9623e9d39144fe8cda359342b819a0f6744cd23240bdc60c86a8bb529e5e5e32

Resubmissions

08/09/2024, 17:08

240908-vnm4hszekd 3

08/09/2024, 16:52

08/09/2024, 16:38

08/09/2024, 16:18

08/09/2024, 16:00

Analysis

max time kernel
577s
max time network
779s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
08/09/2024, 16:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

image.png
Size

133KB
MD5

2889e77165fea6da04ffac80aa6f9f7f
SHA1

70a24dbf6515418fbb727a2a31046f97554a35eb
SHA256

9623e9d39144fe8cda359342b819a0f6744cd23240bdc60c86a8bb529e5e5e32
SHA512

ccfd1f93fda241cb89adb10a22291ab2fe20a4690174f2d1046532c9f8a7bf8a68d9fbebbce625872586552f199130c1d61eca3b26f3f60303bcd2db8c0af41f
SSDEEP

3072:TjOH6+5Zd20NW40idwU84qB+forxinsOlm3K1vjBj:TjOtZdPNNqEfsXK9J

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1287768749-810021449-2672985988-1000\{FA416A15-DD94-420F-92D5-C114D0182005}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\LOIC-1.0.8-binary.zip:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
1124	msedge.exe
1124	msedge.exe
984	msedge.exe
984	msedge.exe
2704	msedge.exe
2704	msedge.exe
3308	identity_helper.exe
3308	identity_helper.exe
4624	msedge.exe
4624	msedge.exe
3796	msedge.exe
3796	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe
3560	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 6 IoCs

pid	Process
3560	LOIC.exe
1760	LOIC.exe
4768	LOIC.exe
2296	LOIC.exe
3452	LOIC.exe
2300	LOIC.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 26 IoCs

pid	Process
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe
984	msedge.exe

Suspicious use of SetWindowsHookEx 12 IoCs

pid	Process
3560	LOIC.exe
3560	LOIC.exe
1760	LOIC.exe
1760	LOIC.exe
4768	LOIC.exe
4768	LOIC.exe
2296	LOIC.exe
2296	LOIC.exe
3452	LOIC.exe
3452	LOIC.exe
2300	LOIC.exe
2300	LOIC.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 984 wrote to memory of 3888	984	msedge.exe	86
PID 984 wrote to memory of 3888	984	msedge.exe	86
PID 984 wrote to memory of 1400	984	msedge.exe	87
PID 984 wrote to memory of 1400	984	msedge.exe	87
PID 984 wrote to memory of 1400	984	msedge.exe	87
PID 984 wrote to memory of 1400	984	msedge.exe	87
PID 984 wrote to memory of 1400	984	msedge.exe	87
PID 984 wrote to memory of 1400	984	msedge.exe	87
PID 984 wrote to memory of 1400	984	msedge.exe	87
PID 984 wrote to memory of 1400	984	msedge.exe	87
PID 984 wrote to memory of 1400	984	msedge.exe	87
PID 984 wrote to memory of 1400	984	msedge.exe	87
PID 984 wrote to memory of 1400	984	msedge.exe	87
PID 984 wrote to memory of 1400	984	msedge.exe	87
PID 984 wrote to memory of 1400	984	msedge.exe	87
PID 984 wrote to memory of 1400	984	msedge.exe	87
PID 984 wrote to memory of 1400	984	msedge.exe	87
PID 984 wrote to memory of 1400	984	msedge.exe	87
PID 984 wrote to memory of 1400	984	msedge.exe	87
PID 984 wrote to memory of 1400	984	msedge.exe	87
PID 984 wrote to memory of 1400	984	msedge.exe	87
PID 984 wrote to memory of 1400	984	msedge.exe	87
PID 984 wrote to memory of 1400	984	msedge.exe	87
PID 984 wrote to memory of 1400	984	msedge.exe	87
PID 984 wrote to memory of 1400	984	msedge.exe	87
PID 984 wrote to memory of 1400	984	msedge.exe	87
PID 984 wrote to memory of 1400	984	msedge.exe	87
PID 984 wrote to memory of 1400	984	msedge.exe	87
PID 984 wrote to memory of 1400	984	msedge.exe	87
PID 984 wrote to memory of 1400	984	msedge.exe	87
PID 984 wrote to memory of 1400	984	msedge.exe	87
PID 984 wrote to memory of 1400	984	msedge.exe	87
PID 984 wrote to memory of 1400	984	msedge.exe	87
PID 984 wrote to memory of 1400	984	msedge.exe	87
PID 984 wrote to memory of 1400	984	msedge.exe	87
PID 984 wrote to memory of 1400	984	msedge.exe	87
PID 984 wrote to memory of 1400	984	msedge.exe	87
PID 984 wrote to memory of 1400	984	msedge.exe	87
PID 984 wrote to memory of 1400	984	msedge.exe	87
PID 984 wrote to memory of 1400	984	msedge.exe	87
PID 984 wrote to memory of 1400	984	msedge.exe	87
PID 984 wrote to memory of 1400	984	msedge.exe	87
PID 984 wrote to memory of 1124	984	msedge.exe	88
PID 984 wrote to memory of 1124	984	msedge.exe	88
PID 984 wrote to memory of 1476	984	msedge.exe	89
PID 984 wrote to memory of 1476	984	msedge.exe	89
PID 984 wrote to memory of 1476	984	msedge.exe	89
PID 984 wrote to memory of 1476	984	msedge.exe	89
PID 984 wrote to memory of 1476	984	msedge.exe	89
PID 984 wrote to memory of 1476	984	msedge.exe	89
PID 984 wrote to memory of 1476	984	msedge.exe	89
PID 984 wrote to memory of 1476	984	msedge.exe	89
PID 984 wrote to memory of 1476	984	msedge.exe	89
PID 984 wrote to memory of 1476	984	msedge.exe	89
PID 984 wrote to memory of 1476	984	msedge.exe	89
PID 984 wrote to memory of 1476	984	msedge.exe	89
PID 984 wrote to memory of 1476	984	msedge.exe	89
PID 984 wrote to memory of 1476	984	msedge.exe	89
PID 984 wrote to memory of 1476	984	msedge.exe	89
PID 984 wrote to memory of 1476	984	msedge.exe	89
PID 984 wrote to memory of 1476	984	msedge.exe	89
PID 984 wrote to memory of 1476	984	msedge.exe	89
PID 984 wrote to memory of 1476	984	msedge.exe	89
PID 984 wrote to memory of 1476	984	msedge.exe	89

