,14512645256239542351,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:2
    3⤵
    PID:4608
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,17287762113841506961,14512645256239542351,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3920
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,17287762113841506961,14512645256239542351,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2964 /prefetch:8
    3⤵
    PID:2440
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,17287762113841506961,14512645256239542351,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
    3⤵
    PID:4648
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,17287762113841506961,14512645256239542351,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
    3⤵
    PID:5144
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,17287762113841506961,14512645256239542351,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
    3⤵
    PID:5496
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,17287762113841506961,14512645256239542351,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:1
    3⤵
    PID:5532
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,17287762113841506961,14512645256239542351,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
    3⤵
    PID:5200
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,17287762113841506961,14512645256239542351,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
    3⤵
    PID:4940
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,17287762113841506961,14512645256239542351,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
    3⤵
    PID:1616
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,17287762113841506961,14512645256239542351,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5552 /prefetch:8
    3⤵
    PID:3720
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,17287762113841506961,14512645256239542351,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5552 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1280
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,17287762113841506961,14512645256239542351,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
    3⤵
    PID:4896
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,17287762113841506961,14512645256239542351,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
    3⤵
    PID:4704
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,17287762113841506961,14512645256239542351,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6292 /prefetch:1
    3⤵
    PID:3524
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,17287762113841506961,14512645256239542351,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1
    3⤵
    PID:3412
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,17287762113841506961,14512645256239542351,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4840 /prefetch:1
    3⤵
    PID:4008
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,17287762113841506961,14512645256239542351,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6428 /prefetch:1
    3⤵
    PID:988
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,17287762113841506961,14512645256239542351,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1
    3⤵
    PID:2384
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,17287762113841506961,14512645256239542351,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3828 /prefetch:1
    3⤵
    PID:4872
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,17287762113841506961,14512645256239542351,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6776 /prefetch:1
    3⤵
    PID:4464
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,17287762113841506961,14512645256239542351,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6924 /prefetch:1
    3⤵
    PID:5220
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,17287762113841506961,14512645256239542351,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6944 /prefetch:1
    3⤵
    PID:2428
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2044,17287762113841506961,14512645256239542351,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=7132 /prefetch:8
    3⤵
    PID:1532
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,17287762113841506961,14512645256239542351,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7468 /prefetch:1
    3⤵
    PID:2616
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,17287762113841506961,14512645256239542351,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7844 /prefetch:1
    3⤵
    PID:2472
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,17287762113841506961,14512645256239542351,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8040 /prefetch:1
    3⤵
    PID:5092
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,17287762113841506961,14512645256239542351,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7748 /prefetch:1
    3⤵
    PID:456
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,17287762113841506961,14512645256239542351,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
    3⤵
    PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.norton.com/
  2⤵
  PID:4804
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa1e5746f8,0x7ffa1e574708,0x7ffa1e574718
    3⤵
    PID:5256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.avg.com/
  2⤵
  PID:1844
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa1e5746f8,0x7ffa1e574708,0x7ffa1e574718
    3⤵
    PID:2064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.malwarebytes.com/
  2⤵
  PID:3672
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0xf8,0x134,0x7ffa1e5746f8,0x7ffa1e574708,0x7ffa1e574718
    3⤵
    PID:4224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.avira.com/
  2⤵
  PID:2688
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xf8,0x12c,0x7ffa1e5746f8,0x7ffa1e574708,0x7ffa1e574718
    3⤵
    PID:5824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mcafee.com/
  2⤵
  PID:3792
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa1e5746f8,0x7ffa1e574708,0x7ffa1e574718
    3⤵
    PID:440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.bitdefender.com/
  2⤵
  PID:4352
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0xf8,0x134,0x7ffa1e5746f8,0x7ffa1e574708,0x7ffa1e574718
    3⤵
    PID:5792

C:\Users\Admin\Downloads\LogonFuck\Monoxidex64.exe
"C:\Users\Admin\Downloads\LogonFuck\Monoxidex64.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3800
- C:\Users\Admin\AppData\Local\Temp\邿鸋粖莢性醣鿁橵矗棙园崅瑈蔳遲亇.exe
  "C:\Users\Admin\AppData\Local\Temp\邿鸋粖莢性醣鿁橵矗棙园崅瑈蔳遲亇.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:5196

C:\Users\Admin\Downloads\PanKozaDestructive.exe
"C:\Users\Admin\Downloads\PanKozaDestructive.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
PID:1020
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\3D2E.tmp\PanKoza.bat" "
  2⤵
  - Checks computer location settings
  - Modifies registry class
  PID:3200
- - C:\Windows\SysWOW64\timeout.exe
    timeout 5 /nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:3392
- - C:\Users\Admin\AppData\Local\Temp\3D2E.tmp\MBRPayload.exe
    MBRPayload.exe
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    - Writes to the Master Boot Record (MBR)
    PID:3196
  - - C:\Windows\SysWOW64\schtasks.exe
      schtasks.exe /Create /TN "Windows Update" /ru SYSTEM /SC ONSTART /TR "C:\Users\Admin\AppData\Local\Temp\3D2E.tmp\MBRPayload.exe"
      4⤵
      Creates scheduled task(s)
      PID:2816
- - C:\Windows\SysWOW64\reg.exe
    reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f
    3⤵
    - Modifies registry key
    PID:3028
- - C:\Windows\SysWOW64\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3D2E.tmp\note.vbs"
    3⤵
    PID:540
- - C:\Windows\SysWOW64\timeout.exe
    timeout 3 /nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:5012
- - C:\Windows\SysWOW64\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3D2E.tmp\sites.vbs"
    3⤵
    PID:1320
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/channel/UCTmub7HjR9Kc8Uh-Vy3eLaw
      4⤵
      PID:3828
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa1e5746f8,0x7ffa1e574708,0x7ffa1e574718
        5⤵
        
