hxxps://github[.]com/garrydevpro/versatools/releases/download/exe/Versatools[.]exe

Analysis

max time kernel
383s
max time network
379s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
09/07/2024, 01:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/garrydevpro/versatools/releases/download/exe/Versatools.exe

Score

8^/10

pyinstaller

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 4 IoCs

pid	Process
1564	Versatools.exe
4356	Versatools.exe
2892	Versatools.exe
1048	Versatools.exe

Loads dropped DLL 62 IoCs

pid	Process
4356	Versatools.exe
4356	Versatools.exe
4356	Versatools.exe
4356	Versatools.exe
4356	Versatools.exe
4356	Versatools.exe
4356	Versatools.exe
4356	Versatools.exe
4356	Versatools.exe
4356	Versatools.exe
4356	Versatools.exe
4356	Versatools.exe
4356	Versatools.exe
4356	Versatools.exe
4356	Versatools.exe
4356	Versatools.exe
4356	Versatools.exe
4356	Versatools.exe
4356	Versatools.exe
4356	Versatools.exe
4356	Versatools.exe
4356	Versatools.exe
4356	Versatools.exe
4356	Versatools.exe
4356	Versatools.exe
4356	Versatools.exe
4356	Versatools.exe
4356	Versatools.exe
4356	Versatools.exe
4356	Versatools.exe
4356	Versatools.exe
1048	Versatools.exe
1048	Versatools.exe
1048	Versatools.exe
1048	Versatools.exe
1048	Versatools.exe
1048	Versatools.exe
1048	Versatools.exe
1048	Versatools.exe
1048	Versatools.exe
1048	Versatools.exe
1048	Versatools.exe
1048	Versatools.exe
1048	Versatools.exe
1048	Versatools.exe
1048	Versatools.exe
1048	Versatools.exe
1048	Versatools.exe
1048	Versatools.exe
1048	Versatools.exe
1048	Versatools.exe
1048	Versatools.exe
1048	Versatools.exe
1048	Versatools.exe
1048	Versatools.exe
1048	Versatools.exe
1048	Versatools.exe
1048	Versatools.exe
1048	Versatools.exe
1048	Versatools.exe
1048	Versatools.exe
1048	Versatools.exe

