Analysis

  • max time kernel
    361s
  • max time network
    274s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-11-2024 13:17

Errors

Reason
Machine shutdown

General

  • Target

    https://drive.google.com/file/d/1ffD1rFoAotXLVN39Ws4JvLEiwaixrBFx/view?usp=drive_link

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Event Triggered Execution: Component Object Model Hijacking 1 TTPs

    Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.

  • Executes dropped EXE 1 IoCs
  • Modifies system executable filetype association 2 TTPs 47 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 15 IoCs
  • Modifies registry class 64 IoCs
  • NTFS ADS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 46 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

  • Uses Volume Shadow Copy WMI provider

    The Volume Shadow Copy service is used to manage backups/snapshots.

  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/1ffD1rFoAotXLVN39Ws4JvLEiwaixrBFx/view?usp=drive_link
    1⤵
    • Enumerates system info in registry
    • NTFS ADS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2328
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9264246f8,0x7ff926424708,0x7ff926424718
      2⤵
        PID:3156
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,15076476873936008243,6014151470283294757,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
        2⤵
          PID:2248
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,15076476873936008243,6014151470283294757,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:3924
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,15076476873936008243,6014151470283294757,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2912 /prefetch:8
          2⤵
            PID:1972
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15076476873936008243,6014151470283294757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
            2⤵
              PID:4060
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15076476873936008243,6014151470283294757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
              2⤵
                PID:4708
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,15076476873936008243,6014151470283294757,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4048 /prefetch:8
                2⤵
                  PID:3320
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,15076476873936008243,6014151470283294757,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4048 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:2840
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15076476873936008243,6014151470283294757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
                  2⤵
                    PID:936
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15076476873936008243,6014151470283294757,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
                    2⤵
                      PID:4484
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15076476873936008243,6014151470283294757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:1
                      2⤵
                        PID:2976
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15076476873936008243,6014151470283294757,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
                        2⤵
                          PID:3208
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15076476873936008243,6014151470283294757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
                          2⤵
                            PID:3388
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15076476873936008243,6014151470283294757,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1
                            2⤵
                              PID:3196
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15076476873936008243,6014151470283294757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
                              2⤵
                                PID:1232
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,15076476873936008243,6014151470283294757,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1884 /prefetch:2
                                2⤵
                                • Suspicious behavior: EnumeratesProcesses
                                PID:3704
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15076476873936008243,6014151470283294757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
                                2⤵
                                  PID:1084
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15076476873936008243,6014151470283294757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1708 /prefetch:1
                                  2⤵
                                    PID:4416
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15076476873936008243,6014151470283294757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
                                    2⤵
                                      PID:4392
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15076476873936008243,6014151470283294757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1
                                      2⤵
                                        PID:2252
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15076476873936008243,6014151470283294757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
                                        2⤵
                                          PID:824
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2128,15076476873936008243,6014151470283294757,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6128 /prefetch:8
                                          2⤵
                                            PID:2356
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15076476873936008243,6014151470283294757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
                                            2⤵
                                              PID:1684
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2128,15076476873936008243,6014151470283294757,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6520 /prefetch:8
                                              2⤵
                                                PID:2388
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15076476873936008243,6014151470283294757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6536 /prefetch:1
                                                2⤵
                                                  PID:2024
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2128,15076476873936008243,6014151470283294757,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5876 /prefetch:8
                                                  2⤵
                                                    PID:4672
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15076476873936008243,6014151470283294757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6304 /prefetch:1
                                                    2⤵
                                                      PID:2632
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15076476873936008243,6014151470283294757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
                                                      2⤵
                                                        PID:3196
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2128,15076476873936008243,6014151470283294757,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6116 /prefetch:8
                                                        2⤵
                                                        • Suspicious behavior: EnumeratesProcesses
                                                        PID:4924
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2128,15076476873936008243,6014151470283294757,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6116 /prefetch:8
                                                        2⤵
                                                        • Suspicious behavior: EnumeratesProcesses
                                                        PID:2284
                                                    • C:\Windows\System32\CompPkgSrv.exe
                                                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                      1⤵
                                                        PID:3264
                                                      • C:\Windows\System32\CompPkgSrv.exe
                                                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                        1⤵
                                                          PID:3572
                                                        • C:\Windows\System32\rundll32.exe
                                                          C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                          1⤵
                                                            PID:2040
                                                          • C:\Users\Admin\Downloads\TrojanXD.exe
                                                            "C:\Users\Admin\Downloads\TrojanXD.exe"
                                                            1⤵
                                                            • Checks computer location settings
                                                            • Executes dropped EXE
                                                            • Writes to the Master Boot Record (MBR)
                                                            • Suspicious use of AdjustPrivilegeToken
                                                            PID:2132
                                                            • C:\Windows\System32\cmd.exe
                                                              "C:\Windows\System32\cmd.exe" /k reg delete HKCR /f
                                                              2⤵
                                                                PID:4608
                                                                • C:\Windows\system32\reg.exe
                                                                  reg delete HKCR /f
                                                                  3⤵
                                                                  • Modifies system executable filetype association
                                                                  • Modifies registry class
                                                                  PID:4924
                                                            • C:\Windows\system32\LogonUI.exe
                                                              "LogonUI.exe" /flags:0x4 /state0:0xa394c055 /state1:0x41c64e6d
                                                              1⤵
                                                              • Modifies data under HKEY_USERS
                                                              • Suspicious use of SetWindowsHookEx
                                                              PID:2128

