hxxps://www[.]mediafire[.]com/file/kydby9iy7ks7pfc/KASU+V5[.]rar/file

Resubmissions

23/08/2024, 07:51

240823-jp4xwavdql 5

23/08/2024, 07:48

240823-jnfhwssdma 3

23/08/2024, 07:45

240823-jljsjavcmk 8

23/08/2024, 07:42

240823-jjnzgasbre 5

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
23/08/2024, 07:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.mediafire.com/file/kydby9iy7ks7pfc/KASU+V5.rar/file

Score

5^/10

discovery

Malware Config

Signatures

Probable phishing domain 1 TTPs 1 IoCs

Phishing

T1566

description	flow	ioc	stream
HTTP URL	108	https://1redlink.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=8b7985396a8f0eac	3

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings	OpenWith.exe

Runs .reg file with regedit 2 IoCs

pid	Process
1500	regedit.exe
2168	regedit.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
816	msedge.exe
816	msedge.exe
628	msedge.exe
628	msedge.exe
3396	identity_helper.exe
3396	identity_helper.exe
5808	msedge.exe
5808	msedge.exe
5264	msedge.exe
5264	msedge.exe
5264	msedge.exe
5264	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3716	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeRestorePrivilege	5280	7zG.exe
Token: 35	5280	7zG.exe
Token: SeSecurityPrivilege	5280	7zG.exe
Token: SeSecurityPrivilege	5280	7zG.exe

Suspicious use of FindShellTrayWindow 52 IoCs

pid	Process
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
5280	7zG.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe
628	msedge.exe

Suspicious use of SetWindowsHookEx 18 IoCs

pid	Process
5688	OpenWith.exe
3716	OpenWith.exe
3716	OpenWith.exe
3716	OpenWith.exe
3716	OpenWith.exe
3716	OpenWith.exe
3716	OpenWith.exe
3716	OpenWith.exe
3716	OpenWith.exe
3716	OpenWith.exe
3716	OpenWith.exe
3716	OpenWith.exe
3716	OpenWith.exe
3716	OpenWith.exe
3716	OpenWith.exe
3716	OpenWith.exe
3716	OpenWith.exe
3716	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 628 wrote to memory of 1428	628	msedge.exe	86
PID 628 wrote to memory of 1428	628	msedge.exe	86
PID 628 wrote to memory of 2172	628	msedge.exe	88
PID 628 wrote to memory of 2172	628	msedge.exe	88
PID 628 wrote to memory of 2172	628	msedge.exe	88
PID 628 wrote to memory of 2172	628	msedge.exe	88
PID 628 wrote to memory of 2172	628	msedge.exe	88
PID 628 wrote to memory of 2172	628	msedge.exe	88
PID 628 wrote to memory of 2172	628	msedge.exe	88
PID 628 wrote to memory of 2172	628	msedge.exe	88
PID 628 wrote to memory of 2172	628	msedge.exe	88
PID 628 wrote to memory of 2172	628	msedge.exe	88
PID 628 wrote to memory of 2172	628	msedge.exe	88
PID 628 wrote to memory of 2172	628	msedge.exe	88
PID 628 wrote to memory of 2172	628	msedge.exe	88
PID 628 wrote to memory of 2172	628	msedge.exe	88
PID 628 wrote to memory of 2172	628	msedge.exe	88
PID 628 wrote to memory of 2172	628	msedge.exe	88
PID 628 wrote to memory of 2172	628	msedge.exe	88
PID 628 wrote to memory of 2172	628	msedge.exe	88
PID 628 wrote to memory of 2172	628	msedge.exe	88
PID 628 wrote to memory of 2172	628	msedge.exe	88
PID 628 wrote to memory of 2172	628	msedge.exe	88
PID 628 wrote to memory of 2172	628	msedge.exe	88
PID 628 wrote to memory of 2172	628	msedge.exe	88
PID 628 wrote to memory of 2172	628	msedge.exe	88
PID 628 wrote to memory of 2172	628	msedge.exe	88
PID 628 wrote to memory of 2172	628	msedge.exe	88
PID 628 wrote to memory of 2172	628	msedge.exe	88
PID 628 wrote to memory of 2172	628	msedge.exe	88
PID 628 wrote to memory of 2172	628	msedge.exe	88
PID 628 wrote to memory of 2172	628	msedge.exe	88
PID 628 wrote to memory of 2172	628	msedge.exe	88
PID 628 wrote to memory of 2172	628	msedge.exe	88
PID 628 wrote to memory of 2172	628	msedge.exe	88
PID 628 wrote to memory of 2172	628	msedge.exe	88
PID 628 wrote to memory of 2172	628	msedge.exe	88
PID 628 wrote to memory of 2172	628	msedge.exe	88
PID 628 wrote to memory of 2172	628	msedge.exe	88
PID 628 wrote to memory of 2172	628	msedge.exe	88
PID 628 wrote to memory of 2172	628	msedge.exe	88
PID 628 wrote to memory of 2172	628	msedge.exe	88
PID 628 wrote to memory of 816	628	msedge.exe	89
PID 628 wrote to memory of 816	628	msedge.exe	89
PID 628 wrote to memory of 1592	628	msedge.exe	90
PID 628 wrote to memory of 1592	628	msedge.exe	90
PID 628 wrote to memory of 1592	628	msedge.exe	90
PID 628 wrote to memory of 1592	628	msedge.exe	90
PID 628 wrote to memory of 1592	628	msedge.exe	90
PID 628 wrote to memory of 1592	628	msedge.exe	90
PID 628 wrote to memory of 1592	628	msedge.exe	90
PID 628 wrote to memory of 1592	628	msedge.exe	90
PID 628 wrote to memory of 1592	628	msedge.exe	90
PID 628 wrote to memory of 1592	628	msedge.exe	90
PID 628 wrote to memory of 1592	628	msedge.exe	90
PID 628 wrote to memory of 1592	628	msedge.exe	90
PID 628 wrote to memory of 1592	628	msedge.exe	90
PID 628 wrote to memory of 1592	628	msedge.exe	90
PID 628 wrote to memory of 1592	628	msedge.exe	90
PID 628 wrote to memory of 1592	628	msedge.exe	90
PID 628 wrote to memory of 1592	628	msedge.exe	90
PID 628 wrote to memory of 1592	628	msedge.exe	90
PID 628 wrote to memory of 1592	628	msedge.exe	90
PID 628 wrote to memory of 1592	628	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/file/kydby9iy7ks7pfc/KASU+V5.rar/file
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff80c1846f8,0x7ff80c184708,0x7ff80c184718
  2⤵
  PID:1428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,12236732209550438842,8753352964856253935,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2
  2⤵
  PID:2172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2020,12236732209550438842,8753352964856253935,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2020,12236732209550438842,8753352964856253935,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8
  2⤵
  PID:1592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12236732209550438842,8753352964856253935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:4876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12236732209550438842,8753352964856253935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:1920
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,12236732209550438842,8753352964856253935,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5396 /prefetch:8
  2⤵
  PID:3580
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,12236732209550438842,8753352964856253935,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5396 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12236732209550438842,8753352964856253935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
  2⤵
  PID:3912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12236732209550438842,8753352964856253935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
  2⤵
  PID:3516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12236732209550438842,8753352964856253935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:1
  2⤵
  PID:3108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12236732209550438842,8753352964856253935,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:1
  2⤵
  PID:4124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12236732209550438842,8753352964856253935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:1
  2⤵
  PID:5212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12236732209550438842,8753352964856253935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
  2⤵
  PID:5348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12236732209550438842,8753352964856253935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:5424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2020,12236732209550438842,8753352964856253935,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6380 /prefetch:8
  2⤵
  PID:5548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12236732209550438842,8753352964856253935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
  2⤵
  PID:5556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12236732209550438842,8753352964856253935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6368 /prefetch:1
  2⤵
  PID:5568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,12236732209550438842,8753352964856253935,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6396 /prefetch:1
  2⤵
  PID:5576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2020,12236732209550438842,8753352964856253935,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5832 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,12236732209550438842,8753352964856253935,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5532 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5264

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3800

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:372

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:6116

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\KASU V5\" -spe -an -ai#7zMap763:76:7zEvent31120
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:5280

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5688

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\KASU V5\KASU V5 (1000 FPS)\BEST NVIDIA OR AMD SETTINGS\pick what gpu you have and follow along.txt
1⤵
PID:5924

C:\Windows\regedit.exe
"regedit.exe" "C:\Users\Admin\Downloads\KASU V5\KASU V5 (1000 FPS)\BEST NVIDIA OR AMD SETTINGS\Radeon (AMD)\Apply Optimal Settings.reg"
1⤵
- Runs .reg file with regedit
PID:1500

C:\Windows\regedit.exe
"regedit.exe" "C:\Users\Admin\Downloads\KASU V5\KASU V5 (1000 FPS)\BEST NVIDIA OR AMD SETTINGS\Radeon (AMD)\Disable Some Power Savings.reg"
1⤵
- Runs .reg file with regedit
PID:2168

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3716
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\KASU V5\KASU V5 (1000 FPS)\BEST CLIENT SETTINGS\ClientAppSettings.json
  2⤵
  PID:392

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Phishing

T1566

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e4f80e7950cbd3bb11257d2000cb885e

SHA1
10ac643904d539042d8f7aa4a312b13ec2106035

SHA256
1184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124

SHA512
2b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2dc1a9f2f3f8c3cfe51bb29b078166c5

SHA1
eaf3c3dad3c8dc6f18dc3e055b415da78b704402

SHA256
dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa

SHA512
682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\34fa0b6a-49d2-41a6-bd81-4e25158c2139.tmp

Filesize
3KB

MD5
4e1abbf7df0398898283eeb18037aad9

SHA1
406c22ef1aa27846266798562ec93a54875aecda

SHA256
cd39a3c16673bca2a6666b42e06a6dc37d743abf5a2725ec5a101d72dfc53e11

SHA512
4740bec5cd59e4aff5801693e644ebb080b42ab62f6c8ea8a743325d23b4548baa0a0e0dd8538433f2048707b5ed5ff3570ffa6a9d8ba3e3be0cba9f5b699828

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
6cdfef15e5d169e4631bd45de1cf292f

SHA1
457c4a69234639504458d498d5d057ffd78f8e73

SHA256
a637e0f330f08727eeeb7b42b5058a537bdb04a3c256289032f508011695ced2

SHA512
eaf395a2d9095cd3cbc7aa15db05e45f2cf6a17fd606c15445f816277ab58dcd5669e11e0e0aa641f7bd0b537b80292e98bfeaf8d67b0b96604c7eb8119479e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
383f574507616a4df4a1b008e729f6d2

SHA1
f39b9db28425ea5891e32ca4b183e6b79b378cd0

SHA256
e57c3c2e5700dadb73391b0f551ab291841b3fb1dea99c9629c087b1438c1cfc

SHA512
18e80bcef06a8193d0c6a65778415f476f7a7199470fbb5e12346012a5c69251987b17624e6a6611ecdd3a7eda8b7d669afcc983ebfdaf7af7b0aa46f7b382c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5c3927e011e9221f121aa9f33072b361

SHA1
71414cb3a97470196fdfb6c57d9cab472eca8645

SHA256
aa5c71c72a6695817e73acc81ddb932aac6e8197a0e1950e9f87674b1e9e05e8

SHA512
b1f2d185dbf1b6b452d64876a0a392e2b30b1c5f34071fd407d9a2ca0760bb5d0e6c5dd67ff7260e10eb1c8adca15739ed256e3f6287ab5fe7c1bd03c15bc333

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a492aa741c05ea1f0bdbe9125866c7e6

SHA1
752db5fc000eb171aa0bc1b75a82726f9d178d2e

SHA256
ed96f3e6450cc7e11a25963fc761fd8ff5718909cefc84834e511d072c8f5a63

SHA512
9c94907122eca4d1fa1cc3ca49b883c2fec3bd97ef4219d0342fcd0ec0e036bc2b258ff6850cb0b3657c33fc7a438b87d924f6cc756f0206c2701d772bfdf18b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
6b13c64ea6f1bcc67fee7f3356d8ad1d

SHA1
f4dc27958aa9dbb8e5f6884925cb9d353dc0d8d3

SHA256
b9d04e22d6566a47b9fc360218f2ae33a3f442f0e0c14c6fcba4124f6a47e973

SHA512
92b71fe6b5e7338093f98c2e172c7f0551575f210d29fb17f5af2a2dd6a66df95341df7a247de7a2218674adba94821514cc4008c9f167653a2b84a06d48b527

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
703B

MD5
be12c97fd9a9cd8142e3fb371d0a868c

SHA1
9bdd627d0e4503a51569dc62aa6909df5b3029dd

SHA256
5374b2f3b3236867935010b0d21bac1bc4cc5f87423ae40514296aa19648bdec

SHA512
a3aee2a2a6753d3a504df9f10283dfb9dc6b817be6ec2d36d33f1c3e199aa749c9173f812f047ad294040432a74978ea59a14d9c1cb20f102d402094087ad893

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57dadf.TMP

Filesize
536B

MD5
c8c2319d25f752ba987d060eb87d1ef9

SHA1
337f72fbbc0967cb43fbbc3cae95782b1855ae97

SHA256
9b0b572c6b0b86cf17d6563a43bc539875e0f6fb79964d2dfe25880522ecd53a

SHA512
7afcb3957a28dd9eba4584801d473bbec6ea534a08e0f2dedc170078f5a0b86b2fbb0f33ff446eb92ffc18cb06c29605a541c0fdb0418c0ac1becfb503b752c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
02b13edcdaa35177ea2966190160c820

SHA1
6fa45a1c15d649641223b83519b1a336afeef23c

SHA256
7a46dd920bbf1719a7874dd08a28be87a06d3bf9faabdba32b95aac58d639a05

SHA512
af1ba939c163395cc4d90234af1d5becfc6d34ffd389226f74ab4b4aa6fa58df6045c29e2e388d6effd09df4ea91d3c72a66e751b5d0753ef1fd9e5711123417

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
26a002466f0d0a3ea43dca644d5e4de8

SHA1
60ebb4b114c82f8d363109db80f7f314a9f3a898

SHA256
4685562a3dc725b2708568032bead904c7b5d04a81d5abb160da00a910513f34

SHA512
172b3e2fb8e025a044c22ab9d41f121488f096de59e4aa2452620058daf623bd00146b5ea0507b6cfe944c1a718242627fb87f954640debdd455693fd94a0074

Download Submit
C:\Users\Admin\Downloads\KASU V5.rar

Filesize
21.5MB

MD5
522d76cad51e0e6eba24fb2556cdd506

SHA1
503b1bf9251af41e946069760ebee7ada28c6f02

SHA256
f8afb32af7d2f0c4e60aafad88e046c10d21d8162a81b84a55066993cf443e00

SHA512
d36823c2543d18b6bb628c62b64ddb21c7d3fb30ff0c75303fe94eb397e0bc35a6d99e68762c0d4ee16d7696fa5b370f2a890b1b06af05503bdf53c16011bec1

Download Submit
C:\Users\Admin\Downloads\KASU V5\KASU V5 (1000 FPS)\BEST CLIENT SETTINGS\ClientAppSettings.json

Filesize
2KB

MD5
bc24e15f253eb80dc5ecc5cffd8ffcb8

SHA1
9fe6e42e43a4456ffb62fde0dbbd53205c98f35d

SHA256
5e39054691b5559bd2024e96346df7d8e725b3937875e860eb68401891317619

SHA512
707b5cb855014cb2b89476054899daf857ba27f87632c09e968a89b933d43283fffe29114cce06c7ed246996dfbefad85dbab201fd0cc8bbc02b73e0957805e5

Download Submit
C:\Users\Admin\Downloads\KASU V5\KASU V5 (1000 FPS)\BEST NVIDIA OR AMD SETTINGS\Radeon (AMD)\Apply Optimal Settings.reg

Filesize
317B

MD5
8ca9348683e90d897454da15cf107c6e

SHA1
ca5b5b97b09dd37b9f7f715333c217766854f842

SHA256
15b293a82bfc2ff2b670be991c03835b7099becf4862bfa2c6cac1a823af880e

SHA512
4bd83a9b57603450135b95876b1328024ea0b798439a34d72b1c2dfb746b55b0393575d2bb51e1c692d3683df248f86b0bf57c140014aa2102b9bef45f12fa13

Download Submit
C:\Users\Admin\Downloads\KASU V5\KASU V5 (1000 FPS)\BEST NVIDIA OR AMD SETTINGS\Radeon (AMD)\Disable Some Power Savings.reg

Filesize
249B

MD5
10d69bb5a73f12e6d59ea8004a9792fd

SHA1
a9dfa16a06a609fc5db17484ab46b72ecdd2970d

SHA256
53c94ec5857acc1224c603c944d3e0ea65b34758419b674fb8848fba317f962f

SHA512
ff380ed97c0b80f70d769bbd1653c8a256bb7945d459779f79c267e2b7243c9b1a70174a2a48859f2f92e3d03b71ce907d75571d958e4e82256a43bb897ba076

Download Submit
C:\Users\Admin\Downloads\KASU V5\KASU V5 (1000 FPS)\ROPRO CRACK\RoPro_Rex\Extension\_locales\en_PH\messages.json

Filesize
4KB

MD5
94a75b93caacabd05bf1a0987a14afae

SHA1
7a0606f4c9c8a8937dda955f9e2df6aae3c1da75

SHA256
21706c41c93af0d4b8d23c822e43c5b7d7011c9f4ed5048a5aecf12a0f785ac5

SHA512
103973cc303bd12d422ca329f9770eecdf5253bdd836aca681f9ef3f9818959a157621e7a61fbcdef8aa9e0caa67085ccf4c75379b1f67da0034a276a9a00a52

Download Submit
C:\Users\Admin\Downloads\KASU V5\KASU V5 (1000 FPS)\ROPRO CRACK\RoPro_Rex\Extension\_locales\es_US\messages.json

Filesize
4KB

MD5
dda454c66f68e8ae133b96078358b00a

SHA1
68a61271b24db6844776e56d19e256479252679f

SHA256
8ec49f381698bf428b7ea8f49fc6208479af3451d09a1223d4d24f93483c4438

SHA512
6d45a90ca2dea977007cc729ae580f44895bb32443aeb40ed2949b8a754cfaa1309484eb86a42a24bbdd9c53afd1e0517c5b55e8648d2dc3f3d81bdb1c1a0d07

Download Submit
C:\Users\Admin\Downloads\KASU V5\KASU V5 (1000 FPS)\ROPRO CRACK\RoPro_Rex\Extension\_locales\no\messages.json

Filesize
4KB

MD5
bd4c63bd77cf9e9d71a6879c935cc566

SHA1
ba9dec87c2a1dcdfc3b778eecea20baa97432927

SHA256
5013bd334055df78a365532496d3c1eb1e26315bb552f79d2bf6f37f9b836431

SHA512
385b14b22cd791f64d7adf1955f0ed05f6dfcb85b5821ab3dd4dd1d0525952bc82bed72739bb4b40d5883205b48e4d6d28e507a42b84663d73b20da5790bca47

Download Submit
C:\Users\Admin\Downloads\KASU V5\KASU V5 (1000 FPS)\ROPRO CRACK\RoPro_Rex\Extension\_locales\pt_PT\messages.json

Filesize
4KB

MD5
d0b1e7acc802bba89e15c735c81e0f02

SHA1
9ddbe137afe5640aacde424bc93e994523bd0b22

SHA256
4b1f62dc79f3f1307bd916efcae0204b69f46734ceef420d46aeee469c24793a

SHA512
1e9629c0f0e52535b0d93097afe1fb49c8fc9b700b295575f1c31ae227b99a2269bda4e10489dcc5b93cf00d9a5c7b0045647b1d1fe73c30d755ddbf8f0d48fb

Download Submit
C:\Users\Admin\Downloads\KASU V5\KASU V5 (1000 FPS)\ROPRO CRACK\RoPro_Rex\Extension\_locales\zh_Hans\messages.json

Filesize
4KB

MD5
671be8f15414f65774a8ddbe668a8d18

SHA1
bc84bb42cd2f63d99573fb91575361481d90c71c

SHA256
d158d4efddf442b65311bf433aa5449627225ab7632f519589879f355fa883a3

SHA512
4102268aa07d374aa272d5a4fdab90d4b35febc360fd1905167b3e1653de490166a0611ef1af8023548ae9761a2b597978394c2e93a27e029d4c6b04e6e7bf47

Download Submit