meduza | hxxps://www[.]mediafire[.]com/file/jiyslmakevjvdwq/Software_v1[.]24_loader[.]zip/file

Analysis

max time kernel
355s
max time network
358s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
07/11/2024, 07:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.mediafire.com/file/jiyslmakevjvdwq/Software_v1.24_loader.zip/file

Score

10^/10

meduza collection discovery stealer

Malware Config

Extracted

Family

meduza

109.107.181.162

Attributes

anti_dbg
true
anti_vm
true
build_name
420
extensions
none
grabber_max_size
1.048576e+06
links
none
port
15666
self_destruct
true

Signatures

Meduza
Meduza is a crypto wallet and info stealer written in C++.
stealer meduza

Meduza Stealer payload 2 IoCs

resource	yara_rule
behavioral1/memory/1300-962-0x0000000140000000-0x000000014013E000-memory.dmp	family_meduza
behavioral1/memory/1300-963-0x0000000140000000-0x000000014013E000-memory.dmp	family_meduza

Meduza family
meduza

Accesses Microsoft Outlook profiles 1 TTPs 5 IoCs

collection

Email Collection

T1114

description	ioc	Process
Key opened	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	software v1.24 loader.exe
Key opened	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Office\12.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	software v1.24 loader.exe
Key opened	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Office\14.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	software v1.24 loader.exe
Key opened	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	software v1.24 loader.exe
Key opened	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	software v1.24 loader.exe

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
409	api.ipify.org
410	api.ipify.org

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4200 set thread context of 1300	4200	software v1.24 loader.exe	192

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
3672	cmd.exe
2004	PING.EXE

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Software\Microsoft\Internet Explorer\GPU	wwahost.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Internet Explorer\GPU	wwahost.exe

Modifies data under HKEY_USERS 7 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133754367353567493"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	wwahost.exe
Key created	\REGISTRY\USER\S-1-5-19	wwahost.exe
Key created	\REGISTRY\USER\S-1-5-19\Software	wwahost.exe
Key created	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft	wwahost.exe
Key created	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography	wwahost.exe

Modifies registry class 31 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Settings\Cache\Content\CacheVersion = "1"	wwahost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CacheLimit = "1"	wwahost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DomStorageState\EdpState = "0"	wwahost.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.cloudexperiencehost	wwahost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\windows.cloudexperiencehos = "0"	wwahost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CacheVersion = "1"	wwahost.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer	wwahost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DomStorageState\EdpCleanupState = "0"	wwahost.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\MuiCache	wwahost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Settings\Cache\Content\CacheLimit = "51200"	wwahost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Settings\Cache\History\CacheVersion = "1"	wwahost.exe
Key deleted	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.cloudexperiencehost	wwahost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.cloudexperiencehost\N = "1"	wwahost.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Settings\Cache	wwahost.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Settings\Cache\Extensible Cache	wwahost.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Settings\Cache\Content	wwahost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	wwahost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	wwahost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.cloudexperiencehost\N = "0"	wwahost.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Settings	wwahost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	wwahost.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Settings\Cache\History	wwahost.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\EdpDomStorage	wwahost.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Settings\Cache\Cookies	wwahost.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage	wwahost.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DomStorageState	wwahost.exe
Key deleted	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\windows.cloudexperiencehos	wwahost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Settings\Cache\History\CacheLimit = "1"	wwahost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\DOMStorage\windows.cloudexperiencehost\ = "0"	wwahost.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\windows.cloudexperiencehos	wwahost.exe