Detects Pyinstaller 1 IoCs

pyinstaller

resource	yara_rule
behavioral1/files/0x000e00000002326d-41.dat	pyinstaller

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133649637399473672"	chrome.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 781424.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3548	msedge.exe
3548	msedge.exe
2744	msedge.exe
2744	msedge.exe
4320	identity_helper.exe
4320	identity_helper.exe
4588	chrome.exe
4588	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe
Token: SeShutdownPrivilege	4588	chrome.exe
Token: SeCreatePagefilePrivilege	4588	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe
4588	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2744 wrote to memory of 4456	2744	msedge.exe	83
PID 2744 wrote to memory of 4456	2744	msedge.exe	83
PID 2744 wrote to memory of 1232	2744	msedge.exe	84
PID 2744 wrote to memory of 1232	2744	msedge.exe	84
PID 2744 wrote to memory of 1232	2744	msedge.exe	84
PID 2744 wrote to memory of 1232	2744	msedge.exe	84
PID 2744 wrote to memory of 1232	2744	msedge.exe	84
PID 2744 wrote to memory of 1232	2744	msedge.exe	84
PID 2744 wrote to memory of 1232	2744	msedge.exe	84
PID 2744 wrote to memory of 1232	2744	msedge.exe	84
PID 2744 wrote to memory of 1232	2744	msedge.exe	84
PID 2744 wrote to memory of 1232	2744	msedge.exe	84
PID 2744 wrote to memory of 1232	2744	msedge.exe	84
PID 2744 wrote to memory of 1232	2744	msedge.exe	84
PID 2744 wrote to memory of 1232	2744	msedge.exe	84
PID 2744 wrote to memory of 1232	2744	msedge.exe	84
PID 2744 wrote to memory of 1232	2744	msedge.exe	84
PID 2744 wrote to memory of 1232	2744	msedge.exe	84
PID 2744 wrote to memory of 1232	2744	msedge.exe	84
PID 2744 wrote to memory of 1232	2744	msedge.exe	84
PID 2744 wrote to memory of 1232	2744	msedge.exe	84
PID 2744 wrote to memory of 1232	2744	msedge.exe	84
PID 2744 wrote to memory of 1232	2744	msedge.exe	84
PID 2744 wrote to memory of 1232	2744	msedge.exe	84
PID 2744 wrote to memory of 1232	2744	msedge.exe	84
PID 2744 wrote to memory of 1232	2744	msedge.exe	84
PID 2744 wrote to memory of 1232	2744	msedge.exe	84
PID 2744 wrote to memory of 1232	2744	msedge.exe	84
PID 2744 wrote to memory of 1232	2744	msedge.exe	84
PID 2744 wrote to memory of 1232	2744	msedge.exe	84
PID 2744 wrote to memory of 1232	2744	msedge.exe	84
PID 2744 wrote to memory of 1232	2744	msedge.exe	84
PID 2744 wrote to memory of 1232	2744	msedge.exe	84
PID 2744 wrote to memory of 1232	2744	msedge.exe	84
PID 2744 wrote to memory of 1232	2744	msedge.exe	84
PID 2744 wrote to memory of 1232	2744	msedge.exe	84
PID 2744 wrote to memory of 1232	2744	msedge.exe	84
PID 2744 wrote to memory of 1232	2744	msedge.exe	84
PID 2744 wrote to memory of 1232	2744	msedge.exe	84
PID 2744 wrote to memory of 1232	2744	msedge.exe	84
PID 2744 wrote to memory of 1232	2744	msedge.exe	84
PID 2744 wrote to memory of 1232	2744	msedge.exe	84
PID 2744 wrote to memory of 3548	2744	msedge.exe	85
PID 2744 wrote to memory of 3548	2744	msedge.exe	85
PID 2744 wrote to memory of 4308	2744	msedge.exe	86
PID 2744 wrote to memory of 4308	2744	msedge.exe	86
PID 2744 wrote to memory of 4308	2744	msedge.exe	86
PID 2744 wrote to memory of 4308	2744	msedge.exe	86
PID 2744 wrote to memory of 4308	2744	msedge.exe	86
PID 2744 wrote to memory of 4308	2744	msedge.exe	86
PID 2744 wrote to memory of 4308	2744	msedge.exe	86
PID 2744 wrote to memory of 4308	2744	msedge.exe	86
PID 2744 wrote to memory of 4308	2744	msedge.exe	86
PID 2744 wrote to memory of 4308	2744	msedge.exe	86
PID 2744 wrote to memory of 4308	2744	msedge.exe	86
PID 2744 wrote to memory of 4308	2744	msedge.exe	86
PID 2744 wrote to memory of 4308	2744	msedge.exe	86
PID 2744 wrote to memory of 4308	2744	msedge.exe	86
PID 2744 wrote to memory of 4308	2744	msedge.exe	86
PID 2744 wrote to memory of 4308	2744	msedge.exe	86
PID 2744 wrote to memory of 4308	2744	msedge.exe	86
PID 2744 wrote to memory of 4308	2744	msedge.exe	86
PID 2744 wrote to memory of 4308	2744	msedge.exe	86
PID 2744 wrote to memory of 4308	2744	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/garrydevpro/versatools/releases/download/exe/Versatools.exe
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcda3346f8,0x7ffcda334708,0x7ffcda334718
  2⤵
  PID:4456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,12362114901502320003,7796495998182707813,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
  2⤵
  PID:1232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1996,12362114901502320003,7796495998182707813,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1996,12362114901502320003,7796495998182707813,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
  2⤵
  PID:4308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,12362114901502320003,7796495998182707813,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:2880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,12362114901502320003,7796495998182707813,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:4416
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1996,12362114901502320003,7796495998182707813,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5424 /prefetch:8
  2⤵
  PID:1316
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1996,12362114901502320003,7796495998182707813,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5424 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1996,12362114901502320003,7796495998182707813,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4756 /prefetch:8
  2⤵
  PID:404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,12362114901502320003,7796495998182707813,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4140 /prefetch:1
  2⤵
  PID:4540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1996,12362114901502320003,7796495998182707813,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5920 /prefetch:8
  2⤵
  PID:4428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,12362114901502320003,7796495998182707813,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1
  2⤵
  PID:2704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,12362114901502320003,7796495998182707813,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:1
  2⤵
  PID:4680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,12362114901502320003,7796495998182707813,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
  2⤵
  PID:2760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,12362114901502320003,7796495998182707813,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6272 /prefetch:1
  2⤵
  PID:3624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,12362114901502320003,7796495998182707813,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1
  2⤵
  PID:1732