                                                            Network

                                                            MITRE ATT&CK Enterprise v15

                                                            Replay Monitor

                                                            Loading Replay Monitor...

                                                            Downloads

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                              Filesize

                                                              152B

                                                              MD5

                                                              fab8d8d865e33fe195732aa7dcb91c30

                                                              SHA1

                                                              2637e832f38acc70af3e511f5eba80fbd7461f2c

                                                              SHA256

                                                              1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea

                                                              SHA512

                                                              39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                              Filesize

                                                              152B

                                                              MD5

                                                              36988ca14952e1848e81a959880ea217

                                                              SHA1

                                                              a0482ef725657760502c2d1a5abe0bb37aebaadb

                                                              SHA256

                                                              d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6

                                                              SHA512

                                                              d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\19f1c688-2141-493d-b477-6cc8b075d8af.tmp

                                                              Filesize

                                                              6KB

                                                              MD5

                                                              5e3d61cc48d2a5ce7f117dc0b2fd9b59

                                                              SHA1

                                                              0fbee612bfba3b463a6f7b430ca2ce887b348ed1

                                                              SHA256

                                                              2572ad69c7b27adf6bc907533a2958349dbf52cdfdfe6d9c048961b6d7b4e5f9

                                                              SHA512

                                                              df077bdd9956ad886c2b78bb05739d80ed7e6ad47f4e6332cb7ccef1135bb8ef555adb0a756c990543c5ce90cf143c92306348d6cf4a6fe9ec3a73cda6505961

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                              Filesize

                                                              480B

                                                              MD5

                                                              71e38a384bad4bc6b71ad4e31ec8185f

                                                              SHA1

                                                              ae045f56acd0cfa87f51faadb8a1204ac94612d3

                                                              SHA256

                                                              900547b35dff0cfaab67d6a0bff863362e83dc5e10dd43b91b71d63d8bb8e868

                                                              SHA512

                                                              b639c5b793f288d9c5990e06e2d2c83709675d2885d2056feeae45cebbf86cd508062a3ce8154ae83a09f56f5f167d67df1faeb097334fce76d3390c970671b3

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                              Filesize

                                                              336B

                                                              MD5

                                                              08ec6040c1ae5caf2792ea69225c4334

                                                              SHA1

                                                              5c1dc1cd0928044d2b7b3e70e1a29cd122b39cb4

                                                              SHA256

                                                              f4e84383d4c788399cd1c0fddde90e49d608703f552dcd7e8e98375cf3977248

                                                              SHA512

                                                              5d60be74363edd19847aba502c9793668c1086f3212a459e7ad364bae6907a17c6fb6575ef97b79b60c0842448a03d9face633d9598ec1e1da00edf21964dd42

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                              Filesize

                                                              864B

                                                              MD5

                                                              9508bf3cc94f04138444dc806e517237

                                                              SHA1

                                                              f1676d4617a9a6526c715fb88b68cb959108a86a

                                                              SHA256

                                                              bcb1747f7b009eaae9bb1f4fb2c78c1efdea731c90265ad1a5576975e1d6c72c

                                                              SHA512

                                                              c1153de4cfdb0d0cdfe5f0b8c633c3af833952639420d0bcdf31c0a12889c7e0ff2c13e3832cc9d214bc70477c239c5e68b5f5d6781a2ee16b027bf0badbce33

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                              Filesize