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
2004	PING.EXE

Suspicious behavior: EnumeratesProcesses 50 IoCs

pid	Process
1092	chrome.exe
1092	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3532	chrome.exe
3960	msedge.exe
3960	msedge.exe
3408	msedge.exe
3408	msedge.exe
4468	msedge.exe
4468	msedge.exe
1300	software v1.24 loader.exe
1300	software v1.24 loader.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeCreatePagefilePrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeCreatePagefilePrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeCreatePagefilePrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeCreatePagefilePrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeCreatePagefilePrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeCreatePagefilePrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeCreatePagefilePrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeCreatePagefilePrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeCreatePagefilePrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeCreatePagefilePrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeCreatePagefilePrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeCreatePagefilePrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeCreatePagefilePrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeCreatePagefilePrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeCreatePagefilePrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeCreatePagefilePrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeCreatePagefilePrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeCreatePagefilePrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeCreatePagefilePrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeCreatePagefilePrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeCreatePagefilePrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeCreatePagefilePrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeCreatePagefilePrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeCreatePagefilePrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeCreatePagefilePrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeCreatePagefilePrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeCreatePagefilePrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeCreatePagefilePrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeCreatePagefilePrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeCreatePagefilePrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeCreatePagefilePrivilege	1092	chrome.exe
Token: SeShutdownPrivilege	1092	chrome.exe
Token: SeCreatePagefilePrivilege	1092	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
1092	chrome.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe
3660	taskmgr.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4656	wwahost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1092 wrote to memory of 4440	1092	chrome.exe	82
PID 1092 wrote to memory of 4440	1092	chrome.exe	82
PID 1092 wrote to memory of 3056	1092	chrome.exe	84
PID 1092 wrote to memory of 3056	1092	chrome.exe	84
PID 1092 wrote to memory of 3056	1092	chrome.exe	84
PID 1092 wrote to memory of 3056	1092	chrome.exe	84
PID 1092 wrote to memory of 3056	1092	chrome.exe	84
PID 1092 wrote to memory of 3056	1092	chrome.exe	84
PID 1092 wrote to memory of 3056	1092	chrome.exe	84
PID 1092 wrote to memory of 3056	1092	chrome.exe	84
PID 1092 wrote to memory of 3056	1092	chrome.exe	84
PID 1092 wrote to memory of 3056	1092	chrome.exe	84
PID 1092 wrote to memory of 3056	1092	chrome.exe	84
PID 1092 wrote to memory of 3056	1092	chrome.exe	84
PID 1092 wrote to memory of 3056	1092	chrome.exe	84
PID 1092 wrote to memory of 3056	1092	chrome.exe	84
PID 1092 wrote to memory of 3056	1092	chrome.exe	84
PID 1092 wrote to memory of 3056	1092	chrome.exe	84
PID 1092 wrote to memory of 3056	1092	chrome.exe	84
PID 1092 wrote to memory of 3056	1092	chrome.exe	84
PID 1092 wrote to memory of 3056	1092	chrome.exe	84
PID 1092 wrote to memory of 3056	1092	chrome.exe	84
PID 1092 wrote to memory of 3056	1092	chrome.exe	84
PID 1092 wrote to memory of 3056	1092	chrome.exe	84
PID 1092 wrote to memory of 3056	1092	chrome.exe	84
PID 1092 wrote to memory of 3056	1092	chrome.exe	84
PID 1092 wrote to memory of 3056	1092	chrome.exe	84
PID 1092 wrote to memory of 3056	1092	chrome.exe	84
PID 1092 wrote to memory of 3056	1092	chrome.exe	84
PID 1092 wrote to memory of 3056	1092	chrome.exe	84
PID 1092 wrote to memory of 3056	1092	chrome.exe	84
PID 1092 wrote to memory of 3056	1092	chrome.exe	84
PID 1092 wrote to memory of 1372	1092	chrome.exe	85
PID 1092 wrote to memory of 1372	1092	chrome.exe	85
PID 1092 wrote to memory of 3688	1092	chrome.exe	86
PID 1092 wrote to memory of 3688	1092	chrome.exe	86
PID 1092 wrote to memory of 3688	1092	chrome.exe	86
PID 1092 wrote to memory of 3688	1092	chrome.exe	86
PID 1092 wrote to memory of 3688	1092	chrome.exe	86
PID 1092 wrote to memory of 3688	1092	chrome.exe	86
PID 1092 wrote to memory of 3688	1092	chrome.exe	86
PID 1092 wrote to memory of 3688	1092	chrome.exe	86
PID 1092 wrote to memory of 3688	1092	chrome.exe	86
PID 1092 wrote to memory of 3688	1092	chrome.exe	86
PID 1092 wrote to memory of 3688	1092	chrome.exe	86
PID 1092 wrote to memory of 3688	1092	chrome.exe	86
PID 1092 wrote to memory of 3688	1092	chrome.exe	86
PID 1092 wrote to memory of 3688	1092	chrome.exe	86
PID 1092 wrote to memory of 3688	1092	chrome.exe	86
PID 1092 wrote to memory of 3688	1092	chrome.exe	86
PID 1092 wrote to memory of 3688	1092	chrome.exe	86
PID 1092 wrote to memory of 3688	1092	chrome.exe	86
PID 1092 wrote to memory of 3688	1092	chrome.exe	86
PID 1092 wrote to memory of 3688	1092	chrome.exe	86
PID 1092 wrote to memory of 3688	1092	chrome.exe	86
PID 1092 wrote to memory of 3688	1092	chrome.exe	86
PID 1092 wrote to memory of 3688	1092	chrome.exe	86
PID 1092 wrote to memory of 3688	1092	chrome.exe	86
PID 1092 wrote to memory of 3688	1092	chrome.exe	86
PID 1092 wrote to memory of 3688	1092	chrome.exe	86
PID 1092 wrote to memory of 3688	1092	chrome.exe	86
PID 1092 wrote to memory of 3688	1092	chrome.exe	86
PID 1092 wrote to memory of 3688	1092	chrome.exe	86
PID 1092 wrote to memory of 3688	1092	chrome.exe	86