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\image.png
1⤵
PID:1972

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe13e33cb8,0x7ffe13e33cc8,0x7ffe13e33cd8
  2⤵
  PID:3888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,14845823155697168285,4490915816304509385,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1920 /prefetch:2
  2⤵
  PID:1400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,14845823155697168285,4490915816304509385,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,14845823155697168285,4490915816304509385,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2424 /prefetch:8
  2⤵
  PID:1476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14845823155697168285,4490915816304509385,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:2724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14845823155697168285,4490915816304509385,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:2076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14845823155697168285,4490915816304509385,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4828 /prefetch:1
  2⤵
  PID:3588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14845823155697168285,4490915816304509385,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4600 /prefetch:1
  2⤵
  PID:4704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1908,14845823155697168285,4490915816304509385,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3720 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2704
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1908,14845823155697168285,4490915816304509385,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5276 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14845823155697168285,4490915816304509385,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
  2⤵
  PID:1732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14845823155697168285,4490915816304509385,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2080 /prefetch:1
  2⤵
  PID:3320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14845823155697168285,4490915816304509385,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
  2⤵
  PID:4764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14845823155697168285,4490915816304509385,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
  2⤵
  PID:3828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1908,14845823155697168285,4490915816304509385,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5592 /prefetch:8
  2⤵
  PID:3776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1908,14845823155697168285,4490915816304509385,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5564 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14845823155697168285,4490915816304509385,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
  2⤵
  PID:1528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14845823155697168285,4490915816304509385,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
  2⤵
  PID:2104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14845823155697168285,4490915816304509385,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3596 /prefetch:1
  2⤵
  PID:1808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14845823155697168285,4490915816304509385,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
  2⤵
  PID:3828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14845823155697168285,4490915816304509385,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
  2⤵
  PID:8
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14845823155697168285,4490915816304509385,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1
  2⤵
  PID:3552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14845823155697168285,4490915816304509385,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4828 /prefetch:1
  2⤵
  PID:2104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14845823155697168285,4490915816304509385,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3052 /prefetch:1
  2⤵
  PID:4212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14845823155697168285,4490915816304509385,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1
  2⤵
  PID:4624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14845823155697168285,4490915816304509385,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:1
  2⤵
  PID:4996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14845823155697168285,4490915816304509385,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6308 /prefetch:1
  2⤵
  PID:4448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14845823155697168285,4490915816304509385,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
  2⤵
  PID:3920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14845823155697168285,4490915816304509385,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6676 /prefetch:1
  2⤵
  PID:1732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14845823155697168285,4490915816304509385,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
  2⤵
  PID:3180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14845823155697168285,4490915816304509385,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
  2⤵
  PID:4732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14845823155697168285,4490915816304509385,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6812 /prefetch:1
  2⤵
  PID:1100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14845823155697168285,4490915816304509385,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6708 /prefetch:1
  2⤵
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14845823155697168285,4490915816304509385,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7124 /prefetch:1
  2⤵
  PID:2756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1908,14845823155697168285,4490915816304509385,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6292 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:3796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,14845823155697168285,4490915816304509385,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6476 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1908,14845823155697168285,4490915816304509385,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7288 /prefetch:8
  2⤵
  PID:1368