                                                              1KB

                                                              MD5

                                                              12eb70283d8a070e3434914204ed0edf

                                                              SHA1

                                                              b80cc1cf4784f5f5f3afe9e254cb7d61ba3c5809

                                                              SHA256

                                                              8ac72e8bfb64ab9639405dfba8fb9378c37f6f7d54d6fa391bcc5ceb5c9fbc55

                                                              SHA512

                                                              bacf6f4bcf748334a2449948dfa4e2c2b7bd50acce00b80584b1bad92deb1369fc24a537ec504261ad3581c926d2fee5b8b0db41c94bde9ff0e52c19ecff6be3

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                              Filesize

                                                              3KB

                                                              MD5

                                                              b73747f5f5a6445ee5cb8b80c80cf98b

                                                              SHA1

                                                              4a0b2428477151d3e8316887c5e44819a494569b

                                                              SHA256

                                                              a65631668bcb3386f37c11106af6f4c643d9830a7f97ae323686667b9b9f6855

                                                              SHA512

                                                              18ca7cd2ff43fbcb942c8962f94f00c0441f8e4c8f7d199e6952bce4377e89903e16d73b5a6aa75869df7f5677253c6606f79f04bd69470c8dbf1c5327da7488

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                              Filesize

                                                              8KB

                                                              MD5

                                                              0d8428999579ab6467cde666bc320359

                                                              SHA1

                                                              975b63ca8d9e61b66501643f4d9f4d72d99c7ad7

                                                              SHA256

                                                              5196369f778fa253c22a17c7ac6c635874d640d6429031244e0fa58215d2833e

                                                              SHA512

                                                              03f5b27a0da9fbdd59118b41ec1373033d18cf56272b99a5dfeab66f818672ffef188769072e799de418722aa640cb26c27dc48db7920a2d227f6ce742247c46

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                              Filesize

                                                              7KB

                                                              MD5

                                                              f69d4d7446493186216cce91b5ad7519

                                                              SHA1

                                                              97e4ce35167ebb1a8a1827177abd3fb7eedee1a6

                                                              SHA256

                                                              20078208c963234f8767ab465db56cf80691aaba9e004611bdf6938c8ce24f62

                                                              SHA512

                                                              e6e81165b1ae81b50fcbe7865e8cce819562ec7e73bc9f5ec6a652cad7d91293e961c87d23d0c5777de2d12538a173800f6eeb940d4b965808af5b35728b4beb

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                              Filesize

                                                              8KB

                                                              MD5

                                                              726d462dd329656fb3fc7e98988bbf28

                                                              SHA1

                                                              924639d9574e9eeb83d66cd7ce05ccace97f5030

                                                              SHA256

                                                              a5ab0ae3ec08c81a747cfda6c17c6cd72e680f445574b17312ac4eff72cd0a34

                                                              SHA512

                                                              78b45b6fb943fa0002601a0cba435209ca4339a533652f4ec692fa2a299fb638cf15f3a05adf96a8325586dfcf0e57b5be4898adfdcd8769f14434a9b7ec9730

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                              Filesize

                                                              7KB

                                                              MD5

                                                              3a1bf1728e0627b55a8dc50d83a79d1a

                                                              SHA1

                                                              fa7a1739422e7a5bd620fa1dcd67091a185017f2

                                                              SHA256

                                                              1b024e687e10aeef47a22bbf868096d7f06afda617d041453e1cd7825a67eb69

                                                              SHA512

                                                              07cd248b9b39b2d02ad0935cbb47f10c5268084cb81a23cdb1714a170b667b4cb0873346388ff17db6ca6a79528ddce2e27a577cb4899dc673caac3ff9d15e71

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                              Filesize

                                                              5KB

                                                              MD5

                                                              1f7293b36bbc5e30ed40e7a21f4e6d14

                                                              SHA1

                                                              1b038329b8571e9c02caacec8ea744011c289106

                                                              SHA256

                                                              448e91aaec9dc1c1d0c037ef60b521a8e019a01b08fd26d07261642c328703f4

                                                              SHA512

                                                              371624c84240ef5d18abbbb954642472434632eb2714289bf0b0aae77d27dcdfc3a371a230557aac4b3557ccb73961a5114e4a190107e6a112aefb14dd4922c0

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                              Filesize

                                                              8KB

                                                              MD5

                                                              04e8048370645c6a21af5c57ada39d93

                                                              SHA1

                                                              f8773eae503c4dc418a7b9bc120c8cdd409d13c9

                                                              SHA256

                                                              f9b9d99257088e7285171898d89a3c174b85c3c95eeec78a6c8fa3295e678151

                                                              SHA512

                                                              6a8fdff9f9b06b32c5f5daa2697e37fe607e85f8557b00944c26b878fcd5fcf451100e7144d922b24bf50e45beedc99a149918c08e7cb926d8783ce1b8f69fba

