asyncrat | 4c6183029dcf2e4d604c473c2dfb4f72037b6a8f13d9183b0842fd201e422d7a

Analysis

max time kernel
694s
max time network
695s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
14-12-2024 00:57

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

HmWlkY.html
Size

7KB
MD5

aa5d13590623abb5d3963a8af5dfb85d
SHA1

8dcb62e75f970ac4f9f78e2558f335951b599774
SHA256

4c6183029dcf2e4d604c473c2dfb4f72037b6a8f13d9183b0842fd201e422d7a
SHA512

94899bfebc29d4d76c1a8d0e9b787ae50386a5e8718194791d27d86eb7e67e1b0e1a9b0a4e68031905c767419bd767b9d2666ac5ffd0a8dd87c0bf842ac7282b
SSDEEP

96:CMq9SlLh2B3Zq36uWl/PtxyjttJQ8Maoah3vL5LaNclmnU1Eh2sS:T1lLhwJrPahtJxMaoah3vG12sS

Score

10^/10

asyncrat njrat default hacked discovery evasion persistence privilege_escalation ransomware rat trojan

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

ukrainian.zapto.org:5552

Mutex

0q7bJfCnXR4l

Attributes

delay
3
install
false
install_folder
%AppData%

aes.plain

Extracted

Family

njrat

Version

v2.0

Botnet

HacKed

ukrainian.zapto.org:5552

Mutex

Windows

Attributes

reg_key
Windows
splitter
|-F-|

Signatures

AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
rat asyncrat
Asyncrat family
asyncrat
Njrat family
njrat
njRAT/Bladabindi
Widely used RAT written in .NET.
trojan njrat

Async RAT payload 1 IoCs

rat

resource	yara_rule
behavioral1/files/0x000e000000023ac6-460.dat	family_asyncrat

Downloads MZ/PE file

Modifies Windows Firewall 2 TTPs 1 IoCs

evasion

Windows Service

T1543.003

Disable or Modify System Firewall

T1562.004

pid	Process
1228	netsh.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation	Test 2.exe

Drops startup file 4 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.lnk	Test 2.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.lnk	Payload.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.lnk	Test 2.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.lnk	aspnet_compiler.exe

Executes dropped EXE 4 IoCs

pid	Process
872	Test 2.exe
2248	Payload.exe
864	Test 2.exe
1184	Download.exe

Adds Run key to start application 2 TTPs 9 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Windows = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\Windows.URL"	Test 2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Windows = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\Windows.URL"	Payload.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows2 = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\Windows.URL"	Test 2.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Windows2 = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\Windows.URL"	Payload.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\Windows.URL"	Payload.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Windows2 = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\Windows.URL"	Test 2.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\Windows.URL"	Test 2.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows2 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\Payload.exe"	Test 2.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows2 = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\Windows.URL"	Payload.exe

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\tmpF845.tmp.jpg"	Download.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1184 set thread context of 3740	1184	Download.exe	190

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Event Triggered Execution: Netsh Helper DLL 1 TTPs 3 IoCs

Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

persistence privilege_escalation

Netsh Helper DLL

T1546.007

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh	netsh.exe

System Location Discovery: System Language Discovery 1 TTPs 16 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	attrib.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	attrib.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	attrib.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	attrib.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	PING.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ipconfig.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	shutdown.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Payload.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	netsh.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Test 2.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	attrib.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Download.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Test 2.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	aspnet_compiler.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
2356	cmd.exe
2896	PING.EXE

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Gathers network information 2 TTPs 1 IoCs

Uses commandline utility to view network configuration.

System Information Discovery

T1082

Command and Scripting Interpreter

T1059

pid	Process
5056	ipconfig.exe

Modifies Control Panel 2 IoCs

evasion

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\Desktop\TileWallpaper = "0"	Download.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\Desktop\WallpaperStyle = "2"	Download.exe

Modifies data under HKEY_USERS 17 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "206"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133786114452259165"	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 474743.crdownload:SmartScreen	msedge.exe

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
2896	PING.EXE

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
1812	chrome.exe
1812	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
5104	chrome.exe
1852	msedge.exe
1852	msedge.exe
4512	msedge.exe
4512	msedge.exe
1940	identity_helper.exe
1940	identity_helper.exe
2360	msedge.exe
2360	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
864	Test 2.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

pid	Process
1812	chrome.exe
1812	chrome.exe
1812	chrome.exe
1812	chrome.exe
1812	chrome.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1812	chrome.exe
Token: SeCreatePagefilePrivilege	1812	chrome.exe
Token: SeShutdownPrivilege	1812	chrome.exe
Token: SeCreatePagefilePrivilege	1812	chrome.exe
Token: SeShutdownPrivilege	1812	chrome.exe
Token: SeCreatePagefilePrivilege	1812	chrome.exe
Token: SeShutdownPrivilege	1812	chrome.exe
Token: SeCreatePagefilePrivilege	1812	chrome.exe
Token: SeShutdownPrivilege	1812	chrome.exe
Token: SeCreatePagefilePrivilege	1812	chrome.exe
Token: SeShutdownPrivilege	1812	chrome.exe
Token: SeCreatePagefilePrivilege	1812	chrome.exe
Token: SeShutdownPrivilege	1812	chrome.exe
Token: SeCreatePagefilePrivilege	1812	chrome.exe
Token: SeShutdownPrivilege	1812	chrome.exe
Token: SeCreatePagefilePrivilege	1812	chrome.exe
Token: SeShutdownPrivilege	1812	chrome.exe
Token: SeCreatePagefilePrivilege	1812	chrome.exe
Token: SeShutdownPrivilege	1812	chrome.exe
Token: SeCreatePagefilePrivilege	1812	chrome.exe
Token: SeShutdownPrivilege	1812	chrome.exe
Token: SeCreatePagefilePrivilege	1812	chrome.exe
Token: SeShutdownPrivilege	1812	chrome.exe
Token: SeCreatePagefilePrivilege	1812	chrome.exe
Token: SeShutdownPrivilege	1812	chrome.exe
Token: SeCreatePagefilePrivilege	1812	chrome.exe
Token: SeShutdownPrivilege	1812	chrome.exe
Token: SeCreatePagefilePrivilege	1812	chrome.exe
Token: SeShutdownPrivilege	1812	chrome.exe
Token: SeCreatePagefilePrivilege	1812	chrome.exe
Token: SeShutdownPrivilege	1812	chrome.exe
Token: SeCreatePagefilePrivilege	1812	chrome.exe
Token: SeShutdownPrivilege	1812	chrome.exe
Token: SeCreatePagefilePrivilege	1812	chrome.exe
Token: SeShutdownPrivilege	1812	chrome.exe
Token: SeCreatePagefilePrivilege	1812	chrome.exe
Token: SeShutdownPrivilege	1812	chrome.exe
Token: SeCreatePagefilePrivilege	1812	chrome.exe
Token: SeShutdownPrivilege	1812	chrome.exe
Token: SeCreatePagefilePrivilege	1812	chrome.exe
Token: SeShutdownPrivilege	1812	chrome.exe
Token: SeCreatePagefilePrivilege	1812	chrome.exe
Token: SeShutdownPrivilege	1812	chrome.exe
Token: SeCreatePagefilePrivilege	1812	chrome.exe
Token: SeShutdownPrivilege	1812	chrome.exe
Token: SeCreatePagefilePrivilege	1812	chrome.exe
Token: SeShutdownPrivilege	1812	chrome.exe
Token: SeCreatePagefilePrivilege	1812	chrome.exe
Token: SeShutdownPrivilege	1812	chrome.exe
Token: SeCreatePagefilePrivilege	1812	chrome.exe
Token: SeShutdownPrivilege	1812	chrome.exe
Token: SeCreatePagefilePrivilege	1812	chrome.exe
Token: SeShutdownPrivilege	1812	chrome.exe
Token: SeCreatePagefilePrivilege	1812	chrome.exe
Token: SeShutdownPrivilege	1812	chrome.exe
Token: SeCreatePagefilePrivilege	1812	chrome.exe
Token: SeShutdownPrivilege	1812	chrome.exe
Token: SeCreatePagefilePrivilege	1812	chrome.exe
Token: SeShutdownPrivilege	1812	chrome.exe
Token: SeCreatePagefilePrivilege	1812	chrome.exe
Token: SeShutdownPrivilege	1812	chrome.exe
Token: SeCreatePagefilePrivilege	1812	chrome.exe
Token: SeShutdownPrivilege	1812	chrome.exe
Token: SeCreatePagefilePrivilege	1812	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1812	chrome.exe
1812	chrome.exe
1812	chrome.exe
1812	chrome.exe
1812	chrome.exe
1812	chrome.exe
1812	chrome.exe
1812	chrome.exe
1812	chrome.exe
1812	chrome.exe
1812	chrome.exe
1812	chrome.exe
1812	chrome.exe
1812	chrome.exe
1812	chrome.exe
1812	chrome.exe
1812	chrome.exe
1812	chrome.exe
1812	chrome.exe
1812	chrome.exe
1812	chrome.exe
1812	chrome.exe
1812	chrome.exe
1812	chrome.exe
1812	chrome.exe
1812	chrome.exe
1812	chrome.exe
1812	chrome.exe
1812	chrome.exe
1812	chrome.exe
1812	chrome.exe
1812	chrome.exe
1812	chrome.exe
1812	chrome.exe
1812	chrome.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe

Suspicious use of SendNotifyMessage 56 IoCs

pid	Process
1812	chrome.exe
1812	chrome.exe
1812	chrome.exe
1812	chrome.exe
1812	chrome.exe
1812	chrome.exe
1812	chrome.exe
1812	chrome.exe
1812	chrome.exe
1812	chrome.exe
1812	chrome.exe
1812	chrome.exe
1812	chrome.exe
1812	chrome.exe
1812	chrome.exe
1812	chrome.exe
1812	chrome.exe
1812	chrome.exe
1812	chrome.exe
1812	chrome.exe
1812	chrome.exe
1812	chrome.exe
1812	chrome.exe
1812	chrome.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1796	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1812 wrote to memory of 1220	1812	chrome.exe	85
PID 1812 wrote to memory of 1220	1812	chrome.exe	85
PID 1812 wrote to memory of 3076	1812	chrome.exe	86
PID 1812 wrote to memory of 3076	1812	chrome.exe	86
PID 1812 wrote to memory of 3076	1812	chrome.exe	86
PID 1812 wrote to memory of 3076	1812	chrome.exe	86
PID 1812 wrote to memory of 3076	1812	chrome.exe	86
PID 1812 wrote to memory of 3076	1812	chrome.exe	86
PID 1812 wrote to memory of 3076	1812	chrome.exe	86
PID 1812 wrote to memory of 3076	1812	chrome.exe	86
PID 1812 wrote to memory of 3076	1812	chrome.exe	86
PID 1812 wrote to memory of 3076	1812	chrome.exe	86
PID 1812 wrote to memory of 3076	1812	chrome.exe	86
PID 1812 wrote to memory of 3076	1812	chrome.exe	86
PID 1812 wrote to memory of 3076	1812	chrome.exe	86
PID 1812 wrote to memory of 3076	1812	chrome.exe	86
PID 1812 wrote to memory of 3076	1812	chrome.exe	86
PID 1812 wrote to memory of 3076	1812	chrome.exe	86
PID 1812 wrote to memory of 3076	1812	chrome.exe	86
PID 1812 wrote to memory of 3076	1812	chrome.exe	86
PID 1812 wrote to memory of 3076	1812	chrome.exe	86
PID 1812 wrote to memory of 3076	1812	chrome.exe	86
PID 1812 wrote to memory of 3076	1812	chrome.exe	86
PID 1812 wrote to memory of 3076	1812	chrome.exe	86
PID 1812 wrote to memory of 3076	1812	chrome.exe	86
PID 1812 wrote to memory of 3076	1812	chrome.exe	86
PID 1812 wrote to memory of 3076	1812	chrome.exe	86
PID 1812 wrote to memory of 3076	1812	chrome.exe	86
PID 1812 wrote to memory of 3076	1812	chrome.exe	86
PID 1812 wrote to memory of 3076	1812	chrome.exe	86
PID 1812 wrote to memory of 3076	1812	chrome.exe	86
PID 1812 wrote to memory of 3076	1812	chrome.exe	86
PID 1812 wrote to memory of 3136	1812	chrome.exe	87
PID 1812 wrote to memory of 3136	1812	chrome.exe	87
PID 1812 wrote to memory of 1632	1812	chrome.exe	88
PID 1812 wrote to memory of 1632	1812	chrome.exe	88
PID 1812 wrote to memory of 1632	1812	chrome.exe	88
PID 1812 wrote to memory of 1632	1812	chrome.exe	88
PID 1812 wrote to memory of 1632	1812	chrome.exe	88
PID 1812 wrote to memory of 1632	1812	chrome.exe	88
PID 1812 wrote to memory of 1632	1812	chrome.exe	88
PID 1812 wrote to memory of 1632	1812	chrome.exe	88
PID 1812 wrote to memory of 1632	1812	chrome.exe	88
PID 1812 wrote to memory of 1632	1812	chrome.exe	88
PID 1812 wrote to memory of 1632	1812	chrome.exe	88
PID 1812 wrote to memory of 1632	1812	chrome.exe	88
PID 1812 wrote to memory of 1632	1812	chrome.exe	88
PID 1812 wrote to memory of 1632	1812	chrome.exe	88
PID 1812 wrote to memory of 1632	1812	chrome.exe	88
PID 1812 wrote to memory of 1632	1812	chrome.exe	88
PID 1812 wrote to memory of 1632	1812	chrome.exe	88
PID 1812 wrote to memory of 1632	1812	chrome.exe	88
PID 1812 wrote to memory of 1632	1812	chrome.exe	88
PID 1812 wrote to memory of 1632	1812	chrome.exe	88
PID 1812 wrote to memory of 1632	1812	chrome.exe	88
PID 1812 wrote to memory of 1632	1812	chrome.exe	88
PID 1812 wrote to memory of 1632	1812	chrome.exe	88
PID 1812 wrote to memory of 1632	1812	chrome.exe	88
PID 1812 wrote to memory of 1632	1812	chrome.exe	88
PID 1812 wrote to memory of 1632	1812	chrome.exe	88
PID 1812 wrote to memory of 1632	1812	chrome.exe	88
PID 1812 wrote to memory of 1632	1812	chrome.exe	88
PID 1812 wrote to memory of 1632	1812	chrome.exe	88
PID 1812 wrote to memory of 1632	1812	chrome.exe	88