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4960

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3176

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004CC 0x00000000000004C4
1⤵
PID:1296

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5000

C:\Users\Admin\Downloads\LOIC-1.0.8-binary\LOIC.exe
"C:\Users\Admin\Downloads\LOIC-1.0.8-binary\LOIC.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3560

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\6f6af9b0f8f64ac1af799df2a06feba8 /t 3956 /p 3560
1⤵
PID:472

C:\Users\Admin\Downloads\LOIC-1.0.8-binary\LOIC.exe
"C:\Users\Admin\Downloads\LOIC-1.0.8-binary\LOIC.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1760

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\dc8b84334c6e49b3896d638b23ce9fad /t 3760 /p 1760
1⤵
PID:1884

C:\Users\Admin\Downloads\LOIC-1.0.8-binary\LOIC.exe
"C:\Users\Admin\Downloads\LOIC-1.0.8-binary\LOIC.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4768

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\cd259cc9f4ef4fb6a459748f79758c43 /t 4756 /p 4768
1⤵
PID:416

C:\Users\Admin\Downloads\LOIC-1.0.8-binary\LOIC.exe
"C:\Users\Admin\Downloads\LOIC-1.0.8-binary\LOIC.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2296

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\17e7c7f80a334fa6b8063e7fe12154b5 /t 1804 /p 2296
1⤵
PID:2552

C:\Users\Admin\Downloads\LOIC-1.0.8-binary\LOIC.exe
"C:\Users\Admin\Downloads\LOIC-1.0.8-binary\LOIC.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3452

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\d54158dfd88d42b9970e1083c08c3616 /t 3840 /p 3452
1⤵
PID:4640

C:\Users\Admin\Downloads\LOIC-1.0.8-binary\LOIC.exe
"C:\Users\Admin\Downloads\LOIC-1.0.8-binary\LOIC.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2300

C:\Windows\system32\werfault.exe
werfault.exe /hc /shared Global\ffc9e0be7b534e9a9251fb944ebf7340 /t 924 /p 764
1⤵
PID:4488

C:\Windows\system32\werfault.exe
werfault.exe /hc /shared Global\5296c90cf76943468f3875f9ee029fef /t 3812 /p 3752
1⤵
PID:2752

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\59D76868C250B3240414CE3EFBB12518_156EFEF947C50E304427CBA22E234173

Filesize
471B

MD5
bf4fd17202dfcc281fa62e64b30fa753

SHA1
916cc02e2ad719e19245214e66f5ec193fd47734

SHA256
26994e73e9c4adbcbf1f23a2e64618cf812db763e73087f973097d3e47d12a94

SHA512
6bb6fb1f8cf10e21cadf386c6e2745e290f33d2a25c2948ef3d48e549db1711c45bfba231f8d4481a5edc4d617d14cafb5dfd01d35ca3dbf2e449bab007c4450

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_49536AB5156BDD74EFF881D01C36A419

Filesize
471B

MD5
b6ca86751aa7bccdb077ab7ed119f810

SHA1
2042bcb88271d112e8e7be346e8389498c557cf7

SHA256
b582902962e49b7632737e632b214ffa6b9c533a41b6830ef2f4c1889147deac

SHA512
2eb495eb89dda2c99b02a94c265e678933ab88500b5474a84cb56cb8bc575847bb7f1db675f83fb2be4dddfc40e3911fda8f4168a83db801ef15d88281e798d1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\59D76868C250B3240414CE3EFBB12518_156EFEF947C50E304427CBA22E234173

Filesize
404B

MD5
2f56be6397bb95ce7ae9a6981a55510c

SHA1
46558a6148a51812dbb393fc01b75c6d70cf0e06

SHA256
9a02e56ba93523c5fc98f4c68345b267699f984001e02f684f840436e955b0bd

SHA512
d4e91ffc52be62c67be99d870a98a1ebbb645fa8cb453e4cff390255725482984d0130b1d6f0ceab83da6d694aa70c07bde5f70faca25d9101a6303391de176a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_49536AB5156BDD74EFF881D01C36A419