        PID:5544
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://memz.download/
      4⤵
      PID:4908
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa1e5746f8,0x7ffa1e574708,0x7ffa1e574718
        5⤵
        
        PID:4680
- - C:\Users\Admin\AppData\Local\Temp\3D2E.tmp\melter.exe
    melter.exe
    3⤵
    - Executes dropped EXE
    PID:3076
- - C:\Windows\SysWOW64\timeout.exe
    timeout 6 /nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:4768
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im melter.exe
    3⤵
    - Kills process with taskkill
    PID:6044
- - C:\Windows\SysWOW64\timeout.exe
    timeout 3 /nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:1900
- - C:\Users\Admin\AppData\Local\Temp\3D2E.tmp\Craze.exe
    Craze.exe
    3⤵
    - Executes dropped EXE
    PID:4144
- - C:\Windows\SysWOW64\timeout.exe
    timeout 4 /nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:4872
- - C:\Windows\SysWOW64\taskkill.exe
    taskkill /f /im craze.exe
    3⤵
    - Kills process with taskkill
    PID:5596
- - C:\Windows\SysWOW64\timeout.exe
    timeout 1
    3⤵
    - Delays execution with timeout.exe
    PID:4756
- - C:\Users\Admin\AppData\Local\Temp\3D2E.tmp\screenscrew.exe
    screenscrew.exe
    3⤵
    - Executes dropped EXE
    PID:1384
- - C:\Windows\SysWOW64\timeout.exe
    timeout 3 /nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:692
- - C:\Users\Admin\AppData\Local\Temp\3D2E.tmp\lines.exe
    lines.exe
    3⤵
    - Executes dropped EXE
    PID:212
- - C:\Windows\SysWOW64\timeout.exe
    timeout 5 /nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:2112
- - C:\Users\Admin\AppData\Local\Temp\3D2E.tmp\INV.exe
    INV.exe
    3⤵
    - Executes dropped EXE
    PID:4716
- - C:\Windows\SysWOW64\timeout.exe
    timeout 6 /nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:5008
- - C:\Users\Admin\AppData\Local\Temp\3D2E.tmp\Craze.exe
    craze.exe
    3⤵
    - Executes dropped EXE
    PID:5580
- - C:\Windows\SysWOW64\timeout.exe
    timeout 8 /nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:5840
- - C:\Windows\SysWOW64\shutdown.exe
    shutdown /r /t 1000 /c "It's Your final 1000 seconds to use Windows"
    3⤵
    PID:5564

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3fc 0x384
1⤵
PID:3656

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5288

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1084

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Pre-OS Boot

T1542

Bootkit

T1542.003

Scheduled Task/Job

T1053

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Scheduled Task/Job

T1053

Defense Evasion

File and Directory Permissions Modification

T1222

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

Filesize
24KB

MD5
e1831f8fadccd3ffa076214089522cea

SHA1
10acd26c218ff1bbbe6ac785eab5485045f61881

SHA256
9b9a4a9191b023df1aa66258eb19fc64ae5356cfc97a9dda258c6cc8ba1059ac

SHA512
372c486ac381358cc301f32cd89b7a05da7380c03fa524147c2ddf3f5e23f9b57c17485aaedc85b413461a879afc42e729547b0c96c26c49bbdb7301cd064298

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

Filesize
48KB

MD5
0c2234caae44ab13c90c9d322d937077

SHA1
94b497520fcfb38d9fc900cad88cd636e9476f87

SHA256
d8e6f62282e12c18c930a147325de25aef1633a034eaf7a3ce8de1fb8de09912

SHA512
66709f74b19499df1e06700e1c257e14a82ca4287194e4b177b3f333748d927f413c8c459a35e7e5a2f92d28410b0129f106d94e3dd85bc0dd0b986add83b18f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

Filesize
44KB

MD5
a4b04ba2b9a56f5911fee0c29629e53e

SHA1
939e8e65e22ae978a6b63dd1400fc6f58c5015eb

SHA256
523d8983d24e050e6e7e1f43d0caca6bd77bef38ec046d181b13bf32702fc025

SHA512
1c3357e9ecd3ac0de53d14f5d4c8d8d0aeafd30cb2e0dd6cfd1be68cca4fd4e178e79938a5ffe9a17b43e4f60f6e8e08c1054fa44160377fea740da70761c80f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e

Filesize
24KB

MD5
8278023fac368f67d8b83512b48cf0f9

SHA1
cfbb90dea9e8a9df721806c7d49eff44166b2197

SHA256
1e62f0399a3c5a499b3c93622608d15d3948c3c335359bc695bf3522b03fd48d

SHA512
e04ba7a9402379c064bf5707a5fbe3e5ea6de978b1ad50d38f9b30bef47dbb761f0f8461de8cfaf7c33779dbb47fcf4df7fe387d12fbbf899f7530f6f63a340d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f

