xenorat | hxxps://github[.]com/Shehay/aimware-crack/releases

Analysis

max time kernel
366s
max time network
368s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
13-08-2024 12:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Shehay/aimware-crack/releases

Score

10^/10

xenorat discovery rat trojan

Malware Config

Extracted

Family

xenorat

147.185.221.21

Mutex

nd8912d

Attributes

delay
3000
install_path
appdata
port
6663
startup_name
svchost.exe

Signatures

XenorRat
XenorRat is a remote access trojan written in C#.
trojan rat xenorat
Downloads MZ/PE file

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Control Panel\International\Geo\Nation	aimware_external (1).exe

Executes dropped EXE 5 IoCs

pid	Process
2212	aimware_external (1).exe
5380	aimware_external (1).exe
3412	aimware_external (1).exe
3276	aimware_external (1).exe
4412	aimware_external (1).exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 23 IoCs

pid	Process
2212	aimware_external (1).exe
5380	aimware_external (1).exe
5380	aimware_external (1).exe
5380	aimware_external (1).exe
3412	aimware_external (1).exe
3412	aimware_external (1).exe
5380	aimware_external (1).exe
3412	aimware_external (1).exe
3276	aimware_external (1).exe
3276	aimware_external (1).exe
5380	aimware_external (1).exe
3412	aimware_external (1).exe
3276	aimware_external (1).exe
5380	aimware_external (1).exe
3412	aimware_external (1).exe
3276	aimware_external (1).exe
4412	aimware_external (1).exe
5380	aimware_external (1).exe
4412	aimware_external (1).exe
3412	aimware_external (1).exe
3276	aimware_external (1).exe
5380	aimware_external (1).exe
4412	aimware_external (1).exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 10 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	aimware_external (1).exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	schtasks.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	aimware_external (1).exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	schtasks.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	aimware_external (1).exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DllHost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	aimware_external (1).exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	schtasks.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	aimware_external (1).exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	schtasks.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133680245803478072"	chrome.exe

Modifies registry class 6 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe

Scheduled Task/Job: Scheduled Task 1 TTPs 4 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence execution

Scheduled Task

T1053.005

pid	Process
4628	schtasks.exe
5532	schtasks.exe
5352	schtasks.exe
5268	schtasks.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
2180	chrome.exe
2180	chrome.exe
1284	msedge.exe
1284	msedge.exe
5320	chrome.exe
5320	chrome.exe
5320	chrome.exe
5320	chrome.exe
5000	msedge.exe
5000	msedge.exe
5340	msedge.exe
5340	msedge.exe
4836	msedge.exe
4836	msedge.exe
6100	msedge.exe
6100	msedge.exe
2112	msedge.exe
2112	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2180	chrome.exe
2180	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe
Token: SeShutdownPrivilege	2180	chrome.exe
Token: SeCreatePagefilePrivilege	2180	chrome.exe