Filesize
412B

MD5
fb14a5ce936648f6b8ae930ecbba43ef

SHA1
be4318d8edd73c91f9162093279e1c9e2a098506

SHA256
835d7978c6cbbea297020171abfdc3bb9aac37605dd134a7c30ff12fe53cfa10

SHA512
8e8821be8c976f4ab56351b6cee91ce55e20469b566f31ad6ce94fc206b528e4dca2df8383c927187df5a3702d0585bd29bd35b845fdcb4c33b2ef2973331572

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d30a5618854b9da7bcfc03aeb0a594c4

SHA1
7f37105d7e5b1ecb270726915956c2271116eab7

SHA256
3494c446aa3cb038f1d920b26910b7fe1f4286db78cb3f203ad02cb93889c1a8

SHA512
efd488fcd1729017a596ddd2950bff07d5a11140cba56ff8e0c62ef62827b35c22857bc4f5f5ea11ccc2e1394c0b3ee8651df62a25e66710f320e7a2cf4d1a77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
03a56f81ee69dd9727832df26709a1c9

SHA1
ab6754cc9ebd922ef3c37b7e84ff20e250cfde3b

SHA256
65d97e83b315d9140f3922b278d08352809f955e2a714fedfaea6283a5300e53

SHA512
e9915f11e74c1bcf7f80d1bcdc8175df820af30f223a17c0fe11b6808e5a400550dcbe59b64346b7741c7c77735abefaf2c988753e11d086000522a05a0f7781

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
67KB

MD5
929b1f88aa0b766609e4ca5b9770dc24

SHA1
c1f16f77e4f4aecc80dadd25ea15ed10936cc901

SHA256
965eaf004d31e79f7849b404d0b8827323f9fe75b05fe73b1226ccc4deea4074

SHA512
fe8d6b94d537ee9cae30de946886bf7893d3755c37dd1662baf1f61e04f47fa66e070210c990c4a956bde70380b7ce11c05ad39f9cbd3ea55b129bb1f573fa07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
41KB

MD5
9101760b0ce60082c6a23685b9752676

SHA1
0aa9ef19527562f1f7de1a8918559b6e83208245

SHA256
71e4b25e3f86e9e98d4e5ce316842dbf00f7950aad67050b85934b6b5fdfcca5

SHA512
cfa1dc3af7636d49401102181c910536e7e381975592db25ab8b3232bc2f98a4e530bb7457d05cbff449682072ed74a8b65c196d31acb59b9904031025da4af4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
84KB

MD5
74e33b4b54f4d1f3da06ab47c5936a13

SHA1
6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c

SHA256
535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287

SHA512
79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
38KB

MD5
bff21faca239119a0a3b3cf74ea079c6

SHA1
60a40c7e60425efe81e08f44731e42b4914e8ddf

SHA256
8ea48b2ac756062818bd4ee2d289b88d0d62dc42a36cb6eee5bdd2ff347816c7

SHA512
f9e5baefacae0cdb7b9c93afc43ad6ec3902b28c0cdf569e1a7013f4e5c8dfb7b389b5e2bc724b4ddfe554437320f4f2cc648642944c6f48ad2a78815acd9658

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
1.2MB

MD5
54ab7882085a32f5cd524f2d2b2fc3a9

SHA1
53f6361c4164915ffe0280f5e5ce8493b4d8a2a7

SHA256
acfd68f910c785cd62015bed7c3fb922fdc9431329a429691a15078b8ce8b03f

SHA512
1d6980b6e1e62bc24ad4cb95e06eb2309097d6eb5154f80bcd43af26a0e4e12d8099f8602136e2f9cc8cfbd42ad6044c5ecbff2146bf60cf9312d2c8df6262f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f

Filesize
62KB

MD5
6b04ab52540bdc8a646d6e42255a6c4b

SHA1
4cdfc59b5b62dafa3b20d23a165716b5218aa646

SHA256
33353d2328ea91f6abf5fb5c5f3899853dcc724a993b9086cab92d880da99f4d

SHA512
4f3b417c77c65936486388b618a7c047c84fb2e2dd8a470f7fe4ffec1ad6699d02fa9c1bbd551414eef0f2e6747a9ee59ca87198b20f9f4a9a01394ae69fa730

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030

Filesize
31KB

MD5
c03ff64e7985603de96e7f84ec7dd438

SHA1
dfc067c6cb07b81281561fdfe995aca09c18d0e9

SHA256
0db8e9f0a185bd5dd2ec4259db0a0e89363afa953069f5238a0537671de6f526

SHA512
bb0fd94c5a8944a99f792f336bb8a840f23f6f0f1cb9661b156511a9984f0bb6c96baf05b7c1cf0efb83f43a224ecea52740432e3cfc85e0799428765eefb692