outlook_office_path 1 IoCs

description	ioc	Process
Key opened	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	software v1.24 loader.exe

outlook_win_path 1 IoCs

description	ioc	Process
Key opened	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	software v1.24 loader.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.mediafire.com/file/jiyslmakevjvdwq/Software_v1.24_loader.zip/file
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffff6e0cc40,0x7ffff6e0cc4c,0x7ffff6e0cc58
  2⤵
  PID:4440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1792,i,17696140556339303729,11334411200151369194,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1788 /prefetch:2
  2⤵
  PID:3056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2140,i,17696140556339303729,11334411200151369194,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2188 /prefetch:3
  2⤵
  PID:1372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2256,i,17696140556339303729,11334411200151369194,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2472 /prefetch:8
  2⤵
  PID:3688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3108,i,17696140556339303729,11334411200151369194,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3140 /prefetch:1
  2⤵
  PID:888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3132,i,17696140556339303729,11334411200151369194,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:2056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4712,i,17696140556339303729,11334411200151369194,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4708 /prefetch:1
  2⤵
  PID:2888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4392,i,17696140556339303729,11334411200151369194,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4808 /prefetch:1
  2⤵
  PID:1740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4972,i,17696140556339303729,11334411200151369194,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5108 /prefetch:1
  2⤵
  PID:4936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5264,i,17696140556339303729,11334411200151369194,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5236 /prefetch:1
  2⤵
  PID:100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5444,i,17696140556339303729,11334411200151369194,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5504 /prefetch:1
  2⤵
  PID:5112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5532,i,17696140556339303729,11334411200151369194,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5668 /prefetch:1
  2⤵
  PID:2072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5676,i,17696140556339303729,11334411200151369194,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5816 /prefetch:1
  2⤵
  PID:2476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5940,i,17696140556339303729,11334411200151369194,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5964 /prefetch:1
  2⤵
  PID:3216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=6092,i,17696140556339303729,11334411200151369194,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6108 /prefetch:1
  2⤵
  PID:5016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=6128,i,17696140556339303729,11334411200151369194,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6100 /prefetch:1
  2⤵
  PID:1164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5084,i,17696140556339303729,11334411200151369194,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5456 /prefetch:1
  2⤵
  PID:1108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5784,i,17696140556339303729,11334411200151369194,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5780 /prefetch:1
  2⤵
  PID:3244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6488,i,17696140556339303729,11334411200151369194,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5456 /prefetch:8
  2⤵
  PID:2292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6484,i,17696140556339303729,11334411200151369194,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6112 /prefetch:8
  2⤵
  PID:2292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=6212,i,17696140556339303729,11334411200151369194,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2396 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5640,i,17696140556339303729,11334411200151369194,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5628 /prefetch:1
  2⤵
  PID:2720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5056,i,17696140556339303729,11334411200151369194,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4748 /prefetch:1
  2⤵
  PID:4484

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2116

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4480

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:364

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Software v1.24 loader\ReadMe.txt
1⤵
PID:2456

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault9c2f51b4h28cfh420fhb18ahd23da61a7d0d
1⤵
PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7fffe68a46f8,0x7fffe68a4708,0x7fffe68a4718
  2⤵
  PID:4220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,13154757691899800503,16065649745145810638,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,13154757691899800503,16065649745145810638,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,13154757691899800503,16065649745145810638,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2696 /prefetch:8
  2⤵
  PID:3088

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:508

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:876

C:\Windows\system32\wwahost.exe
"C:\Windows\system32\wwahost.exe" -ServerName:App.wwa
1⤵
- Modifies Internet Explorer settings
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4656

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault8f041c03h2c6ah4eb3h81f9h018ce0ebbbc2
1⤵
PID:4016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fffe68a46f8,0x7fffe68a4708,0x7fffe68a4718
  2⤵
  PID:4212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,15395056297184722141,15610610970929170234,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2
  2⤵
  PID:4932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,15395056297184722141,15610610970929170234,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2180,15395056297184722141,15610610970929170234,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3004 /prefetch:8
  2⤵
  PID:3252

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4712

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2720

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault344c610bh986ch4feehb417h58dc3a890c4e
1⤵
PID:4932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fffe68a46f8,0x7fffe68a4708,0x7fffe68a4718
  2⤵
  PID:4504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,12491771015815715035,15019570860239353703,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
  2⤵
  PID:2712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,12491771015815715035,15019570860239353703,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,12491771015815715035,15019570860239353703,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3004 /prefetch:8
  2⤵
  PID:4952

