f0031f9d7f25d4d29581879f62565a5a565995899adc60213f9e218147c78593

Analysis

max time kernel
299s
max time network
295s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
29-08-2024 18:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MuMuInstaller_3.1.7.0_gw-overseas12_all_1712735105.exe
Size

5.3MB
MD5

fbd9ad001bb2719f574c0705c5de05fb
SHA1

d07e77a490ad677935ac8213b88237e94440e791
SHA256

f0031f9d7f25d4d29581879f62565a5a565995899adc60213f9e218147c78593
SHA512

5724e3f858ae7ea92ba4ce325f3f8f4b90ecc6d7c19476e2888c4b09f0913463191b977f71314300918cceb0a6ae0b80e29d3c70891e8aeb9314da233a929e96
SSDEEP

98304:oeZOuRuvqAgef1ndGaX6tJJQv2FKA75OpVclc02vDRZTEB:1ZOPNdo3u0jc02vVZoB

Score

6^/10

discovery

Malware Config

Signatures

Enumerates connected drives 3 TTPs 1 IoCs
Attempts to read the root path of hard drives other than the default C: drive.

Query Registry
T1012

Peripheral Device Discovery
T1120

System Information Discovery
T1082

Processes:

nemu-downloader.exe

description ioc process

File opened (read-only) \??\F: nemu-downloader.exe

description	ioc	process
File opened (read-only)	\??\F:	nemu-downloader.exe

Drops file in System32 directory 2 IoCs

Processes:

chrome.exe

description	ioc	process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF	chrome.exe

Drops file in Windows directory 1 IoCs

Processes:

chrome.exe

description ioc process

File opened for modification C:\Windows\SystemTemp chrome.exe
Executes dropped EXE 5 IoCs

Processes:

nemu-downloader.exeColaBoxChecker.exeHyperVChecker.exeHyperVChecker.exeHyperVChecker.exe

pid process

4484 nemu-downloader.exe
4724 ColaBoxChecker.exe
1540 HyperVChecker.exe
1600 HyperVChecker.exe
2448 HyperVChecker.exe
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

description	ioc	process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

MuMuInstaller_3.1.7.0_gw-overseas12_all_1712735105.exenemu-downloader.exeColaBoxChecker.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MuMuInstaller_3.1.7.0_gw-overseas12_all_1712735105.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	nemu-downloader.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ColaBoxChecker.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exechrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133694294896145568"	chrome.exe

Suspicious behavior: EnumeratesProcesses 22 IoCs

Processes:

nemu-downloader.exemsedge.exemsedge.exechrome.exemsedge.exeidentity_helper.exemsedge.exechrome.exe

pid	process
4484	nemu-downloader.exe
4484	nemu-downloader.exe
4484	nemu-downloader.exe
4484	nemu-downloader.exe
1164	msedge.exe
1164	msedge.exe
952	msedge.exe
952	msedge.exe
1152	chrome.exe
1152	chrome.exe
1472	msedge.exe
1472	msedge.exe
392	identity_helper.exe
392	identity_helper.exe
5924	msedge.exe
5924	msedge.exe
5924	msedge.exe
5924	msedge.exe
5980	chrome.exe
5980	chrome.exe
5980	chrome.exe
5980	chrome.exe

Suspicious behavior: LoadsDriver 4 IoCs

Processes:

pid process

680
680
680
680
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

Processes:

msedge.exechrome.exe

pid process

952 msedge.exe
952 msedge.exe
952 msedge.exe
952 msedge.exe
1152 chrome.exe
1152 chrome.exe
1152 chrome.exe
952 msedge.exe
952 msedge.exe
952 msedge.exe

pid	process
680
680
680
680

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe
Token: SeShutdownPrivilege	1152	chrome.exe
Token: SeCreatePagefilePrivilege	1152	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

msedge.exechrome.exe

pid	process
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

Processes:

msedge.exechrome.exe

pid	process
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe
1152	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