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
4d0f60fa5427e56967c2eff474f99ae5

SHA1
3ed00c246aa0f51c338c31b5b90f8991accd10b2

SHA256
f849634cde824d5bb82ee63216a8d66bd8759d93ed80f6ff0a2057ee3c2863b2

SHA512
565fc58e224acf3f63944d70ce0d28c50234589708c1813b7c96d8b3eb9ec0cd2653c5c7f101c4a47844bb75176be2653d03edbe01cdbd9d37520d055ded21bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
0f06d1c0ee4b8d1b94c6305a7bdb5f0f

SHA1
bb808c0679f6067da1fa7320fd8fcb219c2551c5

SHA256
80101fb2ece45c78141d481011c40304665c5c9b29d94d8222d8037672dd3d6c

SHA512
6eea5e5bb1970c95ee3274d987d0d7be52ecfddb5663b93626a46edb85cf22967c3cb01fa9018ad2bb37885fb93919ebc742cb599ad160ce6ce3a914bd8dba7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
0255b8f72ddeb04f5e4a4c292d75cea4

SHA1
56be29d976f561e9233dd2f44c3eb0f43d92a9e9

SHA256
479001349e3fd6aeffceb614a331c9a19b87be783b30bb3a6f5f0634fbeca60f

SHA512
e72d98488a3af6c1814477377099dd84011dfa978305c7fd81d4677f0beeffb4b5adda0818cfd317c521ab166b21910510de88fcaa43400917df80641f617cbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
660c70eb6802d4f4fc93a855e88994e0

SHA1
4fa4aceabeca71f1ebd280303b72979e843ed64e

SHA256
22a2cf0ae3533f43b6940bbe32a9cc8b62d234945b4a126cc0d025ded0da5993

SHA512
bb49d2a810da3f9b83b602d09738155373d558744a31e36299888fcd4ebcb6d7d52e3c94f0c9b1adbe4be98594d7c475af5722d7be8b12a8690a359e85129477

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
555B

MD5
60a2b14501d302043d0056f0ac4b531e

SHA1
42001bda8c4c04d09c18ff778dc651b9d33fd47b

SHA256
924875700714302a52660a870b2eb2ef39724d30fdc4369b0b18afdac98f670e

SHA512
6ecb20b69c8cefc79f8a978a462b252d8e4f106a801bbec47b66352731a4f3ea3127b58171b39ec5ab7ded8f12a515b3fc8c2520b2c5def576937b50540fac44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
14e6ce2cb002bbca6546b81bbf8fdf31

SHA1
cf79bd4529eaa873e0d533719bfcc6d20f68d752

SHA256
54672d6da11af53b84692c1d74789f1d98747c033f75fc240d92dfb1079c7c68

SHA512
7bb35e06b190daa4c424f78c1013db1b5f244c56c34862153bf2ec05813cd42b45193af8bcc97aeaf6c26d96811496ac03c80c08f8535a065e79bc141445070a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
7c6d9af12511f1284fa7c56f5d0fbccc

SHA1
8f35d586c91215b1da695367d45be2abfb0d12cd

SHA256
c705fb2fdca285ec82a0e019f1e9e260bf9d59d728e4dfe886d71fc1cd81d1c7

SHA512
a0fc08bc1ae8b521cc4b14be0901a14eeb082bb0580c51f1abce8be698be1bcdfc187250b5f9f21e15e0685f497e7a8764d87e725ea61f962b58c19952ee1b3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
c760159815ce6ac21cc53fc90dc43d07

SHA1
86543388e32b291b7547a7e207ba1d297be30d20

SHA256
b1cd0bf9217b78d9c7aad4014a1a7c125f6d62d209b8aa0881a01719ebf1eee5

SHA512
c10fbdb1dd090c3485740c4d752260cb1ce8403d8b2c3aaa1cf145353deee711487329364ecf4900e46813ae73c3dd9e12525d15b37efe56c73e3bb213ebcb9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b070a835e4ad22c503bbf6e20a0053d8

SHA1
3dbee24d814888b9f74d5b9853f145bf47817835

SHA256
3a3e8190274553f93eb66023f9a3bd13104911cb19342a6270306027983a03a1

SHA512
c0a30e2eb62edd894b4b5f113ed7f7cdd8a4c93fc9752178a33ccca19fbb90719e60c2ef278a211b2912cd79c2772852f747d0ec48ed7f7686f7aaab604cf619