Suspicious use of FindShellTrayWindow 48 IoCs

pid	Process
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe
2180	chrome.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
2212	aimware_external (1).exe
5380	aimware_external (1).exe
3412	aimware_external (1).exe
3276	aimware_external (1).exe
4412	aimware_external (1).exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2180 wrote to memory of 3028	2180	chrome.exe	84
PID 2180 wrote to memory of 3028	2180	chrome.exe	84
PID 2180 wrote to memory of 3016	2180	chrome.exe	85
PID 2180 wrote to memory of 3016	2180	chrome.exe	85
PID 2180 wrote to memory of 3016	2180	chrome.exe	85
PID 2180 wrote to memory of 3016	2180	chrome.exe	85
PID 2180 wrote to memory of 3016	2180	chrome.exe	85
PID 2180 wrote to memory of 3016	2180	chrome.exe	85
PID 2180 wrote to memory of 3016	2180	chrome.exe	85
PID 2180 wrote to memory of 3016	2180	chrome.exe	85
PID 2180 wrote to memory of 3016	2180	chrome.exe	85
PID 2180 wrote to memory of 3016	2180	chrome.exe	85
PID 2180 wrote to memory of 3016	2180	chrome.exe	85
PID 2180 wrote to memory of 3016	2180	chrome.exe	85
PID 2180 wrote to memory of 3016	2180	chrome.exe	85
PID 2180 wrote to memory of 3016	2180	chrome.exe	85
PID 2180 wrote to memory of 3016	2180	chrome.exe	85
PID 2180 wrote to memory of 3016	2180	chrome.exe	85
PID 2180 wrote to memory of 3016	2180	chrome.exe	85
PID 2180 wrote to memory of 3016	2180	chrome.exe	85
PID 2180 wrote to memory of 3016	2180	chrome.exe	85
PID 2180 wrote to memory of 3016	2180	chrome.exe	85
PID 2180 wrote to memory of 3016	2180	chrome.exe	85
PID 2180 wrote to memory of 3016	2180	chrome.exe	85
PID 2180 wrote to memory of 3016	2180	chrome.exe	85
PID 2180 wrote to memory of 3016	2180	chrome.exe	85
PID 2180 wrote to memory of 3016	2180	chrome.exe	85
PID 2180 wrote to memory of 3016	2180	chrome.exe	85
PID 2180 wrote to memory of 3016	2180	chrome.exe	85
PID 2180 wrote to memory of 3016	2180	chrome.exe	85
PID 2180 wrote to memory of 3016	2180	chrome.exe	85
PID 2180 wrote to memory of 3016	2180	chrome.exe	85
PID 2180 wrote to memory of 2604	2180	chrome.exe	86
PID 2180 wrote to memory of 2604	2180	chrome.exe	86
PID 2180 wrote to memory of 640	2180	chrome.exe	87
PID 2180 wrote to memory of 640	2180	chrome.exe	87
PID 2180 wrote to memory of 640	2180	chrome.exe	87
PID 2180 wrote to memory of 640	2180	chrome.exe	87
PID 2180 wrote to memory of 640	2180	chrome.exe	87
PID 2180 wrote to memory of 640	2180	chrome.exe	87
PID 2180 wrote to memory of 640	2180	chrome.exe	87
PID 2180 wrote to memory of 640	2180	chrome.exe	87
PID 2180 wrote to memory of 640	2180	chrome.exe	87
PID 2180 wrote to memory of 640	2180	chrome.exe	87
PID 2180 wrote to memory of 640	2180	chrome.exe	87
PID 2180 wrote to memory of 640	2180	chrome.exe	87
PID 2180 wrote to memory of 640	2180	chrome.exe	87
PID 2180 wrote to memory of 640	2180	chrome.exe	87
PID 2180 wrote to memory of 640	2180	chrome.exe	87
PID 2180 wrote to memory of 640	2180	chrome.exe	87
PID 2180 wrote to memory of 640	2180	chrome.exe	87
PID 2180 wrote to memory of 640	2180	chrome.exe	87
PID 2180 wrote to memory of 640	2180	chrome.exe	87
PID 2180 wrote to memory of 640	2180	chrome.exe	87
PID 2180 wrote to memory of 640	2180	chrome.exe	87
PID 2180 wrote to memory of 640	2180	chrome.exe	87
PID 2180 wrote to memory of 640	2180	chrome.exe	87
PID 2180 wrote to memory of 640	2180	chrome.exe	87
PID 2180 wrote to memory of 640	2180	chrome.exe	87
PID 2180 wrote to memory of 640	2180	chrome.exe	87
PID 2180 wrote to memory of 640	2180	chrome.exe	87
PID 2180 wrote to memory of 640	2180	chrome.exe	87
PID 2180 wrote to memory of 640	2180	chrome.exe	87
PID 2180 wrote to memory of 640	2180	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/Shehay/aimware-crack/releases
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8fc5acc40,0x7ff8fc5acc4c,0x7ff8fc5acc58
  2⤵
  PID:3028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1664,i,11115976811134755492,14727686289741202548,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1792 /prefetch:2
  2⤵
  PID:3016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2136,i,11115976811134755492,14727686289741202548,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2152 /prefetch:3
  2⤵
  PID:2604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2240,i,11115976811134755492,14727686289741202548,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2464 /prefetch:8
  2⤵
  PID:640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3132,i,11115976811134755492,14727686289741202548,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3164 /prefetch:1
  2⤵
  PID:5108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3136,i,11115976811134755492,14727686289741202548,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:4888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4656,i,11115976811134755492,14727686289741202548,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4668 /prefetch:8
  2⤵
  PID:1884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4992,i,11115976811134755492,14727686289741202548,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5128 /prefetch:8
  2⤵
  PID:4404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5116,i,11115976811134755492,14727686289741202548,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5276 /prefetch:8
  2⤵
  PID:2120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=724,i,11115976811134755492,14727686289741202548,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5144 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:5320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5220,i,11115976811134755492,14727686289741202548,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5192 /prefetch:8
  2⤵
  PID:5888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5084,i,11115976811134755492,14727686289741202548,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5168 /prefetch:8
  2⤵
  PID:5264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5356,i,11115976811134755492,14727686289741202548,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=5324 /prefetch:8
  2⤵
  PID:5236

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:220

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4380

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault6e439147h13f7h4a4ah85f1hdfa1038fe7f2
1⤵
PID:4832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ff8e9a346f8,0x7ff8e9a34708,0x7ff8e9a34718
  2⤵
  PID:2452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,5467563330015166913,16409877824712678447,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2028 /prefetch:2
  2⤵
  PID:1844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2024,5467563330015166913,16409877824712678447,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2520 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2024,5467563330015166913,16409877824712678447,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
  2⤵
  PID:2920

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5184

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5256

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
- System Location Discovery: System Language Discovery
PID:1548

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
PID:5688

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaultac30ad9dh602dh432dh9b79h249c3cdd4e5a
1⤵
PID:5884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8e9a346f8,0x7ff8e9a34708,0x7ff8e9a34718
  2⤵
  PID:3268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,5213857146468942779,15512411490773732640,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:3572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,5213857146468942779,15512411490773732640,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,5213857146468942779,15512411490773732640,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3004 /prefetch:8
  2⤵
  PID:3568

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaultda548301h9fa1h40f6hbed5h0fdf19f118d5
1⤵
PID:5800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8e9a346f8,0x7ff8e9a34708,0x7ff8e9a34718
  2⤵
  PID:3640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,5034081938322476287,6184860029829563602,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
  2⤵
  PID:5252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,5034081938322476287,6184860029829563602,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,5034081938322476287,6184860029829563602,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2944 /prefetch:8
  2⤵
  PID:5308

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6124

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
1⤵
PID:4544

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault3607f1e9h3d81h4500ha6e2h9282477d9d13
1⤵
PID:4964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xbc,0x128,0x7ff8e9a346f8,0x7ff8e9a34708,0x7ff8e9a34718
  2⤵
  PID:5128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,15435578311263214154,3381359501180926417,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
  2⤵
  PID:3868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,15435578311263214154,3381359501180926417,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,15435578311263214154,3381359501180926417,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8
  2⤵
  PID:4924

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault807a8230hf85eh40a8h99d8h31fd7e6c8caf
1⤵
PID:5388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8e9a346f8,0x7ff8e9a34708,0x7ff8e9a34718
  2⤵
  PID:5148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,9876138772229786197,9406976204659058797,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2228 /prefetch:2
  2⤵
  PID:5284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2216,9876138772229786197,9406976204659058797,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2216,9876138772229786197,9406976204659058797,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:8
  2⤵
  PID:6132

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaultb04aad53h011eh4ce2hb008hf0c582817261
1⤵
PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8e9a346f8,0x7ff8e9a34708,0x7ff8e9a34718
  2⤵
  PID:5852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,13762230811355294598,10297319885611261193,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
  2⤵
  PID:2232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,13762230811355294598,10297319885611261193,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2180,13762230811355294598,10297319885611261193,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8
  2⤵
  PID:2756