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3520

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2760

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffce7d7ab58,0x7ffce7d7ab68,0x7ffce7d7ab78
  2⤵
  PID:1044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1724 --field-trial-handle=1868,i,14569777143789556994,6374292536415211012,131072 /prefetch:2
  2⤵
  PID:1316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1996 --field-trial-handle=1868,i,14569777143789556994,6374292536415211012,131072 /prefetch:8
  2⤵
  PID:1932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2268 --field-trial-handle=1868,i,14569777143789556994,6374292536415211012,131072 /prefetch:8
  2⤵
  PID:920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3104 --field-trial-handle=1868,i,14569777143789556994,6374292536415211012,131072 /prefetch:1
  2⤵
  PID:2544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3128 --field-trial-handle=1868,i,14569777143789556994,6374292536415211012,131072 /prefetch:1
  2⤵
  PID:4152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4276 --field-trial-handle=1868,i,14569777143789556994,6374292536415211012,131072 /prefetch:1
  2⤵
  PID:4292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4716 --field-trial-handle=1868,i,14569777143789556994,6374292536415211012,131072 /prefetch:8
  2⤵
  PID:3252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4836 --field-trial-handle=1868,i,14569777143789556994,6374292536415211012,131072 /prefetch:8
  2⤵
  PID:3792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5020 --field-trial-handle=1868,i,14569777143789556994,6374292536415211012,131072 /prefetch:8
  2⤵
  PID:1744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5012 --field-trial-handle=1868,i,14569777143789556994,6374292536415211012,131072 /prefetch:1
  2⤵
  PID:2644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5060 --field-trial-handle=1868,i,14569777143789556994,6374292536415211012,131072 /prefetch:8
  2⤵
  PID:3088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5164 --field-trial-handle=1868,i,14569777143789556994,6374292536415211012,131072 /prefetch:8
  2⤵
  PID:624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5180 --field-trial-handle=1868,i,14569777143789556994,6374292536415211012,131072 /prefetch:8
  2⤵
  PID:3648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5196 --field-trial-handle=1868,i,14569777143789556994,6374292536415211012,131072 /prefetch:8
  2⤵
  PID:548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5452 --field-trial-handle=1868,i,14569777143789556994,6374292536415211012,131072 /prefetch:8
  2⤵
  PID:2604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5164 --field-trial-handle=1868,i,14569777143789556994,6374292536415211012,131072 /prefetch:8
  2⤵
  PID:400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5624 --field-trial-handle=1868,i,14569777143789556994,6374292536415211012,131072 /prefetch:8
  2⤵
  PID:4428
- C:\Users\Admin\Downloads\Versatools.exe
  "C:\Users\Admin\Downloads\Versatools.exe"
  2⤵
  - Executes dropped EXE
  PID:1564
- - C:\Users\Admin\Downloads\Versatools.exe
    "C:\Users\Admin\Downloads\Versatools.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:4356
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "ver"
      4⤵
      PID:2856
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c cls
      4⤵
      PID:2776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1616 --field-trial-handle=1868,i,14569777143789556994,6374292536415211012,131072 /prefetch:2
  2⤵
  PID:1180