MuMuInstaller_3.1.7.0_gw-overseas12_all_1712735105.exenemu-downloader.exemsedge.exe

description	pid	process	target process
PID 4472 wrote to memory of 4484	4472	MuMuInstaller_3.1.7.0_gw-overseas12_all_1712735105.exe	nemu-downloader.exe
PID 4472 wrote to memory of 4484	4472	MuMuInstaller_3.1.7.0_gw-overseas12_all_1712735105.exe	nemu-downloader.exe
PID 4472 wrote to memory of 4484	4472	MuMuInstaller_3.1.7.0_gw-overseas12_all_1712735105.exe	nemu-downloader.exe
PID 4484 wrote to memory of 4724	4484	nemu-downloader.exe	ColaBoxChecker.exe
PID 4484 wrote to memory of 4724	4484	nemu-downloader.exe	ColaBoxChecker.exe
PID 4484 wrote to memory of 4724	4484	nemu-downloader.exe	ColaBoxChecker.exe
PID 4484 wrote to memory of 1540	4484	nemu-downloader.exe	HyperVChecker.exe
PID 4484 wrote to memory of 1540	4484	nemu-downloader.exe	HyperVChecker.exe
PID 4484 wrote to memory of 1600	4484	nemu-downloader.exe	HyperVChecker.exe
PID 4484 wrote to memory of 1600	4484	nemu-downloader.exe	HyperVChecker.exe
PID 4484 wrote to memory of 2448	4484	nemu-downloader.exe	HyperVChecker.exe
PID 4484 wrote to memory of 2448	4484	nemu-downloader.exe	HyperVChecker.exe
PID 952 wrote to memory of 2228	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 2228	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 428	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 428	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 428	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 428	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 428	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 428	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 428	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 428	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 428	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 428	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 428	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 428	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 428	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 428	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 428	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 428	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 428	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 428	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 428	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 428	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 428	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 428	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 428	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 428	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 428	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 428	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 428	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 428	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 428	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 428	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 428	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 428	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 428	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 428	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 428	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 428	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 428	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 428	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 428	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 428	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 1164	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 1164	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 4548	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 4548	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 4548	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 4548	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 4548	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 4548	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 4548	952	msedge.exe	msedge.exe
PID 952 wrote to memory of 4548	952	msedge.exe	msedge.exe

C:\Users\Admin\AppData\Local\Temp\MuMuInstaller_3.1.7.0_gw-overseas12_all_1712735105.exe
"C:\Users\Admin\AppData\Local\Temp\MuMuInstaller_3.1.7.0_gw-overseas12_all_1712735105.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4472

C:\Users\Admin\AppData\Local\Temp\7z799F9178\nemu-downloader.exe
C:\Users\Admin\AppData\Local\Temp\7z799F9178\nemu-downloader.exe
2⤵
- Enumerates connected drives
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4484

C:\Users\Admin\AppData\Local\Temp\7z799F9178\ColaBoxChecker.exe
"C:\Users\Admin\AppData\Local\Temp\7z799F9178\ColaBoxChecker.exe" checker /baseboard
3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:4724

C:\Users\Admin\AppData\Local\Temp\7z799F9178\HyperVChecker.exe
"C:\Users\Admin\AppData\Local\Temp\7z799F9178\HyperVChecker.exe"
3⤵
- Executes dropped EXE
PID:1540

C:\Users\Admin\AppData\Local\Temp\7z799F9178\HyperVChecker.exe
"C:\Users\Admin\AppData\Local\Temp\7z799F9178\HyperVChecker.exe"
3⤵
- Executes dropped EXE
PID:1600

C:\Users\Admin\AppData\Local\Temp\7z799F9178\HyperVChecker.exe
"C:\Users\Admin\AppData\Local\Temp\7z799F9178\HyperVChecker.exe"
3⤵
- Executes dropped EXE
PID:2448

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:952

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ffb7dbf3cb8,0x7ffb7dbf3cc8,0x7ffb7dbf3cd8
2⤵
PID:2228

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1800,4830379574060870414,15703220791970453127,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1840 /prefetch:2
2⤵
PID:428

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1800,4830379574060870414,15703220791970453127,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1164

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1800,4830379574060870414,15703220791970453127,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2548 /prefetch:8
2⤵
PID:4548

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1800,4830379574060870414,15703220791970453127,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
2⤵
PID:2916

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1800,4830379574060870414,15703220791970453127,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
2⤵
PID:2680

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1800,4830379574060870414,15703220791970453127,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4156 /prefetch:8
2⤵
PID:5076