C:\Users\Admin\Downloads\Software v1.24 loader\software v1.24 loader.exe
"C:\Users\Admin\Downloads\Software v1.24 loader\software v1.24 loader.exe"
1⤵
- Suspicious use of SetThreadContext
PID:4200
- C:\Users\Admin\Downloads\Software v1.24 loader\software v1.24 loader.exe
  "C:\Users\Admin\Downloads\Software v1.24 loader\software v1.24 loader.exe"
  2⤵
  - Accesses Microsoft Outlook profiles
  - Suspicious behavior: EnumeratesProcesses
  - outlook_office_path
  - outlook_win_path
  PID:1300
- - C:\Windows\System32\cmd.exe
    "C:\Windows\System32\cmd.exe" /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del /f /q "C:\Users\Admin\Downloads\Software v1.24 loader\software v1.24 loader.exe"
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    PID:3672
  - - C:\Windows\system32\PING.EXE
      ping 1.1.1.1 -n 1 -w 3000
      4⤵
      System Network Configuration Discovery: Internet Connection Discovery
      Runs ping.exe
      PID:2004

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SendNotifyMessage
PID:3660

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Email Collection

T1114

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
6adcd808d1a2a6f9ebac5f805cd220cf

SHA1
0f0e1fea371ce8cbc6cf270c6863f9dcd546e4e5

SHA256
3bed64a9bfe94bc32d7519e6ab1132f4bba27029407c0d710aea073b92b4eb26

SHA512
bb11c7df6fcd3f7a66c3a5c9445084e386e0db6579c5d2b4480f6381e8f41b945279e4c9b2753c134834e5c25663ad6368b3af41ca9a018d7713fd184cafc48d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
d7229e5ad2ac4628b75fea8e368bbd90

SHA1
2cba5f60d47ea3a1d31a3c319a39d1a280fcc9fc

SHA256
57ac9efb4d0a50c56502e12e350566d24f68cc35dda2f1488cfd180cdf995aed

SHA512
a46b4112ccbc74fcc15c14795b80cf834c3c8d326f9949e80028df0120e84debc6eb810abfdaf978b5271ab5af88b00ae56b37f5492b91bacad3f4fc98324838

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
443dbc06b49b01facc73be65225f7f90

SHA1
363c9d46e6151faafbb5f8f759672e382e04963c

SHA256
9d9f19419bd6ab61cae5e2f59f2c61add4746046e91a2a04e59ea702f7d825aa

SHA512
9924f241e4d1a86b26f9cab687ccb7d6eb55f024a9099e4ab3fe7d879b412aaffd0b35731be6a01dc4f6fa4b2ad542a9be89a4cc43d5c3e88aafbd60df51771b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
f54324e3f6671289a6cb1bcdc1ebb72f

SHA1
e65c744d396c300dc24cd2b1dc0cfc7339d9d04c

SHA256
95638ebbdc50784afe55bcce22115e1fec885ebc911fcbf9fb0ac20d39e875db

SHA512
7b140377bc6f6ee8238263db3cfc468b36ed177b671e2a88d54f98f3952347f90d76a519e2a8578e35c9aab6fb83718e9b36d5227f74dc1a1ffc2012f2e3c3a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
576a05b5e2099c8d5edc5064e1b93937

SHA1
6300ca64cc7bc6b18a8b2185cae8a62c40cc47f1

SHA256
1d8232da7a4f0c47a901595497a5da53efb3a1787581c1f70f32b9fa9d9a00a7

SHA512
d85444163e070d93ccca3451494823f621c9842fdd2a5347d1d070599e2f72563557d013cf197ce6131a66675aa9a052862ec38ab4ecd1ba76b84c234a6d7242

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
192KB

MD5
a2e56a50dfe57a1ffdfed9df2e910158

SHA1
9efa447a431f0c89bbd483dc061ac42aff87b505

SHA256
6d7c38ee976524f71e464607c598fb65448562f16d97fef33375f508085bda8d

SHA512
22dce7e6f3a4bd8bd55765786388c21b8e270ee41bd0bc800fff1e4a087cb37c8fea0ab640adcc80cc5317f5c708780042b463b2810ec99fe04d1fcb0bbf140d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log

Filesize
3KB

MD5
99cc090bed474e23afcf2d249545ff2a

SHA1
657d595d838bde3bb6d98500b27bab05a2ea2e76

SHA256
6fed5d2acb8a205f51458149c8effff1419d17bda4710d00dda61790ba7ccd97

SHA512
e7d027f5d8a1e7d01775862b5213ee45117a70a5e0aebbc5fc49436fada5a5d95353fbff2f0f5f22944db11d6f5c7794af6de68fe0b2739990b7aa9f94c04a22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