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2064

C:\Users\Admin\Downloads\aimware_external (1).exe
"C:\Users\Admin\Downloads\aimware_external (1).exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2212
- C:\Users\Admin\AppData\Roaming\XenoManager\aimware_external (1).exe
  "C:\Users\Admin\AppData\Roaming\XenoManager\aimware_external (1).exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:5380
- - C:\Windows\SysWOW64\schtasks.exe
    "schtasks.exe" /Create /TN "svchost.exe" /XML "C:\Users\Admin\AppData\Local\Temp\tmp1804.tmp" /F
    3⤵
    - System Location Discovery: System Language Discovery
    - Scheduled Task/Job: Scheduled Task
    PID:4628

C:\Users\Admin\Downloads\aimware_external (1).exe
"C:\Users\Admin\Downloads\aimware_external (1).exe"
1⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:3412
- C:\Windows\SysWOW64\schtasks.exe
  "schtasks.exe" /Create /TN "svchost.exe" /XML "C:\Users\Admin\AppData\Local\Temp\tmp5C41.tmp" /F
  2⤵
  - System Location Discovery: System Language Discovery
  - Scheduled Task/Job: Scheduled Task
  PID:5532

C:\Users\Admin\Downloads\aimware_external (1).exe
"C:\Users\Admin\Downloads\aimware_external (1).exe"
1⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:3276
- C:\Windows\SysWOW64\schtasks.exe
  "schtasks.exe" /Create /TN "svchost.exe" /XML "C:\Users\Admin\AppData\Local\Temp\tmp9A44.tmp" /F
  2⤵
  - System Location Discovery: System Language Discovery
  - Scheduled Task/Job: Scheduled Task
  PID:5352

C:\Users\Admin\Downloads\aimware_external (1).exe
"C:\Users\Admin\Downloads\aimware_external (1).exe"
1⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4412
- C:\Windows\SysWOW64\schtasks.exe
  "schtasks.exe" /Create /TN "svchost.exe" /XML "C:\Users\Admin\AppData\Local\Temp\tmpEB61.tmp" /F
  2⤵
  - System Location Discovery: System Language Discovery
  - Scheduled Task/Job: Scheduled Task
  PID:5268

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
41e9b9e46868fbb4b61c3ba8b3911571

SHA1
27c9c0f713d7f2cfe0380d67ffb03f819f0c0d61

SHA256
3f0fbf2532c12a7234de079905163d40c6222afc484dfd722c022a1c5811e77c

SHA512
7bd3efe39191c44fe70cde19bde055342f64aeb4ea9e2611ab7b1e53f4116a665222c827cc672f654dc825ae43576a6f86cad9fec9d9e9bf344f9827ffcdf36a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
2dc513b0c11397ac78bbc29901716c69

SHA1
da93cfedf7feb66314d4c7c659f928614ad4897f

SHA256
ddd1584f722bdb2211e7d47093debb31faa51c3a9b6d45b0d0abaafb2d01164e

SHA512
d7d57074e9893c17e9480da89f9c8e1a5efc48ba8670a6017c34db2f57784597cda04af8f771f91ebb412e98bc9fbf98c23d31752f619a00576cac0e8ba3ce67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
b2e7404dbda576d809bca06c0f37ca14

SHA1
4aa947df21e195430cb4660d37d96beb78e8c790

SHA256
97419949573b68d4d30161ffd4063d8bf653d391b40d0906c53bcf9aa608f17e

SHA512
ba98422aaef31c1e64bd2e4d577260a6822bfe2ab3cddb1d5b138431b94bdba40a9d1c332183078f86173afece2b1a999b13d85f0322063a5263b832a6e21e38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
aa28d19907da794af490941c89b82d6f

SHA1
458ee6ee103c34afd86452c37f7ae3b857f4ec73

SHA256
a81ea0a6c61af0c1d306a32f7dbc93b41ecf6ff9897a7f480a64ce495d5ae533

SHA512
7c6cdde4a8ea9257feb0583ae31b58d2288a26b99a5035bdc817d2715a50e76c0e806ac4191cc9e086f59f57b6165e11b7bdd6467944852669159eb7c74b6d41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
04616c19ed9158eb08f827f99a68d089

SHA1
0e4a78e38cabbf8854d8b6103cfe4c08100f86bc

SHA256
e716ebe00283b5b44b662f72dd1248e4d76610920d20cf45ef154a0807ea86d7

SHA512
e31327ce0b4c4b49ff840320d4ef727fcdbd3ad034a2fb0267e2e5351a0968c3591fb1f045ed66a962d4f72ce40471b5cde85bc20d36d05fe9c03ef392fdfb22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f8c0bd951c7305476c41c678e5b6b01f

SHA1
b9bc1c9a7511a2e3bcd37027168921f20e74ee23

SHA256
b9688aed1ff4a9712fb08ecbb8967e16e05413cf74460d67922e13cb55c84d2d

SHA512
50efbd4538bc20a019d7eda029d50b5f8e98e0f8f1e3df333a93c302bf7148ee804a8c5260a1f2ff6725501c2bc5da5df1416c90ed9c9fccde2da36c6cee8d99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
eb18f67d30e3d80258886ccf34b1c685

SHA1
8f68a24b69344eecb6caf39f906297cfc524a537

SHA256
1a26aec627e99e87050187fb380a396959abb71806636e8cde0aa15308b34c1e

SHA512
5ca6dc6b132c1d28c91239be146feea920b38af7aef6b3493b6cd118cd2ebcfaaa7b14e6c6c67fad5b59b13b6e4b8c2a2282dbb685c69abf53d5e918177a86b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a7b5b6d56c99062abaab143f082394dd