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1800,4830379574060870414,15703220791970453127,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
2⤵
PID:72

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1800,4830379574060870414,15703220791970453127,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
2⤵
PID:4364

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1800,4830379574060870414,15703220791970453127,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5580 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1472

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1800,4830379574060870414,15703220791970453127,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5420 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:392

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1800,4830379574060870414,15703220791970453127,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3652 /prefetch:1
2⤵
PID:5180

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1800,4830379574060870414,15703220791970453127,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3640 /prefetch:1
2⤵
PID:5188

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1800,4830379574060870414,15703220791970453127,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
2⤵
PID:5508

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1800,4830379574060870414,15703220791970453127,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5896 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5924

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1148

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3748

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1152

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb7c07cc40,0x7ffb7c07cc4c,0x7ffb7c07cc58
2⤵
PID:1184

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1928,i,18382631076511315421,15241194647495458100,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1920 /prefetch:2
2⤵
PID:4104

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1764,i,18382631076511315421,15241194647495458100,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2156 /prefetch:3
2⤵
PID:1648

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2208,i,18382631076511315421,15241194647495458100,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2220 /prefetch:8
2⤵
PID:2724

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3064,i,18382631076511315421,15241194647495458100,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3152 /prefetch:1
2⤵
PID:2388

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3076,i,18382631076511315421,15241194647495458100,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3284 /prefetch:1
2⤵
PID:1604

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4600,i,18382631076511315421,15241194647495458100,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4656 /prefetch:1
2⤵
PID:324

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4896,i,18382631076511315421,15241194647495458100,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4940 /prefetch:8
2⤵
PID:5340

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4900,i,18382631076511315421,15241194647495458100,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4952 /prefetch:8
2⤵
PID:5384

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4832,i,18382631076511315421,15241194647495458100,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4368 /prefetch:8
2⤵
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
PID:5980

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
PID:1960

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb7c07cc40,0x7ffb7c07cc4c,0x7ffb7c07cc58
2⤵
PID:1452

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
PID:2196

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb7c07cc40,0x7ffb7c07cc4c,0x7ffb7c07cc58
2⤵
PID:4488

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3300

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5448

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Browser Information Discovery

T1217

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx
Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val
Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
Filesize
40B

MD5
002032ef86b63e0918832b475a2c3e76

SHA1
a2f6e0542b8bd7a9964a082a8c95ec07abb3630e

SHA256
b2e4d29196b60ef492cfb2468cc2aceb91314e33cfcdc3fdca696c23b453f621

SHA512
43dca9f89fe685499717cf6ee5cc5f0a737be929034027907187c0dca272d6427c600f9e87b4cdd1f2c1b6747ce36388f11a8f9cf61f2c62bbb0ee0be6798097

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
Filesize
649B

MD5
5880700197d1fa210b6b0912e7bb0033

SHA1
f629d6a4a2d354c45383f6ebe773af13e010ea99

SHA256
8e7d9e4a542f613eb08dab5b0b3cc89dcb9a16cd5f62a58cad4618411b0f0d71

SHA512
a5b7add8412a3c86a245e4fb318fa9631d4e790dd54c873cd715502781f0e7d2cad5e19ecd015f3d0da2613c37aea2e537dc4ad862ec93734d167df500915c56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
fb6f4bf202355f0c64bd3d1f83bb61ff

SHA1
02d6cd3aa91e25b052f757b72620fd6bc7101f34

SHA256
935f566e5c69e4bcad8fd9ccb0c63fd40d19d5b88ea11f030608a52e548521e5

SHA512
4c42956c35259406e833ab3e007813b9d6c4ed969bd2fbae61dbd33da2fd15e596c7744212ade70d5d9ca99fcd1945fd1aedc20131b8a2065ad4830a8e4da23f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
e317396d291b5f87e176a8c85807df37

SHA1
6558f5a80ab861f43c29cd653982088fdc0280e2

SHA256
f1e2693cd248a7266151cb65d116f385daf87232cf730a2fe55f8de9476dab2a

SHA512
0c50f9e105095a44be5120f3e959737774d6643fcb9492d50acc3c41d866650171b4799c9c0c38279fb0d87ae1fd72ab732732021f8450d280a1246d0b588ba1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
356B

