Overview

overview

10

Static

static

1

URLScan

urlscan

http://github.com

windows11-21h2-x64

10

Resubmissions

13-12-2024 18:20

241213-wy6jaaxjh1 6

13-12-2024 18:17

241213-wxfw8sxjfs 10

13-12-2024 18:14

241213-wvrwqaymam 8

13-12-2024 18:11

241213-ws1qvawrex 10

13-12-2024 18:08

241213-wra4sswraw 8

13-12-2024 18:05

241213-wpj9paykdl 10

13-12-2024 18:01

241213-wmcrtsyjfr 8

13-12-2024 17:59

241213-wkpcvayjbn 6

13-12-2024 17:56

241213-wjh5faxrgq 8

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    13-12-2024 18:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://github.com

Score
10/10
chimeradefense_evasiondiscoveryransomwarespywarestealer

Malware Config

Signatures

  • Chimera 64 IoCs

    Ransomware which infects local and network files, often distributed via Dropbox links.

    ransomwarechimera
  • Chimera Ransomware Loader DLL 1 IoCs

    Drops/unpacks executable file which resembles Chimera's Loader.dll.

    ransomware
  • Chimera family
    chimera
  • Renames multiple (2950) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Downloads MZ/PE file
  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops desktop.ini file(s) 26 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Drops file in Program Files directory 64 IoCs
  • Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