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
12a9b3391249b72fb11777a4fa022c18

SHA1
8827d2c8a1efa9506d6d0164f9af284b51b10d6c

SHA256
d12b349e19da476fb31a44d9b06c555bd2b3c7a2d93ec1197a310b6a32d11731

SHA512
22c30ca06e6c2b81233d99a92bf01afa4837c438b1a7e09214620004b78ee312e7f6067096306423178a26a5de6e4f54e47e918e8e9acadedbf6e06f76f30c88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
eef1ae4432f9c04417e1de26b26ed607

SHA1
3daa9c2a6f4ba4e6abac6a6536454661084ef3e1

SHA256
5b2c1eaa90d9bd502ff269f83a895ae6e3b3d1ba732fff61fe7ea87650ff5944

SHA512
6185b05866d85ab022af8a8ace7a4fe3e1c8480c993b0cf962ae68f1151d51a78e104f0f6dddfafdae95d287167a9e5b7b13502127784d655e472694ee0b1bf0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
003c4066a9843d454110d549fcd672c2

SHA1
b8f4e86b86ff8e2a5073baa1c97523766d4cf8e3

SHA256
f98d49482b3d93645ae56cf22283631b9324344b264a9c2c416f93daa7529aff

SHA512
abbc1c3d30888ccb09130c49b0bc2aaf7c3e8ac0cd7a8507b74a2914346f7e94654e6c6aaf17651c9a9eed620c834ba3ded3908763bdb143ccd78d85a02cfcb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ab22d2e3569229fbd56bdfa8aedc5e06

SHA1
3fdbf2a4e7e864e95ed15e332ebbef70115f78dd

SHA256
90c39e60668f82499b40015bc49f94d28f644fb74b6f97080491b7c3d43abadb

SHA512
8c559b5b30680b9f027af51ff7eb56059af18c933237d3e420271007854e64f7c714b40659a52c7c6e1c41c2d440ee35e129b00f0dc59cb660b568ea1110578a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
b0c572702277c663316e97b45e904388

SHA1
a3ba1a06d9d42c64ee5d5f85d48c46df2ae1a387

SHA256
05ae50215c714a3a84fbc0848f27b1eb926ee10aa9e779151236fe08f5b41607

SHA512
5834ac3cc3edfd8286f6eef20fdc7c4365f4f8f39478fc6226b64e22d3d5d9e31a1decc2c8712282ed92ebce3d10953dc67d0eb1c10c5992f17386433a041c6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
9349f4f6a3266ce0b50f211da85d21a1

SHA1
1d5194f56c62bc228a3e03a6db7e95278c1189a5

SHA256
4048795f45fe9c5493adac3a606871b6a82efdeab1d7066fb9abe441facba90b

SHA512
50560b3ffc5c3d0f7abb4d80e38b95896f36927923a79a590d7e8d113f82ade5edae96a43521d10ab84681edc76a492ab2a791256ebc1a28f971e547f0dca31a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
bfd342c62c9633b8a6bd95dac9bbf422

SHA1
a608c169f2fe3bc549e5593d0a309d4559ecc95e

SHA256
6567383c86a2f92a43115ba3439d1e1b8b46c78ccec9b4bf877036b3355c3235

SHA512
db2437789de684c5b27d66be88da41d7669d8a70b1e81dfa3079ab72d562e85f3022ffea6eb06e600efba613bec844cdf2a2956266b256ca8fa8a4b93814b963

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
870B

MD5
e8dfafbb18d65d0d6e0daa4f5b6cfb50

SHA1
ff9357060594929bd86159a32d31d4c544d23f10

SHA256
3c3a1387915e55db955a320a38f3a781fd3c6f60a9ae6f9c7ba6b1b566ed429c

SHA512
5a1fefb7e688c7c16a5fb6d7b641b79857be919727b2cfbabee6af3f29eac16411b72da2baf1b768992ae91d472b1d39d3852a5317f474493e91487daf8b3e56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a033f91d6d633472ea5e46ae7965db3a

SHA1
c887ea9062e233f096cbff8996a49885ab9b744f

SHA256
29825b944c997c056b1334c145c04f79b05bb3848cafb0b8bb6d573089bfb11d

SHA512
8d744ac6383f7f55aa81439faa3247896c1be9bbe6223c11cea0625b84ba0b7c9a49f07fad8ca33410d65b9bf87aa32ba8a29a1d54afd618d62c5ace5c25d29e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58e21e.TMP

Filesize
538B

MD5
830b2cbdf035722f52bbeff22c3cbfec

SHA1
8775d79eb5da788e089a6409ac8a5480bbb4d11c

SHA256
1c909a262844915580cb0cb4f8b127edcaab97a05ee4b0c1afc3015be015b181

SHA512
1c032c07691eee76f258e04948203724d79e2701657f2f5154c5ac4ef31bee3d1a2c45f13f5ccd850359f11bddb6fc53f38cbc02b831a7466c1dd974a6ee34fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
7cc9d43ae66c243bf5e6607c95bcb9d1

SHA1
f37481313f6a54886532ece8cd468c11c1c1b49c

SHA256
9e646504f3a882a628241896d12cb8acb552e75c69d6db5ed9ba11834061247b

SHA512
5d7cb5d9925f4379cd6d76a59fa605d40e6c16ef4bd9fc9e422398056ceb7905add80f7a1ef685887461572a9dab8c9d72af9f34ce80c0e9e615f778e33208ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b75febb8bfb1bcddaa92751bc01b8cca

SHA1
a307505944ad3c0964925aeb438f7bcd9b4631c0

SHA256
576c7b0db0f80413334a778375df12177c82b5643f502da7bf1fe3cf01387cdd

SHA512
42be5bee37bfb8710caa25d38a85d4b6cdd79857a11bd12eb4fc0802a2851d2fa7974d8ca297cecec5e091a77e0c55fcba21d6f67bfd0f69f820da3f4ae16052

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
eb5b60ae8b04d84e100b7eb92c98c3ce

SHA1
c1fa1755d5998ffb841e3f8dbd949bb5ae181bea

SHA256
4fa016eeeef131e88c9cb6584714a0a4504d10920261d173e0a807768f87ce51

SHA512
cc9daf5cf625c9c4719440bc2bcb71e03450ad04faf5a56da6dd09f8a68397869a1fe2a37e2768db44875f101cb988fbb45d00755ab3de43405b88c6137987d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8543b6296ca762ffc5973aa3a4705911

SHA1
9f9325b94f3a41343fed13668e990392882132a8

SHA256
b2baa5500b03ef6c7c0c30840bc82f9871980d54bc1d8913ba4eca8b9fca7f5f

SHA512
be2c8abccdddde1c22b6fe3d748a30c9a5d3dcb093a68060e13b55fb2cbd089897b2ef189a7f25bb0dcce7d2022ec364ae4032fff4934bb29e22aace79b399da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0KMTCVVP\LOIC[1].gif

Filesize
50KB

MD5
389af7889e62038b8405e883a407f52c

SHA1
6fd1c50ff0697294a1eff067955c7bf709473684

SHA256
64d2ab59cf13621ca806eeeda91333e5cdf865722209574d6f41c396bd9f8a34

SHA512
fae1da0e07fbd7d71985e0786e20e9f0d3b364bd6dc32e862f3985ee71347c1a77c5b45910277ed066676c998ca4b684ad22639b077efa67e60c25d9ef39cb91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0KMTCVVP\ai.0[1].js

Filesize
94KB

MD5
1dd63de72cf1f702324245441844be13

SHA1
58a8bdcdcb398af7db424357df70df18e7b30e9d

SHA256
5201c813c37a4168cc5c20c701d4391fd0a55625f97eb9f263a74fb52b52fd0e

SHA512
532d1e907b433ab97785cf632d9637a957152baf0ba57879c856cbaa469bffeca22c4f99485679539944b27068d39e70f7d44282594f999142454da57329a11b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\R7CDL9JE\loicweb[1].htm

Filesize
121B

MD5
73772a56fa102a6889f0f1749691f2ac

SHA1
249922369ac1cb40e95f88e9102d1b83f42e8092

SHA256
db4d28d45df153ec62abdf2233d1ab5bfd73f4dc1b364625c2839e68feb23c24

SHA512
7a279b5b857006d9851d71eb6a0023202c6713be8370ca2e09eb0c4cb32504d916b4982feafd91509bd634e3f8ad9f92002fd3ce2d8d7a969260ce01092b4dc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\S8JG1Z71\JGEO2MTH.htm

Filesize
5KB

MD5
1f653862e2cfcf2e480f2307bed3099e

SHA1
5156092248fa1ec297dca94f93ce7c81e4413814

SHA256
b739866df8f6fb0ec6e8a7769a6d67502b4407c5ebeb4a3d765825eb3c4ec8b5

SHA512
f9a6d14ffcfdfe46a0fba099e0eb313bffb8de6c5bdc025cc1b64536a4d1e6011f5e016b379b42cb91b49f2386a645174544601d388f79a5e1a239f30b549ea2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\WC3VGW7B\js[1].js

Filesize
259KB

MD5
69beac4c4bf1a58c5cdc025f347dac76

SHA1
d8242c07386e90277e534a0b4fca23d8145b2899

SHA256
07153e444779e128da3756121da5605c8d534a57cee25b6bfa27283dadbdabbc

SHA512
09275b51270e13fec0ee5eb595d7384d33af384dd3babe473aa048f1b1905876692d563fe19a1741e0c32cb9fae058e8c3b4e0501cb04077f2064dcf215f14b3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
df2aef091f573a15c929133c97908a03

SHA1
5d2cd4838221e5d5aba11cc31436651cdfee1e48

SHA256
e3bde0ad9554c85011d9bf951147e6ab0ab7bdf9968982cc48d1765786ec3988

SHA512
ce664bf5b2d5105e47c20570e0941470af458293ef30337e6bf7b595770efba33ea3de68089deb42578af40d9484eba9632ed06866bd80b8946234d739e39a67

Download Submit
C:\Users\Admin\Downloads\LOIC-1.0.8-binary.zip:Zone.Identifier

Filesize
170B

MD5
c3f3dd549312c8e2197746c84d0092fe

SHA1
bdf9957565a48445c75d54d0ac6955de588dcee9

SHA256
d670d15d5bf1aee9fa7ea08c732d0e87290bb5196fe3b52a3faf213f9ed5535a

SHA512
2059fa22f5f717adb1fedcb4fcd6591765e9a65d877cdc5139991b304d37513ac103332e70fefb3ec5df41bffb285b709c6f37e471501cad9682d13ac61ea8b2

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 888601.crdownload

Filesize
100KB

MD5
c615da1584cf050cf81a08d40309d735

SHA1
ff00f68b03f7bbc785284abd95a54d5b98f7db9b

SHA256
b6d6e0d1dce867836a684a0af278e46ed4a50be49a784ab7bfcb3ed59841c9d0

SHA512
127429a243595b572a3bc9153243f39e4bdb088b72ca5b9d3962fb36c031bd42ae7a8a326aaae76e11bb33df56925e3591a4c07a7cbe2459b336a1074b8e9113

Download Submit
memory/1760-1060-0x000000001BAE0000-0x000000001BC93000-memory.dmp

Filesize
1.7MB

Download
memory/1760-1059-0x000000001BAE0000-0x000000001BC93000-memory.dmp

Filesize
1.7MB

Download
memory/1760-1067-0x000000001BAE0000-0x000000001BC93000-memory.dmp

Filesize
1.7MB

Download
memory/2296-1084-0x000000001BC80000-0x000000001BE33000-memory.dmp

Filesize
1.7MB

Download
memory/2296-1083-0x000000001BC80000-0x000000001BE33000-memory.dmp

Filesize
1.7MB

Download
memory/2296-1088-0x000000001BC80000-0x000000001BE33000-memory.dmp

Filesize
1.7MB

Download
memory/2296-1085-0x000000001BC80000-0x000000001BE33000-memory.dmp

Filesize
1.7MB

Download
memory/2300-1106-0x000000001B6C0000-0x000000001B873000-memory.dmp

Filesize
1.7MB

Download
memory/2300-1103-0x000000001B6C0000-0x000000001B873000-memory.dmp

Filesize
1.7MB

Download
memory/3452-1091-0x000000001B690000-0x000000001B843000-memory.dmp

Filesize
1.7MB

Download
memory/3452-1092-0x000000001B690000-0x000000001B843000-memory.dmp

Filesize
1.7MB

Download
memory/3452-1095-0x000000001B690000-0x000000001B843000-memory.dmp

Filesize
1.7MB

Download
memory/3560-828-0x0000000000900000-0x0000000000928000-memory.dmp

Filesize
160KB

Download
memory/3560-925-0x000000001B6B0000-0x000000001B863000-memory.dmp

Filesize
1.7MB

Download
memory/3560-881-0x000000001B6B0000-0x000000001B863000-memory.dmp

Filesize
1.7MB

Download
memory/3560-829-0x000000001B6B0000-0x000000001B863000-memory.dmp

Filesize
1.7MB

Download
memory/3560-852-0x000000001B6B0000-0x000000001B863000-memory.dmp

Filesize
1.7MB

Download
memory/3560-877-0x000000001B6B0000-0x000000001B863000-memory.dmp

Filesize
1.7MB

Download
memory/4768-1071-0x000000001BD00000-0x000000001BEB3000-memory.dmp

Filesize
1.7MB

Download
memory/4768-1078-0x000000001BD00000-0x000000001BEB3000-memory.dmp

Filesize
1.7MB

Download