MD5
6ab498db5bbd1ed0ed5259231ae87dcc

SHA1
694417376c5e7eacec37e3e0fe25f1ee6319386e

SHA256
279d0956fad758e546d1dc0a5902e8fa4dec8eb662a789090b21dd26633341f2

SHA512
d479348cc17d823a9303a20ac4d1efaa4d3ddd8615426bf3839e8c71c502250467b8ee71dfe6bea94f55a455db9fdb663d81a3d4d873cb0b7d84564a178c922a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
9b4ec3acc87bf5d019ecd4c9faa8dd57

SHA1
61c11a4906ed5f8bab75369412d49ee8bb0ebd04

SHA256
f070b1e42f6cbd966f8617e4a18d90c3ac1ed38735a8a25d53978c4e664e6ac0

SHA512
23c0482595381ad189ecc9b000c7083c0aea5679b2757650c3271ceda91675fb4826763fc46d66eb704802d7376101e63790385c707f365941cbd61697fe6064

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
9cffd35c88b86e59685165e53c612ccd

SHA1
3df37c2f56c032d7995381d138824f9f5c0dac83

SHA256
db59be6a4b060be896465324544e2272363efa14c031097c6e414fa5b79d50a5

SHA512
bdbba9c86d875e5231ae1e635077cfbd0328ef6b5c22cb07791bddd6ad0cae63d4460266ca6f6c0fe501e46eda9f0a2ca9849b694d3e46a6f4eca480dfe26700

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
c6d2352901d43c7d4a588a14f12f52a5

SHA1
e1f04ab257ddc47c8d0eaba823d79a95782f2693

SHA256
2740579eebb51eff5206beaf0412f62a70c9176ffacbbc83b4f598fb4ed3452f

SHA512
e0189123ede3feba9f264e0e0515e3b44a1b2043f13922066dc05b1408873aeeda71435431cedf38e4a258df02a38b564c096ef2fb585d4e98673e6746e8a1de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
5bfded234472f8b0d2aa5525a53a42f9

SHA1
4f35e72c7692a20b40ee410f7e35bdeb6e9014e7

SHA256
510548e7cb756be924659687dcb201de36aa637a8135edf62edcc1021a96dbf2

SHA512
1de0e7d5cd96f95b6f8ba216c6cf08acdbc1a14e6758b482704f31ae32d32bf24e490e1016ddeed9bce21e8191d0f9f963251ef5f8602db21c421ed098849ee9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
724cd927254863ff6f68f9a354bbb315

SHA1
afed3a6972ee45006fbc9ec0dc84418b9f945853

SHA256
c3c869c6657281874e4e84cc00c7f3336a8598ce0800e3ee7b1652157d1ae436

SHA512
4175f7773f4de39a57f3d1b27c5852aff3a81ccb0001aa9689852fb2608cea772c5624bf497d4efd53d58c123b536a0ca9b3f49e69ac3c0ad8cd030c7616ba44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
a2b3d57bc8f45bc562da2bac8465966f

SHA1
8db01afd6af1d0121f80007478bcd46ec806eea9

SHA256
a20045f3032b8b15e7515d980db87a84e855c2e4bab0a862fcf4df591d1ab374

SHA512
ddca43d1c81c54eda034c36611c7ea0629670dab614a1a796ab4a8913e1b3b808409b0f3bd311689e900b0ecd6a508ab25ecd2596c946f7ec7101d4af80fd880

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
954f338e8bc86efe4703826cd9b86f28

SHA1
5bc1a72b8efb9eb1aac98e04d6176e16bb15ec8a

SHA256
814c9124e88a020e8ca87da4fb90be8e003f038e1c7691a42c2783505ab04be2

SHA512
71138320715c43c117fd3b8e3e46215f67e3b6461bdd0527ce4e75f04011173a55a352a8f9fb0951c9f1161cbf49be882ae545bff3d36d5d78633f57cc6a68fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
7de13f920e053f9e192a345313a1ca39

SHA1
d03d763017a399379216e060bb7552b3fa316a97

SHA256
001f89fb6071726d1ec9174f2472589b09947fede560cd091022ffc150be2170

SHA512
ee543d5bd51063ff6db82c297457e3dc6eb268383627aedcdfabb3e2907b956dd5ccb9a6e2c252be601a672901ce4f4387ed3c401cc9e1f06671c680b6464650