Views/modifies file attributes 1 TTPs 5 IoCs

evasion

Hidden Files and Directories

T1564.001

pid	Process
528	attrib.exe
1924	attrib.exe
4592	attrib.exe
3672	attrib.exe
1808	attrib.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\HmWlkY.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff84c27cc40,0x7ff84c27cc4c,0x7ff84c27cc58
  2⤵
  PID:1220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1884,i,2346224914811553676,15538278958656206779,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1876 /prefetch:2
  2⤵
  PID:3076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1988,i,2346224914811553676,15538278958656206779,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2136 /prefetch:3
  2⤵
  PID:3136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2228,i,2346224914811553676,15538278958656206779,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2240 /prefetch:8
  2⤵
  PID:1632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3112,i,2346224914811553676,15538278958656206779,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3168 /prefetch:1
  2⤵
  PID:3508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3132,i,2346224914811553676,15538278958656206779,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4472,i,2346224914811553676,15538278958656206779,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4604 /prefetch:8
  2⤵
  PID:368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4632,i,2346224914811553676,15538278958656206779,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4676 /prefetch:1
  2⤵
  PID:2972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4488,i,2346224914811553676,15538278958656206779,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4940 /prefetch:1
  2⤵
  PID:696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3880,i,2346224914811553676,15538278958656206779,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:2464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5084,i,2346224914811553676,15538278958656206779,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5088 /prefetch:8
  2⤵
  PID:1748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5312,i,2346224914811553676,15538278958656206779,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5268 /prefetch:8
  2⤵
  PID:4168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5248,i,2346224914811553676,15538278958656206779,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5340 /prefetch:8
  2⤵
  PID:5056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5296,i,2346224914811553676,15538278958656206779,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5468 /prefetch:8
  2⤵
  PID:2060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5304,i,2346224914811553676,15538278958656206779,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5636 /prefetch:8
  2⤵
  PID:5112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5632,i,2346224914811553676,15538278958656206779,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3236 /prefetch:8
  2⤵
  PID:4056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4980,i,2346224914811553676,15538278958656206779,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5824 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5104

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4044

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3636

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5104

C:\Users\Admin\Desktop\Test 2.exe
"C:\Users\Admin\Desktop\Test 2.exe"
1⤵
- Checks computer location settings
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
PID:872
- C:\Users\Admin\AppData\Local\Temp\Payload.exe
  "C:\Users\Admin\AppData\Local\Temp\Payload.exe"
  2⤵
  - Drops startup file
  - Executes dropped EXE
  - Adds Run key to start application
  - System Location Discovery: System Language Discovery
  PID:2248
- - C:\Windows\SysWOW64\attrib.exe
    attrib +h +r +s "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Views/modifies file attributes
    PID:1924
- - C:\Windows\SysWOW64\attrib.exe
    attrib +h +r +s "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\Windows.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Views/modifies file attributes
    PID:4592
- - C:\Windows\SysWOW64\netsh.exe
    netsh firewall delete allowedprogram "C:\Users\Admin\AppData\Local\Temp\Payload.exe"
    3⤵
    - Modifies Windows Firewall
    - Event Triggered Execution: Netsh Helper DLL
    - System Location Discovery: System Language Discovery
    PID:1228
- - C:\Windows\SysWOW64\cmd.exe
    cmd.exe /c ping 0 -n 2 & del "C:\Users\Admin\AppData\Local\Temp\Payload.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - System Network Configuration Discovery: Internet Connection Discovery
    PID:2356
  - - C:\Windows\SysWOW64\PING.EXE
      ping 0 -n 2
      4⤵
      System Location Discovery: System Language Discovery
      System Network Configuration Discovery: Internet Connection Discovery
      Runs ping.exe
      PID:2896
- C:\Windows\SysWOW64\attrib.exe
  attrib +h +r +s "C:\Users\Admin\AppData\Local\Temp\Payload.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Views/modifies file attributes
  PID:528

C:\Users\Admin\Desktop\Test 2.exe
"C:\Users\Admin\Desktop\Test 2.exe"
1⤵
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
PID:864
- C:\Windows\SysWOW64\attrib.exe
  attrib +h +r +s "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Views/modifies file attributes
  PID:3672
- C:\Windows\SysWOW64\attrib.exe
  attrib +h +r +s "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\Windows.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Views/modifies file attributes
  PID:1808

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8587946f8,0x7ff858794708,0x7ff858794718
  2⤵
  PID:4100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2004,14751133997162045016,18416779037946116366,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2008 /prefetch:2
  2⤵
  PID:4052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2004,14751133997162045016,18416779037946116366,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2396 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2004,14751133997162045016,18416779037946116366,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
  2⤵
  PID:8
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,14751133997162045016,18416779037946116366,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:3300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,14751133997162045016,18416779037946116366,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:5056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,14751133997162045016,18416779037946116366,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
  2⤵
  PID:2108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,14751133997162045016,18416779037946116366,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3864 /prefetch:1
  2⤵
  PID:4964
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2004,14751133997162045016,18416779037946116366,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5492 /prefetch:8
  2⤵
  PID:1532
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2004,14751133997162045016,18416779037946116366,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5492 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,14751133997162045016,18416779037946116366,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
  2⤵
  PID:4660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,14751133997162045016,18416779037946116366,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1
  2⤵
  PID:4228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,14751133997162045016,18416779037946116366,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1
  2⤵
  PID:4044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,14751133997162045016,18416779037946116366,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:1
  2⤵
  PID:2056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,14751133997162045016,18416779037946116366,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1
  2⤵
  PID:736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,14751133997162045016,18416779037946116366,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
  2⤵
  PID:4808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2004,14751133997162045016,18416779037946116366,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5032 /prefetch:8
  2⤵
  PID:1668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,14751133997162045016,18416779037946116366,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
  2⤵
  PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2004,14751133997162045016,18416779037946116366,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6208 /prefetch:8
  2⤵
  PID:2132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2004,14751133997162045016,18416779037946116366,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6232 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,14751133997162045016,18416779037946116366,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1
  2⤵
  PID:6096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,14751133997162045016,18416779037946116366,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
  2⤵
  PID:5244

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4708

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4228

C:\Users\Admin\Desktop\Download.exe
"C:\Users\Admin\Desktop\Download.exe"
1⤵
- Executes dropped EXE
- Sets desktop wallpaper using registry
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Modifies Control Panel
PID:1184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.pornhub.com/
  2⤵
  PID:2776
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8587946f8,0x7ff858794708,0x7ff858794718
    3⤵
    PID:2180
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"
  2⤵
  - Drops startup file
  - System Location Discovery: System Language Discovery
  PID:3740
- C:\Windows\SysWOW64\cmd.exe
  "cmd"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5844
- - C:\Windows\SysWOW64\ipconfig.exe
    ipconfig
    3⤵
    - System Location Discovery: System Language Discovery
    - Gathers network information
    PID:5056
- - C:\Windows\SysWOW64\shutdown.exe
    Shutdown /r
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1836

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa389d855 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:1796

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\1b974323-6293-4958-84eb-271d8ff42386.tmp

Filesize
9KB

MD5
36e553e99414e13a3b5477bb06a7fff9

SHA1
6efc3f7ab85b600df9253b34556751b04a8bd80a

SHA256
d00a38b08f1c0fb30604de3f0c487d8e787343187517763874bdefe52d341697

SHA512
cc933dc1b0df1fe8d3ec2627cef53354ba9d438f040dce78720f9a31428554c8bebbce6f6ae9386367a3071dee9ce0593489d16d548bf67630179806b288a6e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\2430994b-9c52-4c50-8be2-92d8589bac9c.tmp

Filesize
9KB

MD5
dc62f64ea17d867eb9bd5c50a8d824c9

SHA1
9f50abcd834a79a8011d88ce48a0ef10f594da28

SHA256
b12a3ba5b47705f4dd8effb1f77ef1a621812dcb6dcd70f0241434d797fe0ef4

SHA512
02222fbae7e486874b6e42138db85ea9c4666b79495a17b8c7257ddb07fae7b2580bdd2d9942e8ed9c9844b819a47f51de829c24ecf770a7021f17ed9c8fd039

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\8ac1bd62-f5b3-461f-9c64-790b3706ee2f.tmp

Filesize
9KB

MD5
08be0e545d88c5c990f95996a7ef7c08

SHA1
6525152d6bad2a77abf425379f2071f0b356e581

SHA256
1751280109b9c84453883b5b405c4c534bf996931cfa26fe6af4a53c3f7091ed

SHA512
496105d4584764f7004ce5847672a0d16ec40af8ab0556421d032812a2237de8c173c4792b926dfc7de1c489ce6624a4a5c5d2aac7f409fa233acfbf72c2e968