    When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

    defense_evasion
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • NTFS ADS 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 19 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 29 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://github.com
    1⤵
    • Enumerates system info in registry
    • NTFS ADS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3564
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fffeda43cb8,0x7fffeda43cc8,0x7fffeda43cd8
      2⤵
        PID:1476
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1892,3479680803443249829,7345896396063534426,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1904 /prefetch:2
        2⤵
          PID:2920
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1892,3479680803443249829,7345896396063534426,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:2492
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1892,3479680803443249829,7345896396063534426,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2760 /prefetch:8
          2⤵
            PID:4824
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,3479680803443249829,7345896396063534426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
            2⤵
              PID:3284
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,3479680803443249829,7345896396063534426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
              2⤵
                PID:1880
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,3479680803443249829,7345896396063534426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:1
                2⤵
                  PID:4484
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,3479680803443249829,7345896396063534426,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3536 /prefetch:1
                  2⤵
                    PID:800
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1892,3479680803443249829,7345896396063534426,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5204 /prefetch:8
                    2⤵
                      PID:3256
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1892,3479680803443249829,7345896396063534426,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3544 /prefetch:8
                      2⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:4776
                    • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1892,3479680803443249829,7345896396063534426,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5476 /prefetch:8
                      2⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:2396
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,3479680803443249829,7345896396063534426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
                      2⤵
                        PID:2440
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,3479680803443249829,7345896396063534426,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3916 /prefetch:1
                        2⤵
                          PID:3176
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,3479680803443249829,7345896396063534426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
                          2⤵
                            PID:4328
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,3479680803443249829,7345896396063534426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
                            2⤵
                              PID:4252
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,3479680803443249829,7345896396063534426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4072 /prefetch:1
                              2⤵
                                PID:3256
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,3479680803443249829,7345896396063534426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
                                2⤵
                                  PID:1836
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,3479680803443249829,7345896396063534426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
                                  2⤵
                                    PID:1572
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,3479680803443249829,7345896396063534426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3608 /prefetch:1
                                    2⤵
                                      PID:1640
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,3479680803443249829,7345896396063534426,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1
                                      2⤵
                                        PID:3816
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,3479680803443249829,7345896396063534426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3884 /prefetch:1
                                        2⤵
                                          PID:1416
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,3479680803443249829,7345896396063534426,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2716 /prefetch:1
                                          2⤵
                                            PID:4772
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1892,3479680803443249829,7345896396063534426,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=2908 /prefetch:8
                                            2⤵
                                              PID:3952
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,3479680803443249829,7345896396063534426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6688 /prefetch:1
                                              2⤵
                                                PID:2160
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,3479680803443249829,7345896396063534426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7132 /prefetch:1
                                                2⤵
                                                  PID:2036
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,3479680803443249829,7345896396063534426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1
                                                  2⤵
                                                    PID:4256
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,3479680803443249829,7345896396063534426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
                                                    2⤵
                                                      PID:1240
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,3479680803443249829,7345896396063534426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7296 /prefetch:1
                                                      2⤵
                                                        PID:2732
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,3479680803443249829,7345896396063534426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7208 /prefetch:1
                                                        2⤵
                                                          PID:3944
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,3479680803443249829,7345896396063534426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
                                                          2⤵
                                                            PID:1268
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,3479680803443249829,7345896396063534426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7164 /prefetch:1
                                                            2⤵
                                                              PID:3888
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,3479680803443249829,7345896396063534426,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7452 /prefetch:1
                                                              2⤵
                                                                PID:2760
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,3479680803443249829,7345896396063534426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7768 /prefetch:1
                                                                2⤵
                                                                  PID:1228
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,3479680803443249829,7345896396063534426,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7744 /prefetch:1
                                                                  2⤵
                                                                    PID:1852
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,3479680803443249829,7345896396063534426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7084 /prefetch:1
                                                                    2⤵
                                                                      PID:1632
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,3479680803443249829,7345896396063534426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6948 /prefetch:1
                                                                      2⤵
                                                                        PID:4108
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1892,3479680803443249829,7345896396063534426,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7408 /prefetch:8
                                                                        2⤵
                                                                          PID:1268
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1892,3479680803443249829,7345896396063534426,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7296 /prefetch:8
                                                                          2⤵
                                                                          • Subvert Trust Controls: Mark-of-the-Web Bypass
                                                                          • NTFS ADS
                                                                          • Suspicious behavior: EnumeratesProcesses
                                                                          PID:2756
                                                                        • C:\Users\Admin\Downloads\HawkEye.exe
                                                                          "C:\Users\Admin\Downloads\HawkEye.exe"
                                                                          2⤵
                                                                          • Chimera
                                                                          • Executes dropped EXE
                                                                          • Drops desktop.ini file(s)
                                                                          • Drops file in Program Files directory
                                                                          • System Location Discovery: System Language Discovery
                                                                          • Suspicious use of AdjustPrivilegeToken
                                                                          PID:496
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1892,3479680803443249829,7345896396063534426,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=7184 /prefetch:2
                                                                          2⤵
                                                                          • Suspicious behavior: EnumeratesProcesses
                                                                          PID:572
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1892,3479680803443249829,7345896396063534426,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6060 /prefetch:8
                                                                          2⤵
                                                                          • NTFS ADS
                                                                          • Suspicious behavior: EnumeratesProcesses
                                                                          PID:3496
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1892,3479680803443249829,7345896396063534426,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7236 /prefetch:8
                                                                          2⤵
                                                                          • NTFS ADS
                                                                          • Suspicious behavior: EnumeratesProcesses
                                                                          PID:2128
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,3479680803443249829,7345896396063534426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:1
                                                                          2⤵
                                                                            PID:1120
                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1892,3479680803443249829,7345896396063534426,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2908 /prefetch:8
                                                                            2⤵
                                                                              PID:4608
                                                                          • C:\Windows\System32\CompPkgSrv.exe
                                                                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                            1⤵
                                                                              PID:3988
                                                                            • C:\Windows\System32\CompPkgSrv.exe
                                                                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                              1⤵
                                                                                PID:5104
                                                                              • C:\Windows\System32\rundll32.exe
                                                                                C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                                                1⤵
                                                                                  PID:1364

                                                                                Network

                                                                                MITRE ATT&CK Enterprise v15

                                                                                Replay Monitor

                                                                                Loading Replay Monitor...