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
669e94fe66ea0a1db930550c9e0db0d9

SHA1
f83c37065a214b817215fceca223526b47249130

SHA256
3c83fe5a71bfbb9405ff4a6c748140287c6c55f6c31807f3fd64fb3108d60e05

SHA512
e8d9b3f4d0465cc256d8e60c97ac6e185db7a40d1ae92e88301c0aa18edd72e99974918ce30e1b2c221695f3f7ba56460ce9973f96a74183b44fdabc09fad1d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
6caf41c891a24f141337bed6ba1caebf

SHA1
1b93c7c1c1986d45fb089e229108c1ec98b60a71

SHA256
6f94840a650055f9d5f576ea7050535400142cf90c0dc6094a2d4da0f1930308

SHA512
e3c83c8125ad5fd04bba65571175fa00bfc7a6473b2750865493f7c505d9981481243f58724de11876aa2ebd7f31cc96523f55a559cebc9c863495796ddb1e6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
4f133b4f0d3e4c36352fe0fad1d3b27d

SHA1
e0a54b8e4da213aa972b49b3d62f2334603cf074

SHA256
f02a237ba662206335857a97c160840348a2966b9759157c06cf43e21d6a1bba

SHA512
fccc7e0701f69925c8d5b9303681cd8e527e6fa3d6ad79fca9b0726786c8fdc2ffa3467b29ebc9c7c4fa5959b680eee6c86d596db1927ef6393512ca54522d96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
842446f2a254d677d330480d97fc303e

SHA1
2982e7a5c37ca64a799dfc886872bb9d3e45bd1a

SHA256
1c242f201e74d468263c4b0c09aee4502c0dee02a18742d480484bef3c523b33

SHA512
39b6405e7ac8608a150f1fb7ef6ce1166cb77da223af1aca0df97388135051925d26d0920cb41b635c139ae743a8c285ed2e1ec61817b02155d9e8fe8da8fe03

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
dae583ba85ddd9ab6ba4f40cf0dbbc92

SHA1
2dfeb6434595456ec5f324191fc6da0d66b9af2c

SHA256
1dffbef84b4899e340c1ca5c5d0ad56433398b44266bd5d202861b2a0bcc4cff

SHA512
3645c90bc620818af3a74bfa08750117410db0b8e29fb7fca0c9ac5f06719960499041c5134c445e11bd522af83a4a71a0584864310e3748022d8e0b2eb67420

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
09d79c1e4d9db61b27570d57d8c263f5

SHA1
0246c3e52b810391b6b9db19741ca9dd627768b0

SHA256
6676e2857c5fc8bfa036e1016364cd885bb89ce7409e46bf0564429fdcec5c7e

SHA512
fa53164b2d430931ca961eb9631485578c2b871d52f2d9828e60208f24d3e6940ac5176b122e0fe3504e3cb786f20f33d0d3de953a61542818baae3561af965a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
e3a75708cec23e7277c87c7b185a9a60

SHA1
1d7affac9926e1d73e0415d03cd5042f2c273eba

SHA256
62a255d671c8196f4055420b6ec38f1fc6eaa3e0daf3e9d80f5d16b6c7a4f588

SHA512
b749f763e1889cc46177141b49d4a78c5af346131e87f4b13eec663c502e6d5a3e7ee19833baa9b5fa4023d4d1ad3101e8a3e150fd8f891166bf177ae3846092

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
d4909a3dd3af44b701ceb32a55e3f395

SHA1
8f7dbfd58f96decab7723737845f7c9e08f111f0

SHA256
525d78d70630b31156f28236fd9d53e3fede52931fbb1690867a2cde3e009b96

SHA512
d2948db006bcc768e8539bd8426c6b2a661e2985423269228e24174bf244855f6be8417c02b3415d502a650b34c85ba47f0295ed11dda3cabfa93522d2d7fcf3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
7022cfc7010de80151619dfc765bb485