SHA1
467ad33dcb1453f8caeaf96b695e31b5a7c122e8

SHA256
f812668879a3251be535147bef4bc2f9f1ff53e74157a935d003a3f4f47a380e

SHA512
8fddee049dad4829370caac261ed7579fe16a8102f0361a3e3db0b2b7d06c9b743d09063116f5eccbd6c96a9f3bc54062e3b911340e48e08b8fff87cdec23173

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ce4fe76ffd516624e793b781107e6b4e

SHA1
52abfabd45dedffc3fbe2a7302ee831d84a91288

SHA256
d9c705f0044af429f75ed517a02ab1aba83688e770ec4e042b3087def0123c79

SHA512
7eb2b226f3d32a71740da9596c9090d5f203b45bad81c780c4a69c8c5e518dafce1a5099c5f1de73303d0df00b26d9ced1bf93015c66ccaa02a38b6d37fd5dcd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b0dcf584232289e8dc5eb2c9d8ad0880

SHA1
b37212685fa11ff962f0dfa78fa562665ceb2a29

SHA256
9d2d73e2e0eae9ce2fed9f7afad77f1073a22be8ade6d73706d32a43112982d0

SHA512
c17ec7e5b6eb2bf0e2da247fe82e465fa377ceb8c048290bc0200c49377b06580e8d905c8ab022d3f4b44e088bd4b76819067c9f093a15c8b38eaf19041839bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9a8a2a3c34d66c7098b0c8e635eec889

SHA1
dad8e4633f1b464a705a49dd627aec6c156893a8

SHA256
b8695786b26dc927c0efa70b15c5869c8c906015358ed7c78ea695442db7defa

SHA512
2ac617ddf50e69eb5110df3e782693bdb8ac02a92e1db884909876b7f18c4b9e24fd03d7cf3ffebb724788ca8b95bc94789a6c0183fe7e4955d6bf04a58c73da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
be49692c59d9c9861f808b2c4b03559b

SHA1
5163a01eac5ef44cff7b214e754712b62981934c

SHA256
bab30f4475c9cc6e9ea0ba25c0c2a0e6e72fbfa8689bcd617a66b76c611793f0

SHA512
c5b9f303d75423e17f5fce3008c6586d661a100bf33945e321a200d98d6c34423a6f811c77bcf48c9869524b108a6bbf00ddac1366fc51f7218419132d8609ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
44b61f018b1f9ef6742ebd8a560e8e71

SHA1
de4d7d9b3813be21a6f94a72b4755fbcf7c83e1e

SHA256
fb846f2800a064fa1f51187559c0bca4d199483c35391074475a8cbc6d97202a

SHA512
063b75aefab6f7e2886217d285e0ecdba2a1a1bfa2b22043d0853d1207cbf1f66282ae6f5bde9f8e63cb5ec5dafad8e409c3a27fe9a559d99be0a4cb6f090db2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
474ec7710bc0bccf5bab0773e11f6445

SHA1
f674f98803712096e0af7cfad7049b7137ebf3f6

SHA256
e3e66a447ad33af88d923194a8f967e3abc4237bad1e42866ba48e10e9849177

SHA512
d726b0d849fd5c608f955fd3c3cfa120330b768305965f01f0630bc2a2d7e59c225d2fe434f53b5459d8cf370b9ce2d975f3146591fdac51ea7e27d8af361e64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2859f306b4de09b5a0afaf3537c13523

SHA1
86ccd5def87c5a71d5baaa102604cb6023fe864f

SHA256
063ee8f7ca338eca39518266ae6cb242fe609f31d0684b4a7cb28ca682a32c5a

SHA512
74ded300629ac36929daa98bf96af808d710a0fa853ef7a62f38f3e653cee4ae39bff999eb9c7df4e15590d49ad308eaeb81dc7da0d0ef344b24773951abae37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7170e76786766af5e230e23f20564bf2

SHA1
4848b25401f361785ca58016d336ed9308950a36

SHA256
1146eb15cfbcdb95571a32e526ab0d2ecfbaca5513fd0617085d31ff834f61dd

SHA512
42ab46b40e0885390b8e8f3e79455be0b44d08b70253d247b52f9486a5a0cb17eab01f5542bc0c3f90d4026b1026ad4fa723497026398ca010d2547c70fd5f53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
caf3cf6b865a2101c2e106ccb122333f

SHA1
e1a5a8f200c454ad6ccb4e4d4971c6168d5754ae

SHA256
869e96cfc5563573da8c0a6f9eb9d367f1b6bf28b42b93ad482064406fdf6906

SHA512
686ef5243156c211403296236e8a925ab22c3e0e0d81d5c1b9451dc8f74ac41aab03be93935f5ea322a6ddbb6c99323606a38aad5400d150797ff39d18d1d8b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
239ac65762e34d743c3d9bb576c95093

SHA1
aba74ea31aecd8ec62169a765e01a94900ff9a94

SHA256
fd7600b21e37f6017c01ff3481b86a8487d792ee742281885a0b2023dccfa48b

SHA512
8b7708ab4ca0ad50eed6374aee6f4cd1773f8b8924794806a0480170cac0394c143a5313a19d7370773f0c1b9787d30a63da3ca4f7b02783e5973920b8bd9dc1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
98d02e9a7f1b1ef177eff7b24a17ab05

SHA1
eab9de88a335fd32226a0014ba885f92f2894c33

SHA256
b96315d8282eaf6b8a43c721725ea94a3e745bc7b1c2639d6e0764fe5c93c3ab

SHA512
8a1f31ddc0ff40dea119ea7160561c72f22bdb0e6c822d82e4e59bb170b5d16b014932a9e81762322b0e74105d2aec9e8c30a5a93e64af17251e2ed2ec283598

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
40bb0f866be451c860a8b91f1cc35f72

SHA1
c61166d5ddd15d54da562cdb55238dea99176266

SHA256
d9ea530ee26bf51f806de9522a9d931fbe3c5c7ffef6217108b4bec90ec7f401

SHA512
6cf15f5e2a0a88f12778ef0d4dc62cc05d994efa3905a69acd5dbef5c06355a333cb73b388b68f22e83a97671f7985a7c8c6ffcf6f8494e907c4fd4ac10a9496