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
2d3f536b11129e6f3b7c6ef67f70d587

SHA1
69e64042336c1e4617b281d8496e8aeb0433a43b

SHA256
e7b50c098ac1c5ca83c288c9437fbb3ef715ca77b445cadc413585adb5dcbc73

SHA512
790ffa849b3c5a09791ee370bf129826a45ed36bc8eed8da8250e66b3838774c17ff4b81257dccef0847018edf05b30c8b07e37552816076cffd601831b40309

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
940528a98bc8d3f0325a9531a498cb20

SHA1
fff5a3bb1a6fa3a62f4de2314040e37f5460c7bf

SHA256
7f037c8685e010f24a12757f0f1d41ff5a5a938feb0fc9dad93df5f54031db00

SHA512
76849ab17595128b9172452c848d5de6f716cb857ec0e84708d5748ef41a90b3d8ff31ceddb294dcb7a4fee92ce9e29f833bcfcd9bcee01fb5c47fa5dbaa7a0e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
2e8fd28f5c37702b0eb32abbf05052eb

SHA1
12a967b169dcdcc5dd32d98856ca237134ccec0e

SHA256
d81e8fd92edd941720604079581f020e614f451258a782812d4069703c318aa5

SHA512
573309f2dc1afa2f4f3096dad43ca487e5d1d284660c206f21f206b7102c919fa71a8be20b5ee1612931a7b5503370e025b7623174679b9d1b2a82bbc5a12941

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
b13ea6d9c7ab5f56fb26da57b097d928

SHA1
bd87c0926483c8616911596ff72182d77839086e

SHA256
a42b058bac5a5f05768e15fe4dc03909ca65866cb0fa4c29f9a2b2d3a803040d

SHA512
81a1d5ad29fcbebdcfbfb3ef6e6c83c5e32867622aa3da8821c94a8451f21e0d9d915a3b36a3f7b63b199d68c3fe1685e3e5496eea5b22b964bf6dc975ab4328

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
682B

MD5
9342e28f54d948883c4fbd92b0873435

SHA1
c07f2e12b65bef561c35d4ac45380167e771555b

SHA256
41cabd9c6ed5a159a31b9ce35603a71248cc73c234bada045e6630741b0129c7

SHA512
64cbcccaefbcca61aca55f079a67b14363d27bcb4808f131bfc62677774188f0ae491273ea521367cd655fa6bbfea6cc489acd6149f0fdd46518863531e34894

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a9d3d71a02d9c2c12da14457361e31aa

SHA1
10868b2445621c6a2a3dd5b36579aa9ecb200d5c

SHA256
9dd958f6a8e82f33744d23839f395b9a4ca651b02291762702898aaa9d7f419a

SHA512
b50a9b65ede525b7892739555ced76851ae229813aa2fce28753178c45f40bd186cd4e809473a60beb0abe896805314b0be82b9898b779e39a38a6138923b631

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1d922346e5907d6360ef39f8bd7a6a44

SHA1
9c4dbf9033003e8c6dc42529683ab8ddda2ebd9e

SHA256
494f96c7776611e09cbbfb1e495281420c9c8c90a4dffe4c581b8053c34cccfb

SHA512
c1d0a25fac6dabb65e352e4c782730173026ee4aa00a0f905c193384fb79852a149c98d91a8b71e221812af36726bed19eaa929f303ff756a9ebed491aeb99b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4365910ac40ca7dd19d428623fb350dc

SHA1
4cacab8f0091cbf1bdaca421e7a2e851159504b4

SHA256
a5ce5fa42d7e2e26e1552650d683c8eac62949eba49d0b957582a516365f510b

SHA512
38adb95b44798467024781fbabf94beabde9d7f9696f394c662329aad90a174ee1064cf2e54a347a31dcee540b5db24f9e1dab3d115244d5f3bb167f814c4674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
032b2f902eb76e4d9e2eb467204194d5

SHA1
75dd17c6cdaa55e9e9306046891397a0cd2ca690

SHA256
7cdccd950f82f686a9e4d06c8becdb6017c1dacf7304d0eb280cbc4dd7198dba

SHA512
642e8d2714d4acce1d7d99eecde936006870511e41bd2c60074d2369e89d06b4e18f172bae4fd010fa377ce86df13b3fde92f98048f3e798fd3de22d511d4610

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
df8a0a795bf89fa091a8c71d27d4e644

SHA1
3592f663003af0d742b0bf8f76a59752597c4bbc

SHA256
693449ca81eb4f26762d8cdfd77e5ffa90d3ecc81bf34f4cc794971493d06a77

SHA512
298b59aa9b1b524f9ab3bc38849edfd50312403a3c70ce78a2dd85b81ed8e71b1f44ea686948413d6d22441c932b90a9e77d4cb7bd143d6bb2918464e90b48dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4f60ed846dbeb84f45fc1c46e4f49174

SHA1
effbef2dfbc5ccd5e78f096596ffd83bbe98ab09

SHA256
a728ff054b231a290ee82c1840dc8479f2f7d20e23872b77f4d207d17960176e

SHA512
757b7b534f3f0db6f63cddff27ff8247fd0ca38c217c1ebc969b82f29703039481bf562b6805277404fad3e8deebbdad62e6b11b1a626902eee521cde6aff294

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1b2136c167b575695b71bf94554cd180

SHA1
1ad6f4def0fa57f040c697336ac8b364ed2a5f9f

SHA256
0698918396b88ca07f27d5473ce7682054b3cf12acdd57567e67bfb2b4f7da31

SHA512
4c242941ca2a25041cd61e399a893f5aabef6b0daa13a101cb2cd9f2c470227126ff2eee1855300b05fc8f89b0cc3311f50c3afc8af827c0657dfe10209fdf93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b1f1089ce28dfa9c21c16df12683aabe

SHA1
34104ac55673e9ca1a7e0771232fbb5b4fbc39a4

SHA256
465418e0d3a8373f9f7b52573c768169a5e8aef8ad2395db63db55e61ac98782

SHA512
ce58dbdb2f3bf37758b23f8568a4496f82724fe93582d652900e41b6b402db50b32b6c6464c2e9650972f28f698b87023a76d458c9def1601faf7a3543cdb4e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1b53dab306a9a3a78dfa43505b1d21fd

SHA1
ca973615cbaa2243ca7168dd599e86a803702e42

SHA256
b486e2128bbd211eca568a419831d47a764722a4a7edb340e4dd83cf1fb509d6

SHA512
4d2f8f71c18b9c2ef714244a361c7f35be1e68df35ef3987ac3b74f8e696a1e8edc7c28d627b68293d1908100f1fa5fb84ab855fe1cb926fbaac979519993ac1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e09d0a41ccdb87ed0f098b0831746806

SHA1
74afefcd61f4880fc73bf87281ba54ca0f1ba48c

SHA256
0809022a8ba1604c12dea9edf2130a58511423d9f6bfdaaafef2b463f9eaedea

SHA512
7d732932855a83a8d6ab859b2c6c04733646540b7bab0e202220133218c3441ffee03e14e4d86c427423def05cc8693233cddb58740fea7c0b525177feb9d0c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b0a8db5f9e3bfbc8c3c387172a126972

SHA1
e95fbcbfd0c28d35e2511e86f8639f677a1588b5

SHA256
fe32516f1a1b8d4b6d92156532e691ed12eae3d98746bf49de873077bc95a9c4

SHA512
3b2a89602b00caf057018c103c0faee190ee081f0463c2e8707a45de994002806f3b4e73ed5907c014a9b9f60ea8e7426d064f5d9496ae1a60bd22bf63360783

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4be162e366032e0b4e5d9284b546f674