SHA1
3a495623692a75510f611e8274d8ef3b9919b47a

SHA256
b86c4206858c9c485ec207db3d2e1c4d7bb3817e867fd4a529749989428ba006

SHA512
bd79ba3572e208c85c7f7e26c73b3cc4a2c89826eaf8524dca213872830e5945facfe61a4cd4bac4c958f4851fea50672ad2ef87310403fe1c3fd3e996dcf803

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
9KB

MD5
3d1f618ff8155731be7470281b1e3bdd

SHA1
1b8b5c38c471e8ab90f695b2d01b41ea30c1f638

SHA256
3b1171f9d948beb148fb05187bcbf1d385ba1632071081c1cde4272d66f3b012

SHA512
bd865eda7c64a2375ec23d689c5d1cdb4985a2c0bf84e3460221baf0edc95d387cfd24b54d80173897ae45455bb49ba7058ea8dc2700a3f6368c4365f08ffc31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
15KB

MD5
c48d6dae30c7062398e83a4c708f355d

SHA1
4d39c0b919a8f0caca52018a74b43daa2fe22cb1

SHA256
2563edb25b7d5c4b4fcf5ef41fd62cf1acd1cdc32687d6244bc49793830ec16f

SHA512
0b4f8c822ad44295a1dc972021d4bdbaebfc9575233a4951eadafe850b18d143914adff104491013775dab414cea5ad9d0df7d00206a8dd176b369d4e2b50edd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
202KB

MD5
3ccd50202e2149b65bd1b067017fab95

SHA1
d09a0188d1747bc7042132032b3996d813ac8222

SHA256
4677935361d90247275f6e8712605a9c895a6df1c309d18205f766d3e75df41f

SHA512
04b067b9aac108531c5d84fc6cf7c85c9ef9835fce32c871877dca55a6d9891cb12649f6a8ce7dd63145c447b7c56da4fa35b4544444db85dba27f2b19d3b796

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
202KB

MD5
c0d7e63e85b8f530e4fd035ac02c2eb6

SHA1
64804c6c1f9f37eac7ce3a1ff4d3face892f9ed2

SHA256
c6a4ce92d5af69e4b89d6de09b9188444a1568c50c48ba89fa2e41cb9aa69d16

SHA512
2ec60ec113b6ccc6ecafbc1a43e912ed96ce1c5a90be5b929ca147a5fb3d1a087c144dad7d6d711106809bedc9b8ab5f2701fba0e78a18994403d4bfdb893325

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
e8115549491cca16e7bfdfec9db7f89a

SHA1
d1eb5c8263cbe146cd88953bb9886c3aeb262742

SHA256
dfa9a8b54936607a5250bec0ed3e2a24f96f4929ca550115a91d0d5d68e4d08e

SHA512
851207c15de3531bd230baf02a8a96550b81649ccbdd44ad74875d97a700271ef96e8be6e1c95b2a0119561aee24729cb55c29eb0b3455473688ef9132ed7f54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
3e2612636cf368bc811fdc8db09e037d

SHA1
d69e34379f97e35083f4c4ea1249e6f1a5f51d56

SHA256
2eecaacf3f2582e202689a16b0ac1715c628d32f54261671cf67ba6abbf6c9f9

SHA512
b3cc3bf967d014f522e6811448c4792eed730e72547f83eb4974e832e958deb7e7f4c3ce8e0ed6f9c110525d0b12f7fe7ab80a914c2fe492e1f2d321ef47f96d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
ccbb62a2b42fe537c4a22ebbbadfbf7a

SHA1
f2cc37be6990eccc24f121e95c44ab59728f7847

SHA256
e8c597ae4cfe3605aec878f20009e2e45391ccc258159d1f9ada1398b6a46597

SHA512
239d1b8c972e17b9c6500377fb3089df66077b5c49d8f5456f5cfbaa871904f7175ed92e32f4394af171114f70f88c5d478da5143645a68e2472532cd92ca4cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
404db87ffd4d562fa7fe78080682ed56

SHA1
ca98e9c04891cbbb2f8befc5eb812afe93c4d550

SHA256
f6d949d3ab52eeb8ebca8ac6cda5ab07c7ecd257c5e459ac64eda51c820852b3

SHA512
3dae07df5365c5a9c3b964afb210522e52c83f0412adc7936b05421529eda955a5921c216f44b2938847f4a046219a9b95e6e01c7c2b31475933449624b4a5e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
3f5e4e09f0be2ac44fa657bff039eecf

SHA1
0f81ac30920c54760dc0c6286871f941b31c669f

SHA256
0d0ee90733fc63530e41abed25a22a2b359899a89ad411d831581b0f335faae7

SHA512
b136e2eefb6725f7e48878bb9ddb90f7b25fed35ac642d144be47e5cfb2e3116a59d2fb818a366b8550211b243ff636a40c65623ea827477d78f66303dc96c74

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z799F9178\ColaBoxChecker.exe
Filesize
4.0MB

MD5
839708e3f96cf055436fa08d6205263c

SHA1
a4579f8cb6b80fe3fd50099794f63eb51be3292f

SHA256
1373c5d006a5dbcd9b86cfff9a37616f1245d1333c4adcefc7cd18926b98d752

SHA512
ece67e031e06a0442d935e7d81d0eed57ae92b348b5d104423577478ce226e4a4bde834c54e31d33bfe6f574fb7798ba96886d9e8edb738edee6e7c9c43054cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z799F9178\HyperVChecker.exe
Filesize
117KB

MD5
dbd84c6083e4badf4741d95ba3c9b5f8

SHA1
4a555adf8e0459bfd1145d9bd8d91b3fff94aad0

SHA256
9ff467bc5a1c377102d25da9fa9c24dcc4375f456510f71584f0714fdfb2af39

SHA512
fb5fe74f64254609e07d6642acf904562bb905cd7c14c6f85ba31bcdbaf06686c0586609ec4f5d2f8f55ff90334dcbb774a3a6e78df74bf1b1d0cd03dec21870

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z799F9178\baseboard
Filesize
115B

MD5
e240161b205bf7c30458ff840080d447

SHA1
161a26de3746e4b85c6dbe80d16aa7b8dc8def5a

SHA256
676d7b9a71b9fc6405f240d1c02da521de8367b45b4ff1627d0f4800f4791e25

SHA512
15f7dd87410ebb3789c0430c62f849500c388532a6de368405dec4e7bab2591809c008686a6db49fb04abf29bdd88569f2966e5d985ed58d99164e3a110d5a2a

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z799F9178\config.ini
Filesize
346B

MD5
d00fb4c61a255b58ff09886c6c72461b

SHA1
4e4f7d7ae36f67a4d6fc8479f8400b3eb769e978

SHA256
77dec4d79e1e844a2156f101defc0fc81c138a989e8ba1c722c58feb91b3cd4a

SHA512
8494ab9fe0594f3ff7b0893ca3e25d6d0a706e546e92c5b662aa864affcefe5f9721a6a95f37f40cdacf39d27a23e2b3cd5dbca4d7b8909cd7c186209d4b46db

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z799F9178\nemu-downloader.exe
Filesize
3.2MB

MD5
cdf8047ceae80d9cd9eb798a57bf6084

SHA1
8e7971401fada3099aed61849745fda37e1c0d32

SHA256
1f01a9abac64fae72e0a253ad9ffe2d62cd2967c1c2bc90fb956ac446fe2b11e

SHA512
ac366f38f39b935110192d1355147392ced5a21966cc22386804356dce24b2da7971a6a60d675689f93d74014d961bfb3b0c13cf06809b9f9feef580045e20dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z799F9178\skin.zip
Filesize
509KB

MD5
ecb43530caf9566c1b76d5af8d2097f1

SHA1
34562ada66cd1501fcb7411a1e1d86729fd7fdc0

SHA256
a12381f97aee2d91568f44b23e866ccc99f0ae5e5961f318ed24b72f4f5da80a

SHA512
4a243c0bc4dbaf892bee91ea7eff9e6a7732d3aa2df5bebd9a4bea2859a30a8511945ce3bb823f7ef921f2e1a98906fb676fce85f25fd5908646b3a2f5d02563

Download Submit
\??\pipe\LOCAL\crashpad_952_NTRBHRQOVDIABVAK
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit

pid	process
4484	nemu-downloader.exe
4724	ColaBoxChecker.exe
1540	HyperVChecker.exe
1600	HyperVChecker.exe
2448	HyperVChecker.exe