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
32c3627e43836810f7f994a9e39dbdfc

SHA1
e42970ab104bddf97a5ec3eeec55fbddbdb80e4a

SHA256
a7aec8b9f978499d20a21ed59ca92b5611b654931ac8040069cf86fd023e1f69

SHA512
801193375d8b672260e94b6a1e1cc1295d787e83de4b975db0378ffea9ee21650c215d99cb04f275a4bc7b1f322a4f11788acc0150cc8528bbff402658a9a085

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2ff6ebfe975ef6bd18c98eba56c11f0b

SHA1
c485373a9ac1bb5448a60490a9b0e50d71f5c7b8

SHA256
824ef3a09166b600b61da782aa6dfc1f1b5222f61bdd5bceb5072ee3bfc6a518

SHA512
bcfc116e2b359ef0a4ce2fded206f75612344adce73a6c63847c4e42400aedb566c74b2eca88ae3c17abb6fb1833e7fcd32d182339d9a892fee1ac2cd6a89a84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
84c1ad41a0db890c6c9cc4c6236a5676

SHA1
28dca901f0db989dd0954e788b50ff0a99061c89

SHA256
099482f83fd0f83b0ab3da1c5c6a9828db13c032a6756b98bbabe559b2f08108

SHA512
b7d4f3d26756d082e1df3f4da7523f37a424ff63fd78de8e59d9da87fdc172ea4dfd565c284fe9db006bd3a9d4624d1789f5c28577156ef24b9716a848a5feff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0c195596eec0d9f72dbd56a6aa4b20c2

SHA1
ebd4f5acdfe7159276952a98d9a988915f1c0f93

SHA256
874cbcbcd470f2167bf3c0832f9835755322902dbfa10ec87923920e13e7a08b

SHA512
a92f8da4c47d1d4f671f7b568f2b413a23c703ff5b7a9a6cd53c15eaa449b2634851f125590bbd79e465e930f76281596a1b999a2717607d773add7f96c3c426

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d22c0c56c8e0f80b0efd7d6716a882fb

SHA1
526cdee1be0078b0206d9ba3d223e3d21cfa526c

SHA256
6a8c20291c2565240d64656c6b3f8e577ee6a9395ee8ce873848973640d8b590

SHA512
2f10d9f6852141d9797df91a0f5b6704553730e16f65d8c27fca83f541d1cb2df3f41844dfd1609741ea0f3a32a12aeeefcd2073f6129c3fcbdb81e51e60a4f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4b3de580b35f8f4cb335fa0d13a8894a

SHA1
1f92b10a49be3d9a7672af179658a5b90dbd49b7

SHA256
55a9467c74c046f18879a5d23448a67cfe497521f88daa76b07c2fc326a56d4d

SHA512
baaac7d268576e933f5961b2a0d847ba52359f516d085f1453b4b5bbbce1700ccd625effba293b7e53859ecf58d15d6a6cef07bf9892ddc7e91f7e88cfb0d6ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
20dbdf5994ae3c6b4b47ca65fe90c85b

SHA1
c63ea13b64bb8e039b5b20e0388eff9556baedd6

SHA256
033059d0d767adf2006b8b63e2025d5b7d8d52a4bef6decdfbc526f2f1a1b5d8

SHA512
b7f01b609a8dcca2b45b1f8474f208c65fe2ba1dee85853da999105a48336e8a8c4a594b5fc5932b50c718a23bfbaffedbcb7a53e1b3aefd3fef372b63c87271

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6d39a23a10cb8d152d7bc1ddc0958b82

SHA1
21eee9bb6675e56a270d1d1604f377de98522723

SHA256
8210c6345b7c867ad48c0f3e6721bd3ac73b10ffbea1ec4398607570431ca1ca

SHA512
ad0414eae1d05c96fa7a54e8fd0617dafe8c20e783baa18216e09288d42d8aa048cc3a891a5ac06e1cb275c2c3d60753788bd5d7f4cff8f973e4d2f308187487

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a798658ca3bd2e2b739355d84179966e

SHA1
a48d55ef6866eda013fb61f232f27b0083c1db1a

SHA256
0a208f198050f046cf7d85a90bc49fb1b171a852301fd68924d10914c0cf8d6c

SHA512
bda6e2911e6849f8ab43442f8a6b97d774134e4c1ec04ce0e3b21bb1e2dc82e7f53b310f0f331b651fec156305a4b1b232dc1cc6667012dec7bf8eca1dab2713

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
18b0488da5e3f78aaa25e8912ab7bc31

SHA1
fea99dcb6ad31277af25d477ce8eb56c2715b05f

SHA256
45db948ef103cc214b1b826acd3bdfb28352c29e7321c1aa136ad065442d820b

SHA512
4da970ccecb4ce01bb4b5c50a21cf04a772c92310155e7ed6ea52a83d4bf03f43e31a180ab1536a8431cf92431b76273e89cdf42ad5a7c00c53d27a424b1f80c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c311993e411bb9514da5494cad6d078f

SHA1
6662101e26688c1a17f2e1d7e8248235985b8a23

SHA256
5897229c5adcc2fe725de6ac633e07cc34ec7986cfb14cada44f8ae6b36d93a2

SHA512
65122de2b3727b3024cea67b012e29bae5258c4d9303c39993569e9cdc7b18c01abaf8bb8fe4ddb3ae8f770b666b78c0ccef9d6ffb75a36e2573b39959f4b920

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
13a48afdfd08eb7af2c06c13994539bb

SHA1
532edf29ddbf42ead49b1c96050759648c56065c

SHA256
f38f1bb6b86c5e64864478c71d29548e503ce4c5ac207b2208a7fc53e3a1c282

SHA512
8f5a465af8132268078c3d1bb71e9cc5a839e69c7fd17774c5e2cd1802b8c3f8c8b0fb652164cd6e841cb5f5c027738c796b0d7226515f932bb2376e393a8256

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d420e5c4efd48de14e568448227a3b79

SHA1
438f7c2421d5c95b787ce8286d3504708c6e7c67

SHA256
bb4db540a372a1c56864b0884a8f0193f8b5114680201eb644f7f3db78b4bfa6

SHA512
d154ab133a6eee9880be7479c456bb44a3b5175da4eff4f831d644358965595cde27643d6dc8bc179ea21b4e7e138b410ba809154b8b0953934affe6e03a3c49

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
58416d57bf72519851b00d5b0f3ffc9a

SHA1
753d73d07875b32f0aff4f62a8eb39e8083e08a1

SHA256
3d129c21b127e72a0ff1bb2e4b360fa104134ada8e1d8029ec9d26604814db18

SHA512
0438b40c1f06d5159a408811f400af23e2b3e5fb3bdb0878ed0a7f606715e9fbc83832023bcf88ec6776df7053d8371ddd5efd3144426654de59728d7e307b1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
8a9fb42ee99d5c2317c4f44c45b3c683

SHA1
050fd8b9f0573d009f3e3bca914407de97be470e

SHA256
82c1e784ec40ba21a798d0d41e294da68bdfb409e1d23781ab9bee40ce643280

SHA512
c1579696686aca37f2bdf7799488c3f548b05dee0a203bd582b0fa00578894e19f457f86317ba3dcaea6a390e00c24be1f4cb35f76f682f7961361bb8e603f93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
27304926d60324abe74d7a4b571c35ea

SHA1
78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1

SHA256
7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de

SHA512
f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9e3fc58a8fb86c93d19e1500b873ef6f

SHA1
c6aae5f4e26f5570db5e14bba8d5061867a33b56

SHA256
828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4

SHA512
e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fb471beba75e7014be735d0a58f86752

SHA1
6109797fdb66c978f27e1be147938054e2e56b5a

SHA256
1b9e9f134f473f6e4e2294a784b1960a6b8448ce4a1f3258316c9cd4aab2a7f1

SHA512
add70b510fbcbb26c1e1b0328c56446cd621876586697f78dfbb9855fc55296a601dadecd8572a02d49cd9ae57a022dc09ae40768af9925a162efa87336fc0c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cf8be01beaa4f2828f864c2682ebac34

SHA1
d8944071b9881d61c3e5b82ac7d6760a64086411

SHA256
e80e8a2aa5c408a6e17aa5c553f29191bdf4b57b8630a2060ecde43bc8d95bde

SHA512
06e12ea115a2ee74c7daf54ff1439120e5abd04880922a6718769fb486d6ff2cb6a0fcab07c7deb6e2100c803f5941708a2199388f7c0715efc2a1ebfb520835

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
58c6064aa5f08fffd28307f2eadcc0ec

SHA1
c40ad4c4db55841f48ef0c9469636745df11f541

SHA256
5c370bda439fcf7957b54b42d847fd247ce2b8cc8deb86525097ba76967d67c3

SHA512
befd6b87056b6dd1fcd867e7d1fb5c93748fdf2d103f7b808a3623004a180cac1ac19803c44ba4e8ccfdbcb069d54cb9f31ed30e01642635effbf0829d6bb73a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
099d6bf091ebcf37e2d5213df5f02555

SHA1
fddba95b87b8705dd3fbef36e3ed9db08294fc69

SHA256
bc279b99f44652a6586cee6558eb7303ac882093f7c2fb40fbee851d1df0ead9

SHA512
e1f47123cfc9bf4b27e876c3ed1f045df5f1e0fed51d97703a4781f2a8cf6e4c373ebcec020f8c1dbfee498dd75ea2e01444445902afb82d5d3dd7ab31ca0ba1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
334B

MD5
a2ec5b5f18c51c6b82fe6605064d0751

SHA1
e7f92685cc95d7ea8751d3155b460bcf629b64d1

SHA256
6d16a64268f604bb3dde31a4c10a337d67e04b4dc88c925fcc667ecb245005b7

SHA512
6c68ef1f5d3021a613629640cba8c68232612c7c78adfd58fac53d30eca099ffa0099c0749b2395629b315841bef4bb5d3d412ba5203a2ab81fffd0dc6a5b812

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
334B

MD5
93d5f80d8e7ffa6c2aee4fd552285ac0

SHA1
e2b4ecc26ccf5e18ddeeb643f64ba77a072e0f10

SHA256
2f1e9e81852ad47a0218640eca0a66cccc1cf08d5f4e79733fec8a2aa84c18ed

SHA512
1f6ccf64edf998e13beb44eed4c165ac173a8a7171825dafbcc6fc5f027df1dfafcf65f009c8f231fdd0f84003b1609cdcf378da682e637f37998e9c43a4ac45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
61B

MD5
4df4574bfbb7e0b0bc56c2c9b12b6c47

SHA1
81efcbd3e3da8221444a21f45305af6fa4b71907

SHA256
e1b77550222c2451772c958e44026abe518a2c8766862f331765788ddd196377

SHA512
78b14f60f2d80400fe50360cf303a961685396b7697775d078825a29b717081442d357c2039ad0984d4b622976b0314ede8f478cde320daec118da546cb0682a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
65fa8fd867f443833621ba0eba323667

SHA1
1fba57aa859e0fec4f1918ee84b2f82b1f680efb

SHA256
b28f4773f8b8f3066f9ffb9af89bbc8e90653a421b4f3aa4853aaa2f424725fe

SHA512
9c79c1c924b60bcf104d4b1e6d98956ac93e890bc11a84e7056894ba7392b9956c6ccc96a91e95b5d11d35b802f91feb6d0373ecf417ed15d7840bc762681cbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
40aadf679878ad623b9b5706e234046f