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

                                                              Filesize

                                                              72B

                                                              MD5

                                                              65ec1a65a5cb51fc7fc24f39932062be

                                                              SHA1

                                                              8a33a4c9964a655ef696339dfd62722855cc9958

                                                              SHA256

                                                              5e14fbd55a640a61fb44071c30dd09909e476d808d180bc633adea0591b0ccf4

                                                              SHA512

                                                              3754be6de0d145adaec30055e2d4ce73619da0f40cde3e21f4029970642b5e4f2d97b3e1acdb4d2585d0e6791e25aca08f83e0d7350527f86cc5bc27511a0fd0

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5a34cd.TMP

                                                              Filesize

                                                              48B

                                                              MD5

                                                              e3cca977dab0ca2dc9491096154dd491

                                                              SHA1

                                                              ba6391e8c1cdd1dce6332fa313635d8a37423ae2

                                                              SHA256

                                                              5abef295e91837f895e01745bf8a773b5d8107377aa572060c5ea1dbc7a446ab

                                                              SHA512

                                                              0bf093c10603e271b2e4bd69134ed5760a64582c58c9d333cad07224f511579fd5f6719c86daec09a94bddeeb1b990426da9926d6f45edeae3ee63ee56962a62

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                              Filesize

                                                              203B

                                                              MD5

                                                              4a59d28b08eb6b78cf87c8db38d4b1e4

                                                              SHA1

                                                              a526ace6810fa1dc2e26286a8d9b221bb5259960

                                                              SHA256

                                                              d3bf456d4ec44f67ef661b5461e96d821c8c97e576598f2ba4d87de1d7908a3d

                                                              SHA512

                                                              f626b020a961aca462de492bab2d5dff60e103535c1ff8b2d701ff73c01bb248ccf8c2493431da9920985a4089eebe9a50b4ff7d605679339ce1396adf9339d2

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                              Filesize

                                                              203B

                                                              MD5

                                                              68f833c9377b8150a41924d8a443a935

                                                              SHA1

                                                              47410ded508df320024c448e7a51c49c618f9cb7

                                                              SHA256

                                                              144e01b632e31f38fe50ddea59d22770d38e9c9825914d21c757664e4c0d4e8e

                                                              SHA512

                                                              d2c65e49f622892a47da5c75ff8e4414d18711e71fb9630e5aee8e8122ec62ede89aad35bd38d24a5047be7a2beaa2d8ce4d923fb63244f3b9ed3d6557037bae

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                              Filesize

                                                              370B

                                                              MD5

                                                              1018b0482387e7c692928dae8fcccdf3

                                                              SHA1

                                                              49c8914e83fb66a98f1944e6e9070fd28808eaf6

                                                              SHA256

                                                              50c4fb9d80d897be648b94e79e456f228b0672e6ac778b8f96454f33a76e8e68

                                                              SHA512

                                                              7b00a65048dd42f2bdbedd4ebda6c4bfffb3d7f1442c7aee24345b75168b1b9be879125d71af71bc468c7a65de919f4998918e0558eb651d57cc3f2dec8efd19

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582390.TMP

                                                              Filesize

                                                              203B

                                                              MD5

                                                              7372d0a5a11b99b02ed564aa16f046dd

                                                              SHA1

                                                              7838678f1587e4d5a3381e4a2c45371115efe640

                                                              SHA256

                                                              0490d7b7cafaf475947bedb2f9e688833e71be89b7de8202b65672484ef1f3ac

                                                              SHA512

                                                              02d1552717ff578fe6fbe54436601452394ba52b72383f06c9cab93a013547e232956633eb20c9a5098dc7ab0e3dd5f3b1476b10842409aad6565a54d0aa04f2

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\b4e6dcd7-743d-4719-9fd9-fa30e95910be.tmp

                                                              Filesize

                                                              6KB

                                                              MD5

                                                              ee226c4336bb6935644cf67cf2f2d800

                                                              SHA1

                                                              cac74bf37062916478a85da7f981dfdc00a3e610

                                                              SHA256

                                                              2268ed701200885c643ccabeada4e99118d4c956fb93b433f97781e583b7840e

                                                              SHA512

                                                              695ff402178bb1a8bd535b7ca619b3f75655c3078686cadcf8f0828633d3346d0b235a3a975b37f36b707460963a8ad47044e3594b83bde3fa75f1fb9606c3ee