Filesize
20KB

MD5
8b2813296f6e3577e9ac2eb518ac437e

SHA1
6c8066353b4d463018aa1e4e9bb9bf2e9a7d9a86

SHA256
befb3b0471067ac66b93fcdba75c11d743f70a02bb9f5eef7501fa874686319d

SHA512
a1ed4d23dfbe981bf749c2008ab55a3d76e8f41801a09475e7e0109600f288aa20036273940e8ba70a172dec57eec56fe7c567cb941ba71edae080f2fdcc1e0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020

Filesize
65KB

MD5
c82fbaa7e5113d3ed2902a3500ec8631

SHA1
c9b4889980899c0f2aea9ac8d0bae28b59e6add3

SHA256
4f4e25ef0961b656039ed8628951b5ff6c0a197f8866374b5937e182b12ff278

SHA512
fc3227c51b9bdcf0917b040aeaa925795e153c7a78469b7e1c87717c1664f46208e5fc3e413f93724ef0fa94aea655db55f04c5a61dda0df737c25b75393136d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022

Filesize
59KB

MD5
063fe934b18300c766e7279114db4b67

SHA1
d7e71855cf6e8d1e7fbaa763223857f50cd1d4bd

SHA256
8745914e0214bcd9d2e6a841f0679a81084ef3fc3d99125876bee26653f4253e

SHA512
9d0dfc21306b3a56c2ecdf1265392271969e3765e161e117c8765125b34793e24458217cf6514b364f351f47e65baaaf5856be0d13406a789f844d6ba8c7075f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023

Filesize
151KB

MD5
7739350f11f36ec3a07b82584b42ab38

SHA1
d97e0e76a362e5fce9c47b7b01dab53db50963d8

SHA256
d84e9971e8c344b9ff5a5968e7252270757f211f0d408e26c12693729068ed75

SHA512
2cb436985e382ec17390a1f8a7c112bdf18206c66d845934a14f9c84781200828e05c57cef5d4128a9d9b96778042ecb7ba2c031563c78ee9b8ec41accf8a537

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000024

Filesize
21KB

MD5
ebc633a368f3fac0b50f7a240f5c9b9e

SHA1
8e6931ee9534a5df409e6781500de861d1901051

SHA256
8213ca3eccc92b35c7cebec3680fb15cc6e77a1929dd50fd4de0f94da1ccdc18

SHA512
96df3569e12d2c0ed7e8292d0f65e87503fa0adef302d944fe5c60afc8877938bce64e81506f4c716c0a5df0f490e43f115811a721d59d6258738f45c3151fc5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000026

Filesize
21KB

MD5
9ccb3e387ecf1d1c32d33a33b61db8f3

SHA1
9d6625afcaa4d6bfe223268ccf82ff32ea9532a3

SHA256
3d34b64d0099f608de0e555d46338252a99d36f2a25af7180702c9966621fa0b

SHA512
05c3d41fd4115bd66c1a938ad644424f8df93f96ae27004c800e43acbc4b23568456574ceba605ea696fb594585811fedd0f9ec547a697344479e4d7516f65f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000028

Filesize
76KB

MD5
b4f8ab9d9555c37e049ba9405cba8275

SHA1
523280d8afb9c582a2f7f8d2229e059f8ceddabb

SHA256
8d8884b7d6702301ae65aab1255a42a377130cacd1c3f23f26e2404be1407f51

SHA512
7a1cac6bfcf617a2e3f18380dfaa415e3a2890fae62377b35bf8b49121414f3d4977ab04af14eaab4bd73838db4800fc39edd9cc0755b81313f3583a21e47900

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
afc26fa7b335afc81cf42769b5829e90

SHA1
56976fdd2fd14aad28831cf5954794e0c6f12b38

SHA256
ca091c1f7081ff11554c9294c53dede61df3ee7b09d61d7b3c8bb85102d5bf1d

SHA512
3abd371d0e0b4eff65ad4e5151b1b6d09db87c360f062c73407a0e51518ec8bcd06810946540e76c0dea014148c29e3eaaef1beb1741e3f6c305b837546aee84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
5c7e2114614ecae187c167b833b095bd

SHA1
d738b7faa375ebfd921c520e716f3e789f765f94

SHA256
f0fe46dba176b672d0b0c3fda8a30d09dfda8688bb490fad06cc551309b18e01

SHA512
77ffa709b2b7f176aafbd606f8d819bd7bae5ab7bb781f835ee48a11ad62700a32add4b83445807d5804559ab02430a9f683e338b84aa67b111771e019c88901

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
9b43a5afb4ea7102fdafd946920ba80c

SHA1
4a04fb6b29248eee14509e771d6a1746bc731442

SHA256
bdc5baf990c8aa6dd1bc523e53762c3b5e7a81c0ba1836a60b9cc98f5d8fbe4a

SHA512
af1b59a0c7c737eaeb90a00f1c30330b1eb9bedcf4ddf960a36299640a9a081035ca1830346338bd7ab613230f14db514d296a5c32463a2e15aba8ed39cc0ecc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
29cb28e2120b006a8876b4b706cc64d6

SHA1
045202e6ff11dc333a7c601c9b38279a0ea5e907

SHA256
310ed22f6132bb3bf3677357c19d7c13ad11848ebce0bc7abdcec5509dcfad18

SHA512
d6fbee7b5365028376fcdc25f59a818891fb9197bdda03e7d363f297226fe7c9851ec25989c76c90512c097d48acbde13690817dc58a0fe6cd7752e509ec1e9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5e90a01060444fe10c15881c9484b049

SHA1
72f5e06672af6becfba61096b184359ebc355982

SHA256
975ab4d429671623c19a4ff6a39de83fefd0545363cf1658dd9a4d1f4327130f

SHA512
aa6d0c1ce5cd46ec94cf3570981bcd04d860f45757f586d91e8e6b29ea374b89066e2264c86f5dc1b200c51c3b116e39684769d88abfb3d3fe7890ec09f6fd05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f37261f3975ccb6c3e0d372bb23b53bf

SHA1
4008aec7a70f38e6f8e45ddf0927dfc72ee3aa35

SHA256
1d45e4aebb037b9d6aad8c6d0d8ab2a290b0fedd69880f868431f1dd1775424c

SHA512
5fee0105c66ddddd5b5c0820ecc7188960871a6ba3a13c8c11e4b1adb06a7d004821c53e8e0d3513974c82e8174e4a3157941888562e7b11b845c5caf89e410d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ec3673def111ff3c033167a10a261907

SHA1
a9c612ef403eb697d520201ea5f0aa08a2fa9190

SHA256
4eb787ae5fc288b77bfb186439665dbb6d8160caa6e37bb4d4d741c1b25836e4

SHA512
2bb67386eb35495457b0659f2e85acd34cb0fff8ebdbb5a4d5b71a7f7aba9983f7421e8397766311979e84ec43180a90e2aeaec74a91a4eb057d9979f741a149

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
cba8c6667e5cef6b82fb92032cf7c1e7

SHA1
e1dd8a55bee5222b1b2e3aa0627291526835c19b

SHA256
82befffb16d81713a94bacacc7b704ca27874f06c342ca595e6082fa3ffce9aa

SHA512
c4ad9ab132db92fb2b69820598469190ee91c56141e7452222288dbfcb4776e4e0237179d46896d952127608e2470e70aae19eceb1aac59cb857bc5d8cc311a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
a3bff721d7e9851c288d99d7f27b6ffe

SHA1
f2e68dfa459e0dc7a0096c9cc543e2ca66cd8f08

SHA256
2487a995a42d07987d486611a3176d31c48e433db1ec474eb8a9e5b5802679b4

SHA512
73081dc696966aa8c4da45841938483659c3dc27591d625d55ea2c70904ea60db7704a684a255e292373cb23ccd579b66bef3e0b93ae68c383e8b97541be45eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
cdae7a79111401ce03c6a21cf396dd37

SHA1
4a42836082ac5dd080e9f1263f7e02402d88e0f7

SHA256
7d7b0b2f5067a6e08566f29e6fdec9bc9c7c67ae891107f2cd09608b267584c7

SHA512
aabbfa0b8c98c2e71ad5d51623c6726d2a1ed031be4521325638cb11f3597804b2fca87228e681a776b0f355ecfe0395e4f29b242fcdc5109d8f15422d36b422

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
f0a9971fb2e9675a89bb030dd5c127cb

SHA1
4521afe1b6f005678e0c3d5b11d41d1821edfc84

SHA256
0b732d36bf247c1ae5cbdbc4b910e76aaab72d0dd73fb6791878a2d67dd87d8f

SHA512
8b9d6da5c87f28aca0eabe063395d5775d0a0a977d2f35da894d54c0462b17651459960f22f4c8c1671ae78cb268eae0cad6ea1748100ccec10eb78d506c2345

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
c927a6493dfa2b931f5f4e7ec4082647

SHA1
4e8d0a261fcfbe270459ca1a0eb28c00041d16db

SHA256
7082d3cdf6ee152e7c5bb6f8c341ebf25657eede863af7030f83448bcdc463ff

SHA512
a840c9573b412638720b367953592cf8573c8255eed96d0b1d5650f700e1ccd2614268206384635ff710361323f0d444b3a5e979783faae3a9c9f945e5afa7dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
94KB

MD5
8c63becd782ae711c3ae3aa1bee4e2fe

SHA1
e47d547e137229ea34644bc87b71852a9629003a

SHA256
d3e2cf12287087adc6fa9c8cd50a49cdd2087ced010614d07a5e6c5c8a76358f

SHA512
535fc6486762778a26145c8ad9d2f85938fbfd7fa573bedbcf3e84cd7414f0c58512cb0b9579f6261c09475a62295351c3533d10e02643c35e07638565a8abf2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57f4d0.TMP

Filesize
88KB

MD5
944877f9cd58a6de938c6e5f1f2c7e90

SHA1
13a0a70e33e96e62118cee33040c09d35a6d3eda

SHA256
e2a41497212bd92b3e88742cb8fed2a2762c0fddf88337a1fe9e47c41cdf7986

SHA512
cf328317823a8e080befc8ac965b0080fcbaa6741558a0ac324ed81ed382c8e1b2cdc01e25c3dde7d9147820d756ee2dd79937bfeb6b607f52a4c3c75a09bb95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
537815e7cc5c694912ac0308147852e4

SHA1
2ccdd9d9dc637db5462fe8119c0df261146c363c

SHA256
b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f

SHA512
63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b167567021ccb1a9fdf073fa9112ef0

SHA1
3baf293fbfaa7c1e7cdacb5f2975737f4ef69898

SHA256
26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513

SHA512
726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

Filesize
36KB

MD5
62fd1704573f0a1ae4c7db83f9f5b470

SHA1
09d03a37492cfd0580ed3b819386bbc4ff64d960

SHA256
3b14ad4d4df0e681fd5aba556473e39e52b31ab98f51dc3db4937bb641a6d667

SHA512
c8108393f8bb91c018ee06ad51d746a33e24ad9041d5cd84792e4c59fb55639b8042ed5c1a424b47263652182ceafe516d0b6adab147e33bbf261d6aee1d3f84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.avira.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
34b0d8f4c15b9f790a4f83ac750a2e19

SHA1
58a8b8464eed57a40efc698e19c695df7c581d46

SHA256
16b53097df91233c60e69498ba280b01f488b8ef1556cf390ce810719fd64728

SHA512
0f3b210f95f65fbfbfd1b568a1df6e9878f00ba29dfae1115ba380fda77b453701842669423bf26703a698e3e6c85c5c7f715883cd6b00cebc3aed0ed82fb0b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0d965a2f66638c2f6b3edb7f24339f6a

SHA1
abbb7cfc773025f06871fe0a7ea4d48ed81d7e4b

SHA256
cf79383bde11c09eda0fc7a56a48973f5de19ea3874d7529eb4fd65d3b058193

SHA512
4641682d38a3f95cdbf98a64a7493a313ebb97945a9559fa8a58606cce1f3db500effd2caa9a4fcb7044b60091b52086e9b7bfb8bcc0c2126cb34677e7efa293

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
45a0dae5508a65d04e28e8ba166d3e52

SHA1
bd2cc44e8cb032765a32802d52bcb0ba6dfb7eca

SHA256
8413d1ae3dd530a61fef616b0bd1143704bb76bff440e505c5e5eb3760807243

SHA512
9302f5aded12006aaaaf281426050559a8fffb662dd103e3f08bf1ff9b0d492204436437c8071143ab1355d332a4ded5a6cf87824787ad416172705cc4e962f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
1233b7719c683d4a2ffc87ef86b5eb3e

SHA1
af45d73b09b4bd07c504945087797c64b8c93737

SHA256
fef3cd2c895b52d309c3efd64a6b8e60033a64fc540b13a912a903130d7cd449

SHA512
a5a2c9facf629cf6f86b70a054cc5039f372d3ff96c840e4e0f1d982ecb18bc2bbcb2ad657348f835b9d7401987f8a2e33364874a6ec48550c007cc77a8f5265

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
055f010f13a659d022fcd0ec7e4b3221

SHA1
d1a9df0f67977fb41cf328fe0ba27ee42483d690

SHA256
5f07721188b7e8b6aa606bc6b87fdbed3aa6d6809588bba46f8f1d3e22e28573

SHA512
34bad3a946f28cfb989db510b7478911a502dd68819a8f01b0bf75834d6696dac17d371ada58c057f37a33a0fa38f1921e56e769f6370f9e47a9c469b60440b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9e700313b2229c387184618787936ea2

SHA1
1a6bd5c4cffa0b49b20064aa566b90229837cd66

SHA256
f09025d4ec697135689c0ddab6430b7acf027d4b68e553022447f915597234ab

SHA512
41348af22faefc1756b3b5d8c92c910aefbae37c8f3dcefcdacc452594ffce9598ca3dfdd8e170945a401ad73358e0b4f8fb72b812c6bcd7e9458976667297e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
a86c2ea789c279c2566442ed44f1ef39

SHA1
d18aebefe8b5bf8fd48f3d006948b8898c9d51e2

SHA256
da60b91c4465e0e9d5f8c17188ef7928fbc642de16b9f6828d467a1861f501ce

SHA512
3266b607789f281631243860a3f31cfae0a1ee9c328105f8a43ef40f6a2df2850816ea79fd8686eb8611af933fd2b96d17db34b2e2c612d849dcbb5d2b80322d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
ccd1222ed235450d6be4731da86c5efa

SHA1
f5346916eab0b81b530fce2989f1e359d514b12c

SHA256
ac5de83cb95fff5e292543769b1a0d4c0935baad78e00375ac5a73f754c451f3

SHA512
d1afd9d5dce2af72821b1eed0cae0802af6c7a4e434bca1fb3c4e25770ae2c5c995df01bb4c27d5144bae8da4cdf806ae774471c396ce23f26918c82157e5c23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
fb398bfae6328459f63af7362bbd99d6

SHA1
e44df9287e03b8d0038acf1ec79b6bee97678ce6

SHA256
672ffeeaff9cea48cba1e8781ee096aabb6ff240fbe2e417c27bcf7170a8821e

SHA512
126f25d0f2758ec42c7d1c9064b99127b216d7dfc3b2dd3b0ab5fb03eaa3285305556050dfe959f3d7e12c1692c3ad6d10b2f155aa1d95b3865ebd1f101bab01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe59da2a.TMP

Filesize
48B

MD5
aca01abc0a26efe0ad7554bd0dd333fd

SHA1
a13d58d5ed9bb2c9e14d162a4447e60ffc3fa3aa

SHA256
e99b07a1ffc2ef722db7fba7ed01b46bf401ba54d58d1a486a0b833c20623038

SHA512
f99e1cc0142f013d744cb212afdc5ccebb8d7e00c53ae0ec81b2216acec4b79ef1e658e98dd9beb0836e7a3ae2cd37bebf784d0d97c58bf7a13f948193406d1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
3a58e7c086dae0b9306a2c4ec3deba57

SHA1
83591b1254c22e786a2f741d3173d68b28fe2a08

SHA256
734caa98cf48f3ea2381406b07b8978a555bbd931d49592dd838c242d8b67c45

SHA512
250fe525b4a760b31e111b9756880c7f598aa1649dffbbaeca213bbf3f8888db6f16a8c2247b2fd2b2dd3540b372feb02d1e3042cee9b7578aad77c34ebef699

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
8KB

MD5
28c1761cd3612fab0d0b538172c19235

SHA1
5042435d62398836beeb7146bd2b1327c13bee95

SHA256
cb33395d7c45e0886b70ca436c51c523eb2f865ab910849254b10e00232dea90

SHA512
06a0eaf889d0b75ebe2abadda48c6e51d24c3fa90bd08e169a3e6a3fd8dd4cac3958cd858dc4d3787303172bf4a7ac85593d3dbcddc97acbc3deac537c6e9ff9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
8KB

MD5
7c1a26d6008efdb66f60fc526e05a8fc

SHA1
64b2077f7b24a756ff5cdaf4b778d01db2063b3b

SHA256
ad444b5a7a8eba72d35deff80270fd8c8cfce54a9c4309bdbbe62018afc33d16

SHA512
6a0d0d5415035e45e2fdeeefeb93b33a79d3c2d6fe1e0ca0edb5d7c26d0904cc8cc64db1181a3d85b1d0f5a16945eba91a4c346ba1bab323b265ad72f40f8e32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
f9030ab83a54a7835b19ca2e05e41004

SHA1
96277130fdbe9d3f0c8744f57dc1b2586d54d994

SHA256
c69d0b946f25447ba7212fac0ab79d29186808fccf3ede94a10c6a280ca66e1a

SHA512
03a5621ccea73f3c369e3959b6e9ae7b46dfc3da0790cb5e176150849aa901881949dfad4a4d1a0b6501fee17aa695f839ce167369d3ee36624ec8865bd18f41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
d9e37d60a1ef56095370f495248d201b

SHA1
eddfa5dda6fed82582a6c8cdb016b8f68464f56d

SHA256
b810072a13a04a458248f6fd561ebd5ca3bfaf6944dc30786fec3eb571bf5af3

SHA512
2957e1894340037377a59ae3996fbe91c1ea428816ccd0ae1c72f756e380d616a5893d26304ef5af7ebe61cacfe0dab0a31f82d5071b538314abfbcca8be4297

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
43efe54dda903b9ba101d3e823900f1d

SHA1
1063dff5e312d15c6e522f42e2e45614df491961

SHA256
550d6f55195dfce6f24a9455827b95e98abc9983ac87d34cedfa239b1ca35a63

SHA512
a586f7e6c5c6fb839056131ea047651c6f3ace188eaf53a0be9b043dff3cae2e00c95ac50777b23fab0e32aa3269edb6544baff8fcdb897358dd7181279816c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe59afde.TMP

Filesize
1KB

MD5
6e2e302609ebe2323f75712e6fbaad76

SHA1
038804a492e7a0fdd4e311b3987c434615990e84

SHA256
08c725e8ca9de693bd485e4d5277d7cccc4e14167a418832b5682da44c0b1eb7

SHA512
5f8c89d2a566b54d3aec1a6a7adba52d991fdd0bf8d9abb0f0fc2ac6154c7ce58cdc5b0207ca0a0492da3ee4568a222f1dc58bacc1424e5851f8d72b33d7b989

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\b58d8c67-49b6-4c0f-a29e-3afb75ab4af9.tmp

Filesize
5KB

MD5
1eeecf3ffc2633872f6b0fe2007bcfd0

SHA1
bcfa1eeacd9f3a2c96de6c2eccc8d004bb3c3ef3

SHA256
57cb9f45e69f0db0442719d635578d5bdd9f2f38159321690070bfc805695e49

SHA512
c4462d72b34299ef1d6116ae4e7ebdc6fd7dc10a25a63b3b4cc94ada11dfbf6f28e1b3fe55d9dd2f80a20f1074d2e9094b450e0220b2e3e6942b51f15f26cb74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
27b57c32e9fa30af492d90aeb27d87a7

SHA1
daeed56be9f33fa7fa9d538a02e1561a07912d35

SHA256
a278bc4f15ddfb69ad75729adb4823497d52baf862cd6fe3566b3a47c02716f3

SHA512
fcf9b8943ee6bd454ea8ea598e25243480bf8be0040740d9d607905dc7115d7c4b03c07ab2c6350ba9ba51529a6bfa082429e1c8852d031dadf0482f61ecdc54

Download Submit
C:\Users\Admin\AppData\Local\Temp\3D2E.tmp\Craze.exe

Filesize
202KB

MD5
ad27143d078706b7cadcbb3f63212384

SHA1
71e532c89954881636f8fe973b9ea035a9e2de6d

SHA256
0b86d60e99e9f4a3bfa60cd447ac62eda52428be564f777151c883fdf547fb26

SHA512
39d8abb4883d3db96a88e88ea76ec8cc6a11e8905eeba593789a08b7d26cf449d682b2537cda790b124e06dc94bede7a78477f941220fe47d3e7ffad3bf9868b

Download Submit
C:\Users\Admin\AppData\Local\Temp\3D2E.tmp\INV.exe

Filesize
103KB

MD5
e079c468c9caed494623dbf95e9ce5e8

SHA1
4d8d1d17e9d7ff455a5c69e048d7575b5a3ea0f7

SHA256
8e217ce5670ac1021fdb6101372f9322f7ff82481ecd9badc104ff542e46128c

SHA512
d9c1a6f28c0c76b6856dec8723eb79d1b620a70b8ab3b5f028848e890a684beeb3460e310959c69f21cffb0a14751ea6cb719aacdbc2043121f057dd56f868a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\3D2E.tmp\MBRPayload.exe

Filesize
101KB

MD5
3aa620597abcae5c26b71e21e15b9acf

SHA1
ed797bc834050bc108a31f1511102608943391c5

SHA256
91f9327997754b0238caeff5cffced7eed3e13d5ac39dec87b329678bee8a145

SHA512
562de36b77f6cf5a369c8b434fb5605ee4169fa50c6a4df4d22c1a64dfec39d779b1fc285407ab851ef27b33061159cb1bb548079fa0d0a3d2e10517f8ee0b12

Download Submit
C:\Users\Admin\AppData\Local\Temp\3D2E.tmp\PanKoza.bat

Filesize
736B

MD5
24f0349bbf490fea5eb3acbf54bd1ba8

SHA1
e3ca3514fe098b27dac66dfaa93e035fe6ef25f0

SHA256
78c3005b4d5f500de7d540822cf2c334fc585a6a0d45da8c4af47f1500239899

SHA512
4aac8a6652c1ff52c797344299f5f21746ff1769425bcdbbe4b04fa9363619e320811a8bf8ef0c18e7d0758f38d6a33249c14c9af4a3773da61bb2d7910fa26b

Download Submit
C:\Users\Admin\AppData\Local\Temp\3D2E.tmp\lines.exe

Filesize
103KB

MD5
50caeee44dc92a147cf95fd82eb6e299

SHA1
a6619a150a31f4c1b4913884123f5b5334e23489

SHA256
81b9a2e3e9ee39f05b585ad871696a946837fcf784d3d4ecd4b9caea16560a1e

SHA512
e009de28d24abbecac2b20c4dcbbe4bd2de461c0d3140043d1ef6db3e4807d13723fb1916bc9bd1a636cfdc4bb3e102ecae645e783901ebdf9996e9bcdd9466b

Download Submit
C:\Users\Admin\AppData\Local\Temp\3D2E.tmp\melter.exe

Filesize
3KB

MD5
d9baac374cc96e41c9f86c669e53f61c

SHA1
b0ba67bfac3d23e718b3bfdfe120e5446d0229e8

SHA256
a1d883577bcb6c4f9de47b06fe97c370c09bddffb6569b6cf93576371bdbc412

SHA512
4ecdf8757e75b02da06a9d42a8ca62b9f2ef292dc04fa37d96603af78433f8aa9dd82fcf1e128a8f463b9691dcc1645b4a64e34f3c5d631f3a0e0670da0d0457

Download Submit
C:\Users\Admin\AppData\Local\Temp\3D2E.tmp\note.vbs

Filesize
123B

MD5
b41b06859fca8e157db46e6609e4a51d

SHA1
8daa0836735347c030e641abdc277bbd66662c33

SHA256
f613aec542d7967cae9d01794b7061bce5083d68c825821a5b702e97f32039c4

SHA512
4290d132c7c1ad154a3ade465e810e9fe4db5a8e0604a35d53e82a6482cd22fdd8ba74e97c0bc2e146e2bcf2ecc9afcc4e4e358e98b353168b67a71b71ced75c

Download Submit
C:\Users\Admin\AppData\Local\Temp\3D2E.tmp\screenscrew.exe

Filesize
111KB

MD5
e87a04c270f98bb6b5677cc789d1ad1d

SHA1
8c14cb338e23d4a82f6310d13b36729e543ff0ca

SHA256
e03520794f00fb39ef3cfff012f72a5d03c60f89de28dbe69016f6ed151b5338

SHA512
8784f4d42908e54ecedfb06b254992c63920f43a27903ccedd336daaeed346db44e1f40e7db971735da707b5b32206be1b1571bc0d6a2d6eb90bbf9d1f69de13

Download Submit
C:\Users\Admin\AppData\Local\Temp\3D2E.tmp\sites.vbs

Filesize
287B

MD5
5c5324b059b0abf1824a5223832b8479

SHA1
145c596bd6bfc1bfbd1a5a2aa8e5f4b3cef4ef57

SHA256
9fd517699e352ffb9fd73319eb1ec58e7e771457f6e7c1d715e0f57e1d37d733

SHA512
b8219eba1d34c83cc193b5ba2da8aa9dce4f8b221c9aac3a52256e6c2855b77be4270a629dec7e36c92652f9b5e4c1dbc84b91a3bcdca663cc3d728eada6c3e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\邿鸋粖莢性醣鿁橵矗棙园崅瑈蔳遲亇.txt

Filesize
260B

MD5
bece3a0d5a1777801eb961f1fed492e6

SHA1
cb0f7040837f0f9247bdf104df5a1dc0d2f63a3d

SHA256
248d071fd732a9116b36c09cd537fc559c94d82c7fee3df23581a17464935ea4

SHA512
cef82d7d39a3a9ec289e6aefe34d8a8ddfc0526590824901d5d2f58e511c9ff82440df0ea3da8340d8a7fb27a8ae16bd719d3cb98f156d4a829afac1da6711e9

Download Submit
C:\Users\Admin\Downloads\LogonFuck.zip.crdownload

Filesize
8.1MB

MD5
8d5a151ef3c69ccf03d06adb331c3810

SHA1
cb82197bb42110fe95e9e130e1e5edb72ab6f75d

SHA256
3a45d7f9dae3f80ca329e0f12096d88cb10e4301b035a654ffac5f24f6814184

SHA512
3cc52f2d50642002b60818a50c79fae405d97d85b306b47be5946b24145f16c8e6f467ed691977e94c0644b29dfc3bdd0242b11173515ae13f7192c4b794ba9f

Download Submit
C:\Users\Admin\Downloads\LogonFuck\LogonFuck.exe

Filesize
8.1MB

MD5
7ee3aeb93b0fa8dc34893e8b3c0f5510

SHA1
faedf76ced4d16de8832d084be985ed8b32cf20d

SHA256
78a7a05316929dddcba6788429eeec08b5428590b89b8d272bd79471f0b6a4d8

SHA512
fba2326c80a69841fa9c97198aa69b0b019fffa591a5f7bd8b38da99f8eb8baa0662c8a4dc751ec38dc7892097175f3b760a7d7e1116aaeeb4b2ffe04b821d29

Download Submit
C:\Users\Admin\Downloads\Monoxidex64.exe

Filesize
330KB

MD5
692361071bbbb3e9243d09dc190fedea

SHA1
04894c41500859ea3617b0780f1cc2ba82a40daf

SHA256
ae9405b9556c24389ee359993f45926a895481c8d60d98b91a3065f5c026cffe

SHA512
cfdd627d228c89a4cc2eac27dcdc45507f1e4265eff108958de0e26e0d1abe7598a5347be77d1a52256de70c77129f1cd0e9b31c023e1263f4cf04dbc689c87e

Download Submit
C:\Users\Admin\Downloads\PanKozaDestructive.exe

Filesize
552KB

MD5
4860c95131365be3bfa06efd3d95b7af

SHA1
3bc68ad8b5725137ff85709988ef434088ae2c81

SHA256
7bda3690420d2b0cf562713a67b95071d9b44ac01bfabe6cab4c4acbbaa04737

SHA512
00dcca22cd2feeab004a44f8f61c8c67172c88ee4ff4fa8dd495d09606fb6f231be79c8a2707e1c8cc934ffda73445bdaeb05f5ba77034cfbce3a8af75c7f00e

Download Submit
C:\Users\Admin\Downloads\PanKozaDestructive.zip

Filesize
458KB

MD5
1396cbc82c43251c541f742e589f2467

SHA1
f98dc13a6c64fb82a6baf268d4e204aa52d2e669

SHA256
de6bbdad02329e369305e75cf3ee421d56a7f9430dee20d11b6dd34291c86af9

SHA512
02ab9ab99d69ef6f633a8b536769996791f8788ba4539f81191350a5bdf9862b5d79e7bd71fae2a8738f21fc5c4e7491007fb5db45b82eddb4f995b5a949f0dd

Download Submit
memory/212-1278-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1020-1038-0x0000000000400000-0x00000000004F8000-memory.dmp

Filesize
992KB

Download
memory/1020-840-0x0000000000400000-0x00000000004F8000-memory.dmp

Filesize
992KB

Download
memory/1020-1318-0x0000000000400000-0x00000000004F8000-memory.dmp

Filesize
992KB

Download
memory/1384-1187-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/3196-901-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/4144-1082-0x0000000000400000-0x0000000000474000-memory.dmp

Filesize
464KB

Download
memory/4144-1141-0x0000000000400000-0x0000000000474000-memory.dmp

Filesize
464KB

Download
memory/4716-1298-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5384-823-0x000002B79AE00000-0x000002B79B770000-memory.dmp

Filesize
9.4MB

Download
memory/5384-822-0x000002B780030000-0x000002B78084C000-memory.dmp

Filesize
8.1MB

Download
memory/5580-1279-0x0000000000400000-0x0000000000474000-memory.dmp

Filesize
464KB

Download
memory/5580-1635-0x0000000000400000-0x0000000000474000-memory.dmp

Filesize
464KB

Download
memory/5580-1764-0x0000000000400000-0x0000000000474000-memory.dmp

Filesize
464KB

Download
memory/5580-1587-0x0000000000400000-0x0000000000474000-memory.dmp

Filesize
464KB

Download
memory/5580-1880-0x0000000000400000-0x0000000000474000-memory.dmp

Filesize
464KB

Download
memory/5580-1413-0x0000000000400000-0x0000000000474000-memory.dmp

Filesize
464KB

Download
memory/5580-1329-0x0000000000400000-0x0000000000474000-memory.dmp

Filesize
464KB

Download
memory/5580-1911-0x0000000000400000-0x0000000000474000-memory.dmp

Filesize
464KB

Download

Resubmissions

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads