agenttesla | hxxps://www[.]mediafire[.]com/file/jqnxvytqls7z382/AZZY_CLIENT_V1_FREE[.]rar/file?hash=YoPQyBrZZIbrsyW26oHXNu30aIdxDd531ZzAs1BLMJmLXxtpYRhVkX4OuNkzUkt9

Analysis

max time kernel
304s
max time network
302s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
17/08/2024, 16:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.mediafire.com/file/jqnxvytqls7z382/AZZY_CLIENT_V1_FREE.rar/file?hash=YoPQyBrZZIbrsyW26oHXNu30aIdxDd531ZzAs1BLMJmLXxtpYRhVkX4OuNkzUkt9

Score

10^/10

agenttesla discovery keylogger spyware stealer trojan

Malware Config

Signatures

AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
keylogger trojan stealer spyware agenttesla

AgentTesla payload 2 IoCs

resource	yara_rule
behavioral1/files/0x000700000002354b-457.dat	family_agenttesla
behavioral1/memory/4300-460-0x0000000006260000-0x0000000006472000-memory.dmp	family_agenttesla

Executes dropped EXE 2 IoCs

pid	Process
4300	AzzyLoader.exe
2052	smi.exe

Loads dropped DLL 4 IoCs

pid	Process
4300	AzzyLoader.exe
4300	AzzyLoader.exe
4300	AzzyLoader.exe
4300	AzzyLoader.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AzzyLoader.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	AzzyLoader.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	AzzyLoader.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion	AzzyLoader.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133683863221649243"	chrome.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
224	msedge.exe
224	msedge.exe
3548	msedge.exe
3548	msedge.exe
6040	identity_helper.exe
6040	identity_helper.exe
5472	msedge.exe
5472	msedge.exe
4300	AzzyLoader.exe
4300	AzzyLoader.exe
5280	chrome.exe
5280	chrome.exe
4092	chrome.exe
4092	chrome.exe
4092	chrome.exe
4092	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeRestorePrivilege	5812	7zG.exe
Token: 35	5812	7zG.exe
Token: SeSecurityPrivilege	5812	7zG.exe
Token: SeSecurityPrivilege	5812	7zG.exe
Token: SeDebugPrivilege	4300	AzzyLoader.exe
Token: SeShutdownPrivilege	5280	chrome.exe
Token: SeCreatePagefilePrivilege	5280	chrome.exe
Token: SeShutdownPrivilege	5280	chrome.exe
Token: SeCreatePagefilePrivilege	5280	chrome.exe
Token: SeShutdownPrivilege	5280	chrome.exe
Token: SeCreatePagefilePrivilege	5280	chrome.exe
Token: SeShutdownPrivilege	5280	chrome.exe
Token: SeCreatePagefilePrivilege	5280	chrome.exe
Token: SeShutdownPrivilege	5280	chrome.exe
Token: SeCreatePagefilePrivilege	5280	chrome.exe
Token: SeShutdownPrivilege	5280	chrome.exe
Token: SeCreatePagefilePrivilege	5280	chrome.exe
Token: SeShutdownPrivilege	5280	chrome.exe
Token: SeCreatePagefilePrivilege	5280	chrome.exe
Token: SeShutdownPrivilege	5280	chrome.exe
Token: SeCreatePagefilePrivilege	5280	chrome.exe
Token: SeShutdownPrivilege	5280	chrome.exe
Token: SeCreatePagefilePrivilege	5280	chrome.exe
Token: SeShutdownPrivilege	5280	chrome.exe
Token: SeCreatePagefilePrivilege	5280	chrome.exe
Token: SeShutdownPrivilege	5280	chrome.exe
Token: SeCreatePagefilePrivilege	5280	chrome.exe
Token: SeShutdownPrivilege	5280	chrome.exe
Token: SeCreatePagefilePrivilege	5280	chrome.exe
Token: SeShutdownPrivilege	5280	chrome.exe
Token: SeCreatePagefilePrivilege	5280	chrome.exe
Token: SeShutdownPrivilege	5280	chrome.exe
Token: SeCreatePagefilePrivilege	5280	chrome.exe
Token: SeShutdownPrivilege	5280	chrome.exe
Token: SeCreatePagefilePrivilege	5280	chrome.exe
Token: SeShutdownPrivilege	5280	chrome.exe
Token: SeCreatePagefilePrivilege	5280	chrome.exe
Token: SeShutdownPrivilege	5280	chrome.exe
Token: SeCreatePagefilePrivilege	5280	chrome.exe
Token: SeShutdownPrivilege	5280	chrome.exe
Token: SeCreatePagefilePrivilege	5280	chrome.exe
Token: SeShutdownPrivilege	5280	chrome.exe
Token: SeCreatePagefilePrivilege	5280	chrome.exe
Token: SeShutdownPrivilege	5280	chrome.exe
Token: SeCreatePagefilePrivilege	5280	chrome.exe
Token: SeShutdownPrivilege	5280	chrome.exe
Token: SeCreatePagefilePrivilege	5280	chrome.exe
Token: SeShutdownPrivilege	5280	chrome.exe
Token: SeCreatePagefilePrivilege	5280	chrome.exe
Token: SeShutdownPrivilege	5280	chrome.exe
Token: SeCreatePagefilePrivilege	5280	chrome.exe
Token: SeShutdownPrivilege	5280	chrome.exe
Token: SeCreatePagefilePrivilege	5280	chrome.exe
Token: SeShutdownPrivilege	5280	chrome.exe
Token: SeCreatePagefilePrivilege	5280	chrome.exe
Token: SeShutdownPrivilege	5280	chrome.exe
Token: SeCreatePagefilePrivilege	5280	chrome.exe
Token: SeShutdownPrivilege	5280	chrome.exe
Token: SeCreatePagefilePrivilege	5280	chrome.exe
Token: SeShutdownPrivilege	5280	chrome.exe
Token: SeCreatePagefilePrivilege	5280	chrome.exe
Token: SeShutdownPrivilege	5280	chrome.exe
Token: SeCreatePagefilePrivilege	5280	chrome.exe
Token: SeShutdownPrivilege	5280	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
5812	7zG.exe
3548	msedge.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe
5280	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3548 wrote to memory of 3016	3548	msedge.exe	89
PID 3548 wrote to memory of 3016	3548	msedge.exe	89
PID 3548 wrote to memory of 832	3548	msedge.exe	90
PID 3548 wrote to memory of 832	3548	msedge.exe	90
PID 3548 wrote to memory of 832	3548	msedge.exe	90
PID 3548 wrote to memory of 832	3548	msedge.exe	90
PID 3548 wrote to memory of 832	3548	msedge.exe	90
PID 3548 wrote to memory of 832	3548	msedge.exe	90
PID 3548 wrote to memory of 832	3548	msedge.exe	90
PID 3548 wrote to memory of 832	3548	msedge.exe	90
PID 3548 wrote to memory of 832	3548	msedge.exe	90
PID 3548 wrote to memory of 832	3548	msedge.exe	90
PID 3548 wrote to memory of 832	3548	msedge.exe	90
PID 3548 wrote to memory of 832	3548	msedge.exe	90
PID 3548 wrote to memory of 832	3548	msedge.exe	90
PID 3548 wrote to memory of 832	3548	msedge.exe	90
PID 3548 wrote to memory of 832	3548	msedge.exe	90
PID 3548 wrote to memory of 832	3548	msedge.exe	90
PID 3548 wrote to memory of 832	3548	msedge.exe	90
PID 3548 wrote to memory of 832	3548	msedge.exe	90
PID 3548 wrote to memory of 832	3548	msedge.exe	90
PID 3548 wrote to memory of 832	3548	msedge.exe	90
PID 3548 wrote to memory of 832	3548	msedge.exe	90
PID 3548 wrote to memory of 832	3548	msedge.exe	90
PID 3548 wrote to memory of 832	3548	msedge.exe	90
PID 3548 wrote to memory of 832	3548	msedge.exe	90
PID 3548 wrote to memory of 832	3548	msedge.exe	90
PID 3548 wrote to memory of 832	3548	msedge.exe	90
PID 3548 wrote to memory of 832	3548	msedge.exe	90
PID 3548 wrote to memory of 832	3548	msedge.exe	90
PID 3548 wrote to memory of 832	3548	msedge.exe	90
PID 3548 wrote to memory of 832	3548	msedge.exe	90
PID 3548 wrote to memory of 832	3548	msedge.exe	90
PID 3548 wrote to memory of 832	3548	msedge.exe	90
PID 3548 wrote to memory of 832	3548	msedge.exe	90
PID 3548 wrote to memory of 832	3548	msedge.exe	90
PID 3548 wrote to memory of 832	3548	msedge.exe	90
PID 3548 wrote to memory of 832	3548	msedge.exe	90
PID 3548 wrote to memory of 832	3548	msedge.exe	90
PID 3548 wrote to memory of 832	3548	msedge.exe	90
PID 3548 wrote to memory of 832	3548	msedge.exe	90
PID 3548 wrote to memory of 832	3548	msedge.exe	90
PID 3548 wrote to memory of 224	3548	msedge.exe	91
PID 3548 wrote to memory of 224	3548	msedge.exe	91
PID 3548 wrote to memory of 4572	3548	msedge.exe	92
PID 3548 wrote to memory of 4572	3548	msedge.exe	92
PID 3548 wrote to memory of 4572	3548	msedge.exe	92
PID 3548 wrote to memory of 4572	3548	msedge.exe	92
PID 3548 wrote to memory of 4572	3548	msedge.exe	92
PID 3548 wrote to memory of 4572	3548	msedge.exe	92
PID 3548 wrote to memory of 4572	3548	msedge.exe	92
PID 3548 wrote to memory of 4572	3548	msedge.exe	92
PID 3548 wrote to memory of 4572	3548	msedge.exe	92
PID 3548 wrote to memory of 4572	3548	msedge.exe	92
PID 3548 wrote to memory of 4572	3548	msedge.exe	92
PID 3548 wrote to memory of 4572	3548	msedge.exe	92
PID 3548 wrote to memory of 4572	3548	msedge.exe	92
PID 3548 wrote to memory of 4572	3548	msedge.exe	92
PID 3548 wrote to memory of 4572	3548	msedge.exe	92
PID 3548 wrote to memory of 4572	3548	msedge.exe	92
PID 3548 wrote to memory of 4572	3548	msedge.exe	92
PID 3548 wrote to memory of 4572	3548	msedge.exe	92
PID 3548 wrote to memory of 4572	3548	msedge.exe	92
PID 3548 wrote to memory of 4572	3548	msedge.exe	92

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/file/jqnxvytqls7z382/AZZY_CLIENT_V1_FREE.rar/file?hash=YoPQyBrZZIbrsyW26oHXNu30aIdxDd531ZzAs1BLMJmLXxtpYRhVkX4OuNkzUkt9
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff82b2d46f8,0x7ff82b2d4708,0x7ff82b2d4718
  2⤵
  PID:3016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,5248842910757392428,7210715326762459595,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,5248842910757392428,7210715326762459595,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2512 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,5248842910757392428,7210715326762459595,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8
  2⤵
  PID:4572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5248842910757392428,7210715326762459595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:4536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5248842910757392428,7210715326762459595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:4352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5248842910757392428,7210715326762459595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
  2⤵
  PID:1348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5248842910757392428,7210715326762459595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
  2⤵
  PID:1604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5248842910757392428,7210715326762459595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
  2⤵
  PID:2196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5248842910757392428,7210715326762459595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:1
  2⤵
  PID:4028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5248842910757392428,7210715326762459595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6260 /prefetch:1
  2⤵
  PID:1536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5248842910757392428,7210715326762459595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6704 /prefetch:1
  2⤵
  PID:5184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5248842910757392428,7210715326762459595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6996 /prefetch:1
  2⤵
  PID:5272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5248842910757392428,7210715326762459595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7160 /prefetch:1
  2⤵
  PID:5368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5248842910757392428,7210715326762459595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7128 /prefetch:1
  2⤵
  PID:5456
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,5248842910757392428,7210715326762459595,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6156 /prefetch:8
  2⤵
  PID:6020
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,5248842910757392428,7210715326762459595,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6156 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2112,5248842910757392428,7210715326762459595,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5492 /prefetch:8
  2⤵
  PID:5364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5248842910757392428,7210715326762459595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
  2⤵
  PID:5464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2112,5248842910757392428,7210715326762459595,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5696 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5472

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4156

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4872

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3464

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\AZZY CLIENT V1 FREE\" -ad -an -ai#7zMap25360:100:7zEvent18389
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:5812

C:\Users\Admin\Downloads\AZZY CLIENT V1 FREE\AzzyLoader.exe
"C:\Users\Admin\Downloads\AZZY CLIENT V1 FREE\AzzyLoader.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4300

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff827aacc40,0x7ff827aacc4c,0x7ff827aacc58
  2⤵
  PID:4824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2128,i,14026607335668568365,13619291962095814927,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:6012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2036,i,14026607335668568365,13619291962095814927,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2176 /prefetch:3
  2⤵
  PID:1740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2324,i,14026607335668568365,13619291962095814927,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2496 /prefetch:8
  2⤵
  PID:5384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3172,i,14026607335668568365,13619291962095814927,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:2436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3420,i,14026607335668568365,13619291962095814927,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:2860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4532,i,14026607335668568365,13619291962095814927,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4536 /prefetch:1
  2⤵
  PID:1928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4820,i,14026607335668568365,13619291962095814927,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4832 /prefetch:8
  2⤵
  PID:1520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4856,i,14026607335668568365,13619291962095814927,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4840 /prefetch:8
  2⤵
  PID:4720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4744,i,14026607335668568365,13619291962095814927,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4496 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:4092

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5208

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2988

C:\Users\Admin\Downloads\AZZY CLIENT V1 FREE\smi.exe
"C:\Users\Admin\Downloads\AZZY CLIENT V1 FREE\smi.exe"
1⤵
- Executes dropped EXE
PID:2052

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\39939876-b5e4-4d25-8ba1-9a472380b3ea.tmp

Filesize
9KB

MD5
a45d765ac54e00b54cc863a0151a4b47

SHA1
7e280c1a51c634f4c09e7d91794e4c5e74dec2e7

SHA256
dc25849de055f2b1dc3d947f07fe88fe8b8b91a22506bb4a4224156f8dcb281b

SHA512
65f3407f0865fab2a7ce230bb239272f9c0734710748e5407fdf6178cd96cc70d98c84f16d2d386df2ba0dd0f69a948e5e840816c99a592e8fcfd9ed2e5dbc9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
4a7fe8be05f34b2ff88f5ff6ea8f6487

SHA1
06661b7d7d2032b2adca1b9a4c6ad14e2a8d4a33

SHA256
65ccc559488415dea9c5bb2c42f454770112c5029dec41782831241366a6fd5d

SHA512
643c58889a233d13f9c1affde3a7fd275e1b9429cd33b6a0d171ca050b5b3b29a04f36fcb8f557fa38392111772cef4215b0662fd61daccca6eb7f3e318c1c45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
66942f038cec284e1b3cdd7b45f4ef7c

SHA1
34464e3cc50807686e05666f9b8a5fed96cf737f

SHA256
1bf1c4d77c1b6e346360036f638ded186bbf336277f01585ff554e610636e7d7

SHA512
5118b61c55227f668ee9adb7e1fb1783e890df8cbef3537f936ec81d838583c1b2ab17626212e421b3f69d9650b40d25972a810d4b5ce8d44d3ed7da07496661

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
1264548f3e72b4efad8fcb21c8970ffd

SHA1
18e868cf31118268081c1c3cb596c0422c2fd996

SHA256
9697a3f8e6e022fca810d3cbbaeb6c451b65bb0c06565fcd992635d10b8f9b9b

SHA512
aa278aa99203fd3383b9cda9eae43da0fd51d64fc8e262b10daac073ae0baef5a2a78c3d11b77baea4e752ed35c9b3f871273bfaaea1141e4176ce616cc276fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
2b5d475ca8b6d0ee00b693a9e03a205e

SHA1
7e83a4483c8fc517c42b011dc09e147a25139756

SHA256
40f98f368b30d5feb014a3d8122bc7a3a27378eee2c0dc53e62f74acb12d9342

SHA512
be4a9743b959a6aba738853e27dc99ce125c02fd765257067c1b61eb3984a364eece0c37677f1886a73267d44e023198ceaa62f5b45820c6e740709600bc51d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f7f2558a9a83d576db29042cb34c20ad

SHA1
4474c1237d40c0095bd16ae62f3664b3004f07fb

SHA256
84d55ada01302a02d2b82f91a988e7109f3a7e7ff5fe7099e503264e71e6e3b5

SHA512
a2e65285d7e0d97ea75d2a9b6c57663a9dc6b8ec3e44f25e5fe7d1318b892b5797a93b05a8091b4f5b3faa6421e4d7ecc9fc197c42949ba08064ae76aa4eaa9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
35a5bd5d087b834cbc3b9d6b2c5ce925

SHA1
d64f35a71cd036aedcaf2afaa2517d9c93832056

SHA256
453bbd53f13735c59be998b1a8713afee95d954de0b63578b8510a61e4c29964

SHA512
00160e9d885b0f07c9d47fc0f1b748f3dc5e95cf4328cf4cee1ac0ade7d06a155eafa62216eb62f2a4311a3099d92bc3970a6ee6caf11abb7524265e91cd557c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ff5988217f3b6797ae47be6c70076113

SHA1
e1816220c54921e6b135df9ca9dc63f8f89b4b8f

SHA256
e7350b18a8ff2ca02caf75f4b267d37b69447ac09e5abb8363704f0fb5342dbd

SHA512
177acaa6da71cf2dfa64f6fd1986309fdd160ec086badc5ba6a5aadc881260682d42094887a5877486237b806c55ee08f6bc4db9468887672d33ed384181a141

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
bfa11732beae53920238feaa40e8553c

SHA1
eadfeeaa4a54b59f020b28358762bd6b3860192d

SHA256
7a44dbce98fcad009c9cd82c9c3bac5c8760d6580dbb5a0d7e0c367da51c3e23

SHA512
23ba2220dbe472dd66dbf1d06467d7ef63eb645a8da53fcde15f8d16691ac4a1c46e4170b2c00474189513787cb6f3fc56d7d25989bc1d8c140ea01f01031d17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
48003fdc097ff6b6857423fc76274dc1

SHA1
d706f6edbbb783c852ff5eae8b647b83edee84fd

SHA256
4cae534662fa5a832d4ede0a8c7b7ad1811d14e18bc3121e976a1bb381ffe00c

SHA512
29a9554d27869427350b3023f1779814bdcf49c6d9a4ba9eb5886ba60e28a6e679395e08cae59d479ceef7085db67d695a934fb6990ed2505c8daa9959943887

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1a3f9f28774b21919ea0a06da95cd4dd

SHA1
2466a660bf6d9cc7db81239309d495b2050a2019

SHA256
b8456c0ad9abe8ff46e7846b51031d3117a2031521ae58ec278e4b9ed0518325

SHA512
74de4345da2b8eb19d0181e24d9dd4b8d1beab2ce047e545b22433e4c3e6eb1e9d48e210350377c0c9cfae7dfd0cdd65a7f849d56012ea6939f8bb14e02ce121

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c40ccca1e51bc6db53f27e96acc69824

SHA1
71e52d45d8ab0908a22f8b37800bca0ae2e5865f

SHA256
a45fb19d1221716c837568b6208b6aca6ffd9b41051f5c5ca7fd6cef27624f39

SHA512
ae0f89b2bbb19f8c2d7d15bbc4151213dd0610ea1ef072b0fe7e549a0e16eb0d6f042f9d675011996b03645fdba8169a4df0464ce7cf10657547224c8bfac05a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
541372b365b820127815bdb700eb25be

SHA1
d096375bc1b9653430c6741fdd3f0e7ac3e5257c

SHA256
90ff07309d08b5082cbb320b2a2faf713fe92051d93a809681e028e1b40548a4

SHA512
109912987b478b6c1710cb20ef381cd930bad3e05649d0376048e96f2bfe7f94072c03363081cf64c06111a7414a1626a991b7b6999a678b02b0970c231c992b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cbff0d964472d184390723d94ca2576c

SHA1
6973c67f6fe17bf835b0742fcaa42e1de7d5c1a7

SHA256
d2100763586289f1e415f449616aafd341afb9a4812682b3ca23dbc4368ee02a

SHA512
0d6e913b46780600233d9d37ac93d39cf330dfcdc19ba480831a29071765021ef1d4eb347a0d8d4c15264065131ef45f237b4624b9d8343efea1015aaf50b9fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bb82773b5b2e0e07f3abc9105af1978a

SHA1
2ca80983585e81c1acd0a3fe52c70da901d7a3b3

SHA256
a54e4a53b11caca1d90c27a2148f0b9d600ca6e0247314d8693e10c6bf5d06c7

SHA512
41f838cb423986e419a4c872f9890ddc33c55ebc7055cb36e3b7b6d7764e92cb990f1b6b24162c89f8316ceb991b043dbe6e553dbc8e435f4f496dd080fd8bf1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2a053bbb4c17913d475e285d9dcb360b

SHA1
ee18a2e76aed70ecb24339f21e12fa1e30e7a88e

SHA256
be91eb829c4ead6452a98c17684743500b5a8cb5ece6a5c670ad2672b85dfcfc

SHA512
4bff0805ccb0505fae53034a0c4726b75243cb527e2f190a8b8b2dad01ca53b0f42d9edecd7727ed93fffb195526edddddcefbb49c087a35ef4af712092bdaf8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5d6091020eb6459f89e3611229bfd595

SHA1
753cd953a53f9714bbbbff40178058857a5c7469

SHA256
29bc369bf6eb9ae5c1d870fd847631eae5aa54696b2b001aff6a966201939d3c

SHA512
bfe40696a47a710f1e2d89fecdf682d797260264f8f49efb97593493457b204e2c05ae87a238f9afd122e58be04a66c403a4c11450a5cf1c6b67d411fb399260

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
5ea35ac2a774571da6ff3b2b61f4b4b3

SHA1
e569745db050c2b26db900febc96aca8d8f415c3

SHA256
7f6eea79f2b4713b7c49880f39e684d4e855fe7e271676d096a3ec1aca042077

SHA512
e2452c85b672b6dd181d546d89bae0af1d9531156916c9dc5734b4733ff057f5ac2db9149526f0457d7f00c89e948fa529dbfbeee80bce1135375b9fcd355f2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ee86595d3e21d3c31044a2c1e6b7c4ec

SHA1
22c4ee6bb5d29d899b4d50c5ac17cb2e1972955d

SHA256
21ac23ec11175f381a0595cf7ac52215291d6514b41a2097cf72f8077cad1770

SHA512
1bef1970b66ea5099cca18122237eca4027d6f8ebae6bf2cdf4ada3c07276877aea0f15cdcfbb5c5861d15aafcf25032a0ee4c6c42caada7d2470ea12911ab2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
724c83f7628feb5c7f0f796badaa6fdd

SHA1
38c4863d57f5744daa7e4737ddde07836605bb98

SHA256
2b08786018323701af4cb719cbe14b5e32fb3aaff4b0e88f459fb7d06337cfb6

SHA512
d2a69ce39591d5b193add2d3be0cb5903605bb189f2e9d6c670b38e59d20285bb562e5b19cd98ed15ee1b49fe61c63cdaa79390404c202931fdccfc8b37f4ab5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\d2d07908-9ee5-4d9c-8a8b-7576ab624430.tmp

Filesize
9KB

MD5
f0c8e00106ce5d87e327312c625a06b9

SHA1
5898e0b28378efe86b08b5078c28c24c9317db0f

SHA256
75162cba6fa6eb831771f0f13ae279d7e37bb81a9f8d9174c2b3ff9b601c6b26

SHA512
cfde8e3a3c8bff4a590350bd82cfaedee3c88020936526ced9e06b4399955ae4d5fb2dcbf5979d1b11ea8c9f8cf2b7ea64236490c4879454a89a4cfac8a0121a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
196KB

MD5
00538c2fb936c9d524589570f9a7559e

SHA1
0942b05ab24df3312d73bf376984b0fe0ab63a12

SHA256
e5544ada7bbde3250980e4b2bec627d0eb258a3c5248004dc89c95ca95ff3c03

SHA512
a14172d33541eb3552ee45f4a6519ed41a224f12e01607dee09f7eeb3ae984591b17a6c0c9478ebc10e7fcb1556d94465ba34b713b60fa33eb3803e984f61af8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
196KB

MD5
41e6ca7f9d0a6647811b98d25696201a

SHA1
bafe0473f8573f5b4594dd080ed5352c8b7ab8eb

SHA256
5c3463d4c7a36501b213d2a2d09f92fa39fe20075e1981e1b038b29dc4041f0c

SHA512
b6d419e1fd050e9b5ee73bbb396a1114ef32274a6ca437ba476c8efd7ef2a208cc327ef777999439b1d306eabdebc78c4e29d8d6f165f8b3573d0b0b3c753d8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ab8ce148cb7d44f709fb1c460d03e1b0

SHA1
44d15744015155f3e74580c93317e12d2cc0f859

SHA256
014006a90e43ea9a1903b08b843a5aab8ad3823d22e26e5b113fad5f9fa620ff

SHA512
f685423b1eaee18a2a06030b4b2977335f62499c0041c142a92f6e6f846c2b9ce54324b6ae94efbbb303282dcda70e2b1597c748fddc251c0b3122a412c2d7c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
38f59a47b777f2fc52088e96ffb2baaf

SHA1
267224482588b41a96d813f6d9e9d924867062db

SHA256
13569c5681c71dc42ab57d34879f5a567d7b94afe0e8f6d7c6f6c1314fb0087b

SHA512
4657d13e1bb7cdd7e83f5f2562f5598cca12edf839626ae96da43e943b5550fab46a14b9018f1bec90de88cc714f637605531ccda99deb9e537908ddb826113b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

Filesize
209KB

MD5
3e552d017d45f8fd93b94cfc86f842f2

SHA1
dbeebe83854328e2575ff67259e3fb6704b17a47

SHA256
27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

SHA512
e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
ded04d6a59a8f693d3a8f37c77093701

SHA1
07ff98fab75f4ec68f887d53c045cbfc0a564c0d

SHA256
a55357c9cd30be6c5ecfc5cf7bf41b1fcd5303bcb21f40335eb54c5c32b40ab9

SHA512
b44b4b348315ccb18f71026a0f593895df552ca85dd12b21a139afa2ae31d1d0a41734dfe8d412c704a0506ef3a432b3fc700059e68011593ac28c339d4b395c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
10KB

MD5
c7adc6a622c4e687a48c4f5fa39732aa

SHA1
d33e64c1691d8951d98392bf3597a8ceed4fe695

SHA256
c0b7a9326e8e03f5db0fba4c3443d0520185c06476d4221d3322885fe16efa62

SHA512
e492b2e1e35b5b2c0abf6b7b53d32b60ee18422ae71b9e594e935e03c57c3f143a6fe489ecda117ecf1e1b39b9acb35650a9486a4fe4229c334cf234816408b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6c4362ae665dcd1fc8c4835ea14cb19a

SHA1
8f5082d6f45d4f257a52ca20ac23c5859e1222f9

SHA256
81245d217c4eb58189a3dfca0b4039b5ca3f9fbee98db5e68945ea763db08d0a

SHA512
fe2bc9250e9f3b92bd9186354a28b9f4d1ebceb5bd7c3be1a93e4df3372f2214cc1917ce1e6a9b3bb741955a0c285dd9432fe07a3d0d0a003cb4184aa35c0949

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
9c77a9c689b956f3b30e8274fcf55854

SHA1
5ad7081ee86eec8f70b44efbe482e54e5856e3c0

SHA256
f0f51afaf2c2b68bc00f6bcadb73d5da1b15fea970e66ce32e0bd302993ec8cc

SHA512
447589e05aaeaddcf326c602c3298c52716fd6e0d86fc9a0ad3d2523785d02d82e1c28ecb685f38d16ccd18563392247ad681853e90c2526956d72c6c433fe68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
0d521e45a59f032651cda547fb39ff29

SHA1
63de85ca8aa54a99745ae46eabe326df8358ee3b

SHA256
1b85712ebe8006fb884fafd11a425943eb133cb038f228275a01ba9ad2ca8825

SHA512
93dfb6a4a311045bb3fdde6c9f3130209880b143c056ee9f95d0534000214331a4f1a6ee71ad10bcafe52bd0d9b15c846db6b407ca8d6cb9a5f1e82d2b9e44ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
be0c73a4045918c360bd0f31eef78fda

SHA1
b49f2bd2ff76fa188fce6a4f2e40034915875868

SHA256
27f669dbd2cc079accc83e79edc1944a589f02b703b0d12b6acd48169ee3dde5

SHA512
f8512faa38c559c702d214786a15c588c03edb30604136dfbc62dfe32eb5c2e7dbc25a48dbbc990b87cce689ea90f378e3c5556c2ad776d79090d132d6de0ee9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
72ec9461f1614f62a7103c989de9bffb

SHA1
28d41663691661f1811db58681b1df364d6774b6

SHA256
6887c0c45d810cd0ff642a65276743d5a244c2bf0db0aabaa0152fe993dd759c

SHA512
261c5e01015402670fc3cd28aa3195c70eebf2c5a9b68b66398b284c2078965fcbf32b9434f0f8fc650f92d40b545023c84a375fe1ceeece04cefc1533be51cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5829ab.TMP

Filesize
3KB

MD5
2f292052ea312db8ea6ea223ad93c902

SHA1
fec5cdc548acf0da71033334d6fd7191eb8cbef2

SHA256
8dc29bbfe78cd85349b5905637322b47b60e4ffd71f6c6451aebde4a26a620b1

SHA512
62617b1da882998ad6640b8927bccfbd375a92fcbb9845f825716ee28bfa163616bf694a6d01b0373e6c153245b3efed00b6e3557775111b9baf8364af92372f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6a697f3da7d2d439eece50344599a611

SHA1
af4b565e0dbdb8760b91b231fd46e6d4fb189889

SHA256
51f0b23350d8a3141c3e7fec69a17aba585c1ba9b8b4d12567c99596ce01f214

SHA512
81e972c877e95134d19321ca45cab019c79af43ce51e683ebca21d634a140451d1b7afe7da74e62a87eeabddc6c26b98b21786f84fbf45e1e3877c69588767ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
be676409e256680dc30e3a2958b6c8d6

SHA1
8971a9b75a11017cdba389f4c4c1202d1ed65afc

SHA256
22a1291b7bfeb85345b2653d83dd475ac685532503df9c5982323b79e24c29d7

SHA512
7ad3bee49731beb24ad826d8aa15cc8c4fa3bc4aebe627c0000c8305af3c31fd4978c01d4c30abb55cf9be523d8350b3433439c167ee7856df86898d2fdc97e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
174137c100b454fc06456dfb15a24033

SHA1
93800c4f25aec934e0e5b0ffa52ee51b20ba21bd

SHA256
42a7c36bf4b86adfec1f86a438d47a68431a73061b7cd4f2d616f1c55706dd19

SHA512
3d759bee540c66413273bf401bd530009805537c411e6b99195b93c63421db24501b3e91b5a07eed5da21dd0f0ea78cbf56659752dae1558c141c6b19fbaecc4

Download Submit
C:\Users\Admin\Downloads\AZZY CLIENT V1 FREE.rar

Filesize
1.6MB

MD5
0bba82c0750a14344ea8451cbc5e1e7d

SHA1
50d0a2658fe38f162ce130e31809d27be4ceec55

SHA256
35eafa2c5f438aeab637b23eb39d8f1b31e1cbcbd9bf7e402750924b0cef9814

SHA512
dabff22956dd30f1a66b714f3941981ee6ecb7c438f874b8412fea5a5fc5357047f6e0bc1179cd44f9dea432287165d0a22555ab03555d83a597ae63636e8ec8

Download Submit
C:\Users\Admin\Downloads\AZZY CLIENT V1 FREE\AzzyLoader.exe

Filesize
432KB

MD5
67c15aea650c8bd7fe876dd20e4e9cb6

SHA1
780fddf92b9b2c3cd0cb929beb2d4ad1d90cde8a

SHA256
345fcbdaee9276a62abd9cfb0cbd11047a0841c567a5b033b342bc258c2b8ae8

SHA512
7f26ce03322b22494c5376654957c1262da09274415a122e8bd23b436feb5ea588b72293da694a40645a4c1d8c64b1f6ebbc28f17c2dd150953f2d0aedb0e6e9

Download Submit
C:\Users\Admin\Downloads\AZZY CLIENT V1 FREE\Guna.UI2.dll

Filesize
2.1MB

MD5
c45dc8507846b8c233e13392da0927d4

SHA1
72565751c84fa66106a418ffbbb10b5cba1be8b9

SHA256
e3f560939287a7f7ad6458a16e11b735de3c5dc84e1f656db213685d36b4af74

SHA512
a1d47eee6e6e59ac9f5b1637548a611861b80e5b5c98cfabda787a35c404c323c78b4a7460a06605b7e3f30145cb0410862b937bac49ad4f4ca80d3cbb35567e

Download Submit
C:\Users\Admin\Downloads\AZZY CLIENT V1 FREE\Newtonsoft.Json.dll

Filesize
695KB

MD5
195ffb7167db3219b217c4fd439eedd6

SHA1
1e76e6099570ede620b76ed47cf8d03a936d49f8

SHA256
e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d

SHA512
56eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac

Download Submit
C:\Users\Admin\Downloads\AZZY CLIENT V1 FREE\SharpMonoInjector.dll

Filesize
22KB

MD5
d5f8ef2cdc4323ddd7845c9b90e4c6fd

SHA1
fb40ced0fe0ba5bc83b0edc381c1c475ff773ff8

SHA256
29217632db48464afb84f163f6d389af525edb7e951384ff5ea91d91c932ee96

SHA512
cd6efd9093b1b4ab867f0098e281655bd28af721f3a45efcfd9771174dc47dbc05e63e5d80e10296881facc7e100b834501c3bba4088e8bde3db6f88d9e27ad2

Download Submit
C:\Users\Admin\Downloads\AZZY CLIENT V1 FREE\smi.exe

Filesize
9KB

MD5
c0a17812234aae6cd4365c67ec39a842

SHA1
0c141a692d0f67cc1c62dac14f303d4b1447187e

SHA256
12237476dfd8719929253c316091079d37d7ee8c6f630020b2b0a9996b036764

SHA512
84452a8b7e70abf4d2131f7fc451589b5aede332360b3834537bff012394be4f9e289fc893064027869cbda9d53cfe7c7793228c3adc98552ed5e30a8e4e4cae

Download Submit
memory/2052-695-0x00000242AF1F0000-0x00000242AF1F8000-memory.dmp

Filesize
32KB

Download
memory/2052-698-0x00000242AF5D0000-0x00000242AF5EA000-memory.dmp

Filesize
104KB

Download
memory/2052-697-0x00000242AF5A0000-0x00000242AF5AC000-memory.dmp

Filesize
48KB

Download
memory/4300-469-0x0000000007F40000-0x0000000007F7C000-memory.dmp

Filesize
240KB

Download
memory/4300-465-0x0000000007AD0000-0x0000000007B82000-memory.dmp

Filesize
712KB

Download
memory/4300-466-0x0000000007A80000-0x0000000007AA2000-memory.dmp

Filesize
136KB

Download
memory/4300-467-0x0000000007B90000-0x0000000007EE4000-memory.dmp

Filesize
3.3MB

Download
memory/4300-455-0x0000000005700000-0x0000000005792000-memory.dmp

Filesize
584KB

Download
memory/4300-453-0x0000000000C50000-0x0000000000CC2000-memory.dmp

Filesize
456KB

Download
memory/4300-456-0x00000000056C0000-0x00000000056CA000-memory.dmp

Filesize
40KB

Download
memory/4300-461-0x00000000072B0000-0x00000000072C2000-memory.dmp

Filesize
72KB

Download
memory/4300-454-0x0000000005CB0000-0x0000000006254000-memory.dmp

Filesize
5.6MB

Download
memory/4300-460-0x0000000006260000-0x0000000006472000-memory.dmp

Filesize
2.1MB

Download