Analysis Overview
Threat Level: Shows suspicious behavior
The file https://github.com/NatroTeam/NatroMacro/releases/download/v1.0.0.1/Natro_Macro_v1.0.0.1.zip was found to be: Shows suspicious behavior.
Malicious Activity Summary
Legitimate hosting services abused for malware hosting/C2
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Modifies registry class
Opens file in notepad (likely ransom note)
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-03 13:34
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-03 13:34
Reported
2024-06-03 13:36
Platform
win10v2004-20240426-en
Max time kernel
112s
Max time network
115s
Command Line
Signatures
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings | C:\Users\Admin\Downloads\Natro_Macro_v1.0.0.1 (1)\Natro_Macro_v1.0.0.1a\submacros\AutoHotkey32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Natro_Macro_v1.0.0.1 (1)\Natro_Macro_v1.0.0.1a\submacros\AutoHotkey32.exe | N/A |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Natro_Macro_v1.0.0.1 (1)\Natro_Macro_v1.0.0.1a\submacros\AutoHotkey32.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/NatroTeam/NatroMacro/releases/download/v1.0.0.1/Natro_Macro_v1.0.0.1.zip
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb31e746f8,0x7ffb31e74708,0x7ffb31e74718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,3242188060322594984,17016184240769141347,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,3242188060322594984,17016184240769141347,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,3242188060322594984,17016184240769141347,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3242188060322594984,17016184240769141347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3242188060322594984,17016184240769141347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,3242188060322594984,17016184240769141347,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5444 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,3242188060322594984,17016184240769141347,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5444 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2064,3242188060322594984,17016184240769141347,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5052 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3242188060322594984,17016184240769141347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2064,3242188060322594984,17016184240769141347,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5652 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3242188060322594984,17016184240769141347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3242188060322594984,17016184240769141347,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3242188060322594984,17016184240769141347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3242188060322594984,17016184240769141347,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3242188060322594984,17016184240769141347,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3242188060322594984,17016184240769141347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6436 