Filesize
332B

MD5
f9fd04727bdbea642ae6de4446d2d016

SHA1
1fe1e4c1fb702015413e08f19e7cfbbe2c736723

SHA256
0808af2a8aa085f5309da2e240935a62e139e0927c42567034c508d14c786377

SHA512
7eb2d8d48f0f0b9e5abd7c957ef0120da8fb56c4641316783a6867ea4ead0433e5204c7b37420034fe437b02de7ffe067460ec24b3f187f0f0d3f3d52dd0e61d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

Filesize
48KB

MD5
7b77d72d9ebb9f57f5a6fca07ebcc145

SHA1
d77b40ecc83f9e153abc1d5c318fb4a669d0433e

SHA256
d88787b642f3270d178e41f4bbab016e82c6180ed6f8810431de49ef150d98be

SHA512
333803890efe6171ed9c3125307d3bbc1c85132b4318917c7bb36aa95f13e68bd9f4d11e6b7c6a3ab0c56d678a83142970d85112f877178da501287c24f9afa1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
19KB

MD5
979a09169f6ba4a4080ea5672fae81f6

SHA1
85cfbfe7639a7ccdddc0752357a024436735951b

SHA256
eaceb38560b6e6d57eb934db77be2190d7e49a0aa7295ab9137a7d989f1dc74c

SHA512
3b88d1f520677261cc6b4fc8de3678c6d5a81b66a698f3e525ab36d2d4531d1bae682020f063fb545637e5194f28d419f448f39a18ef3550d38920c283e42af9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
24KB

MD5
899c190aa2fdb214aefc3504b14689b3

SHA1
8b00522a3b763c09b43f69f8ff07c8a89994711a

SHA256
99b450faa3b745494c3c0a649f99d6f912ed1c002540b364725329da5afdda87

SHA512
f4a20a5059b574a4db4554e61aa39f04fc7c9c125623169662a15ab2d247a1bfcb3cf9a959c9aaacaab1e1244bb709fb66465cbaf2a7b881752833e1a92704ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
1d088d676d84cfd8011b25832a1cafc0

SHA1
f7592e39d05f51e4d5154e0dea6c3dff14a6139a

SHA256
aff12ef9a6b441b24df31b235cd3777c8e06a5aad107513a53680d7bfecc55df

SHA512
705fe6d0c8f1d3eda5690793fc69cc76dc2c8604ffb71abe8f86d708a962fc00603d4da063a908aca3c5d2c6170c6103ad5e0d2f4a668f454321c4073ee52e65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
6f56303412a818a1e6651b4efe0d738a

SHA1
9067fff2f838278183ba2d3730b123d77a88c221

SHA256
e6e63e0df50f1995af64631681eedb7e23aa2e2cbb833199ab3300e61acc321a

SHA512
8d86490e93b90f467c8101f9fa91ac6f7d816ef520e7f1b094090f21c44308f2a0508946dd1ad7069510c8dc58744ecb77c77794f353c9609dc967582824f3e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
3293ea8c3dbbd512ed078136b0d82ee1

SHA1
c34a4512f12f6bbe6bacfbf52c47822ce2ba20e8

SHA256
bf7b689d3863461502731431f651a661d1a0c3a5c60e035aa10ce7cb2878da5d

SHA512
a2375b8b64f686db9e8fee5fa9813950403d25510c562f07ec857035963782899bf09255f55dd453c2bee76f80def5ca6e8fb1484b384811f2b031879bed0356

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
e91f0c5b000faba8489c58656ea08049

SHA1
089e2f089e4fe208af85535c3947a5511d7834e1

SHA256
b8cd5c351a5c99033519b950ab5f6120e21e8f22ac8a0fe3c3a86ac137bbde82

SHA512
94860a71ea47117696f6fed1d237306c831bd07f86b6dde8b65f3cec9f40a27f204c6d7efbc0cfe619d746e977903dc85c3eb6633e92a3d68488ea0da753247d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3751bc27b9d38d8f7f8808fd36f27a07

SHA1
9b3cdbe0963408d61b0d560469d56b74c3eca770

SHA256
46128a4cc4e9619c4dd9428f39a791971e72fc587539c6f984b6029d4f7c8242

SHA512
8c47e87a2196179a3062f3f8134504a4795036dbe3c68b8fb71e3c740263d9194df44bb570d2809e1b95339dd5e725d4edc4c019589d116dfbf87f59e1438625

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c55766bd5581b5ea2a9ed82ba54814ba

SHA1
4753ede195ca2150002a76f6dfbdb3264c1dddda

SHA256
83fb6fbb32506230009ad1fb8e40f37ea61092b6f8e2891554fcea02775e7015

SHA512
194c52c77d180fe4be5d315b7bbdc863f393bf341a7394e175452c85053a64a00d9bdced4fb1229e70efeeeda1485c88b6046ddff0556223038990223f972eac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ae021c5b2f8361fe1b272303421ad044