                                                                                Downloads

                                                                                • C:\Program Files\Java\jdk-1.8\jre\lib\YOUR_FILES_ARE_ENCRYPTED.HTML
                                                                                  Filesize

                                                                                  4KB

                                                                                  MD5

                                                                                  00bc9e8f19d62b0599f0b59c0c6c0ffd

                                                                                  SHA1

                                                                                  6301f83990900885db63ee219139c9ad464eaf49

                                                                                  SHA256

                                                                                  d6c0f6e32b15b10fd8b292451a26920bae01c20f53b38df783ac5d21987dda61

                                                                                  SHA512

                                                                                  a8b7dd54a0d2fd159485724e7a9fffd1a7b06236019b180f0f41a906387f37d0fedeac15da37a9fcd5aa6422fd276666974ff99af5c424dbfd52a4b12705b8ab

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                  Filesize

                                                                                  152B

                                                                                  MD5

                                                                                  c0a1774f8079fe496e694f35dfdcf8bc

                                                                                  SHA1

                                                                                  da3b4b9fca9a3f81b6be5b0cd6dd700603d448d3

                                                                                  SHA256

                                                                                  c041da0b90a5343ede7364ccf0428852103832c4efa8065a0cd1e8ce1ff181cb

                                                                                  SHA512

                                                                                  60d9e87f8383fe3afa2c8935f0e5a842624bb24b03b2d8057e0da342b08df18cf70bf55e41fa3ae54f73bc40a274cf6393d79ae01f6a1784273a25fa2761728b

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                  Filesize

                                                                                  152B

                                                                                  MD5

                                                                                  e11c77d0fa99af6b1b282a22dcb1cf4a

                                                                                  SHA1

                                                                                  2593a41a6a63143d837700d01aa27b1817d17a4d

                                                                                  SHA256

                                                                                  d96f9bfcc81ba66db49a3385266a631899a919ed802835e6fb6b9f7759476ea0

                                                                                  SHA512

                                                                                  c8f69f503ab070a758e8e3ae57945c0172ead1894fdbfa2d853e5bb976ed3817ecc8f188eefd5092481effd4ef650788c8ff9a8d9a5ee4526f090952d7c859f3

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\71196641-c0dc-43aa-a603-83e25d0a5fec.tmp
                                                                                  Filesize

                                                                                  1KB

                                                                                  MD5

                                                                                  13efa3152559f8880e0b0e8e5461bd8a

                                                                                  SHA1

                                                                                  bec9743dd8693e3c876c79ce3eb18a3b220e1ffb

                                                                                  SHA256

                                                                                  24eccff85112c78cc8f18e4ea20523ec2fc31b498b62d9c04b4e8a0f46968e81

                                                                                  SHA512

                                                                                  37e789664bb880ebe1b134498e674b4ded514d40add2f642e7997d84cf8300a18fd7e9fd56021ce64af55e907ddd183210666340637f209bc773582fdcb5651c

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
                                                                                  Filesize

                                                                                  17KB

                                                                                  MD5

                                                                                  18a9531f05f4a3662558d102349767b1

                                                                                  SHA1

                                                                                  328114b78180b5931d651669bf0b21d3a5cf8adc

                                                                                  SHA256

                                                                                  2d427df292899c50caad69f5c59737ff07f39544e52ff6b9d01f4fb82ec0d716

                                                                                  SHA512

                                                                                  b52d9f81a88694bbb16551a50fefd69a3f3dcd0ce5d3d3f3e3a2c1d7de969b5f6e27ca9fd22f7e964108f9b39eb083a44ef161ee3b8c39f61fa5939a15d21b2f

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4a39413adbf58c2b_0
                                                                                  Filesize

                                                                                  255B

                                                                                  MD5

                                                                                  f95b1adcbe1fdbba6a2ca454c08047fa

                                                                                  SHA1

                                                                                  74e16c890007b700c9a1b53c519df01ccb4c6beb

                                                                                  SHA256

                                                                                  d8b058e875caa166ada22334579db4016834ca7e3551ca71ea4a55c809a69e70

                                                                                  SHA512

                                                                                  fbe83523601ee8946b839355453fc4edc8cb067bb604e8da053195f571e774af2cfc22401711077c267b34ae9bafc8692f9250d23a086e22172f419da4246f07

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                  Filesize

                                                                                  3KB

                                                                                  MD5

                                                                                  62be7297e41f74625c2baa927e91baae

                                                                                  SHA1

                                                                                  0d74ae10e272a2f0f0d9865f89b98b63a8bd863a

                                                                                  SHA256

                                                                                  ee2182db85750441f11615334d3d7b7c3ed52d14613d7606bf5e1aafac2c2e12

                                                                                  SHA512

                                                                                  735fb9ff1584d3401766b454ebdf1051248ab591f7d187243d65813fd8f803d36a06e47f79ca32509d52b676173c30ee9d3b05f34533720a0b2f8e3e8c6daeb5

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                  Filesize

                                                                                  4KB

                                                                                  MD5

                                                                                  e0f89d4a346b0a7d552b90e7c0f0126d

                                                                                  SHA1

                                                                                  9018260b981e656cc428f80903909ca7eb216735

                                                                                  SHA256

                                                                                  c0c070eee5e38ded754095c676fccc466a2c941c8d9347128171611885600383

                                                                                  SHA512

                                                                                  e8172626c25f0ab0d9f28093e7d6c8d6148e7700f2db37b014300d5d176dc5f26e713c22f2ebcb3f3854490edc183b6a2f918bc5eb86dd77b13283b862dbb522

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                  Filesize

                                                                                  788B

                                                                                  MD5

                                                                                  d443585c871ca0d715ce1db197c10d4c

                                                                                  SHA1

                                                                                  e9f3f73cd6e2b8df89a96ae016977237ae2ea0da

                                                                                  SHA256

                                                                                  ded8e97bdfa35141d472f2b5ee54c9e57dbe6dd208ebf8f29ee120e9eea60e97

                                                                                  SHA512

                                                                                  187b3eb38aea454eae91d06cdcbf62f84410834a0eb336288f8e99d3b268a42d37a9766aee24966b812b99ddef930282dfdee65f65096a2d60db2674edb9768a

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                  Filesize

                                                                                  4KB

                                                                                  MD5

                                                                                  cc94e1559e9be343b590fb774bf5abf0

                                                                                  SHA1

                                                                                  a24cff06c65e4cd451073f028ff96187a8075ce1

                                                                                  SHA256

                                                                                  bb29578edf069790c916bb1eff74083a65b3243f5f7beeb6f9cd30ae8c3a9c51

                                                                                  SHA512

                                                                                  0954e212646d4241a5648ba00c128f47cfc6e3c181b5e7300af83481f153242101b77670ad5afcfa38119ad6a76fca82cf7a0ff283efb252ea04ffb498ad5687

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                  Filesize

                                                                                  8KB

                                                                                  MD5

                                                                                  00e3058f1f3750ac0eee615f7180da2c

                                                                                  SHA1

                                                                                  653d965fcb532a67669a5aefe523dd085256eb15

                                                                                  SHA256

                                                                                  e113494d38253429e58c991f5582ff85d4b4ee6d84fcf490b245baa07c282ff2

                                                                                  SHA512

                                                                                  db9ec0dc4c03b6ab57cfeadfdcb17a483a962807b1525756b60359f38333d2bd3b93e10925d36ccd4c9e4524518af29f81e3136eeae526da8101c5e76f0dfbdb

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                  Filesize

                                                                                  5KB

                                                                                  MD5

                                                                                  4ac12c79830672ac9ae6f8a713e5171a

                                                                                  SHA1

                                                                                  915cfa4ae70cdc3c58ea9e747aff439f9a199d1f

                                                                                  SHA256

                                                                                  3b9d9ec6cf36285f2928be53e5f18caf2859536333270207e76904ee8ddd2b13

                                                                                  SHA512

                                                                                  198575b4e6a3bf105d3ef7268bb14bf47bc2cbedc80f3dc29eaefb1d4a9ea414b5aad770d7160fdb23ec99edf4075e687cbf7c4febd02ad88f37346eab3c7d2b

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                  Filesize

                                                                                  6KB

                                                                                  MD5

                                                                                  7bcd49c871f3f2ddfbafad59acc538c8

                                                                                  SHA1

                                                                                  7dc95b0716ba17b17c4b72ee3da36378930bee4e

                                                                                  SHA256

                                                                                  d4147ef691dd85f7adf110db3d36ec298a32d2056177f30e2dabcc584b2c6381

                                                                                  SHA512

                                                                                  76d725fba155e130d9ae280fbe21aa164dd198558a2bdb72f1be262297fd33f9cd2990d85a9e4d6ca27f282a8f06d04b229388297add76ab52b5a2edd943cfba

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                  Filesize

                                                                                  6KB

                                                                                  MD5

                                                                                  c1c53afe47ca32d55bc1734316617b7c

                                                                                  SHA1

                                                                                  27ff9f17d63c446fb1157112f4c6ce593ef47672

                                                                                  SHA256

                                                                                  bc4150baf86a4e06d6ce0855c3a97b2c02c87a5c777db7fa6e4a51df567b043b

                                                                                  SHA512

                                                                                  7c5d5f315d3740219726393467f800104df0e7a35685f327d28113b693b34512aa15d11b84963a1f2fce5e9b8fa4d2581e635db55cc77e1214da082332b4aec2

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                  Filesize

                                                                                  6KB

                                                                                  MD5

                                                                                  501ef64773380bbc1432af318d3bc311

                                                                                  SHA1

                                                                                  7b14291a3e1bb8b5c8863832d79ac7035dee3269

                                                                                  SHA256

                                                                                  f9cefbef4f4c1f4f57dbbc3653a463f1af6614f50f143b48b02cb99dc24d5862

                                                                                  SHA512

                                                                                  055113a4ea2b943b0d6aa83f1c0e9fb6c9eb3895c84c4908130dfa1dc7caebf5d544cb065c23da93af1a2de86283d56cf7bfca121606b8eee93aa03187414365

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                  Filesize

                                                                                  1KB

                                                                                  MD5

                                                                                  79f527857d7afb5bc6b143485857beca

                                                                                  SHA1

                                                                                  aad6152096da1cd72526bccea6f9baa21b57ba05

                                                                                  SHA256

                                                                                  0661e91119eacbdded1a9165fdca1b5b5bfa6f1c265b3389645ed71eddaa2e58

                                                                                  SHA512

                                                                                  b8bf1faa755f60b7fddf772e867f45f9c0240532298869f10ab7bb1dc63cfc534b723502873815952704f92c5b1175f1f32cb9c8dcc98cf7fb7aac494de118bf

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                  Filesize

                                                                                  1KB

                                                                                  MD5

                                                                                  103a6a8750cc17520e8cb80f04def542

                                                                                  SHA1

                                                                                  3f8dc825e718334e979db40990ce9d56e681d7dd

                                                                                  SHA256

                                                                                  2c1be38f8f3c142609cd454cade13934c33ed80786d50634b377309cdf37791b

                                                                                  SHA512

                                                                                  0d335a02e7beab568aa9f492603def2b4bbb0691e9f01628051dacbabed8651afc5062d77b818e87bdc4fd6c8ded478c8491eb6d9c59ced94fd470ff6f662516

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                  Filesize

                                                                                  1KB

                                                                                  MD5

                                                                                  9333714eb97a084709edfec49ff9ee20

                                                                                  SHA1

                                                                                  b6d4a426d0784da159de5b800924f1bd509ae004

                                                                                  SHA256

                                                                                  9d68f024f48c073b876ff906c43c19e501503f8da992189a2d44b24840bdf4b0

                                                                                  SHA512

                                                                                  2f5dc44159122c2e032115606fda3983c77d5188a17b8fbd4d687ca1d0e858675df68fb67f1128a02cd3b655c7510d68472e369f5aa53cfe1097cb3091b2ebc3

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                  Filesize

                                                                                  1KB

                                                                                  MD5

                                                                                  d7cb9cea85e05637ba10dc336eab678b

                                                                                  SHA1

                                                                                  2b6ebab8706bc6f6f99a0cd8be29453ba93db7fc

                                                                                  SHA256

                                                                                  8b86b12fe406ff41886a8025eb4d93e15f0319b4947801029f5cad50969efe21

                                                                                  SHA512

                                                                                  a89c01bce00d4b712cf6db101c1f5b260606b4c59a9442a3040ec21ffab422bdb4e18c9bb3ac364401d1d48677b99a49bb2f75e322297ea07fb5d3c276e42a23

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                  Filesize

                                                                                  1KB

                                                                                  MD5

                                                                                  1ea2ad4d75729d54f05fefb7d44365db

                                                                                  SHA1

                                                                                  d7b4132f9ad746cc7a7fb8f2bc9767cb055aa924

                                                                                  SHA256

                                                                                  280c0d549743723bfeda7c626e5e64e1b050550645c8be2bba9aa9167bda2b56

                                                                                  SHA512

                                                                                  99abfe1efff0f36c193ebe4955ac680789c669d014a9d7720cd9da5995d2708cc4a35a6240f0a4cb9c12a93f52c2b01b257cf6eeb151424a83da64aaca73ee4a

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                  Filesize

                                                                                  1KB

                                                                                  MD5

                                                                                  debbb3c954509c3d374c45a17de855cf

                                                                                  SHA1

                                                                                  76b1e759cd3c56227371c2681e54451a32cdae87

                                                                                  SHA256

                                                                                  611fe6afa5e584f40d61794945fce83ab17aea0fc76db859df0f0c7dd5846e8d

                                                                                  SHA512

                                                                                  73c21a51420f1cbcf7a57a7e1ab2c49559220be8dda0cf8c025178f40dc575eac48bbeca26e920c23db5d3cfe919eec7aa67f2a085f6c229ddb388f79a34ca18

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57cf66.TMP
                                                                                  Filesize

                                                                                  706B

                                                                                  MD5

                                                                                  a1d0fd234a6a0ad1cbfd3878373f9725

                                                                                  SHA1

                                                                                  9f504031f2c6933f778e30e6a2d733f4a4451be2

                                                                                  SHA256

                                                                                  73c2b0d4b5ff6d8fbdd7ca05b2e0c1b65283942f3ddd8c7c0d77908a95b404c2

                                                                                  SHA512

                                                                                  cad604bd2fd71d70a0788ecda3cee7ef8c9ea58505bf1506e1cd043cd32b4fcc3e68c1d7bcd18fd403d0785b7ce623cd1b6321651431e3aca487696d7998a937

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                                  Filesize

                                                                                  16B

                                                                                  MD5

                                                                                  6752a1d65b201c13b62ea44016eb221f

                                                                                  SHA1

                                                                                  58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                                                  SHA256

                                                                                  0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                                                  SHA512

                                                                                  9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                  Filesize

                                                                                  10KB

                                                                                  MD5

                                                                                  1fd9ea115b2760bb9ce918ad0fcc9f78

                                                                                  SHA1

                                                                                  9aa67c60a1248ae94a80d05cc76f5fd0edb91126

                                                                                  SHA256

                                                                                  963de61a878f9ec949a21db6a333542fb99bcf4fd52da51105f0272be5a7321a

                                                                                  SHA512

                                                                                  64d64f8e91f6419d974c6f540c6dbe1ff27140d822764951770f551550221c8aa3c30159754c35e7034c6d060d6e80927fd61d2527803c7959d6b0c4ce3124d9

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                  Filesize

                                                                                  11KB

                                                                                  MD5

                                                                                  26149df601d96dcf3ed9f0f8a8745b5a

                                                                                  SHA1

                                                                                  671ebd92825d51548b32df7f1c63baa598db819a

                                                                                  SHA256

                                                                                  09950daa145991eadf40a9f8161b4e9d8d323ab6a5c1f1decb28e3ef9485ced0

                                                                                  SHA512

                                                                                  5db16a8b6f7e4c02b42488211c7a5ed6befdc506bcf6edf42b02e2e8661506eecb25b3ddb69fa3eb55165e70f457c61078f2ab8f764af9f62c0e56c858b2fbf3

                                                                                  Download Submit

                                                                                • C:\Users\Admin\Downloads\Bon.zip
                                                                                  Filesize

                                                                                  18.0MB

                                                                                  MD5

                                                                                  41d889303a1a6cdae4becff1e00baee2

                                                                                  SHA1

                                                                                  a7a35e527eefb7ef85db8fd5a521169aaf932029

                                                                                  SHA256

                                                                                  24d373c9b802a0750e1155c2c19d4c93e79401399612a619ec4b392eb625ef17

                                                                                  SHA512

                                                                                  ad301e2981d035591138c3f8f6226a1d62bc15b8d71c6c973999b7da8c9fa288e9d517debb21bfaac7891369fe5e92b816da163682ef72b9e07991efd46e82da

                                                                                  Download Submit

                                                                                • C:\Users\Admin\Downloads\Bon.zip:Zone.Identifier
                                                                                  Filesize

                                                                                  26B

                                                                                  MD5

                                                                                  fbccf14d504b7b2dbcb5a5bda75bd93b

                                                                                  SHA1

                                                                                  d59fc84cdd5217c6cf74785703655f78da6b582b

                                                                                  SHA256

                                                                                  eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

                                                                                  SHA512

                                                                                  aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

                                                                                  Download Submit

                                                                                • C:\Users\Admin\Downloads\HawkEye.exe:Zone.Identifier
                                                                                  Filesize

                                                                                  55B

                                                                                  MD5

                                                                                  0f98a5550abe0fb880568b1480c96a1c

                                                                                  SHA1

                                                                                  d2ce9f7057b201d31f79f3aee2225d89f36be07d

                                                                                  SHA256

                                                                                  2dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1

                                                                                  SHA512

                                                                                  dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6

                                                                                  Download Submit

                                                                                • C:\Users\Admin\Downloads\Unconfirmed 618860.crdownload
                                                                                  Filesize

                                                                                  111KB

                                                                                  MD5

                                                                                  e8ed8aaf35e6059ba28504c19ff50bab

                                                                                  SHA1

                                                                                  01412235baf64c5b928252639369eea4e2ba5192

                                                                                  SHA256

                                                                                  2d2a22db20a44474afbd7b0e6488690bad584dcae9789a5db776cc1a00b98728

                                                                                  SHA512

                                                                                  d007c96b2fad26763d27be8447ca65e0ab890deb6388b90cf83c0b3431e09b225f7424098927b54f15fe34eae953b61b45371b0df4b2d89c60be9c006ffe9034

                                                                                  Download Submit

                                                                                • C:\Users\Admin\Downloads\Unconfirmed 643347.crdownload
                                                                                  Filesize

                                                                                  232KB

                                                                                  MD5

                                                                                  60fabd1a2509b59831876d5e2aa71a6b

                                                                                  SHA1

                                                                                  8b91f3c4f721cb04cc4974fc91056f397ae78faa

                                                                                  SHA256

                                                                                  1dacdc296fd6ef6ba817b184cce9901901c47c01d849adfa4222bfabfed61838

                                                                                  SHA512

                                                                                  3e842a7d47b32942adb936cae13293eddf1a6b860abcfe7422d0fb73098264cc95656b5c6d9980fad1bf8b5c277cd846c26acaba1bef441582caf34eb1e5295a

                                                                                  Download Submit

                                                                                • C:\Users\Admin\Downloads\Unconfirmed 87955.crdownload
                                                                                  Filesize

                                                                                  49.8MB

                                                                                  MD5

                                                                                  65259c11e1ff8d040f9ec58524a47f02

                                                                                  SHA1

                                                                                  2d5a24f7cadd10140dd6d3dd0dc6d0f02c2d40fd

                                                                                  SHA256

                                                                                  755bd7f1fc6e93c3a69a1125dd74735895bdbac9b7cabad0506195a066bdde42

                                                                                  SHA512

                                                                                  37096eeb1ab0e11466c084a9ce78057e250f856b919cb9ef3920dad29b2bb2292daabbee15c64dc7bc2a48dd930a52a2fb9294943da2c1c3692863cec2bae03d

                                                                                  Download Submit

                                                                                • memory/496-852-0x0000000010000000-0x0000000010010000-memory.dmp

                                                                                  Filesize

                                                                                  64KB

                                                                                  Download

                                                                                • memory/496-856-0x0000000005170000-0x000000000518A000-memory.dmp

                                                                                  Filesize

                                                                                  104KB

                                                                                  Download