SHA1
2d44021a391eb03d295f521ef1867e90a36207b0

SHA256
18975465f95b8af8242145f367c37a19fd50268c340da11a64fbb41a2e603a9c

SHA512
701a8ec453ab6d5e6aaa64543aa3235ce24c22404ec63a1b4408992d32f5af74054d3b9d3004866e5b48b42ef4ecc5253ef68b8e7f3b2b9196a1946fb78ef2da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3583afd09e654cf2f8be923a542fdce5

SHA1
1295ca3285a48ec0e34113893f5033052993d308

SHA256
1c8552e21c5175c5109cce2eba5487b7da853270d3a3685fa80418aa46aa11db

SHA512
0c4bb84ceab3bb86e6967795a63fdc7b42b416dd2b9367fdb13c2cd6826a022fc668a44c1017e4d4076432e95eb657a5183be4dc58ba16cd267c3f036713f42c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
478f8e29ed157f040b63605c289c49ba

SHA1
ab112cad3fb8aed90e3d6312fcc022f9e2b93be1

SHA256
b73368a82645bf944e6f9f5144e6c4e980c1f39137557f6dfa8d068c0dc0c2cf

SHA512
190a2088416089026c0d1a2883adf046565dfe9b72ca0e1283e4f3be3d527f95c0aea446d35e7ac905077a20ab3525287096ecd6985ead51898b50af7eede4dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
221646a871882cc102d77ceb9b82a267

SHA1
e8e66aa99e297a1889cfa3386000463c5379dfbc

SHA256
27dbb37cb249c8585c05d471a621da62d34f701883dd9e271bb92e7f604dc816

SHA512
b4405ee026726d43298ca7f9159151be576a27e88b44ed0f22197116f2b2df3ac58e619efd538b0586a1a430d6c890e58e1688bd36aa3489ffe79d77530bef89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
e30d67a8827f8baed4c468a6533b3202

SHA1
f5e1449b51777d1ce533f7316b9ca82f3fb72c67

SHA256
4356c49e8544cd000533560afd64b8ddfdaab8b3a5e01f626da6a0c4831ee423

SHA512
4ba9800e3e14a66820e79a23ba36405cde0088baece6feeac5770bde125eadc62eede8194cd50ddea1ce121fbbb58f21eb92865051e7f920de5fd39b440425a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
7a8a323133d69398c5d1dabbd65b15f9

SHA1
8c4572a418d6789648470794d21e956cef37fd3d

SHA256
2381684ebca79471b5c46bde0ae1df85cda2762b7bb332c6bf8a7e4ba08abb9c

SHA512
33c5f67eb735a3560611650bfa253243d85b8ab4bb79be18ff279d39c2e29979ddb2ee44716e00db07183cf269c3f19ead3a64598651a9f6f1ba2b3bec0bdc87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
2cd0ed70165f3e57ab72a09a6ff59b52

SHA1
5c56e1a2fc2eb7e77e81ec5da3ae778c7425b41a

SHA256
ead4ad894cb3778660947781e35917dc241e9c1180883d6fd4885e7181c8a4f5

SHA512
f4616a6c0c2c886bcadff7706fdc1d22dab8004766819a1e33bfb70c5e37f407803dc89b631b78fdb50ea3707b5e0162f28bfdfbc74adaa2137fe483c0ce09bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
68e7c0dabbe981b4510b6822df050dec

SHA1
c7cb17ea98b589ee83d70184d99a4895128b8d41

SHA256
d79909c9b9b7b2cdc5160ede88fbb812af1493d33ee7f66fc550285d75ec197a

SHA512
cb58cd43caa06b12aa1fe89f2a72b12b92e6d95fd6d261f52d28e7eee0c29393787d4eff5ccb5af17488de8df68635752137612beb37fd71a04ccca2a9218ce9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
83cb96321f9cb53507e3ef0fb966cf4c

SHA1
2972492065a71df172fb453b5abe065b976105d9

SHA256
2a5fbc509857746ffe51817b55d126ae378f6432b2f3ba237bce2cf7bc73fb47

SHA512
a1515a6adee518fb4861c21fe09bec90d8b7f8de1b85002eab8292a16b0c3c2f55ee8ada7f22312d27715196fca1cf8de424a0aca03287494797f74d00117360

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
5b716db90aa6f65955662d931a3bf4a7

SHA1
06663f7ba828452ecbc21023445acda916edf7e1

SHA256
6c9cabe78f9f4e1f89144a3ce2e57adbdf1d009f4da180ba9c25baf1b3d5d30c

SHA512
09e33e86bc520660f4c9ac442bf68500d882d61aaf2d01e428b6a7c07a78e9f122f1520892c05fe8d9aee36e2084eb45e6467130f0aac587ff07cc469f1acf8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
49745c940cbf9d9d2cec13a1123629d5

SHA1
9b0efddf9d00ebe10e88ff6fa470439093b119f8

SHA256
cd1225c352a4daff3ef31a5de3350aefe130cd058daaefecb32505fc2b124b5d

SHA512
732cc0ede21aa264cb790aa2f9ca3c1c105579263c4e16a2873e2cb51bec6b66b776be6bb89b43816d36e7a87be4a0951e8bca0d4bb4f53fcdcd904d98e6e82d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\fd977cff-4b51-4529-aafe-bc06600c3292.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
372834577d56042f300ac05902b22970

SHA1
eb7ce7f523445111a066675badfc600e77d04486

SHA256
57aef6694134a25371c6eb54a9644a1659c2bd8337235ae739e79b5cdec0302a

SHA512
ba0af5bec2d44519b25f26209c868a2b6add2f7c9eee1255b35951e786112a3d8861a88948bcf0c2d60c63d0c83df17922f20bcafa0577ebf47f2aafe3a84e7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
3ed9cdc3376e0048c1e008c5042f33e0

SHA1
3514c703f4fdd37026f6f5114dbaaf73b606b7ac

SHA256
52078f5d96d31bf53b175af3dfc291a38faec01f3c6d7ed7a845f236a883ec78

SHA512
3ea7a10ca81ba47d49c3b22521cc7e79af61bc5e53c6519193e3d64a8b5973d52a62d136da4a77315dd61c2ccd20122c5092022cb823e2bd4c4a4a965365011f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
1444b6f0fd10910a0bc1a1ec99529bc6