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2304

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3680

C:\Users\Admin\Desktop\Versatools.exe
"C:\Users\Admin\Desktop\Versatools.exe"
1⤵
- Executes dropped EXE
PID:2892
- C:\Users\Admin\Desktop\Versatools.exe
  "C:\Users\Admin\Desktop\Versatools.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1048
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "ver"
    3⤵
    PID:4640
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:4524
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:4048
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:1632

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
a1c876a8914f50845b6629342fb857ff

SHA1
e868c02c7e0b913b8e6c2a35e842650d0bbc5847

SHA256
76929837dea68e9c42b2b6ffd5d4f7958e2e4e576838ef0795d1e161d2d7c6d2

SHA512
165ac3855e172303610298a7121750426a094e8cc2556d9cb69e7abf9b3fdcc049d91e82e75999d00f0fe9c9d831a19a45ac4931606f8c751cfdc8ce0a2d3c8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
fc88520900e297a9bb6fccc50428645f

SHA1
920a8121089df06599fb4eff2d99edeb0ed952ac

SHA256
c4cd07477d56599f516e0a0a780f29292943303480779dcb00c2391ef4386d51

SHA512
b3d05c51f7516170f3602533f56d2b172563d55e7e997f06dd4d586b94b46029085eec50dbb90b0e70e2ca617d91d3325395ca7857b66cc7079e49ae24ecf941

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
1cfe80065cb3798c1b114ae634e9f88a

SHA1
d6ebaa1cfe3968525acac674e772ec6eb4b50bbb

SHA256
46280ef7a97b9d3ec835eedc166dbb7ce56b6dcec70389a91ff250d66b43cd32

SHA512
938d17d09459bba672699b2465f48500a181683091415570c0a20889907226b5e678b1a71556948bcac484f553d1148617a111ce64ca59a00681ca9c3b66c6f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
43bb90caec9e8edc056410e49efd38e8

SHA1
d54f2e39b1fcbcbaa586ac26238fb7eef993eaa3

SHA256
1363471099e8cf6d5c929bfbf3372111f968f911c89209c01f85416134981fb4

SHA512
8be27326daccafc9e0257c98f73cb3333e2d9f0d04a761e565169b8d2cae513391ccfa42cd0639b9ae9fd67608d8f5fe01439af79fd47958c6160b76673c54bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
dbb98da53ad77ab7298fd3163e3f809d

SHA1
e66e04290049bad37673a9a5884d823bb626d98f

SHA256
84faad56d27cf180754e578cf7cfcdb32097f8e5cf42de8c345dc1176b19e141

SHA512
7638b5d42089fb265339f0f5fd0f37ffda8ae29abbaaaa5d11f02298fe0f80540ddea143d8ac8f27b44ea2f02efde49160c01ee233e64eab6e2d8144e2fe0645

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d54289c52f9a3cb90a01577fc62dd730

SHA1
6629d6393d7914c1bb62a1d73d46c9aebd9ee0bd

SHA256
8f1a3ffed22ae5381e50acaf3967eea69d895b1877261aba0c38f3b2689a6c62

SHA512
781da53196d95eaccf5bc5bd02feda8e2712dfe497e0441f924e03617e042eed53f54585410911ade3edd79bd0603773db100b86b0ef56b5a52acfca8a5789b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a3e5e7072158063cef3fccfb732d3976

SHA1
29f22a9c5aaf547a8c97c1be9f99fb43a2039d47

SHA256
073d5163ac8af41dedfb98bf4930c3542bdee0df5a00ebba8c92ebe6692505b1

SHA512
d4ff3900f2b2bb8bc71c599e9db720895b364714ec349ca24e984cb72114509a70d95d40d26a93e430b8c3394c3eeaebf311a622701ca9737ecdf8d716b81ec8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
1376d8369c46c17c7666ef7fc08e90b2

SHA1
38ec04c4d6e13ede983a7bb4de71b121c522f027

SHA256
3162a5ef18dcefffbfe266f3f20a016ef59a521a20cebe10afa9423402dfde76

SHA512
4b0d373a8f97fa80457cce124fa1980fd6bc48ee59b6511df8000da255cc5685bef297050345953ed437c86d982e12a7b28c1253fd4557537bbb69b1b37af37b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
285KB

MD5
a90add1d19e7eb3e48d296f4844213d6

SHA1
83ee0dcd629629517ff287750f9600c8dda0df80

SHA256
d2b68fcf63afc7a1512bff173f45aadd084bf0ff06382363ac39ccffbf88e81a

SHA512
a86aca3d6e410ad53e84bed4e7ad7a58b5ad1c3804f3ae99d7d2d5620fee36fce96d5ee3185f459bea10e3589d3f775b3c2763fb47ea0a011ca733ed651f59af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
285KB

MD5
89cc86f1df467b3761bf9702e9f7f95c

SHA1
178e68a17233e534520dac0ef034ab2980351815

SHA256
cf6b75676932997dbc9cd37f7c9f5e4810b18116d41a07f30d45911f2bc53a64

SHA512
30e185eee8ad1d207334bdb79fcf7250117bbbe22a7ea60247195555b1368433c9f23bd849047ceb6c7354b0451e5582c04dd0c8686c901af178a3f34b9c7082

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b6c11a2e74ef272858b9bcac8f5ebf97

SHA1
2a06945314ebaa78f3ede1ff2b79f7357c3cb36b

SHA256
f88faeb70e2a7849587be3e49e6884f5159ac76ef72b7077ac36e5fbf332d777

SHA512
d577a5b3a264829494f5520cc975f4c2044648d51438885f319c2c74a080ea5dd719b6a885ed4d3401fd7a32341f88f26da5e3f29214da9afbbbd5ee950e8ec3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9abb787f6c5a61faf4408f694e89b50e

SHA1
914247144868a2ff909207305255ab9bbca33d7e

SHA256
ecfd876b653319de412bf6be83bd824dda753b4d9090007231a335819d29ea07

SHA512
0f8139c45a7efab6de03fd9ebfe152e183ff155f20b03d4fac4a52cbbf8a3779302fed56facc9c7678a2dcf4f1ee89a26efd5bada485214edd9bf6b5cd238a55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\8421749f-38df-4dfa-9fce-89a8068c58aa.tmp

Filesize
6KB

MD5
722e19d9fd678e4e65dff0a7ae995573

SHA1
6bc36fc86822e628920354c5ee1b7412d0035e39

SHA256
abd983ecb757980b794fff422341d00500dc1941f80b5b9728e578bf8841e0a7

SHA512
7d4c1a59bc84b8d14c2a65a0af5b51f64d0339facbe6303cebccb919f1930d5ea92cebc3a5a4e9b3784d5e708ae7e60cec1f0c5572f70710eae6e8ce95737ff7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
265B

MD5
f5cd008cf465804d0e6f39a8d81f9a2d

SHA1
6b2907356472ed4a719e5675cc08969f30adc855

SHA256
fcea95cc39dc6c2a925f5aed739dbedaa405ee4ce127f535fcf1c751b2b8fb5d

SHA512
dc97034546a4c94bdaa6f644b5cfd1e477209de9a03a5b02a360c254a406c1d647d6f90860f385e27387b35631c41f0886cb543ede9116436941b9af6cd3285d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
436ea0e5b74a51851c5e62a2cd57303a

SHA1
c6f858129493e1581ee1bd9376636edfa4388b79

SHA256
4b2db9569b67e0d819d9603fc10d458901b77d3ec094a498f03dfb0124a3e8ac

SHA512
e94fb94c88b3978a2ca51e851c891efaf86996d158be13b0493fa7c7c14904c58fd9d687ef838c2ef4ff0791fb2c2ee84f8ea6b9c92f8e809ba06392f3d95695

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e88423a638365852efbb7847ae429f0b

SHA1
b322834dc03756eda623664cef64f912354f8f91

SHA256
775a3df6fb2d9de35678379b02cd201dfd6e435ec2dde3bbdb00d900f4f0b125

SHA512
1bf2e5aa518ac4f59ebf895de1af20562a092fc69cb44e2139437c2468d0dec290ce78f794b3b9505230ad44c2a265b3e2949615c71ee6c1a166e95ec8730a97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f92bbdf629c1627de6c9e986f8d52cba

SHA1
993de8dc4431270f8f27367d44117d2de08b7229

SHA256
aa1c9468883dd0f6c3141eac10acddf920a45d0389e8c8c5f04edd5bc37dbe0a

SHA512
86fd127234c459a4de7fc67d6525644b8ca1c98448fa0d72468ea0c7b8e6e62beb120bb513432945acd12605f5c27284380ba4d7f15d928b9d2dffee8a400424

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e8d6d580e4812d0cba05567f3e381695

SHA1
e06b4f843e3b960b4bea708d9de5faa6a019abe4

SHA256
e65c940962ad31ca28bc37e7e40cb54bd453445f664f3e413819fa50075f3ed3

SHA512
f532479ca1d26f0b483edad012f565f709bc210a9b2b50f14362351682b8cc6b06b4826a02795249b9930f5d9430103005fedf1375b9c09fa607b3cf7e411a65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b0e94796ebc93fed64103da2eb0ff004

SHA1
17a71a1f1568c7d40e239e58170378868ce8f525

SHA256
2ffb5c43e902ab1cc558b614355a21514621fcd0c4943f7b719f2a80ca17b8ba

SHA512
c318481b12d278a47a956700b88a80deccaec83a85db9ee6cc9362ff7996462a5d1b3312faae61871432cf6448898f3818c525596635136d349a7c9a54838c51

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15642\VCRUNTIME140.dll

Filesize
106KB

MD5
4585a96cc4eef6aafd5e27ea09147dc6

SHA1
489cfff1b19abbec98fda26ac8958005e88dd0cb

SHA256
a8f950b4357ec12cfccddc9094cca56a3d5244b95e09ea6e9a746489f2d58736

SHA512
d78260c66331fe3029d2cc1b41a5d002ec651f2e3bbf55076d65839b5e3c6297955afd4d9ab8951fbdc9f929dbc65eb18b14b59bce1f2994318564eb4920f286

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15642\VCRUNTIME140_1.dll

Filesize
48KB

MD5
7e668ab8a78bd0118b94978d154c85bc

SHA1
dbac42a02a8d50639805174afd21d45f3c56e3a0

SHA256
e4b533a94e02c574780e4b333fcf0889f65ed00d39e32c0fbbda2116f185873f

SHA512
72bb41db17256141b06e2eaeb8fc65ad4abdb65e4b5f604c82b9e7e7f60050734137d602e0f853f1a38201515655b6982f2761ee0fa77c531aa58591c95f0032

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15642\_bz2.pyd

Filesize
82KB

MD5
3859239ced9a45399b967ebce5a6ba23

SHA1
6f8ff3df90ac833c1eb69208db462cda8ca3f8d6

SHA256
a4dd883257a7ace84f96bcc6cd59e22d843d0db080606defae32923fc712c75a

SHA512
030e5ce81e36bd55f69d55cbb8385820eb7c1f95342c1a32058f49abeabb485b1c4a30877c07a56c9d909228e45a4196872e14ded4f87adaa8b6ad97463e5c69

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15642\_ctypes.pyd

Filesize
120KB

MD5
bd36f7d64660d120c6fb98c8f536d369

SHA1
6829c9ce6091cb2b085eb3d5469337ac4782f927

SHA256
ee543453ac1a2b9b52e80dc66207d3767012ca24ce2b44206804767f37443902

SHA512
bd15f6d4492ddbc89fcbadba07fc10aa6698b13030dd301340b5f1b02b74191faf9b3dcf66b72ecf96084656084b531034ea5cadc1dd333ef64afb69a1d1fd56

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15642\_lzma.pyd

Filesize
155KB

MD5
e5abc3a72996f8fde0bcf709e6577d9d

SHA1
15770bdcd06e171f0b868c803b8cf33a8581edd3

SHA256
1796038480754a680f33a4e37c8b5673cc86c49281a287dc0c5cae984d0cb4bb

SHA512
b347474dc071f2857e1e16965b43db6518e35915b8168bdeff1ead4dff710a1cc9f04ca0ced23a6de40d717eea375eedb0bf3714daf35de6a77f071db33dfae6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15642\_queue.pyd

Filesize
31KB

MD5
f00133f7758627a15f2d98c034cf1657

SHA1
2f5f54eda4634052f5be24c560154af6647eee05

SHA256
35609869edc57d806925ec52cca9bc5a035e30d5f40549647d4da6d7983f8659

SHA512
1c77dd811d2184beedf3c553c3f4da2144b75c6518543f98c630c59cd597fcbf6fd22cfbb0a7b9ea2fdb7983ff69d0d99e8201f4e84a0629bc5733aa09ffc201

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15642\_socket.pyd

Filesize
77KB

MD5
1eea9568d6fdef29b9963783827f5867

SHA1
a17760365094966220661ad87e57efe09cd85b84

SHA256
74181072392a3727049ea3681fe9e59516373809ced53e08f6da7c496b76e117

SHA512
d9443b70fcdc4d0ea1cb93a88325012d3f99db88c36393a7ded6d04f590e582f7f1640d8b153fe3c5342fa93802a8374f03f6cd37dd40cdbb5ade2e07fad1e09

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15642\base_library.zip

Filesize
1.8MB

MD5
e17ce7183e682de459eec1a5ac9cbbff

SHA1
722968ca6eb123730ebc30ff2d498f9a5dad4cc1

SHA256
ff6a37c49ee4bb07a763866d4163126165038296c1fb7b730928297c25cfbe6d

SHA512
fab76b59dcd3570695fa260f56e277f8d714048f3d89f6e9f69ea700fca7c097d0db5f5294beab4e6409570408f1d680e8220851fededb981acb129a415358d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15642\libffi-8.dll

Filesize
38KB

MD5
0f8e4992ca92baaf54cc0b43aaccce21

SHA1
c7300975df267b1d6adcbac0ac93fd7b1ab49bd2

SHA256
eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a

SHA512
6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15642\pyexpat.pyd

Filesize
194KB

MD5
9c21a5540fc572f75901820cf97245ec

SHA1
09296f032a50de7b398018f28ee8086da915aebd

SHA256
2ff8cd82e7cc255e219e7734498d2dea0c65a5ab29dc8581240d40eb81246045

SHA512
4217268db87eec2f0a14b5881edb3fdb8efe7ea27d6dcbee7602ca4997416c1130420f11167dac7e781553f3611409fa37650b7c2b2d09f19dc190b17b410ba5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15642\python3.dll

Filesize
65KB

MD5
b711598fc3ed0fe4cf2c7f3e0877979e

SHA1
299c799e5d697834aa2447d8a313588ab5c5e433

SHA256
520169aa6cf49d7ee724d1178de1be0e809e4bdcf671e06f3d422a0dd5fd294a

SHA512
b3d59eff5e38cef651c9603971bde77be7231ea8b7bdb444259390a8a9e452e107a0b6cb9cc93e37fd3b40afb2ba9e67217d648bfca52f7cdc4b60c7493b6b84

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15642\python311.dll

Filesize
5.5MB

MD5
5a5dd7cad8028097842b0afef45bfbcf

SHA1
e247a2e460687c607253949c52ae2801ff35dc4a

SHA256
a811c7516f531f1515d10743ae78004dd627eba0dc2d3bc0d2e033b2722043ce

SHA512
e6268e4fad2ce3ef16b68298a57498e16f0262bf3531539ad013a66f72df471569f94c6fcc48154b7c3049a3ad15cbfcbb6345dacb4f4ed7d528c74d589c9858

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15642\pywin32_system32\pythoncom311.dll

Filesize
654KB

MD5
f98264f2dacfc8e299391ed1180ab493

SHA1
849551b6d9142bf983e816fef4c05e639d2c1018

SHA256
0fe49ec1143a0efe168809c9d48fe3e857e2ac39b19db3fd8718c56a4056696b

SHA512
6bb3dbd9f4d3e6b7bd294f3cb8b2ef4c29b9eff85c0cfd5e2d2465be909014a7b2ecd3dc06265b1b58196892bb04d3e6b0aa4b2ccbf3a716e0ff950eb28db11c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15642\pywin32_system32\pywintypes311.dll

Filesize
131KB

MD5
90b786dc6795d8ad0870e290349b5b52

SHA1
592c54e67cf5d2d884339e7a8d7a21e003e6482f

SHA256
89f2a5c6be1e70b3d895318fdd618506b8c0e9a63b6a1a4055dff4abdc89f18a

SHA512
c6e1dbf25d260c723a26c88ec027d40d47f5e28fc9eb2dbc72a88813a1d05c7f75616b31836b68b87df45c65eef6f3eaed2a9f9767f9e2f12c45f672c2116e72

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15642\select.pyd

Filesize
29KB

MD5
c97a587e19227d03a85e90a04d7937f6

SHA1
463703cf1cac4e2297b442654fc6169b70cfb9bf

SHA256
c4aa9a106381835cfb5f9badfb9d77df74338bc66e69183757a5a3774ccdaccf

SHA512
97784363f3b0b794d2f9fd6a2c862d64910c71591006a34eedff989ecca669ac245b3dfe68eaa6da621209a3ab61d36e9118ebb4be4c0e72ce80fab7b43bde12

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15642\ucrtbase.dll

Filesize
987KB

MD5
d40325e6c994228a3403f8ba8f24601f

SHA1
6266b5dc2001ffd75da3588dd7c43027a706589d

SHA256
a2ab58e44828009f6dafe54dd5ed57edfa6b09641e3c8eaa473b37e5b0e2b862

SHA512
59e712713d6492fa1b002da34bc9db82a85e19d13b694b77b57db1030681432c41705d56e9f75031ed9522d43a344d1475c745af7c8c92f70f7fc78e8b8895f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI15642\win32\win32api.pyd

Filesize
130KB

MD5
1d6762b494dc9e60ca95f7238ae1fb14

SHA1
aa0397d96a0ed41b2f03352049dafe040d59ad5d

SHA256
fae5323e2119a8f678055f4244177b5806c7b6b171b1945168f685631b913664

SHA512
0b561f651161a34c37ff8d115f154c52202f573d049681f8cdd7bba2e966bb8203780c19ba824b4a693ef12ef1eeef6aeeef96eb369e4b6129f1deb6b26aaa00

Download Submit
C:\Users\Admin\AppData\Local\Temp\files\config.json

Filesize
5KB

MD5
6e97a7cd285cd52f4a0e44075a834554

SHA1
203d7a18b4b1e2d28f92798500b5829f8096e555

SHA256
d9241e48094f28b176a4400a9729b5f3c611611e8d07c68598d324f59cf3fb44

SHA512
5d214680465a3c17b647aa1e7ff011662d4bc017d097938867c3dd843214b1e2e9bbb8b5f7e11ab20de2b16c3284a101c2d720ce81f30df5f70051e1b87002ee

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 781424.crdownload

Filesize
37.8MB

MD5
a80c3d55a777e5e85c1d766719e87f43

SHA1
8f86bd48638dc9dee37e6a21dfcfac968fe662b1

SHA256
b3ce37ea3d136782dc85e8b6cec7842969eaa9564ecc409676271e27a812f551

SHA512
453448fe9c1c467c6f7347ca298893205670451fe7af0caa7a6192704538cd3a326bb7c096666349a29d8f364ec2b103fd817e7ea70926d64200ff52cfa48b59

Download Submit
memory/1048-771-0x00007FFCD8900000-0x00007FFCD988C000-memory.dmp

Filesize
15.5MB

Download
memory/4356-450-0x00007FFCD56B0000-0x00007FFCD663C000-memory.dmp

Filesize
15.5MB

Download
memory/4356-475-0x00007FFCD56B0000-0x00007FFCD663C000-memory.dmp

Filesize
15.5MB

Download