SHA1
4d79d15a739f85dcb1a765508cc161cad3f352de

SHA256
280f801250426249499838caa03bffbd588280476d92fe4020e89d7134854037

SHA512
b1b47db11e2ad6546f4b92f4562ec9200b23b7270d645f9e1a3198f264731830bbe46addb4a8d82f6a69ff9cc38c35ac01347352635374a61f46abec1f9f435a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2dced17d9718d875e2762ca08fe99137

SHA1
5e037c81fbca225cb58bd2d95d2c8fdb8ccd8111

SHA256
6a50c95599f877dcd7b361b289c52742af76c99aff4787081f67f5758611d4d7

SHA512
18fe20135e315984cd415bb75869f2849a1119bf2e4d0d3751b18b091b9ad2d1772004f6d51a310f2ee18c67548b91546e2889f5df13f89dcdcb1353567eab19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
395c6cafb2cfa5336a7a3a6fdde6b7c5

SHA1
6e6a2e26ec8b6d8ac1c6ab0edd09d1a930c3a146

SHA256
768cac236f4660bcd552da4b71b502bca0dfafd81e72be80370caf138c6d14b1

SHA512
413cf2508e2677b195ff6c3b44e9f389b89103c7556454dcd70c2335ce788fce88decfb71278d28b379cd026c523eda8aa80b5bb0e0dbc322746415ed9df3170

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e0c9b8b82afb263e7446cff48a43bd06

SHA1
ca98778082176625c97226f9e6d0a4cb7f4117db

SHA256
f4b01ff15e02bbd964ac2679cbe3e889832099dba7b6a3c4cc77542013d77c53

SHA512
ae43e0b98901f4c07ef1bfeff84e027bfa4c87e3a5e464dd8dc50234b46beffc122eb303adef9e18950f82589e83999c2c5dea5edec10891c4e26e197668ccc7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2253a8547965174a8fe78c121fcc23c2

SHA1
b3cb0c5269998bb8969b58718a9d1ccd0810ed27

SHA256
fd33cfd499eba414b6c2f28e0b61bcd235c1347150fdb2a37cb36155247d1f7a

SHA512
202859d71b711b5112fea801e32d38d375a4649ede82a7b0e7a91ad736c045c68023eb4c4cd309d95cb1519e3b7b1ef9a9c132d0752ae2e3acf7be9468f568c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c6518831c6ce68c923c996fc3ebaa955

SHA1
2f42274d4e9881ce9555ce25e8be1beeb7ccfb26

SHA256
3458dbdecf7b9fd6faeefe7014d07e5c00281fe0d8fe9b505229628d9e51ea9a

SHA512
4916ca9246960d84a91349064f442126e53576cad3da5f2b32048e98e9f059e95a7333d3aa345fe716ba75f5bd15eebe991d8fa8da7cb3f5dafcba33a39ac309

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8ad8286a4f3f483e88787a24a7d82671

SHA1
2470f7b8ccf49cb66eee0c575e10f40da4256b8f

SHA256
5ab383d8cd1517df69f431703adacc7b62251f11820962f58028a938ec407992

SHA512
4f59ec49aabcf89c9cbaafe5803de1097ccd5812939dcce47815b1613f908f084b7c5178931df1d6fa7404a728b8a49f2b5803b9b0d5ffc3209bb66718c3209b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e8da0cc87431b7f8588477c314f2ef98

SHA1
8df70cd82d5fdb8cfbf52861ebb1110d5e2b2d1c

SHA256
261131c5f39454eea2f7011f363ff4e87547fa3e65092501e607de52b9ea3cdc

SHA512
95223f0e94f7f2ac953b6c7c8f4a50f87c2162013996bf98164a9b86358bf1b533ecb27cce672de4ee21e0b1a5f932b3ff0ef8965732202dadc532d7f1daf5ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c487d3f8f5db71823514c5bc6fe0c011

SHA1
0bd99f2551a5fc3f9ca5bdb694fb74cbe28b1f2e

SHA256
7df5e698e64489380b0ea429d24fcf014c379a8e2c57ffc8d1d9a9b021080d6d

SHA512
bc4c2ffcf1969714cbf200c65741c6473f97afb33b29727a7ffa3807af60015f1f737d4983fa46853646279418d69eb219d5b52f3c7ce4e8c7f815da03167349

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
39fd687552cb66c33326f73c1458f28f

SHA1
79e36c880098561f2147b48ea5958afd2d556db3

SHA256
3d3e9a7dddce3d9f7e48ff0a6a2f127890e3a81ac147796ddd9ecc2a8a3463e2

SHA512
1d6c758fa7ae5c68204d7c7db76f36e843e82ac51a94275d2320124cea6183ed357f0da8b257633b6631c2ef6572e74a01006cfa1575055fd3e36e76691e4e33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
40d57ef64ca4a552593c33fc32f5b6d0

SHA1
06082cbb26c4337fe5bbf0dbff9694d859d484f9

SHA256
2df91a6827016e0f91aa4bd42d201d90b368ec56aae34729c20c7964b96c5ab5

SHA512
d07a60b7f1befbed7ee10360f71053f93d8ddb714f4c7d60cd32806407a215cceac67763e678b84628325ae3eee1241bc755b09ee208cd3b6220e74bece014a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
70ee458417fe23a3fabdda72583c285d

SHA1
8909dc3f186a706a55e94a9aae4402eb5ea27011

SHA256
0b719a6faad8ebbc61a0a4cd434a92d0c21651eccce10e4a90c6686a4a9bcb7d

SHA512
ec087c7cd9f3ebd8cca65ade544ba8196d73206a16a1e1480e5b8fe0b651218daf7fde2ba5ce285fb1a9dd119f0c778bf7700ceee12212d237150659f6c9dc83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
25e5a2a31ae4f9554cec3e6d8454ac39

SHA1
e3c596d6bb05b60c939417b3cce960cc6e886177

SHA256
c16766041626ec7fefcfd77e2945087128dbcccd47e28e0bc43c792a6360cb82

SHA512
26562bdc3666daeb90264ab484a0f6998174d0bdce69511e31a6e4bd8ff4845b0097d4147ad8265b65a03759fb30a9e17cd996e5d76a452702ec8c7ee52ab8c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1ddf3957df7d213f5753c90b9f00db5e

SHA1
109686f828d13e27c3ca3a8f431b39fcb748edb3

SHA256
a1f2926e8f1d1e8292ac5a8ea9526516472e9db67c80e86f55740c97076c3633

SHA512
618ff7162fc803f88ec5aab1ae905d2ad58f7e06563504b18e468fd245554d1bd2cb1c66850bf59097db42abc40d1d98cc2b12edb8b3e69002f8c0e0b5c99f5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
375fa7b74b94ac72b1651bb14e99ff8e

SHA1
41c0ac1da59b076c84b96e1e2e7964fecef3e2d9

SHA256
71abf16aec6b57195c191ec4a7bb7382c7e15636d353b7efe9d40516443c92ab

SHA512
b147ccc1b3b894e53d008b6f574ee25c1710ada5c4dd8318722bb9cb559f2fa2d93e739636d0226ce60b17edb3536222722d0f1979e3521113e46e5d5e5b84eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
78515498906c7ebe8eec4170c2dab7da

SHA1
ffd0c6b3bda21e41f789eb0fc0c81d11b27c6c27

SHA256
0666005a9b5f6958e6203664d15d1a3e7a0ba8d62ed47be14dca290e1b5b75b2

SHA512
ebab348ad2dbf8fb44961e7928a8167cb48968eb057a20c459fbdc19d3407bad5e9160837ca899040862d1ec2dc861051efca49e9f4723bc38871c8af8e520bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
21b514438485d766659fcbafea66371f

SHA1
a6dfc259cd81ad5ed7b7cc7323e08b3149b96165

SHA256
e9e55e305aea223e3c366056bca7c0a2909e8c7fdde88981a119987b4195c9bf

SHA512
c3e961dec3beaf17fa8061632b00f5fc5ec425f26786ca1338b0fd9bbc1cd589a4113c8afe73dd36f3ef6e6af9dabc805137b14349cc0e730dbeb61c968e3566

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
72c09358479b58465e6bd7b7b6c4d360

SHA1
fe5f39b479bd577309a47c7f90224de718b33128

SHA256
171850cbd28931d871db1314b6ea1975f41444ce1e93f44066339f5451a95eec

SHA512
6b2b423b218bc3722332d2b1f8d6c6f4b374aa395f40b3c0124b4e013f9e9aa9093f3028e369351e2658d4505cfcd55e568a59363d35d7ef8338180cfaa53d17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
779f6d179e7676047b04a98c414d1478

SHA1
fde530deb2d8b9eacd789ea63708d876df7a8c03

SHA256
7b461dc04a21b3868bca24d5d51740827b6b3a34236eb053240a1645e6815b6d

SHA512
a210971d7647f5c81bdcff94f52e5aa39038d83147817b93caa4cf7b1cd5cf6405d555c4e40864ce7c8ce39cc26cf9421028131557cec3dccfe89f65d7e8e5b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7c2deb5432559a5d950e46e9e3a2b86d

SHA1
cb56ff010b5bc18ec82afffcdd0d13dcb158c0fa

SHA256
ed1dada1cafd929c6fb8224c375ef49487bc35e5811248a5b454fc4c28f99e8e

SHA512
81398b58fc010f16c5181d72f960c3dca0b2bbd7a6da85a10b29627f072b112a45127a92fcbbcc1583f97efb8a29287c8287ec8d3a961cff21c94e00c8e3f5e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b1fb1059c54f1ca5174562b254c50490

SHA1
f09d628fda22c64ee3dd6a1e0e2d4e477955f7ce

SHA256
7af3373c54322bb0159cd760aa612a3aa349cf8a5e1aa99bde63030b4b88dc9a

SHA512
e18857ca2240beed9fc3be00f316b763cc022594b10ffec58d49749d7bf53e6bc66b3192074edcaa0ebc61ed744be7904ccb317e319f05b851f851411cf0c9f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
95218f2fee075c2dd076c73de509f2e6

SHA1
7774fbcab4b84a265cb50d15c87c62e56570db19

SHA256
fc1ccdb66cf5cce3f5663777b426b4dd3d216a0ec2b984643c08e5fba068fcdc

SHA512
58338a6086d8fa9ee465363220f476c9536a48fa3fa920a39b581830a90257a69b29863b4727a7998d980ee549a991133768d5e42870ecae0f97c2b8203fd80d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5c3f557b0251a697dfbc414161f5285b

SHA1
7d9d099abb4d0a8fe01704b8582cc022b4d8267a

SHA256
3015d6721f33126f76613c094ed0d69fe5811ce9ea4947806f4bf7c42bf59afe

SHA512
bd4d3e4b7858ede06037506b6527347fe582b2e68d9f535fb87ceaa1e4030b586533be8a1f8d16fb8cff39d482059ed2782e966eebb6748d8204311a4c883505

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
51e30104d9aea33423b9bee1c5c25630

SHA1
937c863a72bfb97615b3a3542c56bb64199853dc

SHA256
9162cdff7154360fd4161e64165f0ddfe91a801e87ff4c53fe33b45076d426be

SHA512
f368e6010ac14811732a7de64f103d5b2e122e56a5c3aaa6aabc9f01a707e00e0e641266c987808e426a37ce8896512de4a1fc7ac31c6bd6fb06957103e82cc4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
16b6dbf9c3c9d554b76682fa035ed03f

SHA1
12d4ce99fb42d134253128207ab35c1f96000340

SHA256
6d83373cd9ff03d8be09d2797f4d986773fd2a9dd0c498f22a68513168294fe0

SHA512
3b0a4317d0f6cd359e0d47c33a15588da26479abeb46c2259cd7f6fcc0c8d306225399a9ab106def300c761364eabbd1be18eae509b975de8d657d6df3e7b0d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ee1dd46317e03eea260b7bf2b752c7fb

SHA1
43ca768b170b07075acf962fa4e578aaed567b3a

SHA256
a60ba625ae8c31ca20304d5fbf89e8ae5432053f11240d6ec7a10ffd9cc02ac1

SHA512
66dd2f099b81e9ec675dad1dcbf12ec3faa35f271ab15f41bf2f60d5bf1e09a7041bbfdb181363d14aaea45e86e4fdb887c9d400ee834fb0f41a43d9a1aa20c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2896edb2572be81ef692b7d5edfd8a60

SHA1
bac4a1a5fefb0fc743ce26701545bf77d7d36e2a

SHA256
9e3875a32bd49934c6599f0ea89240e6cd5842b4e62bc95b865c041a4e0d659c

SHA512
33968929e911dcd6bff2b07940ff6913d34b8c86af40d90be45f0496b5360ee58d7c2d84c1e1654ffe001d77bb9c7b3dba000a16b377c1deb3d46b6b86db330e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d6d71bcfaf2e90ecc292ce2c828dbc31

SHA1
dfb83f9d8007e1d95337626c9d58c0e7dea56ce5

SHA256
4ca6ad1dbbf9f539a81dcb41acc80e7a2ff5b33b1a8bd3af42e218ad77cd33be

SHA512
82079bc474a3dff254472e6303794d227042a9f0fdea3b233d5092017d325b0f052c20d53379d85586d7510f024b2e53bcb88c2c7a57b50ab20c9aba1a8453d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\b27f4aa9-a330-410c-9044-16517c36a2a4.tmp

Filesize
9KB

MD5
381f24d543d404a2b3cae2594ebf0699

SHA1
b09a619823c081d884eadd10a3a3633eb60b8b38

SHA256
162f2befca2e937f9b21529edcf6ab6aceb5d5752fe5fa7664517037d2a8c923

SHA512
fa734bc198ce86edc5aa0f9fbc7cd67caecc501c33ac96d95bbf044bb9d2780a7accd9c066f79f9ac6b7f53931d18a955467e2efd21d9a99dec282c9c8d4d152

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\fba64034-a454-42b0-8e5e-2b9adc2ce3cc.tmp

Filesize
9KB

MD5
683e0b3b897e05dc99bc53f3a7f96ed9

SHA1
ae76a2b04d000fbd23534ae717615647575a5280

SHA256
b1a08b0101d94bceba98ea6a4a341a2641b5ad91d633059f63fbf188ab62bafe

SHA512
0140c9c29b8cc77152eb68b41bfc1c69ddb7ed7000538f8d60348982236b077e6b9419976f057aa8c285998ae60e6ded4bac59e9fb8a3a3457bb283b21b9386b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
37ee8296dcf70a27a800bcf2ebc7cb0d

SHA1
9575bb8476af69f66c41df9e9f3e4feaa1929c23

SHA256
d85fb97cfaabc89671c578cf30c7950b5c2baf69bb6fbb2d67ccf3640be4351c

SHA512
d032e322c231e6581750e15cd7f9f56947583e2e0cfad33a6d42d2b2e073c65fdc96d450e10a1d13fbfb88df651cb2111daf568ffa1e5fcade9bc3be0168a99c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
e74356d4bc679abc4307aa002eddb987

SHA1
2268bb952efb88b173f5ef7ffec6d78ea02ecbf9

SHA256
b31c32c4c857231bb956856abd6c454d8a3ff7e57487a3f61451cbf497bfb7e0

SHA512
0606715e557f7cc5168933e3a6f07b25187fdcd20845333a66b17bff2d1fe1fdf70936a856ac6846ef3bdc798fba64ae92efda724c95a5b432da57c6d72915de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
a5651be41163ec024343211bef1e8254