SHA1
dd8ca2a60e1f1d14f9e25c85e668d0a4260f4f4a

SHA256
f07164581067aa584d8061d86d4888494acbe8185575269ceb5e9039a2af2d71

SHA512
7cc3c11d5cd958b59fe8f2c2ace9d885b5e161c8c0599bc0a0099cba1ec3cdadaa1de70edc3e8c0bee5287c6bf8eecf2540d7446c0e760db79fee7526b587db9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
a00d5ff09538221b519cdb6cf0e61544

SHA1
c370ebaf5156d318154479143ef35a5a1500df1d

SHA256
8cfe43d5e2f74646cee5b1c07720bbfb6242496898c8678ceb71aebbd65abc94

SHA512
9315ad693eb11864014483ac6ea2fbde85a6a29a0e4e8e5b66173a9c184fa80a829aff4e302ebf2823bc371904ddbfa057a7f20aaaf58d88a52452615a61d61b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
32e4ac4cc8415958cb8ab4bce1a62618

SHA1
566777c7193b1201bdf089b541648fa62b5fce09

SHA256
dba42fab5ae8b1935763311b72174780781c157e535a97ea3c3222153ca14546

SHA512
fab0de7c94d741d6a2679113a2d33b961aa7e11d00388d92edca35bfc7014f9315d511e3a056ba2eb61a2a8e317ceefc42102577450e57edf4710ea1c2b4f3db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 262777.crdownload

Filesize
1.1MB

MD5
f3726ec3f03283f95e814d084a2769be

SHA1
44afeb86f4d8bfdd8cf49843fc79dc5c5f3d5cb8

SHA256
20f245865bcfc518bf44fa8b1bbfa3c91724ed003d65c5002f9823deddad6d6c

SHA512
93cb5e28494193f0bec93877bfbefda33b71a61fb3d113e20e3f3bf905bc7b530e057218d6ba52c03e13054471c9e8de00e24ecea4747550e209993562d9b29c

Download Submit
memory/2212-758-0x00000000009F0000-0x0000000000DA2000-memory.dmp

Filesize
3.7MB

Download
memory/2212-771-0x00000000009F0000-0x0000000000DA2000-memory.dmp

Filesize
3.7MB

Download
memory/2212-739-0x00000000009F0000-0x0000000000DA2000-memory.dmp

Filesize
3.7MB

Download
memory/3276-818-0x00000000009F0000-0x0000000000DA2000-memory.dmp

Filesize
3.7MB

Download
memory/3276-845-0x00000000009F0000-0x0000000000DA2000-memory.dmp

Filesize
3.7MB

Download
memory/3276-815-0x00000000009F0000-0x0000000000DA2000-memory.dmp

Filesize
3.7MB

Download
memory/3276-814-0x00000000009F0000-0x0000000000DA2000-memory.dmp

Filesize
3.7MB

Download
memory/3276-811-0x00000000009F0000-0x0000000000DA2000-memory.dmp

Filesize
3.7MB

Download
memory/3276-829-0x00000000009F0000-0x0000000000DA2000-memory.dmp

Filesize
3.7MB

Download
memory/3412-798-0x00000000009F0000-0x0000000000DA2000-memory.dmp

Filesize
3.7MB

Download
memory/3412-801-0x00000000009F0000-0x0000000000DA2000-memory.dmp

Filesize
3.7MB

Download
memory/3412-832-0x00000000009F0000-0x0000000000DA2000-memory.dmp

Filesize
3.7MB

Download
memory/3412-828-0x00000000009F0000-0x0000000000DA2000-memory.dmp

Filesize
3.7MB

Download
memory/3412-813-0x00000000009F0000-0x0000000000DA2000-memory.dmp

Filesize
3.7MB

Download
memory/3412-797-0x00000000009F0000-0x0000000000DA2000-memory.dmp

Filesize
3.7MB

Download
memory/3412-848-0x00000000009F0000-0x0000000000DA2000-memory.dmp

Filesize
3.7MB

Download
memory/3412-787-0x00000000009F0000-0x0000000000DA2000-memory.dmp

Filesize
3.7MB

Download
memory/4412-847-0x00000000009F0000-0x0000000000DA2000-memory.dmp

Filesize
3.7MB

Download
memory/4412-833-0x00000000009F0000-0x0000000000DA2000-memory.dmp

Filesize
3.7MB

Download
memory/4412-834-0x00000000009F0000-0x0000000000DA2000-memory.dmp

Filesize
3.7MB

Download
memory/4412-830-0x00000000009F0000-0x0000000000DA2000-memory.dmp

Filesize
3.7MB

Download
memory/5380-783-0x0000000000790000-0x0000000000B42000-memory.dmp

Filesize
3.7MB

Download
memory/5380-831-0x0000000000790000-0x0000000000B42000-memory.dmp

Filesize
3.7MB

Download
memory/5380-782-0x0000000000790000-0x0000000000B42000-memory.dmp

Filesize
3.7MB

Download
memory/5380-817-0x0000000000790000-0x0000000000B42000-memory.dmp

Filesize
3.7MB

Download
memory/5380-812-0x0000000000790000-0x0000000000B42000-memory.dmp

Filesize
3.7MB

Download
memory/5380-772-0x0000000000790000-0x0000000000B42000-memory.dmp

Filesize
3.7MB

Download
memory/5380-784-0x0000000000790000-0x0000000000B42000-memory.dmp

Filesize
3.7MB

Download
memory/5380-846-0x0000000000790000-0x0000000000B42000-memory.dmp

Filesize
3.7MB

Download
memory/5380-799-0x0000000000790000-0x0000000000B42000-memory.dmp

Filesize
3.7MB

Download
memory/5380-786-0x0000000000790000-0x0000000000B42000-memory.dmp

Filesize
3.7MB

Download