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                              Filesize

                                                              16B

                                                              MD5

                                                              6752a1d65b201c13b62ea44016eb221f

                                                              SHA1

                                                              58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                              SHA256

                                                              0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                              SHA512

                                                              9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\fb4ff223-deeb-4a8b-a9f9-139c7aa844e2.tmp

                                                              Filesize

                                                              1KB

                                                              MD5

                                                              4168e79f7fbd8e59e778ca2b8c07b341

                                                              SHA1

                                                              c2e5c433a08c3ac4a777d87c5bd67922b3d179da

                                                              SHA256

                                                              a3d3f2180314d630ce67f534a647c5125abde0998f90b9a3ee270c27403093ab

                                                              SHA512

                                                              526c4c66d73fed388f0bf27331ff2a6201540a363ca4c6a48c70c20555254a1063ac69356a1be8dbd8db8cffdd029d98a6c0d70742291c96b2a9873ee2f4dd1b

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                              Filesize

                                                              11KB

                                                              MD5

                                                              4c1b3fbf3d3f92fe43e39c1b8a5b6fad

                                                              SHA1

                                                              700c043d4e882535d4c9e4e2acfbba161d01bef4

                                                              SHA256

                                                              83840f7c1a0ffab97e6238ea680f97e3932d469d5d519c7de60fdaa512593d40

                                                              SHA512

                                                              dad5f561b9d875ecec64a9a71838110b13b38aab5bdb56bd87e0663e1b13805ba46f8aecc2722de7752d35786db6a9a7300957fe96e9ed77fb5ef7a58323b073

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                              Filesize

                                                              11KB

                                                              MD5

                                                              25cb4c3a165cfc8226e42b03807f00f5

                                                              SHA1

                                                              ca62f0790039c4fbaa199581285cbfe54f5b73fa

                                                              SHA256

                                                              399a8d9dd5d6d11f5c5b2a08bd8d69bb58ec564de3286547825598aee2aebf15

                                                              SHA512

                                                              304cbdd1e503c072fadfc3070ae564c5593e5dbfc0efdf46eb4528723dd8c44e21367cad461d2c3425e60525853be2bfbd708576dd35d1b68722bfbff6f4c033

                                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                              Filesize

                                                              10KB

                                                              MD5

                                                              da4d939d870d0becb4d6569bd5b059bf

                                                              SHA1

                                                              9413129c56088887ba17aef6d2207d2a0a84e16a

                                                              SHA256

                                                              1cd13bfe481ed73a717d55fcf350304160b66e7519cfb8b4885e582e8474dad6

                                                              SHA512

                                                              ceaa461b9607c30ad576f6e29e0cc746bd20cf1ead3fd7825c4d6747b1d81846b37263deae49444ed97d2bf557499a982eb52e316eeb789bc93c3231108e6676

                                                            • C:\Users\Admin\Downloads\Summoner.exe

                                                              Filesize

                                                              65KB

                                                              MD5

                                                              daf8e657594e3508092305d9de8d3c4c

                                                              SHA1

                                                              0d621eb9e050603b0984ab89ed0d65f0a0c0d815

                                                              SHA256

                                                              4b6950450ebfa04424f3a228a2d3a0a1bb09f4b008fce1819801047495d7d628

                                                              SHA512

                                                              2e7a7b0d571ba25cf5a298c0e4ccfb05cec12205b71c296e7e3cd33265367dc4c8035748f6f13095510f2f377fa012b6c47b28cd88b1092af497a961a812f518

                                                            • C:\Users\Admin\Downloads\TrojanXD.exe

                                                              Filesize

                                                              14KB

                                                              MD5

                                                              5d378dd85c69005b9d53fddf53d3b679

                                                              SHA1

                                                              0e4fa453f1f1895398dd6679c7c911d5156048c9

                                                              SHA256

                                                              f58a21eced86f6434208da0994abaec74bcf14c90721478b4c9eeaca5b95830c

                                                              SHA512

                                                              4b3b3b587bf0f84336672d78b6191539ba68046fc016d35fed052ef90ba36ef93904ffcadd2fd9192b26f29952f98dbbc72a5f90a789e5cb87758ef19d30fd20

                                                            • memory/2132-526-0x0000000000BF0000-0x0000000000BFA000-memory.dmp

                                                              Filesize

                                                              40KB