SHA1
1c13cc1c1a2eb7212a93d66b059b0c064c8e9a18

SHA256
ffd2cae7f59d0c3cfffd11f6d8bc842a10fdaaa953fd1edfc26b182a23fe2eb1

SHA512
d9a9c9b38d2c2e6056a8b1c8f539cecf557b719787b14aa440f6adda402fd542cee33db784283ea85f7d9d1685a699f24cc919afb7a7e55e463863742b5fa949

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\Test 2.exe.log

Filesize
319B

MD5
da4fafeffe21b7cb3a8c170ca7911976

SHA1
50ef77e2451ab60f93f4db88325b897d215be5ad

SHA256
7341a4a13e81cbb5b7f39ec47bb45f84836b08b8d8e3ea231d2c7dad982094f7

SHA512
0bc24b69460f31a0ebc0628b99908d818ee85feb7e4b663271d9375b30cced0cd55a0bbf8edff1281a4c886ddf4476ffc989c283069cdcb1235ffcb265580fc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
34d2c4f40f47672ecdf6f66fea242f4a

SHA1
4bcad62542aeb44cae38a907d8b5a8604115ada2

SHA256
b214e3affb02a2ea4469a8bbdfa8a179e7cc57cababd83b4bafae9cdbe23fa33

SHA512
50fba54ec95d694211a005d0e3e6cf5b5677efa16989cbf854207a1a67e3a139f32b757c6f2ce824a48f621440b93fde60ad1dc790fcec4b76edddd0d92a75d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8749e21d9d0a17dac32d5aa2027f7a75

SHA1
a5d555f8b035c7938a4a864e89218c0402ab7cde

SHA256
915193bd331ee9ea7c750398a37fbb552b8c5a1d90edec6293688296bda6f304

SHA512
c645a41180ed01e854f197868283f9b40620dbbc813a1c122f6870db574ebc1c4917da4d320bdfd1cc67f23303a2c6d74e4f36dd9d3ffcfa92d3dfca3b7ca31a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
912B

MD5
f4079836912849bba66c4cb891b64ee1

SHA1
e54042ab229d602fa600a8988ff3b9091c883c41

SHA256
ac6095fc17955a5cf8afa274fbc5868799c5f599397c581eb6c911eb0f744eab

SHA512
3ec5a1eddf6528b09f4916f17d609352c0f1d6794789bec030df409905862655d9a619315ce58b9d9fe0429adab7a1e03fba4fc2e851047346d0e4a00543465c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
a85a90cb01c83181a0897d80b2ad6dd2

SHA1
78f3880c0799fd590895f2fd82d183f7ea2b004c

SHA256
a4e329e289d51e7fc3e95f7b9f9b6637e36c776a50c74f2d37a21527643186ce

SHA512
3bd96ad66dc16fe02f326e0325cdfef84fc9213fb3411a1874964ef0b74cda4020e783e2efe7ad61017bfe1398ccbd7ee44a0227ae6ae6ab8efe442d99c31ce0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
469B

MD5
3e9581f5eca15ea4c38d1ac0ba13f3c4

SHA1
809a33930dc5243a73cbfdd6ad3a38a434ac568e

SHA256
b0d9f22cbed84ac23022c39c9abfe760de381256b9fa3bd312b60b9d1f6e15f4

SHA512
15ebd2ee5ca3242fc025c239b2f8476bc711c078b3c0bcfb1e226481c5ed82d421e40601d0329406c8c2acc60196cabe4fdffc3d59c783541aa785c97d9ad8f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
b632afd078e727fd527405698e49d36c

SHA1
388b9014020208d0c1583ecfb4517d4579835e91

SHA256
2b7abdcb2f971849ec914ae6ac3459a3a82779e03bb8074b523346c815e12f35

SHA512
b48a489bcb6f85f65f4728d1d88ea351a4dc023cc1d538d949bd5219638942095d9be4b20cb6e556e7cdcbc09d0add70a49708b33697a8aed693415992ef04b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
13594a157ddae5fef41e465434697bbe

SHA1
941b973aad51cdae30f086df47cc962798ce6342

SHA256
d59dab24a61519022a4810295e6a5cb135a4299cf91e8a88cbdfab5b5e79d8c2

SHA512
3ca6f0761cb057d7c9eec6b9fe59d66d2b5edbddb1e2fdcae40ea9f4bc9fba0c2309ed652823849be3fbac1d696adb2834f4a4911c2316a7de0043183c4c0826

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
01c3cf75a7b986dbec4c370c1114b3e5

SHA1
e6164391b4428f213eb323eeac4a8daf0f05a593

SHA256
404e7cf852d04de6e27f306c45607305a67a3ad753443794be70bb2447bb7806

SHA512
f2e0ae5b2c3dfb4c8b194cedc17e111b28faf4cf1bc014690df8fd6ce055a46f3fcc3a8f8fdfed12bfd227384b8611576271fbabb9afaea67ec54c7004db17fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
db9be8c2a9b6ca0fd7e62e336509e7d4

SHA1
6ad2ca5d5fb3deb1c77f6d9127a65c74d08c5e57

SHA256
fa6b1a5fc20a648cd87a31c387419f870757bc3c15e8dc2e236b72542b1a265a

SHA512
e41d26e662bc64dada16f04d128d89f22cb076e9aac4231991a6134e603ccdca27bf7cffa45153b3056ae0dd16c1bd78e1add2db626513081986b34349f17ce1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
34bc580549dec209fba7d565341a65ea

SHA1
291444f5c88a5535671f12966deb8dd3e8eda6c1

SHA256
2ab3e2e87a9aaad12010c00187477b53fdaea1fccd86315d8d006131d23d47f4

SHA512
4af14b8c4a2650032739894c4f4f3b1160f22180d4c5614746661ff53d80d1d3ecd4dfd7aab31936d29d7b36b44d3c4dc1d2fec2afc3d730db682c36052d4464

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
317fb8c0614fa9d570ddedf19565b3bb

SHA1
e2054f323b3051e65711343e8bc83a4df1fd420a

SHA256
fded5edd7965b244b0a92f084eb438004822b5efdf602c13719531e851b26d64

SHA512
5a83b69b45fde34c5875f8f7f94fb4f00683d73a4f87141800f295c4dde2df7823786ebfc2f9924d4f6578fd87128d269f2aeda769fe30990bb578b8e54cd0c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f4f02c007f315ca6dd676038bcd9bd77

SHA1
d10c54741c4c60a8d911bf47bc68ce72b1eb4a00

SHA256
d3b511c906f0a67b05e43b37b9d2a51b89c0c8008ea1ee2ab3b718580374dbee

SHA512
dc0140d7d8d288a10f952772e33dabfd6f426f3c0ae205f7dd5bde1850f73f4c0ceb70d1767b7d954098175db7f43a388f48b010a45aeb3edb9656708f405bef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
01f359aa5dd296858696f6190ee55b90

SHA1
222ed7c8e24a96b2094652a512453b579e20a3e5

SHA256
16bad914fd9b4e633aa4e933af7198e3d7a1c440a944795b32176e97168c9927

SHA512
880b4b023d096c1676a82f21e577c7907252681d0a7723f08f9747339431c5cc6e3fe8ab1fd57f0428eb9bac1019b4d1a6aec68fc75171339e22b336c23dbab5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5efeef.TMP

Filesize
48B

MD5
66601650cd6a019f3483c3f216f965b5

SHA1
e0557b413afd3f0ac3591acea0b968e9b4690015

SHA256
4811e01621ac0516880d35da8815f8591f8a06f12c67ac43b3bf98559b644cdb

SHA512
5fcf5ae997721bbe6fd7d1ef3e5fee0102fddc0799554768f0f327149b1f48b62bdfc8f7e3d1f6128b926623e8b41ee33636282f580580161c343bb6af84b294

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
e52f0c35a571029c7a26303a75a8b364

SHA1
feb24811e27b3d23ac5f384ae2a5a7f74c605d5e

SHA256
3fb2410b40327d1ce1cdf98189ac6126114d6b077d258beb299242a77a468c90

SHA512
2cead966206ef9142b0a099aa99554c3692f4601b57cc6594565ecfc62dc3895c75ae5f8b279639eb2808412b108d4df3f2685df2194fad470831a3b03b7191f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5eff2e.TMP

Filesize
370B

MD5
a7b6db2ec8d7180fcfb71178542b4698

SHA1
951e6f08ce474e1343d109cd4d5c51c9554aef9f

SHA256
147c07493f233d7315f50e6b21f2bfc920d41b35959e06eec7730e85344d24fa

SHA512
5e5cc670ae50226a5f2fa0bec9879ab27846368fe2db51c21fb1b30b66ddb6c2ee774e7eb1bf033effb6c966ae96f5cedc82b881f3edf37866c550a2186bfde6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e2914a72b38f2297359c730993af45b2

SHA1
17911be48e2cbfb02d65e7b48d5454960ddd440f

SHA256
383cf4c619b655cacb2f4d620e018f822495445d891ea23994afde09e1cc1fe9

SHA512
7d03713e660dcb6db6a26a591ab363e2a047431c25e201526fd2fecb32101fd822fa8c1687a13a8af10da0b2d93776b9ddae54a1b78ee2a323a21044a68a17d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
84d483478d25a79c8f4be4ff9ad05711

SHA1
2ee75790568c96594af546efb97e88450fc1b428

SHA256
87ee90a3d35ccebc99edf2477881ba51f31493fd42cc043bcdc1e0732c279969

SHA512
1071fb728089d91d3604bb6bf606743e23fe017c39d265e902dab2c80896ef546d7f9bdd3f29e09ee0d202c20974281709df0d70483db177ed26e63a678eb76c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c9d38752d7c8e3148f2c1a1850b2e4a5

SHA1
9a731de28226808d53afc1d57cd897b0ec452853

SHA256
e9fa93f6adfa3f37aa621014e1ed952a989ae242ea4d7140732bde3e4d3c4ae1

SHA512
45dcd8b4355533eb52659ae90cda172dc369c1b9cd3577e5e91506b1ee37e9920e142d9cba5acda29c09a7d36110c2f0cb683aa7f206ab05f5d8f94274c02aa2

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpF844.tmp.jpg

Filesize
28KB

MD5
54c91a8a8d79a9a24d15acfe48d06d0d

SHA1
90ce6c86b3b9162ee0a59b8c771672e6136321d9

SHA256
9cfe0badfa8a129445868644dec768f1d997a053df61ad7e772735d4dc3e2728

SHA512
8a47b8d353d97bc277a233be155150d8e4f2f7731bee13ae0fa66604d5ca0998c5a89d40b98877729e2702eab952619f2b69ea408a8768c94ba22010491e934f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows.lnk

Filesize
1KB

MD5
673a9bfc7804a07c7366ec5d0b00361a

SHA1
9f0b4e270bd89e15c78af01f1be587271d6d692a

SHA256
408dad851ba148ecc3dfc7dfbb37354777ea1e4eeddbee737eda8d99dfab6f23

SHA512
57f11123be108eefd7651fc7421b3a98c83bec6782c81f66bec7489fe1c25c0f6cbd7d9b7a0a551f8201df020bb12e322e104eaa506a3631ab6c1507b0c77dc1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\Windows.lnk

Filesize
1KB

MD5
1fb89c71e3ec30b565388e407ca44024

SHA1
59ff1cc02e0d6f090dfb8f86869988f618639f75

SHA256
51101a07864f773ca8cc55f7b716bc73329bd3b74444d1e1c5e3ba0b22a42b7d

SHA512
03bc06f91891d17787dc2133c14ba3f89e39102fa07ac758bfdd83d37318dcedc4aa8a62436b180f7685dd30b1e3f5e8d1d7050dcc3d833cc57165bc4471fd8d

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 474743.crdownload

Filesize
47KB

MD5
bb2ea6f10707eae7c77dc1edcfa81d8f

SHA1
386948c685ba5466ca21c44186e84699e4d272e1

SHA256
5dc8839bf79d3b4f3202bb7282d4743da2358e2c643c2414203151afebfd2d76

SHA512
815cb39744ee71704ac9511ec90d8acef8147352630295fe5b0e0d8b90ab73f6a14518b933b86b7bcee7a9df4f15d5dc073a75e719fc8c7114b3c4627c507e93

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 805418.crdownload

Filesize
27KB

MD5
e62b304e4bdca0b914d86770cbffc168

SHA1
fa76c4fa02805b71d770091ffb74073d48d67086

SHA256
71e631af8d5edd789a4093d82af944f121330af4096dfae1bdad5af44bbd488e

SHA512
58d38f6bb98c11c10ac3d783c77ecb7d8f027e21e01768ede20acfbbfcbadc5fed6c50030414d47e1e3e70657915b937786e713dfffb836035141e7eed4f7236

Download Submit
memory/872-137-0x0000000074740000-0x0000000074CF1000-memory.dmp

Filesize
5.7MB

Download
memory/872-123-0x0000000074740000-0x0000000074CF1000-memory.dmp

Filesize
5.7MB

Download
memory/872-148-0x0000000074740000-0x0000000074CF1000-memory.dmp

Filesize
5.7MB

Download
memory/872-122-0x0000000074740000-0x0000000074CF1000-memory.dmp

Filesize
5.7MB

Download
memory/872-121-0x0000000074742000-0x0000000074743000-memory.dmp

Filesize
4KB

Download
memory/872-136-0x0000000074742000-0x0000000074743000-memory.dmp

Filesize
4KB

Download
memory/1184-542-0x0000000006BB0000-0x0000000006C26000-memory.dmp

Filesize
472KB

Download
memory/1184-544-0x0000000006C80000-0x0000000006C9E000-memory.dmp

Filesize
120KB

Download
memory/1184-517-0x0000000005A40000-0x0000000005AA6000-memory.dmp

Filesize
408KB

Download
memory/1184-919-0x0000000001100000-0x0000000001162000-memory.dmp

Filesize
392KB

Download
memory/1184-545-0x0000000007030000-0x00000000070C2000-memory.dmp

Filesize
584KB

Download
memory/1184-876-0x0000000007590000-0x0000000007608000-memory.dmp

Filesize
480KB

Download
memory/1184-543-0x0000000006B30000-0x0000000006B98000-memory.dmp

Filesize
416KB

Download
memory/1184-944-0x0000000007AB0000-0x0000000007B12000-memory.dmp

Filesize
392KB

Download
memory/1184-945-0x0000000007980000-0x000000000798A000-memory.dmp

Filesize
40KB

Download
memory/1184-505-0x0000000000BB0000-0x0000000000BC2000-memory.dmp

Filesize
72KB

Download
memory/1184-515-0x0000000005930000-0x00000000059CC000-memory.dmp

Filesize
624KB

Download
memory/1184-964-0x00000000076E0000-0x0000000007772000-memory.dmp

Filesize
584KB

Download
memory/1184-587-0x0000000007160000-0x00000000071C4000-memory.dmp

Filesize
400KB

Download
memory/1184-516-0x0000000005F80000-0x0000000006524000-memory.dmp

Filesize
5.6MB

Download
memory/2248-158-0x0000000074740000-0x0000000074CF1000-memory.dmp

Filesize
5.7MB

Download
memory/2248-147-0x0000000074740000-0x0000000074CF1000-memory.dmp

Filesize
5.7MB

Download
memory/2248-178-0x0000000074740000-0x0000000074CF1000-memory.dmp

Filesize
5.7MB

Download
memory/3740-920-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download

Analysis

Sharing

Errors

General

Malware Config

Extracted

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads