Overview

overview

10

Static

static

3

d34b300dea...ca.exe

windows11-21h2-x64

10

Resubmissions

23-05-2024 18:26

240523-w3nh9sbg96 10

Analysis

  • max time kernel
    1800s
  • max time network
    1794s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240508-en
  • resource tags

    arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    24-05-2024 15:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d34b300dea4cb02902be18e5ffac2d219948671c06052ae1b8b4e3301c255dca.exe

  • Size

    7.2MB

  • MD5

    880814a8c2304729007fa0a008587dc5

  • SHA1

    1adc9fc4d58e6271f1db89187e3918bd36147887

  • SHA256

    d34b300dea4cb02902be18e5ffac2d219948671c06052ae1b8b4e3301c255dca

  • SHA512

    500dfa0d04dee632f0f6733f244e52126c5ff671c459d9705cb9507acbdaa262fbc474d72dc6459d0ce254662e8c2ca7d7afb68ca60a938a1352a9e2252e158e

  • SSDEEP

    98304:9ws2ANnKXOaeOgmhM3nsmtk2aTigPzUYm9uALfprsQunQf7UORs:nKXbeO7QLKsuAdty

Score
10/10
gh0stratpurplefoxdiscoveryevasionlinkpdfpersistenceratrootkitspywarestealertrojanupx

Malware Config

Signatures

  • Detect PurpleFox Rootkit 7 IoCs

    Detect PurpleFox Rootkit.

    rootkit
  • Gh0st RAT payload 8 IoCs
  • Gh0strat

    Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

    ratgh0strat
  • PurpleFox

    PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

    rootkittrojanpurplefox
  • Drops file in Drivers directory 1 IoCs
  • Sets DLL path for service in the registry 2 TTPs 1 IoCs
    persistence
  • Sets service image path in registry 2 TTPs 1 IoCs
    persistence
  • Executes dropped EXE 38 IoCs
  • Loads dropped DLL 56 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • UPX packed file 9 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Unexpected DNS network traffic destination 2 IoCs

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Checks system information in the registry 2 TTPs 2 IoCs

    System information is often read in order to detect sandboxing environments.

  • Drops file in System32 directory 9 IoCs
  • Drops file in Program Files directory 3 IoCs
  • HTTP links in PDF interactive object 1 IoCs

    Detects HTTP links in interactive objects within PDF files.

    pdflink
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 52 IoCs
  • Modifies registry class 2 IoCs
  • Modifies system certificate store 2 TTPs 21 IoCs
    evasionspywaretrojan
  • NTFS ADS 2 IoCs
  • Runs ping.exe 1 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: LoadsDriver 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 41 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of SetWindowsHookEx 16 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • System policy modification 1 TTPs 1 IoCs
    evasion
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\d34b300dea4cb02902be18e5ffac2d219948671c06052ae1b8b4e3301c255dca.exe
    "C:\Users\Admin\AppData\Local\Temp\d34b300dea4cb02902be18e5ffac2d219948671c06052ae1b8b4e3301c255dca.exe"
    1⤵
    • Drops file in Program Files directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2360
    • C:\Users\Admin\AppData\Local\Temp\R.exe
      C:\Users\Admin\AppData\Local\Temp\\R.exe
      2⤵
      • Sets DLL path for service in the registry
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in System32 directory
      PID:4024
    • C:\Users\Admin\AppData\Local\Temp\N.exe
      C:\Users\Admin\AppData\Local\Temp\\N.exe
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:1784
      • C:\Windows\SysWOW64\cmd.exe
        C:\Windows\system32\cmd.exe /c ping -n 2 127.0.0.1 > nul && del C:\Users\Admin\AppData\Local\Temp\N.exe > nul
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:2012
        • C:\Windows\SysWOW64\PING.EXE
          ping -n 2 127.0.0.1
          4⤵
          • Runs ping.exe
          PID:2008
    • C:\Users\Admin\AppData\Local\Temp\HD_d34b300dea4cb02902be18e5ffac2d219948671c06052ae1b8b4e3301c255dca.exe
      C:\Users\Admin\AppData\Local\Temp\HD_d34b300dea4cb02902be18e5ffac2d219948671c06052ae1b8b4e3301c255dca.exe
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:4112
      • C:\Users\Admin\AppData\Local\Temp\._cache_HD_d34b300dea4cb02902be18e5ffac2d219948671c06052ae1b8b4e3301c255dca.exe
        "C:\Users\Admin\AppData\Local\Temp\._cache_HD_d34b300dea4cb02902be18e5ffac2d219948671c06052ae1b8b4e3301c255dca.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious use of SetWindowsHookEx
        PID:4592
      • C:\ProgramData\Synaptics\Synaptics.exe
        "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
        3⤵
        • Executes dropped EXE
        • Modifies registry class
        • Suspicious use of WriteProcessMemory
        PID:3424
        • C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe
          "C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate
          4⤵
          • Executes dropped EXE
          • Suspicious use of SetWindowsHookEx
          PID:4736
  • C:\Windows\SysWOW64\svchost.exe
    C:\Windows\SysWOW64\svchost.exe -k "Remote Data"
    1⤵
      PID:3796
    • C:\Windows\SysWOW64\svchost.exe
      C:\Windows\SysWOW64\svchost.exe -k "Remote Data"
      1⤵
      • Loads dropped DLL
      • Drops file in System32 directory
      • Suspicious use of WriteProcessMemory
      PID:4792
      • C:\Windows\SysWOW64\Remote Data.exe
        "C:\Windows\system32\Remote Data.exe" "c:\windows\system32\240610218.txt",MainThread
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:2628
    • C:\Windows\SysWOW64\TXPlatfor.exe
      C:\Windows\SysWOW64\TXPlatfor.exe -auto
      1⤵
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:2952
      • C:\Windows\SysWOW64\TXPlatfor.exe
        C:\Windows\SysWOW64\TXPlatfor.exe -acsi
        2⤵
        • Drops file in Drivers directory
        • Sets service image path in registry
        • Executes dropped EXE
        • Suspicious behavior: LoadsDriver
        • Suspicious use of AdjustPrivilegeToken
        PID:2580
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
      1⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1056
      • C:\Users\Admin\AppData\Local\Temp\R.exe
        C:\Users\Admin\AppData\Local\Temp\\R.exe
        2⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in System32 directory
        • Suspicious use of SetWindowsHookEx
        PID:3340
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 3340 -s 472
          3⤵
          • Program crash
          PID:2804
      • C:\Users\Admin\AppData\Local\Temp\N.exe
        C:\Users\Admin\AppData\Local\Temp\\N.exe
        2⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:5052
        • C:\Windows\SysWOW64\cmd.exe
          C:\Windows\system32\cmd.exe /c ping -n 2 127.0.0.1 > nul && del C:\Users\Admin\AppData\Local\Temp\N.exe > nul
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:3132
          • C:\Windows\SysWOW64\PING.EXE
            ping -n 2 127.0.0.1
            4⤵
            • Runs ping.exe
            PID:1168
      • C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe"
        2⤵
        • Executes dropped EXE
        • Checks whether UAC is enabled
        • Checks system information in the registry
        • Enumerates system info in registry
        • Modifies system certificate store
        • NTFS ADS
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of WriteProcessMemory
        • System policy modification
        PID:4608
        • C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffef82c3cb8,0x7ffef82c3cc8,0x7ffef82c3cd8
          3⤵
          • Executes dropped EXE
          PID:3772
        • C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe" --type=gpu-process --field-trial-handle=1848,3533223949010708,2615304591374780215,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1844 /prefetch:2
          3⤵
          • Executes dropped EXE
          PID:1228
        • C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1848,3533223949010708,2615304591374780215,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:3
          3⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          PID:1576
        • C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1848,3533223949010708,2615304591374780215,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8
          3⤵
          • Executes dropped EXE
          PID:864
        • C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe" --type=renderer --field-trial-handle=1848,3533223949010708,2615304591374780215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
          3⤵
          • Executes dropped EXE
          PID:4676
        • C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe" --type=renderer --field-trial-handle=1848,3533223949010708,2615304591374780215,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
          3⤵
          • Executes dropped EXE
          PID:352
        • C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe" --type=renderer --field-trial-handle=1848,3533223949010708,2615304591374780215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4528 /prefetch:1
          3⤵
          • Executes dropped EXE
          PID:1460
        • C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe" --type=renderer --field-trial-handle=1848,3533223949010708,2615304591374780215,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
          3⤵
          • Executes dropped EXE
          PID:3492
        • C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1848,3533223949010708,2615304591374780215,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4740 /prefetch:8
          3⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          PID:4100
        • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1848,3533223949010708,2615304591374780215,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5296 /prefetch:8
          3⤵
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of SetWindowsHookEx
          PID:4228
        • C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe" --type=renderer --field-trial-handle=1848,3533223949010708,2615304591374780215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
          3⤵
          • Executes dropped EXE
          PID:1168
        • C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe" --type=renderer --field-trial-handle=1848,3533223949010708,2615304591374780215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
          3⤵
          • Executes dropped EXE
          PID:1360
        • C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe" --type=renderer --field-trial-handle=1848,3533223949010708,2615304591374780215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2600 /prefetch:1
          3⤵
          • Executes dropped EXE
          PID:688
        • C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe" --type=renderer --field-trial-handle=1848,3533223949010708,2615304591374780215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
          3⤵
          • Executes dropped EXE
          PID:4612
        • C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe" --type=renderer --field-trial-handle=1848,3533223949010708,2615304591374780215,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
          3⤵
          • Executes dropped EXE
          PID:3636
        • C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe" --type=renderer --field-trial-handle=1848,3533223949010708,2615304591374780215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
          3⤵
          • Executes dropped EXE
          PID:4496
        • C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe" --type=renderer --field-trial-handle=1848,3533223949010708,2615304591374780215,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1732 /prefetch:1
          3⤵
          • Executes dropped EXE
          PID:4392
        • C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe" --type=renderer --field-trial-handle=1848,3533223949010708,2615304591374780215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2956 /prefetch:1
          3⤵
          • Executes dropped EXE
          PID:4844
        • C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe" --type=renderer --field-trial-handle=1848,3533223949010708,2615304591374780215,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
          3⤵
          • Executes dropped EXE
          PID:4864
        • C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1848,3533223949010708,2615304591374780215,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6328 /prefetch:8
          3⤵
          • Executes dropped EXE
          PID:4896
        • C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1848,3533223949010708,2615304591374780215,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6564 /prefetch:8
          3⤵
          • Executes dropped EXE
          • NTFS ADS
          • Suspicious behavior: EnumeratesProcesses
          PID:1752
        • C:\Users\Admin\Downloads\ThreatHunterAssessmentTool.exe
          "C:\Users\Admin\Downloads\ThreatHunterAssessmentTool.exe"
          3⤵
          • Executes dropped EXE
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          PID:2948
          • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe
            "C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe"
            4⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Suspicious use of AdjustPrivilegeToken
            PID:2400
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 3340 -ip 3340
      1⤵
        PID:3244
      • C:\Windows\SysWOW64\TXPlatfor.exe
        C:\Windows\SysWOW64\TXPlatfor.exe -auto
        1⤵
        • Executes dropped EXE
        • Suspicious use of WriteProcessMemory
        PID:2852
        • C:\Windows\SysWOW64\TXPlatfor.exe
          C:\Windows\SysWOW64\TXPlatfor.exe -acsi
          2⤵
          • Executes dropped EXE
          PID:892
      • C:\Windows\System32\CompPkgSrv.exe
        C:\Windows\System32\CompPkgSrv.exe -Embedding
        1⤵
          PID:2696
        • C:\Windows\System32\CompPkgSrv.exe
          C:\Windows\System32\CompPkgSrv.exe -Embedding
          1⤵
            PID:4824
          • C:\Windows\ComodoAptAtScanner\cmdapt64.exe
            C:\Windows\ComodoAptAtScanner\cmdapt64.exe --service --scope "processes|drivers|autoruns" --status "\\127.0.0.1\ADMIN$\ComodoAptAtScanner\scan_status.txt" --output "\\127.0.0.1\ADMIN$\ComodoAptAtScanner\out.xml" --tvl "\\127.0.0.1\ADMIN$\ComodoAptAtScanner\tvl.txt" --trl "\\127.0.0.1\ADMIN$\ComodoAptAtScanner\trl.txt" --filter "*" --scanPeOnly on --flsUdpPort 53 --flsTcpPort 80 --skipGAC
            1⤵
            • Executes dropped EXE
            • Drops file in System32 directory
            • Modifies data under HKEY_USERS
            • Modifies system certificate store
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of AdjustPrivilegeToken
            PID:4308

          Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Program Files (x86)\Microsoft\Edge\Application\HD_msedge.exe
            Filesize

            3.2MB

            MD5

            7faa5ffa86c7629b995db9db9de5840e

            SHA1

            a5b83fe6745288cb6fa18450b3f9ad918fe90970

            SHA256

            ddda6f7397e8ebe11981b6ba137af2d99a72fe3ac1b14afee00737eca6738ed3

            SHA512

            7aa8e32117951be916c8f829f1f7ebae999292edf45abd4dc8ffab5a21a87ffdc956246b1c2aa62ece63fc39ef9eb7ee0d51fc1a797d0f5051ce0b9216e2633c

            Download Submit
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            Filesize

            5.6MB

            MD5

            87946f9d917161a2cdc033aa2e7e2af4

            SHA1

            5d3ed03c10b36d7c894761c96e7070e81d74f4e9

            SHA256

            0331741a91098f4ba1464ccf353a87b604fa37c84a3d290bcd61129276585c19

            SHA512

            fa48275f7733ac37dc0a5851a05c785c930184cf2725bf6807c75bb60727d5fc2e1f4225d8fb09c8c3779b9b35c737924219d6319235799e4151838d2e6c836c

            Download Submit
          • C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\517efac85db7042e2b9ae54b76f4e58d_15439030-dbba-449d-b460-326ebc585651
            Filesize

            64B

            MD5

            4f786152087be2421780544897125bbc

            SHA1

            1465783d441a6f6a81911d45a1a37717a67f75e1

            SHA256

            c7615ebd18ae705138de2779645a691e95be66508896269c01cd075faf8f2ff9

            SHA512

            5d74be14e8cf3b2b65aaee70c69502a528ae5a0a524bec6122b1ed44a7c1c53f64fe40edbc764908bbae8baffd732967ed1f5cf0ae508f9777ea7fe8a038f118

            Download Submit
          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
            Filesize

            152B

            MD5

            23da8c216a7633c78c347cc80603cd99

            SHA1

            a378873c9d3484e0c57c1cb6c6895f34fee0ea61

            SHA256

            03dbdb03799f9e37c38f6d9d498ad09f7f0f9901430ff69d95aa26cae87504d3

            SHA512

            d34ae684e8462e3f2aba2260f2649dee01b4e2138b50283513c8c19c47faf039701854e1a9cbf21d7a20c28a6306f953b58ffb9144ead067f5f73650a759ff17

            Download Submit
          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
            Filesize

            152B

            MD5

            a8e4bf11ed97b6b312e938ca216cf30e

            SHA1

            ff6b0b475e552dc08a2c81c9eb9230821d3c8290

            SHA256

            296db8c9361efb62e23be1935fd172cfe9fbcd89a424f34f347ec3cc5ca5afad

            SHA512

            ce1a05df2619af419ed3058dcbd7254c7159d333356d9f1d5e2591c19e17ab0ac9b6d3e625e36246ad187256bee75b7011370220ef127c4f1171879014d0dd76

            Download Submit
          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\252451a7-bef5-49e3-acac-f2aa1aa7cc86.tmp
            Filesize

            1KB

            MD5

            292b152172d1f5ebf9c2696049043bea

            SHA1

            090497d04c928052663ab514ef9c54da9cdb88ee

            SHA256

            d75413fa2100a2f819c938f0b7ef2355868f1448541a7c44e54966e3a861fc62

            SHA512

            03aad4e8483707660be6a6b2975256f725d75e3dc953bf92b4bf62891638832850cf7b384a22fb4ce85927123343e3aaccc1b7ca3e725b565ddbbdfda9d91cfd

            Download Submit
          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a
            Filesize

            27KB

            MD5

            4b419751b95602190e663dcfb4397186

            SHA1

            584625bb902af71e0d551a72995cce18736bf738

            SHA256

            566e5021669d6f9d13f9af0fc133ffdb0d2f7b5ad5698aecbbfe1de1c9751ba2

            SHA512

            60d3976779651bf7652fe6e5e9bf2ed251439ee04a891d3dd5112cac2b7ae6b70cd7cc7a49cf2b71931a3308ebdf945a5254d60a6789ebbbcc749ea2742d0eeb

            Download Submit
          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
            Filesize

            1KB

            MD5

            20fca5abcb684f99af100cf3072008c0

            SHA1

            0efa69d7b8de2b8865c27ae5f400a2c6a4629382

            SHA256

            4c2b3cab0d3f3d1eb283e38df289f7199ae33539ecf95e9eae52aa58ee0f607a

            SHA512

            8a809a386509b959ae8984dde2e8961dc540d610182ab052fc9f94a1950663fb99058e8ec99c59513cacfd47e6dfde3b0582a3498e2d7f0b3d9d7115c158bc81

            Download Submit
          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
            Filesize

            1KB

            MD5

            c58e3e49c4e647330e9c8da987127e0d

            SHA1

            195304302555abbcb14f4279bfd15987e270ea96

            SHA256

            5f1855469e8f7eab8d916a7ab0ed39895c6071575355bf93a74e2908e04b3407

            SHA512

            784919397860a438a90e6d4067c7df9d94eaff408947a668c7dba5bbd66802c17f18202f3972ae938f0b51c38be318abe9d186cfe3b1c4f9fec05e748219a342

            Download Submit
          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
            Filesize

            1KB

            MD5

            b80e88bb63f47aa646bf55708da467a9

            SHA1

            6656cbe203d6f762400151d301fa7a27d5acd62c

            SHA256

            605a1b1dbce537bbb14e9328bc047481ec66aa9eaf9eaffa1bfafab1690325b6

            SHA512

            e5478d87569cc016130137d63e4a5802c6d07c1fab89dab5374c93afedf66455de872af65cc78aef7c7d78ac680f16bfddcf3ada91c7e052bead0ce58dd635ef

            Download Submit
          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
            Filesize

            4KB

            MD5

            09611990b60c17bcdf610a41e22ce9ae

            SHA1

            4efe4fe8f88964d099e854e1816178e7b3c71ff3

            SHA256

            c416a3953c9523be57eeea2960cdba9af64883e6901123986ef3fc0d778c7e72

            SHA512

            3ac65d8b92c7885b18b35b88743de8d996470f01015bc28829cded87b51533808f30cd5d35e74cd1d45cef3dd84850ff3af77653d63ced075b5036f036d26f71

            Download Submit
          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
            Filesize

            3KB

            MD5

            c067fa836324df5b0f6e068d11958ebc

            SHA1

            551c1f6e52957cb718f6e7cdac9ca44e637881c3

            SHA256

            401fef676807fc0e78fa56402824578d1b89866df04e2b34d043baa380bab1df

            SHA512

            586eac8de9147dabd9773eeebd9cc88dfd080419d0a9bae1ae62c0ec95045ecb4aae1408ea65265c0d4a0dc6e7b16834a84318d3d63cbf7ccbbd0fbbf8045c5a

            Download Submit
          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
            Filesize

            5KB

            MD5

            c7ce40c63257204654efc299bf444a99

            SHA1

            536781829d480c853ad2d52ef2567186d1b868f3

            SHA256

            e9ace34d895fcbdb10d5579eb58e94998d0114b850b2218610669a606308e664

            SHA512

            6e00d7de0c433ea830d6669288b449dde628a9ab9819477799f236bb423b717871d47868892317186f83881a7196b615e9ac745bb582a0615bc589c9e4091c4b

            Download Submit
          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
            Filesize

            6KB

            MD5

            74e51bb728ecfb7937f5a431b5c978c8

            SHA1

            7a76b793d40a7f45b62c10e050c0c2210377bb2f

            SHA256

            1dbb27164f64da0e276826b5f0b9ffd3fccbdc4bba8c6dcdee6a4f4cc9069e78

            SHA512

            6eaaa9e8c53527f73ba5c54f7c5fa8ef3e415d949b03c891681b51abb9063a68fd30b0ad941d13d9d8029273d351de53ed63d988bf81db5dfcd3acc127c90718

            Download Submit
          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
            Filesize

            6KB

            MD5

            eb48ab298445ed27efe31470fe0a6aac

            SHA1

            43ce6b7cc283f09acbf31b13a11dc4fcfff00fe1

            SHA256

            e8f75caaff88788aad8fe571959b83313951bc04f72afb018066f0f001d9b898

            SHA512

            f9531a5d2ed19922b80ff3f9d25cd1785cac2f31db61d8093f252daa06fb3e3b321c67860dc534b883f937e40b50ce0687393cba8943f49ff4cdfcdebf441a3a

            Download Submit
          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
            Filesize

            5KB

            MD5

            207dc122c2549da001c4216a30b15c9b

            SHA1

            fa9ef2bd6f5e8700ce6bbecb745dbaeba81f3062

            SHA256

            bc51d1656a5cdbe865b5805ce54e154b8131ee7e7f6d0db36d4f05dd3e098892

            SHA512

            1c1a2c55eaad44a76119b393670f6cdcb4d8917207f65326bf40deda2c9074e310f44c01fd52d1a550d4f52e6940f60adcd4d1ce1c9f28d6c00d6f72097fb238

            Download Submit
          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
            Filesize

            1KB

            MD5

            7b974b3b73390a8ee0d961581830411f

            SHA1

            a4de468d0d07f0f54d0fcc72175700163d573740

            SHA256

            00aa15202457cb7e5df91e7001e9d268dc952636e80553c452e85abb32956da3

            SHA512

            6189b6a29d4bb6589b7d297cb2872c9bdded207ff7f397299efdf056f72444ed7719e47f868b1f11cec3e74c7b4c0672dded800ddb3b8b23cb493fb9df62b3c2

            Download Submit
          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58cb0b.TMP
            Filesize

            1KB

            MD5

            7b6c55f8ad625f2693bb45379a47ece6

            SHA1

            18a2b1749d0f1ab1ca74402be52ba0baa98895b7

            SHA256

            56566c0379722e80202edfaaa30968a5545d9104269d3161992bedfae7a1fc61

            SHA512

            ed1d5a874d141d084bcd17d4c8e8852390850a008236033e71551422b71b3a05c9faa3922d30270111409777a949a3ed762dba0fedd9cde85426f754d39372fd

            Download Submit
          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
            Filesize

            16B

            MD5

            46295cac801e5d4857d09837238a6394

            SHA1

            44e0fa1b517dbf802b18faf0785eeea6ac51594b

            SHA256

            0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

            SHA512

            8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

            Download Submit
          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
            Filesize

            16B

            MD5

            206702161f94c5cd39fadd03f4014d98

            SHA1

            bd8bfc144fb5326d21bd1531523d9fb50e1b600a

            SHA256

            1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

            SHA512

            0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

            Download Submit
          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
            Filesize

            11KB

            MD5

            37762a773f43cb7ac45a4fe8600a9d4d

            SHA1

            8c46a1697c554f00cc68530a24f38c79457bc4aa

            SHA256

            8f78a3c920914f683a6e8105c9a2e0c4ca38331b922ed71012811122304c6c89

            SHA512

            e59cf5bd7372141729402478cbb9dfa786f8c73241f53b5935f325f6fc656b57b8e3fb23a27ad1cf0da0d18de097dfebb646d91182133e2fae469ab5efdd6d28

            Download Submit
          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
            Filesize

            12KB

            MD5

            0e71814596668d62e51cc27e3ad1e02f

            SHA1

            5ad6f351c9f28e6067d8ceb0f1e43a1e235ed09b

            SHA256

            47af502a17a97704ef41c653dde044fef19c345a2bcc51b5dc2891ea10e635c3

            SHA512

            a5eb1408e0135d6751d5ce592bb407dc2bb7f9a581984989c30ecdf1215be42ee6f682e90820c00af7c9586215a157a91bb4f2121197684f9954367a57c669db

            Download Submit
          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
            Filesize

            12KB

            MD5

            aa4a218175cd706e3722d8593ed7a24b

            SHA1

            1dbdfb23c484fb02e9a6de7bc10f4147fbb4aa1b

            SHA256

            d93085a7822a04e574e20796a6085b6728245a01a8bc27d80d6acee3ecba553f

            SHA512

            dcb7e83b7f75340135734224494be946a08dba78809135da1a0bf6204ecee7dc071b4c733347d84e20684e07a327c91e9aada93d57a024090972e9859176cb29

            Download Submit
          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
            Filesize

            12KB

            MD5

            1f472685f0589eb83847f0a91409094e

            SHA1

            76b5689bc71b571e2a309f165bc09b380251f05b

            SHA256

            94c33a896df4ebcb210f43b245ab1dd069e907d6fcb4534a76c1cfd938f1fc12

            SHA512

            7205d281f3e0f7e87b2c0c2cd2ac2fcd884a5e32467636cfa7ccd0ed50223ce72e3d075a78b9898ba67205f18ad1ece0ef6e5b5a77a4967de52d9b88dd78c7c6

            Download Submit
          • C:\Users\Admin\AppData\Local\Temp\._cache_HD_d34b300dea4cb02902be18e5ffac2d219948671c06052ae1b8b4e3301c255dca.exe
            Filesize

            4.0MB

            MD5

            96113d3800f5cea8e3a72c8bc7d3654b

            SHA1

            3da1635bd56696823613550c1d10d7da0f3be98b

            SHA256

            b144ccd363e6968c615a3cea7933576cf43f84805f240d0795b4ea8a8560fe03

            SHA512

            009ee98e9df8031d7abda144c0eb56dec89f042b40d9ec7a81672e045fdf92097ee79af024f090716a1328af540edd89e670c4a98728d4afd323cce4aaffe4ea

            Download Submit
          • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf
            Filesize

            64KB

            MD5

            0929224220374bc1027ba9e8658bcada

            SHA1

            f9040f15db3a15a8a184906b45258ad00f3ea203

            SHA256

            c36f0c1467e3344b962a5da34e909f45945714ed4eacf88f6ecd0270c70540f7

            SHA512

            8fe901ee0f31c55aac9aaa860ff39e4b147ec5a55484ae4e6961763373797772db7dbd8afb0a590ed246ac5475f0ead17c90d3bd3388a5fd88fc2b823f799af8

            Download Submit
          • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf
            Filesize

            64KB

            MD5

            60fbf2d99ca2a6ac6641a789f5ec486f

            SHA1

            8ff8982713cf29476babc22de59348f877f1aa93

            SHA256

            b59fe74112faef8e3e08829a0f9bacea476ac2c22717407978b258a741964a8f

            SHA512

            3d3c1fa7894aa0950052f7a65403f32b25bab163070e8a5a6a3a41bd1731f12ef029c2293e824d1e219ab7b62c0d6c6f4d59277b1a18977dbbef02166bdcca92

            Download Submit
          • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf
            Filesize

            192KB

            MD5

            3acae61499b3ee487e29c3e3b135fa14

            SHA1

            684ae7fd6666e49f3d8bea11dbf0a20aa4f197ec

            SHA256

            c66c203dff7217d2100e863ee8bc9a5a2f8aa5bed2fabb9fc286ea7cb4816cdf

            SHA512

            f59d86b297d1fc610afaa811fe0f9faf9877a3c4c658cb18cd16669ffda49bd085ecfe22ecad4fa044e93bcd67c5c1bd52576eae19fbafa846957f78b5feb24e

            Download Submit
          • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf
            Filesize

            192KB

            MD5

            70bf6ece93e9fa3d2f7e6c82e2ca79e4

            SHA1

            688a545ad0ff4129fc2a54fc45f8d2f044e94193

            SHA256

            c97b3e68a8e4f20b1567a8f8efd1734fc58c664116a80bf0eebf0f092d33b86f

            SHA512

            eb3e2e65db9b52a69afc36310c04b87db90ec05b10a526571a95f59b34bb9f89bbd4ac1906ca87ea6b6a1d8a15dc1d9232411fe8d19b9d421253bca874235238

            Download Submit
          • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf
            Filesize

            192KB

            MD5

            1dec3d2edb17baacc7bae184b7a32b37

            SHA1

            2bef340ec2098662401e5ef35ff77996f02db883

            SHA256

            dad37aaf70adf04b66c2581645cf72d8fd36c26fdca964fd47adc55af4aa5366

            SHA512

            f7294d89ee9ac0aaea1417abf7409cb527b4de0953140954593d57829cdaf6d9e91256bbce67c9e46d8d76a235e9b0e75e9bc764c7121c275d4ac9808ba5c49c

            Download Submit
          • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf
            Filesize

            192KB

            MD5

            0a3ec84096a90459a508107c9a55c04a

            SHA1

            cafadc27dd55d70c20a66f421688f2b9a00da344

            SHA256

            822a4e6621089ee7da6a30ff7b4a20ad89b5d0b5b18a308a889fcec30e551a72

            SHA512

            9b951ca3e12fb6b7f0d56a50320119804d0561d64b2a239478435c35681defcadfc1bea697488ee59a73b01e7a8912654b9af1e4a956b8055c6d4615197fc33a

            Download Submit
          • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf
            Filesize

            256KB

            MD5

            c11571c506a0e597e021ad68a5fef70b

            SHA1

            119bbfbcb0ac205d4dabfacfd440e1f9769183ce

            SHA256

            b374215f5efc1b9cc61628cfd55e2556d5accfb6f77d8bde7bfba91de5c62266

            SHA512

            de07bcb11e6253e6d85fd42c5d15e6080505cd069cdd9f2d31efb2b15e2c4b3620c2724b447d3e231f912dce7565a20533118fb36dd7eec9fd6bfe648555af35

            Download Submit
          • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf
            Filesize

            256KB

            MD5

            55c8c72d530e75ba6ce186778d84f197

            SHA1

            c1d3b4841b638aff857cabe0b4226e023dde5897

            SHA256

            637782341c99352da8336d841a12e886ee6fb36749c7c4529c82d52a5d86f07f

            SHA512

            98ce3cdc9f6759afe4a577ec4d11561af59e8b2af6161ed70f1388a997ca5a9929bf0cc5a3f43c9ab7546d0b7d7cc1f355670088ffad34045d8b053b23225c7c

            Download Submit
          • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf
            Filesize

            256KB

            MD5

            ec6fb1015686fd62ebfae926911b04ca

            SHA1

            0f80d497dd5bb27034de465b1053511e65a8bf27

            SHA256

            ae3a7757d26bc0d972d919cdb236e69b6255fbf4ba7b3fc5765776bf6b1bd011

            SHA512

            f7ac24de33e42bba93efd8cc5f4f538294822c424ee0eb57ca2aa6269d013590e19f907240d9343928f8527e70b54518f313021b130b515ef4381aac4b00d1f6

            Download Submit
          • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf
            Filesize

            256KB

            MD5

            219d50e9fa1b1bc77647eec700c464b6

            SHA1

            8b5c543f34139ef3916dcd10c2fd5189ae6ae0c3

            SHA256

            9cc9eefbdceecf48259176f74d24e15c6fc9154d871bf9f114228edabc91059e

            SHA512

            105a84d6979b005dde374660b8ee61d8618ff3d8a179edab3dbacbf9869828f752f261e7bb65b93caaca255a24c7792abe505b97bfdbe224c3cd7d33e006b459

            Download Submit
          • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf
            Filesize

            256KB

            MD5

            428f6958e66b6976b2f1a377760a8dbb

            SHA1

            e64b320ea2d120a9cdc182221aae048f8cfd4d38

            SHA256

            09602f1f1955bcd9d31ff5324bdadc0d5e13a54019e30486381609a93d65d624

            SHA512

            97e4f59a22fa4a3a97f386883f8e079d47e3c9f9b9a3f809151ff49ed2e0edcc129f6b1a34175b08c73e201df6f3ae064e13a3db85c14389b6627a9810f6facc

            Download Submit
          • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf
            Filesize

            256KB

            MD5

            45558ae636a7ad365801910cb30481d4

            SHA1

            262cdb8d27c9ef63821c57932d94cec1b0e00981

            SHA256

            a3502c69a0b310b23cd8a55964119f0e28a3a814cf8e3699bcb2ed56d6ed3802

            SHA512

            7a65393a7f48abfe0f4db206b36370fac1f1bfd1eea6d921abfb45f9e7722a200bafa61cd4e304a22640e37b21f55559dcd317044c47cff232e0ce8bff7e9c74

            Download Submit
          • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf
            Filesize

            256KB

            MD5

            75d51b703c4e4a878c928810c3e7edb8

            SHA1

            eb40da4caa17f17473e4af08c1a565cc7a138896

            SHA256

            9fe42a63ee2b73bd2c83e6af9da4dc9b903645085e636f092e5830917ad761e2

            SHA512

            c562cc9c97924c5a4b57fbea98f0bc01cd4a8ac886ee2f24ced1d9f5275c08d51749c5b69f0834d1892b9c941c9d3b70f26efbc40af13776c76279a919527d99

            Download Submit
          • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf
            Filesize

            256KB

            MD5

            f504848dc13346c7eae47d66d642f78f

            SHA1

            d774f08323fe0e5b30321f3aa8062e4186153601

            SHA256

            f3ab225770ec0563f1bf774288e89d74c29eacaa9f76c29f6ee18476879af0c7

            SHA512

            a7c9bba8c4c3b12b2524db6a5ec1d371de88cd6e0e0bfa27b7f3fc92746ffcde811a0db0e83e0b2f2a04bcf535bee3e50d31255b3f5673014df5cf9854d66fd7

            Download Submit
          • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf
            Filesize

            256KB

            MD5

            232c2972648cf044e56272e118e7ce4c

            SHA1

            7eb8b8a25c92d17c82aad615732daeaaab35d101

            SHA256

            5dc96574bb24e6fade51f282f3f353d22ff4c814868c68fc36f7254accdd5c33

            SHA512

            2d4c65e2d58932d3e68a844f85d1d62bf8c953d8b856d68ee3940fa8cbd02452b8f82b4108ce900fe0b420472e39f8f01a13fe7db9d6aff34f5a9b0cd06200c4

            Download Submit
          • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf
            Filesize

            256KB

            MD5

            9d0f5fccee3c8a95be3329ab36f8eab3

            SHA1

            97b0da14f1db638f8f4e04f8dba06f565341b09c

            SHA256

            599939cb6de40c22cf195efd75e755d7e8ae2fd2579ede7f50ef84f114358a84

            SHA512

            c750c0f5457909c32955767d052ad61505af178eeba3ef5c7aa17402a5ee785fd73f4f2c4bd7a6a444f971ed567f5b324a9b46ca178e27bd326a1eee33d47588

            Download Submit
          • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf
            Filesize

            256KB

            MD5

            236743ffbd599e4529494fdd1a24ba0f

            SHA1

            6ed49224b0320da36c283bfb9d774cbe36b65b10

            SHA256

            80402f2a46b79e940bc27ce9a6fe26e4aa9f18235eac06e4ff7130caa497e3e5

            SHA512

            384904a845ea305f7b9871a74891961d6af65761c3b5e8b0b3e6f81f06cd9e138e9d4f2f1cec3299b58300de1307497de3f358382850c59b1712cec7bde1c394

            Download Submit
          • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf
            Filesize

            256KB

            MD5

            87ee16e9656d31cf09c3a0ecb03da738

            SHA1

            231f18b6a4c616e503b61d187627fed0e2a04f3f

            SHA256

            ed95d8a586822cf7c00eb7ae90956c4e3a407bc82aa410ae35bf726079482ff6

            SHA512

            d121274b128d40051626b68ae7bd081bbd9bce192c60e8810c3398559e7b462bc9418a096f9edec0e5caeb4f8d3b13cfd70573300181cf220dc0621c9f10b5b0

            Download Submit
          • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf
            Filesize

            256KB

            MD5

            7773b2c62685e9e39618ecd0787cfebf

            SHA1

            8e0faf8fdbde8fe0259f0932f91bbe98a5d120d4

            SHA256

            21af120a743e6d333da60a19809d1e404d8c99107c2f88033ff98812dd55eddd

            SHA512

            e0554d9dae3541fbff6dd23bf42e432e975e95da5ead325e76c4b23e42ad0d78abbcc5a2c6c49c57076192ae8122a4a0ff514c5197d65e9fa960c4e706db317a

            Download Submit
          • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf
            Filesize

            256KB

            MD5

            ef21308bccec2f651710ce0fd2e07f6e

            SHA1

            ae404091b69d903c6fcaf8547e0e5ef523e97478

            SHA256

            cc34e344b9434c620c738d06d693dfed4409a772be4b011c822c319badf33470

            SHA512

            750e3764b8b4af5147f47ebfd801f037051ff0c77525aad5da25de8774e69e00a2daf59866775c029162eaf247bf5028b90a7029ebed1aa082cf2cfd342d96da

            Download Submit
          • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf
            Filesize

            256KB

            MD5

            c801476decbe324b5d61e17b9fd7fd76

            SHA1

            b9dca1beec93372bf7b88711042368435a2db620

            SHA256

            e6294304e3c11b02077fa70e847350250c1bb373c89f1337c85ac380211b440b

            SHA512

            182a560d168947ba18c90e33ec9226c8c992ec9cb065e3ee9ec408509b45b4b30ae5612c570e1bed0b39fa1f3b8adc6446e5aaab26af21c0d4a78afd64adec0b

            Download Submit
          • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf
            Filesize

            256KB

            MD5

            dd27db025a5a6548c913ee786e3d3dbc

            SHA1

            b9b93b0182fea8af9ed8a780356489851075077b

            SHA256

            c5a6849e8674b9068d11551c5fc0edd34e6c508e66521ccc318e877c4fa73e45

            SHA512

            d82a96f2b0e532822dfcceaeef277eadaf25e17d7fd53908ccf590a63036f9fa56abeb4b9fab1345bb74287fa56a2e67202cede7f64488baf71f8c7722e1f7c3

            Download Submit
          • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf
            Filesize

            256KB

            MD5

            43dc92082f68cc99f2a6c2718a38765c

            SHA1

            1d2f272a475c5a256f6fe3ad710adf40eec8e18a

            SHA256

            b81c23e9ab703c85ab024bba22d277858348362ebb81e325fd5d1e0a9356ac52

            SHA512

            0a37a27f8b5d23867c412f04765c336ca4a9ecc78d429a527e4d185be471611a468986404225e47b43442c177726645b1ef8d84ddc969e2f0999abf4397abed4

            Download Submit
          • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf
            Filesize

            256KB

            MD5

            bf26a4eabff3b00417785bab7f677218

            SHA1

            706f85303a5d1378a0f5bf249f01b96c8e8fc837

            SHA256

            df9f784c7b9fe359c98d8630b48f2bf2c913cac2f187448c90bb522eca5d8b91

            SHA512

            bf804ff1db2f4c59e87777fd984b12734bf9f9ff857ece93fa2aa0c3237a9eafe2765ca73b743e867afdd7e6a9f2da48fec13a28fc0f21e83c6ed267d4c8a077

            Download Submit
          • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf
            Filesize

            256KB

            MD5

            21ec1df18a937d5681cecf5c8d8f2294

            SHA1

            b393cd8d1ca4304b9760aa039e9d7131e5595462

            SHA256

            18c513f88f8b3a8f65de0a01a10e64227936660a10c8400496f9827e00f3abcb

            SHA512

            c82e2dab305225a9e78507b7a0e88de7845b749e47f532cfdc7b632a793b7aff2ac77321665e1f628463470d2e631f4413d6948740eba71bce58d72a956a7015

            Download Submit
          • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf
            Filesize

            64KB

            MD5

            4fdfa657a5313e34270722cfed7d5e2b

            SHA1

            ac81fd84e6fff33bbb5bbb2ba0dfe86af9d1983e

            SHA256

            4570cf15966fb5ddac7e645bfff75ec137b1c26bbabe488ec97b21ee45e2208c

            SHA512

            7f31ec10c604358aa1a91ce9bb5b7273c1490f594d63ae4ac15aaaafd32752eeb9cbb31d4086f518ff0fa5d4b2ab35af62abb052666a710d55114ff6f5f3da0d

            Download Submit
          • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\AptDatabase.sdf
            Filesize

            64KB

            MD5

            a781fce8f47a3dcc4fa04c65dc653721

            SHA1

            e444487a0d2c2a0c83ee1b1aaf4f2a056d3ca636

            SHA256

            d6a1d53f9790fd8512d9fc24ef46964ea5877ff2f4d2be8a2f5a3269f202c37c

            SHA512

            89d6120eb757e5f2bf329aab657dac5627f0219faeee44880ff11be78dbd3e5518f06879ce1ca13e73f450c7c1e83a39fb123bc8901576629ceb42059a63c8f7

            Download Submit
          • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\Threat Hunter Assessment Tool.exe
            Filesize

            2.4MB

            MD5

            9dbd87da3046935d74a6026cb0e9bae9

            SHA1

            11584dbe6847d90c5797d0c2ca6ad4247154ca60

            SHA256

            381f108010501d81a8442290432434074e74b131a30a5c77a27d1e514a29b45c

            SHA512

            f2a57a0e86abb96d491f0b1ebc6c1efbbcd3e48f1e03e83b90b049b18c20b62e2d5ad56a35ae219b536a8ddec712072b002296a0d5adffcd573490855fb5ae43

            Download Submit
          • C:\Users\Admin\AppData\Local\Temp\7ZipSfx.000\amd64\Microsoft.VC90.CRT\README_ENU.txt
            Filesize

            406B

            MD5

            a14f24c16fe9cb910dbd2aea9e14dc32

            SHA1

            b682064e84334beee3049975e0581a26e05cd4a2

            SHA256

            89f4a0ff447b833ac81e59c5c653d303377c4264060305808f6ff7f674070fa3

            SHA512

            eaca2b45801932daf2eb746df4e529f737d961628b578cd759d4074bf3b78a69da25dc9902519da458231ea871910ed6d22123468ebd90c77ce74a8afac84140

            Download Submit
          • C:\Users\Admin\AppData\Local\Temp\HD_X.dat
            Filesize

            2.4MB

            MD5

            2141968d005daf36443149f1763ce4f2

            SHA1

            0faa7199e05ddd06c1f1e2c3bad8f70fac7eec9a

            SHA256

            79787aa1625449ae9c27027d04ae249b9a80515f10ba9c18183f729252fa062f

            SHA512

            fb18dcf00cf8455ba1841a508342a977a1963bbc8511b4dc593c45d35ced4c9347f761c7e1c864775942093a25df1eab7d5fd0716a96a866f283f36fa3d7feee

            Download Submit
          • C:\Users\Admin\AppData\Local\Temp\HD_d34b300dea4cb02902be18e5ffac2d219948671c06052ae1b8b4e3301c255dca.exe
            Filesize

            4.7MB

            MD5

            dbb91b7a30bb67cefad505fd0ac7daab

            SHA1

            cf47b812e6f4eb028a2fd5ed06cd4fddcd01f518

            SHA256

            d814e3a71b711a6b598d1fb95c005d15b8a016f748d17a621b404fe0f681b419

            SHA512

            1d36e9f24e1d0b2903276e859dfa87c179d6450e7345d3a6e35786e3a319a6676d7e85b7db012c1630b025702689ad7237b237481fc761532c51a87c3ff88300

            Download Submit
          • C:\Users\Admin\AppData\Local\Temp\N.exe
            Filesize

            377KB

            MD5

            4a36a48e58829c22381572b2040b6fe0

            SHA1

            f09d30e44ff7e3f20a5de307720f3ad148c6143b

            SHA256

            3de6c02f52a661b8f934f59541d0cf297bb489eb2155e346b63c7338e09aeaf8

            SHA512

            5d0ea398792f6b9eb3f188813c50b7f43929183b5733d2b595b2fd1c78722764fd15f62db1086b5c7edfb157661a6dcd544ddd80907ee7699dddbca1ef4022d0

            Download Submit
          • C:\Users\Admin\AppData\Local\Temp\R.exe
            Filesize

            941KB

            MD5

            8dc3adf1c490211971c1e2325f1424d2

            SHA1

            4eec4a4e7cb97c5efa6c72e0731cd090c0c4adc5

            SHA256

            bc29f2022ab3b812e50c8681ff196f090c038b5ab51e37daffac4469a8c2eb2c

            SHA512

            ae92ea20b359849dcdba4808119b154e3af5ef3687ee09de1797610fe8c4d3eb9065b068074d35adddb4b225d17c619baff3944cb137ad196bcef7a6507f920d

            Download Submit
          • C:\Users\Admin\Downloads\Unconfirmed 91564.crdownload
            Filesize

            13.0MB

            MD5

            ddf8230ab47c7c517397ef1c5b1ee2e0

            SHA1

            4214d7217f353b7b8519ddb768ad238a9afa10f2

            SHA256

            688de6269eabf44a59a497e26920466976fa26a7d6b4ac4127cacf03da2edcac

            SHA512

            464dcf2958971a2b38e5e61c746578a88c571d976b5183489e3e8ec05953c51c860bd97e1839ea77faea18defa28da1d19f9d113037e4b7d98e5692ee6488ff1

            Download Submit
          • C:\Windows\SysWOW64\240610218.txt
            Filesize

            899KB

            MD5

            510db366a3adef5cdb8b8bd727f90b8f

            SHA1

            022d97ddd03ee7d551c73cb0fcc98b69e97ffe15

            SHA256

            d552d3c1e298daf2ef9b90c627e63ff6456b8f6cefbed43b03e02915baac1471

            SHA512

            4d5fed21d4b1aabe2efd00bf83c1ae1deaaa48cd1e2bb3e1d0705aa8a2c0b851839c1e8c52c3f8767424af7b9e75634056d660be6cf01895e1e5c492beb207b6

            Download Submit
          • C:\Windows\SysWOW64\Remote Data.exe
            Filesize

            40KB

            MD5

            22bb5bd901d8b25ac5b41edbb7d5053e

            SHA1

            8a935dd8d7e104fc553ff7e8b54a404f7b079334

            SHA256

            8dcaeeebef9b9f3d41d295db145ffb3850f309d089c08125c7fa7034db5fd80e

            SHA512

            cc3fb68fd6791a08e4a7d1a8db8d07cfcc8c9b9dceec10b53f0cb7ee86473303a19be4f23e379f84c59e02d0568e7c066e21cd1300f6032dac4ba52f609f62e7

            Download Submit
          • \??\pipe\LOCAL\crashpad_4608_HHLETCJMXGCDVHVC
            MD5

            d41d8cd98f00b204e9800998ecf8427e

            SHA1

            da39a3ee5e6b4b0d3255bfef95601890afd80709

            SHA256

            e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

            SHA512

            cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

            Download Submit
          • memory/1228-246-0x00007FFF06740000-0x00007FFF06741000-memory.dmp
            Filesize

            4KB

            Download
          • memory/1784-20-0x0000000010000000-0x00000000101B6000-memory.dmp
            Filesize

            1.7MB

            Download
          • memory/1784-19-0x0000000010000000-0x00000000101B6000-memory.dmp
            Filesize

            1.7MB

            Download
          • memory/1784-17-0x0000000010000000-0x00000000101B6000-memory.dmp
            Filesize

            1.7MB

            Download
          • memory/2400-933-0x000001C0602C0000-0x000001C0602D0000-memory.dmp
            Filesize

            64KB

            Download
          • memory/2400-1114-0x000001C07D1B0000-0x000001C07D1B8000-memory.dmp
            Filesize

            32KB

            Download
          • memory/2400-951-0x000001C0800E0000-0x000001C0805DA000-memory.dmp
            Filesize

            5.0MB

            Download
          • memory/2400-953-0x000001C07F240000-0x000001C07F2E6000-memory.dmp
            Filesize

            664KB

            Download
          • memory/2400-954-0x000001C07EE40000-0x000001C07EE8C000-memory.dmp
            Filesize

            304KB

            Download
          • memory/2400-956-0x000001C07D160000-0x000001C07D182000-memory.dmp
            Filesize

            136KB

            Download
          • memory/2400-955-0x000001C07F9B0000-0x000001C07FA4C000-memory.dmp
            Filesize

            624KB

            Download
          • memory/2400-957-0x000001C07F8B0000-0x000001C07F92E000-memory.dmp
            Filesize

            504KB

            Download
          • memory/2400-959-0x000001C07D190000-0x000001C07D1B0000-memory.dmp
            Filesize

            128KB

            Download
          • memory/2400-960-0x000001C000370000-0x000001C0003AA000-memory.dmp
            Filesize

            232KB

            Download
          • memory/2400-961-0x000001C000330000-0x000001C000356000-memory.dmp
            Filesize

            152KB

            Download
          • memory/2400-950-0x000001C07D0D0000-0x000001C07D12C000-memory.dmp
            Filesize

            368KB

            Download
          • memory/2400-949-0x000001C07F690000-0x000001C07F8A2000-memory.dmp
            Filesize

            2.1MB

            Download
          • memory/2400-948-0x000001C07EED0000-0x000001C07F09C000-memory.dmp
            Filesize

            1.8MB

            Download
          • memory/2400-947-0x000001C07F360000-0x000001C07F690000-memory.dmp
            Filesize

            3.2MB

            Download
          • memory/2400-1034-0x000001C07FA50000-0x000001C07FAC6000-memory.dmp
            Filesize

            472KB

            Download
          • memory/2400-1035-0x000001C07D140000-0x000001C07D15E000-memory.dmp
            Filesize

            120KB

            Download
          • memory/2400-945-0x000001C07EC50000-0x000001C07EC88000-memory.dmp
            Filesize

            224KB

            Download
          • memory/2400-946-0x000001C07EC20000-0x000001C07EC2E000-memory.dmp
            Filesize

            56KB

            Download
          • memory/2400-944-0x000001C07EBD0000-0x000001C07EBD8000-memory.dmp
            Filesize

            32KB

            Download
          • memory/2400-943-0x000001C07D320000-0x000001C07D32E000-memory.dmp
            Filesize

            56KB

            Download
          • memory/2400-1112-0x000001C07C7E0000-0x000001C07C7E8000-memory.dmp
            Filesize

            32KB

            Download
          • memory/2400-1113-0x000001C07C830000-0x000001C07C838000-memory.dmp
            Filesize

            32KB

            Download
          • memory/2400-952-0x000001C07F930000-0x000001C07F9A8000-memory.dmp
            Filesize

            480KB

            Download
          • memory/2400-1115-0x000001C07FDA0000-0x000001C07FF28000-memory.dmp
            Filesize

            1.5MB

            Download
          • memory/2400-942-0x000001C079260000-0x000001C079274000-memory.dmp
            Filesize

            80KB

            Download
          • memory/2400-941-0x000001C079000000-0x000001C079060000-memory.dmp
            Filesize

            384KB

            Download
          • memory/2400-940-0x000001C078FA0000-0x000001C078FFE000-memory.dmp
            Filesize

            376KB

            Download
          • memory/2400-939-0x000001C078F20000-0x000001C078F98000-memory.dmp
            Filesize

            480KB

            Download
          • memory/2400-938-0x000001C079600000-0x000001C07989C000-memory.dmp
            Filesize

            2.6MB

            Download
          • memory/2400-937-0x000001C079290000-0x000001C0795F8000-memory.dmp
            Filesize

            3.4MB

            Download
          • memory/2400-934-0x000001C078B30000-0x000001C078B68000-memory.dmp
            Filesize

            224KB

            Download
          • memory/2400-935-0x000001C078AF0000-0x000001C078B14000-memory.dmp
            Filesize

            144KB

            Download
          • memory/2400-936-0x000001C078E70000-0x000001C078F12000-memory.dmp
            Filesize

            648KB

            Download
          • memory/2400-1356-0x000001C0027D0000-0x000001C002CF8000-memory.dmp
            Filesize

            5.2MB

            Download
          • memory/2400-1414-0x000001C0805E0000-0x000001C0807A2000-memory.dmp
            Filesize

            1.8MB

            Download
          • memory/2400-930-0x000001C05E450000-0x000001C05E6C4000-memory.dmp
            Filesize

            2.5MB

            Download
          • memory/2580-34-0x0000000010000000-0x00000000101B6000-memory.dmp
            Filesize

            1.7MB

            Download
          • memory/2580-41-0x0000000010000000-0x00000000101B6000-memory.dmp
            Filesize

            1.7MB

            Download
          • memory/2580-44-0x0000000010000000-0x00000000101B6000-memory.dmp
            Filesize

            1.7MB

            Download
          • memory/2952-25-0x0000000010000000-0x00000000101B6000-memory.dmp
            Filesize

            1.7MB

            Download
          • memory/2952-27-0x0000000010000000-0x00000000101B6000-memory.dmp
            Filesize

            1.7MB

            Download
          • memory/2952-28-0x0000000010000000-0x00000000101B6000-memory.dmp
            Filesize

            1.7MB

            Download
          • memory/3424-306-0x0000000000400000-0x00000000008C3000-memory.dmp
            Filesize

            4.8MB

            Download
          • memory/3424-646-0x0000000000400000-0x00000000008C3000-memory.dmp
            Filesize

            4.8MB

            Download
          • memory/3424-559-0x0000000000400000-0x00000000008C3000-memory.dmp
            Filesize

            4.8MB

            Download
          • memory/3424-517-0x0000000000400000-0x00000000008C3000-memory.dmp
            Filesize

            4.8MB

            Download
          • memory/4112-157-0x0000000000400000-0x00000000008C3000-memory.dmp
            Filesize

            4.8MB

            Download