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3242188060322594984,17016184240769141347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3242188060322594984,17016184240769141347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2476 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3242188060322594984,17016184240769141347,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3242188060322594984,17016184240769141347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2064,3242188060322594984,17016184240769141347,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6720 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3242188060322594984,17016184240769141347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1824 /prefetch:1
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Natro_Macro_v1.0.0.1 (1)\Natro_Macro_v1.0.0.1a\START.bat" "
C:\Windows\system32\chcp.com
chcp 65001
C:\Users\Admin\Downloads\Natro_Macro_v1.0.0.1 (1)\Natro_Macro_v1.0.0.1a\submacros\AutoHotkey32.exe
"C:\Users\Admin\Downloads\Natro_Macro_v1.0.0.1 (1)\Natro_Macro_v1.0.0.1a\submacros\AutoHotkey32.exe" "C:\Users\Admin\Downloads\Natro_Macro_v1.0.0.1 (1)\Natro_Macro_v1.0.0.1a\submacros\natro_macro.ahk"
C:\Users\Admin\Downloads\Natro_Macro_v1.0.0.1 (1)\Natro_Macro_v1.0.0.1a\submacros\AutoHotkey32.exe
"C:\Users\Admin\Downloads\Natro_Macro_v1.0.0.1 (1)\Natro_Macro_v1.0.0.1a\submacros\AutoHotkey32.exe" /script "C:\Users\Admin\Downloads\Natro_Macro_v1.0.0.1 (1)\Natro_Macro_v1.0.0.1a\submacros\Heartbeat.ahk"
C:\Users\Admin\Downloads\Natro_Macro_v1.0.0.1 (1)\Natro_Macro_v1.0.0.1a\submacros\AutoHotkey64.exe
"C:\Users\Admin\Downloads\Natro_Macro_v1.0.0.1 (1)\Natro_Macro_v1.0.0.1a\submacros\AutoHotkey64.exe" /script /Validate /ErrorStdOut *
C:\Users\Admin\Downloads\Natro_Macro_v1.0.0.1 (1)\Natro_Macro_v1.0.0.1a\submacros\AutoHotkey64.exe
"C:\Users\Admin\Downloads\Natro_Macro_v1.0.0.1 (1)\Natro_Macro_v1.0.0.1a\submacros\AutoHotkey64.exe" /script /Validate /ErrorStdOut *
C:\Users\Admin\Downloads\Natro_Macro_v1.0.0.1 (1)\Natro_Macro_v1.0.0.1a\submacros\AutoHotkey64.exe
"C:\Users\Admin\Downloads\Natro_Macro_v1.0.0.1 (1)\Natro_Macro_v1.0.0.1a\submacros\AutoHotkey64.exe" /script /Validate /ErrorStdOut *
C:\Users\Admin\Downloads\Natro_Macro_v1.0.0.1 (1)\Natro_Macro_v1.0.0.1a\submacros\AutoHotkey64.exe
"C:\Users\Admin\Downloads\Natro_Macro_v1.0.0.1 (1)\Natro_Macro_v1.0.0.1a\submacros\AutoHotkey64.exe" /script /Validate /ErrorStdOut *
C:\Users\Admin\Downloads\Natro_Macro_v1.0.0.1 (1)\Natro_Macro_v1.0.0.1a\submacros\AutoHotkey64.exe
"C:\Users\Admin\Downloads\Natro_Macro_v1.0.0.1 (1)\Natro_Macro_v1.0.0.1a\submacros\AutoHotkey64.exe" /script /Validate /ErrorStdOut *
C:\Users\Admin\Downloads\Natro_Macro_v1.0.0.1 (1)\Natro_Macro_v1.0.0.1a\submacros\AutoHotkey64.exe
"C:\Users\Admin\Downloads\Natro_Macro_v1.0.0.1 (1)\Natro_Macro_v1.0.0.1a\submacros\AutoHotkey64.exe" /script /Validate /ErrorStdOut *
C:\Users\Admin\Downloads\Natro_Macro_v1.0.0.1 (1)\Natro_Macro_v1.0.0.1a\submacros\AutoHotkey64.exe
"C:\Users\Admin\Downloads\Natro_Macro_v1.0.0.1 (1)\Natro_Macro_v1.0.0.1a\submacros\AutoHotkey64.exe" /script /Validate /ErrorStdOut *
C:\Users\Admin\Downloads\Natro_Macro_v1.0.0.1 (1)\Natro_Macro_v1.0.0.1a\submacros\AutoHotkey64.exe
"C:\Users\Admin\Downloads\Natro_Macro_v1.0.0.1 (1)\Natro_Macro_v1.0.0.1a\submacros\AutoHotkey64.exe" /script /Validate /ErrorStdOut *
C:\Users\Admin\Downloads\Natro_Macro_v1.0.0.1 (1)\Natro_Macro_v1.0.0.1a\submacros\AutoHotkey64.exe
"C:\Users\Admin\Downloads\Natro_Macro_v1.0.0.1 (1)\Natro_Macro_v1.0.0.1a\submacros\AutoHotkey64.exe" /script /Validate /ErrorStdOut *
C:\Users\Admin\Downloads\Natro_Macro_v1.0.0.1 (1)\Natro_Macro_v1.0.0.1a\submacros\AutoHotkey64.exe
"C:\Users\Admin\Downloads\Natro_Macro_v1.0.0.1 (1)\Natro_Macro_v1.0.0.1a\submacros\AutoHotkey64.exe" /script /Validate /ErrorStdOut *
C:\Users\Admin\Downloads\Natro_Macro_v1.0.0.1 (1)\Natro_Macro_v1.0.0.1a\submacros\AutoHotkey64.exe
"C:\Users\Admin\Downloads\Natro_Macro_v1.0.0.1 (1)\Natro_Macro_v1.0.0.1a\submacros\AutoHotkey64.exe" /script /Validate /ErrorStdOut *
C:\Users\Admin\Downloads\Natro_Macro_v1.0.0.1 (1)\Natro_Macro_v1.0.0.1a\submacros\AutoHotkey64.exe
"C:\Users\Admin\Downloads\Natro_Macro_v1.0.0.1 (1)\Natro_Macro_v1.0.0.1a\submacros\AutoHotkey64.exe" /script /Validate /ErrorStdOut *
C:\Users\Admin\Downloads\Natro_Macro_v1.0.0.1 (1)\Natro_Macro_v1.0.0.1a\submacros\AutoHotkey64.exe
"C:\Users\Admin\Downloads\Natro_Macro_v1.0.0.1 (1)\Natro_Macro_v1.0.0.1a\submacros\AutoHotkey64.exe" /script "C:\Users\Admin\Downloads\Natro_Macro_v1.0.0.1 (1)\Natro_Macro_v1.0.0.1a\submacros\Status.ahk" "0" "0" "" "" "1" "" "1" "" "0" "0" "0" "1" "1" "1" "1" "1" "1" "1" "0" "0" "" "1" "1" "1" "1" "0" "0" "?" "0" "" "" "" "" "1" "0"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Natro_Macro_v1.0.0.1 (1)\Natro_Macro_v1.0.0.1a\README.md
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Users\Admin\Downloads\Natro_Macro_v1.0.0.1 (1)\Natro_Macro_v1.0.0.1a\submacros\AutoHotkey32.exe
"C:\Users\Admin\Downloads\Natro_Macro_v1.0.0.1 (1)\Natro_Macro_v1.0.0.1a\submacros\AutoHotkey32.exe" /restart /script "C:\Users\Admin\Downloads\Natro_Macro_v1.0.0.1 (1)\Natro_Macro_v1.0.0.1a\submacros\natro_macro.ahk"
C:\Users\Admin\Downloads\Natro_Macro_v1.0.0.1 (1)\Natro_Macro_v1.0.0.1a\submacros\AutoHotkey32.exe
"C:\Users\Admin\Downloads\Natro_Macro_v1.0.0.1 (1)\Natro_Macro_v1.0.0.1a\submacros\AutoHotkey32.exe" /script "C:\Users\Admin\Downloads\Natro_Macro_v1.0.0.1 (1)\Natro_Macro_v1.0.0.1a\submacros\Heartbeat.ahk"
C:\Users\Admin\Downloads\Natro_Macro_v1.0.0.1 (1)\Natro_Macro_v1.0.0.1a\submacros\AutoHotkey64.exe
"C:\Users\Admin\Downloads\Natro_Macro_v1.0.0.1 (1)\Natro_Macro_v1.0.0.1a\submacros\AutoHotkey64.exe" /script "C:\Users\Admin\Downloads\Natro_Macro_v1.0.0.1 (1)\Natro_Macro_v1.0.0.1a\submacros\Status.ahk" "0" "0" "" "" "1" "" "1" "" "0" "0" "0" "1" "1" "1" "1" "1" "1" "1" "0" "0" "" "1" "1" "1" "1" "0" "0" "?" "0" "" "" "" "" "1" "0"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | objects.githubusercontent.com | udp |
| US | 185.199.108.133:443 | objects.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.181.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 133.108.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| NL | 23.62.61.72:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 72.61.62.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | 44.56.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.149.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 185.199.108.133:443 | raw.githubusercontent.com | tcp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 4dc6fc5e708279a3310fe55d9c44743d |
| SHA1 | a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2 |
| SHA256 | a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8 |
| SHA512 | 5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13 |
\??\pipe\LOCAL\crashpad_3876_GAHCYBHQWGRCBPWD
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c9c4c494f8fba32d95ba2125f00586a3 |
| SHA1 | 8a600205528aef7953144f1cf6f7a5115e3611de |
| SHA256 | a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b |
| SHA512 | 9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | a43507926f8b2e6e78bcde08b702fd5c |
| SHA1 | 498e8b3819ab8c2416f842e42d15d6a1c88665cf |
| SHA256 | e83e90be1ffd99e872ec4369218c9b4c640849ad1809bd5df3b65013232d673a |
| SHA512 | ace95376aafffbca4dd7543a8cae539d3911a94588914c062178dddbd825344a406bd11e1aca288ca7a82936e8be57b2a0919cd81d66e29d82a6c47062546dcd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\Downloads\Natro_Macro_v1.0.0.1.zip
| MD5 | 4f32d2e2ea54c71524e3f2c77a92c91d |
| SHA1 | a863c33cca3b3c2cf6cefa18a599ae9989f06d84 |
| SHA256 | 2da12b9469f2f6dfd0f0ded1dd9978d36e081bebee7e01d10b16b81492c0241d |
| SHA512 | 690eb146832fb174a3e0a69c1cf0919c72331b1fec7791c23c4f037fb1916c520b7c954a64e847765eea4db7ac506790db3f36c24eafada174a268e4f2232374 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 60d89a9f33ce8620df917a026f5de653 |
| SHA1 | 21d9ce2476dad090f562df2e15927f5fcd2d57e4 |
| SHA256 | ea20fa99f2eb6d5e5d26bb455314f8c9e231ce8808833449356559b6d8d3109d |
| SHA512 | e3982800b936b1c326ad46c0f477a7203bc50804c6441cea3e6b36e7383627873671ce96835af2d3e84836a2ede3c950c49a227de8a6e0cee8fe07f6bea45490 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e17feb2456f79ef6f880601e6607b013 |
| SHA1 | 499582a5730d3105d2e5c2f1000b1a73175ae54a |
| SHA256 | 18afa66a99e8fe7bed135a15eb117b59b2eb69f2b061cc8c9dbe018369f61c1c |
| SHA512 | 0b7d20b9101fcca45582d8ebb4bed73a75e5e3ac52deaa0309e2bf0858c39b9eceb4b5745fcc69b4b40d54bd9126971e087a3bcff303e0bc5f57dcda2420bfb9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 80f91494b678fafb459e589464720ba0 |
| SHA1 | 67af8bd9bcd4a5032b6104af6060c306619ecb9f |
| SHA256 | 4aabaaa8641ee3fa82b9051642ea0bc792380c952811103b6a6e2529a160b39d |
| SHA512 | 405244419a38416679218ed64b957cedc836c7bf9afa7bf6dadec0887311ff83bd0542ea3f137afd301a019dc032975beace6d8b018942a6ffaee17f3831a4b5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 114cfa5e5d7b2a463ea50ce4c1716b28 |
| SHA1 | 7ddf29722bc78c951987079a35b63ab7186bc1d4 |
| SHA256 | 03cbbd5a390672ffecb43a7d692f04d46220fc2b9c0364480ee68f52411cbaa1 |
| SHA512 | c8fe764c94351dbd3384e399656ae42cf3f0681fab5ed8c3fd5849bb72785fa8038df023b69b4ea60b7fad2a1fb5dba562a1f39ef7fb7d9f4823ea40e8d12aa7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 807419ca9a4734feaf8d8563a003b048 |
| SHA1 | a723c7d60a65886ffa068711f1e900ccc85922a6 |
| SHA256 | aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631 |
| SHA512 | f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | bccfbdc14cfdb379454b9819ad6d01c6 |
| SHA1 | 3969540d1d2d43f06356366bde64bfc87787a4fc |
| SHA256 | 53a825a9dbc6a82d0ca06e244fbbbf2a54f78a940ba0f1573cd0574ef07dc062 |
| SHA512 | 17d26e18f6202dc777085002749fc6e07255d1a78535873c57eccf613400a37d5d117807190d105e2ad4109fc56c0376fe9cfa1d3ab72cad104d306dea266a81 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581066.TMP
| MD5 | a2e0786588a7ee7989b37472ea3492cf |
| SHA1 | 2b6622b054ed91c76202b4b0175209ce8dbac7ae |
| SHA256 | 54a299a0a86e29e05586eb09a17821509e9314e4e098d78167a85be948cc05d0 |
| SHA512 | 3705cc799b25ba07b9d2721e232cdcd2813c5c551d68bdfabd5411b0792894a2c53e98b08a24cea824140876de71bbf368ab5ac29e6a90fac84666e9e190ece1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\a5445699-c3fc-4040-bf82-8ebfbc1baaf0.tmp
| MD5 | 60c90a6dcba44c9d269c8adb17f61ce1 |
| SHA1 | 48aac034c28dbaac6678a3465d59dd9a61ff9e3c |
| SHA256 | 8dfcc883c38d5498c256499bb61bbff7da084cbbe8561c3a9982ab2c482c82dd |
| SHA512 | 3d876082596c3f734750c3e2806e55797fe3986ba03187a37158ca758f5c7b57bb4385202532dc5dd1696bb7cdf86724f504775bdd721501baa43822154f7959 |
memory/4800-195-0x0000000010000000-0x00000000100B1000-memory.dmp
memory/4800-197-0x0000000075CA0000-0x0000000075D1A000-memory.dmp
memory/4800-211-0x0000000000400000-0x00000000004F5000-memory.dmp
memory/4800-214-0x0000000010000000-0x00000000100B1000-memory.dmp
memory/4800-213-0x0000000074670000-0x0000000074693000-memory.dmp
memory/4800-212-0x0000000075C70000-0x0000000075C95000-memory.dmp
memory/4800-210-0x0000000010000000-0x00000000100B1000-memory.dmp
memory/4800-208-0x0000000074670000-0x0000000074693000-memory.dmp
memory/4800-207-0x0000000010000000-0x00000000100B1000-memory.dmp
memory/4800-206-0x0000000074620000-0x0000000074650000-memory.dmp
memory/4800-205-0x0000000074670000-0x0000000074693000-memory.dmp
memory/4800-204-0x0000000075C70000-0x0000000075C95000-memory.dmp
memory/4800-203-0x0000000075CA0000-0x0000000075D1A000-memory.dmp
memory/4800-202-0x0000000000400000-0x00000000004F5000-memory.dmp
memory/4800-201-0x0000000010000000-0x00000000100B1000-memory.dmp
memory/4800-200-0x0000000074620000-0x0000000074650000-memory.dmp
memory/4800-199-0x0000000074670000-0x0000000074693000-memory.dmp
memory/4800-198-0x0000000075C70000-0x0000000075C95000-memory.dmp
memory/4800-196-0x0000000000400000-0x00000000004F5000-memory.dmp
memory/4800-194-0x0000000074620000-0x0000000074650000-memory.dmp
memory/4800-192-0x0000000075CA0000-0x0000000075D1A000-memory.dmp
memory/4800-191-0x0000000010000000-0x00000000100B1000-memory.dmp
memory/4800-215-0x0000000010000000-0x00000000100B1000-memory.dmp
memory/4800-190-0x0000000075CA0000-0x0000000075D1A000-memory.dmp
memory/4800-189-0x0000000000400000-0x00000000004F5000-memory.dmp
memory/4800-209-0x0000000074620000-0x0000000074650000-memory.dmp
memory/4800-187-0x0000000075CA0000-0x0000000075D1A000-memory.dmp
memory/4800-193-0x0000000074670000-0x0000000074693000-memory.dmp
memory/4800-188-0x0000000010000000-0x00000000100B1000-memory.dmp
memory/4800-186-0x0000000000400000-0x00000000004F5000-memory.dmp
memory/4800-226-0x00000000771A0000-0x0000000077283000-memory.dmp
memory/4800-216-0x0000000076AF0000-0x00000000770A3000-memory.dmp
memory/4800-227-0x0000000075450000-0x0000000075660000-memory.dmp
memory/4800-230-0x00000000759F0000-0x0000000075A9F000-memory.dmp
memory/4800-228-0x0000000074380000-0x00000000744E9000-memory.dmp
memory/4800-229-0x0000000010000000-0x00000000100B1000-memory.dmp
memory/4800-231-0x0000000000400000-0x00000000004F5000-memory.dmp
memory/4800-236-0x0000000074F80000-0x0000000074FF4000-memory.dmp
memory/4800-240-0x00000000759F0000-0x0000000075A9F000-memory.dmp
memory/4800-242-0x0000000076AF0000-0x00000000770A3000-memory.dmp
memory/4800-247-0x0000000076AF0000-0x00000000770A3000-memory.dmp
memory/4800-254-0x0000000000400000-0x00000000004F5000-memory.dmp
memory/4800-253-0x00000000759F0000-0x0000000075A9F000-memory.dmp
memory/4800-252-0x0000000010000000-0x00000000100B1000-memory.dmp
memory/4800-251-0x0000000077670000-0x0000000077743000-memory.dmp
memory/4800-250-0x0000000075C70000-0x0000000075C95000-memory.dmp
memory/4800-249-0x0000000074F80000-0x0000000074FF4000-memory.dmp
memory/4800-248-0x0000000075450000-0x0000000075660000-memory.dmp
memory/4800-246-0x00000000759F0000-0x0000000075A9F000-memory.dmp
memory/4800-245-0x0000000010000000-0x00000000100B1000-memory.dmp
memory/4800-244-0x0000000074F80000-0x0000000074FF4000-memory.dmp
memory/4800-243-0x0000000075450000-0x0000000075660000-memory.dmp
memory/4800-241-0x0000000000400000-0x00000000004F5000-memory.dmp
memory/4800-239-0x0000000010000000-0x00000000100B1000-memory.dmp
memory/4800-238-0x0000000074380000-0x00000000744E9000-memory.dmp
memory/4800-237-0x0000000077670000-0x0000000077743000-memory.dmp
memory/4800-235-0x0000000075450000-0x0000000075660000-memory.dmp
memory/4800-234-0x00000000771A0000-0x0000000077283000-memory.dmp
memory/4800-233-0x0000000076AF0000-0x00000000770A3000-memory.dmp
memory/4800-232-0x00000000764F0000-0x00000000765CC000-memory.dmp
memory/4800-259-0x0000000074F80000-0x0000000074FF4000-memory.dmp
memory/4800-260-0x0000000077670000-0x0000000077743000-memory.dmp
memory/4800-258-0x0000000075450000-0x0000000075660000-memory.dmp
memory/4800-255-0x0000000076AF0000-0x00000000770A3000-memory.dmp
C:\Users\Admin\Downloads\Natro_Macro_v1.0.0.1 (1)\Natro_Macro_v1.0.0.1a\settings\nm_config.ini
| MD5 | af5d6c7e2d945599af03a24b6fcb91d6 |
| SHA1 | b2be3ff0b67269203bb3eed716f12ff24129bdfd |
| SHA256 | 219293711787274401ad828ce6805819f448432c91bc010e264930f7cada1af4 |
| SHA512 | b6a9a6dbb49086606890196c86e6a2005ddad75e6e7954671dbe5b33234342b1e62650ad0301604f34e715af421b54a5218f8e998441ce55de8131a6eabc35fa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | a977eadf141f5bd57234f2346b1c58d9 |
| SHA1 | 6117d67ae33da02e51b27caba23b107b894f8fb1 |
| SHA256 | 74e2455e17c8b93674d790fbaab347691d248da3d8524304289ea92b4f616144 |
| SHA512 | e6e8a25702d871d2f4ba1e1255959e7e7252e7ad4107b0a26b27c4424fdfdd4c6bb50bea53782a7e5f51ad0d2a88ac25b97b71bd49d37e35f12832f9ee2c5710 |
C:\Users\Admin\Downloads\Natro_Macro_v1.0.0.1 (1)\Natro_Macro_v1.0.0.1a\settings\manual_planters.ini
| MD5 | bae27626095ed8dd0a5ef23517bc6dc4 |
| SHA1 | b8530984142c5c524176c486f3e8bfd942d0f678 |
| SHA256 | 4cf663f6047d665f568406b2b0b0c81ac3294857542cc66f8d4816f4ea5eee2a |
| SHA512 | cb75ef2b7d525f6835a583d6fb541303c2bd08686abb98bb0abcd2e99d01c5cf55a9a457741f9df7ca7c6f89194cb1e1b7a1a9e4eda80c96bab5a94d6dc54063 |
C:\Users\Admin\Downloads\Natro_Macro_v1.0.0.1 (1)\Natro_Macro_v1.0.0.1a\settings\field_config.ini
| MD5 | 5476b31d72c20b13017ec88e467b9437 |
| SHA1 | 9d511c37e978e38564d017c86d7fa96d0cf24d25 |
| SHA256 | 6e6bcbf87e658988969f99346b1a1dd37aa5e425be47224f4a66656d010e1346 |
| SHA512 | 1cfa554ee82977ec4937b0e94a22d0a4f704d443cff337afed8a0134defd69dd8959b416b18534df64ee7b196c78ecd67101a159f57eaab7be1ef9b89ba4e16e |
C:\Users\Admin\Downloads\Natro_Macro_v1.0.0.1 (1)\Natro_Macro_v1.0.0.1a\settings\imported\patterns.ahk
| MD5 | ab4fa633d6236f65acf94abf1de11a2a |
| SHA1 | be77056b53c257395a6184b7f0cfb6e92f3fe27a |
| SHA256 | 22ca4fe2ef6ce3068757f1d6eb7feafd833107bfe0654b63017c4171fe7e16fb |
| SHA512 | eedb773bb353332e8fb6379f0cfdec0a225d6f71b0e09fc817edd9dcfd3119212ae7056fb08e937f60a29e05327d6adb837527f6d7d53f43aaef42f91c0ad4c5 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\WOBB13N1\latest[1].json
| MD5 | 1b9bb4586323cd3fa141193a8ceffbe3 |
| SHA1 | 29bac05eb1f805910513ead72b9e4a305121228f |
| SHA256 | 57a567d77370466f9ae797652a86c9aaf418e325bc75f57be8247dc10b694148 |
| SHA512 | f593a3857ac70ab7ddb2bf84467876e8cc96740faff9e38fc011078003fbd88af78a7d67e15c147920ebcf44633f23105d606ff288a544b7645434831dcc4012 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\DD719OCW\contributors[1].txt
| MD5 | ea845d9b25a2b68d21364abe4e600df7 |
| SHA1 | 72db0ba71350ddea4748d4cdfeebd55caae0b916 |
| SHA256 | 20aa923d222eef4d47895c25ea7e69044a3b1b48c348a98eba1fe20ccde73a46 |
| SHA512 | a0e8349e0d6cb45bf2e45460fb307ca2cc5be2ff0ec90e34cd7ea5e01c8f6d42fc02b2790b5fa1d45b6841d7633eedd06bc9ab6c81cf903cd89ec030cc33807b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_49536AB5156BDD74EFF881D01C36A419
| MD5 | b8e94abfed252c9e28646e0f20a39c99 |
| SHA1 | a370afad22a979e222aa0d4d95f0020e6768d94e |
| SHA256 | f008ec179065861824f722ee67a5224d0b2ae7c4c45e5b311092a3da71be9409 |
| SHA512 | c3e100df84401673d78b4df0358517c878de2d87276ebd36a96fb523dfc098c370046d2eb0f95394d3a85d2387677ed07a40efb42aab7ec6dcd339d28907e3f6 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_49536AB5156BDD74EFF881D01C36A419
| MD5 | eb6fa6085977e973e3ad46af2517b6fe |
| SHA1 | b15834752416fede9420c8ea15b7c29d128a0782 |
| SHA256 | 22395ff6e56f5105f42e3c5fd7276597605700ab09a125d101836ac56faa9132 |
| SHA512 | b57e3dc35d893c7408676b6078a52aa39d52cb897d410c5a74851609d985b413d689ef7a7759f121b14c1e2a57076f616f5bd3192eea61b9da81734b7f3f2615 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\SG9GK5FX\beesmas[1].txt
| MD5 | 897316929176464ebc9ad085f31e7284 |
| SHA1 | 09d2af8dd22201dd8d48e5dcfcaed281ff9422c7 |
| SHA256 | 9a271f2a916b0b6ee6cecb2426f0b3206ef074578be55d9bc94f6f3fe3ab86aa |
| SHA512 | a546d1300f49037a465ecec8bc1ebd07d57015a5ff1abfa1c94da9b30576933fb68e3898ff764d4de6e6741da822a7c93adc6e845806a266a63aa14c8bb09ebb |