SHA1
a07907f7787e9aeb45ad285209d1b7a9083a7c1c

SHA256
1b8b8a66cd5aa55feaec34263947e477f4eb684d26e962be2b1dc36c68658902

SHA512
2fdff0e7493aa33b1fc9f45dfd65c102f74178d0ac4c6096c94bf86c4026486cdb3b417a2dd92ad25dd2b85e1d2ab118bc9f947e8226cf12904c98a241d607d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0f7132e7c9059876d91b5643dd6b71f9

SHA1
629afd9280b67cdbe353386e0eb728d2731c69ec

SHA256
67a54f996ce5579180e2c7de25332dc868047fbe7f501dc8a3a843cf455137be

SHA512
e6e112855e090b29cf9cc0bb80c98681bbcc501fe23bed8cb3ef1b921968fdf15dd5624cb644ed22e512035e1058e032fbf575879e5bf1e8f020fc8b2153e02a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
af765cad9570143fad9f708257f09a1f

SHA1
a50e6aa6028b1547c384f6ab6fc1b16f03a9ad6e

SHA256
963f6cce9f8f027b98a2a084b0ead0eaf68a3d5f68d92ccb8ff08414342faa52

SHA512
423d520ec9cbcb1d1471014b3576a5051fab52d3c8a920b8550c19821a742af74639338148f5435136947d2d4b5be996b072459f834b8f463e6e9d54d0f769af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
93a3653834bdc3b5f188920d0716947e

SHA1
7a934ebc122bd3401f287a5603c12bf66b9d3cd9

SHA256
151676385c481aca6a3c9bc8f130fa90615f51748ea66996b4bca5811af056fa

SHA512
3aa6b056c47332ca30239f636a8b8e10d1af67505537c4949910ecd223723f5f3f32a0332db6afd52b83aa5f81bf3809d9bc1f513e073d10e0a470d528386123

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
96bae3c788133e513b6f02acd7e64338

SHA1
8dd111410e02ac2490933b9007968aad1e677efa

SHA256
29078c41cfa0f408befa270b0d6c9abaf4b6e9fd4f1500fba299cb684f385d40

SHA512
891755e3bdc35f8c14766524de1e79620b819165f46852c6590c79397581bf1717bec7dff90f4314e145e27161587bef22378cfe56a9d68f755e01f4fbb916fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
ea9ebcde4c24ffea0f378a969d993242

SHA1
7e8ad9213a3ebdfcba2a345b16c2e0b9477c9fb2

SHA256
dd0dd6d2059e3842c3edd2608f329fc0302a0149e61fab248392423df78f894c

SHA512
fbffed93a28cf67298ca1cd6edf87aa4c0d7024e96c6588b097bf374ac06cd8566fb297ab3b1ef29f9bc97c0df46551ff38890d1227bdaf764a317cb14433a89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0f7a768fa1a1c3a81b9399c15c1c37ad

SHA1
c5376ae19e90f37d5a0e6d51fe8367538e7c4e6f

SHA256
e94c3b85b5077fc048bc9cf71c7ce1afa0c83799ffc2a68083764c7868e69b10

SHA512
2642bc5efe5dbf25aba5681a71571d3df6199c0a36c6ee24f3d6f36e1ccc483dd176bbb2158aa6fb76ed98890aa56c62f095f1a10ae8a809e97654f0df68cf21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
2e9822e127ce65d54b175c380923a921

SHA1
356a3eab79fca76869e821240ec8543da971700f

SHA256
6ee9746052a71e6f0ea3603b381d44b547ad4c1f975fdfd91a7a2fe3a1c30238

SHA512
4f87fc3d39c298e0303a55924696bbb61dcf9bba5ac2c64de5a4c2ea809dc6724a9102d7c9c34295f3acb4852217358bb1d61c7fb6c0c2a9bbf51556e6026ea5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
4904eef645722849b7421e956bf1a96a

SHA1
d835f91624525008eb608e7d5b3acbf7a90128a9

SHA256
8b4b9004ebce02ef5befac0e6da72dc9bc248766059c2b140f6e62737730cbd1

SHA512
7599b20d85b234d48873d833591021288e784f46a1a91c67873f0acaafc536435ff7bdf2f0065d2606e511dc9de401eed7ef441fd1869807b4e83954bf7d806f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
622693546f2006ec976db294c8f20428

SHA1
e23298c9e6cbb12ae138346e25524282bb5180d3

SHA256
cae4969cf5399a84156cc527cd666be7f551e87ac0e56c1f79a479f4faa8240b

SHA512
56c32db8e58ab2210bc934e922f64a7cfe1ed757c4194097674e6bc42205cd14fcacb4ed2464e5afd4fb2399a2c839e3760318c17a95bed6fe5b5d1217092755

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
f87db139154036a4ea7d241e29069eee

SHA1
c03f0a04715283f91f9702ef7c7c176144884681

SHA256
eac4af39c2673580369fb42a229af07d75074d6c1a5fc2fb5e4f69ee322ee3fa

SHA512
dec78c4f43379232e823aa78004bd44de9a8e26c8e59c7fd6baa41a34541f25ce0c9bb7e5d50052c394a6efeaf89017d1a7a6fc5016b6505628f93f52bc501c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7de1bbdc1f9cf1a58ae1de4951ce8cb9

SHA1
010da169e15457c25bd80ef02d76a940c1210301

SHA256
6e390bbc0d03a652516705775e8e9a7b7936312a8a5bea407f9d7d9fa99d957e

SHA512
e4a33f2128883e71ab41e803e8b55d0ac17cbc51be3bde42bed157df24f10f34ad264f74ef3254dbe30d253aca03158fde21518c2b78aaa05dae8308b1c5f30c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
85ba073d7015b6ce7da19235a275f6da

SHA1
a23c8c2125e45a0788bac14423ae1f3eab92cf00

SHA256
5ad04b8c19bf43b550ad725202f79086168ecccabe791100fba203d9aa27e617

SHA512
eb4fd72d7030ea1a25af2b59769b671a5760735fb95d18145f036a8d9e6f42c903b34a7e606046c740c644fab0bb9f5b7335c1869b098f121579e71f10f5a9c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c9b51d96c9cfc560227a357a3a017121

SHA1
d6bcce6b6b5079e26f199c194c0e3bbdfc4a2962

SHA256
49f0907cf47860a7af5236dbc89abadfb85d041ef4f22f051bcc16c508c99954

SHA512
1c1fbf3c3da1559b844a1b456582d514d22c7f4a12942aa6f18add3d341aaf8b0cb203a025504529e98e2db729046d44eb79a79f46425cea032d23707935613b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\629d5df2-a4ef-4c19-91bc-61184bec4ef5.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
334B

MD5
d81d61981ce5d91c1b0375f0561e2bbf

SHA1
4bf4860d750a3d75fc8c2c6e0b98ae80ff1622ea

SHA256
c220d196eddbd5024d99e56cf66cb41093fe94b64e836575877273a75810e7b3

SHA512
fa9e4d10d94879ea504054b634bff489f706e7b204f63c26c980be95475cb91a27c773f45081d9e19d4f158500c06cd1b09a4aed2253cc566e2be7f7f603db9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
6e72234a8dcf9fec1941bc7e5315c386

SHA1
65671c6bf7f84a5c2cf60f20593a96d9e08a6973

SHA256
b77788a89418833b89ec0819bc76a17361924db065f93bacb9327fdba4924742

SHA512
d3450024df5c4830faee022110aa421177cb12957cc079fa7af639cbe07b44776b800d702ded244d8bdd0f2560f1e96d781756a24db2b15324a2fe0760c9c435

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
858f0817491c7cff3f8961f327774d24

SHA1
cefdaa8f2d90f0d6df8fd587069b4c203a876b3b

SHA256
0e252f091732f661c6fbb58a143f3185e7ab7274954740c81fdeab8e01d02171

SHA512
e3cbf47a2268b66c29a3032138f3d9f34c55ffb63a7a1901bb00e895f6cf449003cd4c8070c466584c2ffb1b75f4b9456e6a55b32e0d2b0705821c1d717d5b7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
62716dd5c03ffcfa23320ad467efbaa0

SHA1
46fdc744657b3fe265f3e735cb0ec2384469cb36

SHA256
bede4983923faeb0cc97075b7f7b9459aa3b2119e1b0fe409fea1e8a288ae2fe

SHA512
6e8ae4074003f4c93c7153e808a301f26e718c2f77df02a57cc2ac56a9b2994d8695a47f9b4634ab9ed33c4b076506684efdf1ee47aeb9a40458df78993100ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
5bbe9c791f68a5da3055eddabe38383c

SHA1
137309b7351d6361f3340600ef3122de98b01c98

SHA256
ab31510390db7bf811c021eb8099b0f0f325bb8bf2b3b45258b772114a3e6a16

SHA512
912b0d1456d92ec94c3b8148fd0e4838bb907bef623b1f22592baf25f2344904ad906330e6a1561a3b4f622a78e13b1d6b2a7b2f45c5761c8fdca9f824a1a94e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
99fe7a7f4fd98efdbfb86cc67489c1f9

SHA1
0a99f5b991a286b5bd76668bb92401be234fda3c

SHA256
20049f9341f0367127c2e4487b289aa319591b76e256907584ea37e1bc6e31a0

SHA512
a7007f467db4c1146698d6b64c79ac42c236285ff7b5fd333827740a8e2b04d012ba914aabccf94d95e106d05b6599e2075f87fdc227e5576316101ab03f2f97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
55ce1422ad2fd3329edc81798d53a61f

SHA1
3fac8e43b981c0e4fdf332d81dab66bc00701cfe

SHA256
02ac372c847ed5f4da20880e32ff6f07acc406b5d0d3a7d25d6c8c3661edb3e6

SHA512
135303acc929a61d4bcfe218d063124f98ce5940ee9425d9469f3877d15082b475844d02ec79bf58b80cbbe2bb3135f92854c486df85313d89a944f2de770a7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\ddbb3e4c-c911-43cc-84f9-c5ad357190dd.tmp

Filesize
5KB

MD5
2c75c3c1e0267c60783cc87eb39bdc07

SHA1
05b11d04cc05ef3df2de7b7d9444f9722d324b85

SHA256
4ae2f671de796f1d29e6536203dce50e0845267cf7b6d1d35d278c06d1931972

SHA512
32d768fe63fadeb491f520e69dee2e2406dcb56304e8735f25bd60e2a5aae05e33e878871bc742eff5e9d5083cff7f0e9831cfb5c3b6268f82dda3c14057c7fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
9be2123cc9c82258ca6f50f7f157083d

SHA1
b7d6acf498f38be74a4b4020aaba4b317eea12fe

SHA256
df809136321a3c6c48ec3bda0a80eeaa94f5b15e750d6698f2dad484a8579f63

SHA512
26333949c33f4ddb48645b2fc40a45265647f2c69cbc770fbad9f8351d77d7171466fe0d6224fe4c40bc3fa6bc76c5b9d0f50ed14c0126eaa70d269c1d50b351

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
dec7b894947bbb855431e5603c413d7d

SHA1
f7698e68755f41902d83650e4f2adacf14f7bfd4

SHA256
461a9c70f09b0f1f829b29f09f9a33e25697a46168dc168ff0e2c1d0d3e8d354

SHA512
c6ae41da1b8a6b703f2371c4adb4749e8286f5034f009af34f6733b383acb9e50d2e4765f1d7f2d4067d50bd04a04d01bf26af401eca872e101ceac31eba3ae9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
152d17cfe94d6baaf052d677feef20db

SHA1
63a377a3fa868ace6af90dedcd91d15f41ace8df

SHA256
b3ece7dbebcbeadedfee2e1aab9af149357ead4e907d2ceb4612e2ce8c3ebbd7

SHA512
c20034923158c76f105f7f959798ee76c3647797b3bb6608421b2fe8ee93c8662e110d95d7b55999991c021a7270a14c9b75905e71c1659794e09926caba4b14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\LocalState\_sessionState.json

Filesize
143B

MD5
af6b577dfcb368967d6ffd5d830eb697

SHA1
6886b41c6f07ada168e623e7f46fce8250039104

SHA256
8d4e3f0520fe7df69bf17f5f8178810a2be7dda235ab9aa6d90dc597ba908dde

SHA512
50ceecb40d7fcce350842529b636510d96b60107835079acfa154795f6dd024f1600f3d4b0723129bcdc7e4ae467461f2c801c6865f719108c83d1fc1c5cdfbd

Download Submit
memory/1300-962-0x0000000140000000-0x000000014013E000-memory.dmp

Filesize
1.2MB

Download
memory/1300-963-0x0000000140000000-0x000000014013E000-memory.dmp

Filesize
1.2MB

Download
memory/3660-988-0x000002910BAB0000-0x000002910BAB1000-memory.dmp

Filesize
4KB

Download
memory/3660-989-0x000002910BAB0000-0x000002910BAB1000-memory.dmp

Filesize
4KB

Download
memory/3660-987-0x000002910BAB0000-0x000002910BAB1000-memory.dmp

Filesize
4KB

Download
memory/3660-999-0x000002910BAB0000-0x000002910BAB1000-memory.dmp

Filesize
4KB

Download
memory/3660-998-0x000002910BAB0000-0x000002910BAB1000-memory.dmp

Filesize
4KB

Download
memory/3660-997-0x000002910BAB0000-0x000002910BAB1000-memory.dmp

Filesize
4KB

Download
memory/3660-996-0x000002910BAB0000-0x000002910BAB1000-memory.dmp

Filesize
4KB

Download
memory/3660-995-0x000002910BAB0000-0x000002910BAB1000-memory.dmp

Filesize
4KB

Download
memory/3660-994-0x000002910BAB0000-0x000002910BAB1000-memory.dmp

Filesize
4KB

Download
memory/3660-993-0x000002910BAB0000-0x000002910BAB1000-memory.dmp

Filesize
4KB

Download
memory/4656-796-0x000001BFEA560000-0x000001BFEA580000-memory.dmp

Filesize
128KB

Download