2b6d4cefa77ae47c33bbad9dba1dbce9f83a83ed31a0fc5039d24b2c649a7dca

Resubmissions

30/03/2025, 21:06

250330-zx7lqsxsaz 10

30/03/2025, 21:02

250330-zvd7eayrv4 8

30/03/2025, 20:49

250330-zmf12awyh1 10

Analysis

max time kernel
217s
max time network
256s
platform
windows11-21h2_x64
resource
win11-20250313-en
resource tags

arch:x64arch:x86image:win11-20250313-enlocale:en-usos:windows11-21h2-x64system
submitted
30/03/2025, 21:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MovieDuels.x86.exe
Size

830KB
MD5

e0f676512de7503cf559cb1e5212e7e7
SHA1

6a19ca3de64e3d3e16d160d9b3f10a9019302660
SHA256

2b6d4cefa77ae47c33bbad9dba1dbce9f83a83ed31a0fc5039d24b2c649a7dca
SHA512

b31185e3a5af2421382d56b82c7329c092a5287005be3667638acb7c2ccaabe5a89c10695ccac97406e72bc1d52ac6865e9b0a84437875d8abe35f65d5fb60fa
SSDEEP

24576:hHKxoUWVvBO9Pw0JivckQxgiKZj3z4wBpdwV9RNdJB5nS3T4+LX:hqxnivmAj3z4wBpiSTRz

Score

8^/10

bootkit defense_evasion discovery persistence upx

Malware Config

Signatures

Disables RegEdit via registry modification 1 IoCs

defense_evasion

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1"	筮粮赮粮啮岮譮咮筮粮赮粮啮岮譮咮.exe

Disables Task Manager via registry modification
defense_evasion

Executes dropped EXE 1 IoCs

pid	Process
3604	筮粮赮粮啮岮譮咮筮粮赮粮啮岮譮咮.exe

Enumerates connected drives 3 TTPs 1 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\F:	筮粮赮粮啮岮譮咮筮粮赮粮啮岮譮咮.exe

Writes to the Master Boot Record (MBR) 1 TTPs 2 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	Halter 2.0.exe
File opened for modification	\??\PhysicalDrive0	筮粮赮粮啮岮譮咮筮粮赮粮啮岮譮咮.exe

UPX packed file 8 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1012-1113-0x00000000000B0000-0x00000000000E2000-memory.dmp	upx
behavioral1/memory/3604-1117-0x0000000000F70000-0x0000000000FA2000-memory.dmp	upx
behavioral1/files/0x001900000002b4b9-1115.dat	upx
behavioral1/memory/3604-1120-0x0000000000F70000-0x0000000000FA2000-memory.dmp	upx
behavioral1/memory/3604-1119-0x0000000000F70000-0x0000000000FA2000-memory.dmp	upx
behavioral1/memory/3604-1166-0x0000000000F70000-0x0000000000FA2000-memory.dmp	upx
behavioral1/memory/3604-1590-0x0000000000F70000-0x0000000000FA2000-memory.dmp	upx
behavioral1/memory/3604-1615-0x0000000000F70000-0x0000000000FA2000-memory.dmp	upx

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Hydromatic.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	筮粮赮粮啮岮譮咮筮粮赮粮啮岮譮咮.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MovieDuels.x86.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Halter 2.0.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133878421532648202"	chrome.exe

Modifies registry class 7 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\DisplayName = "Chrome Sandbox"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Moniker = "cr.sb.odm3E4D1A088C1F6D498C84F3C86DE73CE49F82A104"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Children	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000_Classes\Local Settings	筮粮赮粮啮岮譮咮筮粮赮粮啮岮譮咮.exe
Key created	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-976934595-4290022905-4081117292-1000_Classes\Local Settings	OpenWith.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Malware1-main.zip:Zone.Identifier	chrome.exe
File created	C:\Users\Admin\AppData\Local\Temp\筮粮赮粮啮岮譮咮筮粮赮粮啮岮譮咮.exe\:Zone.Identifier:$DATA	Hydromatic.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
5720	chrome.exe
5720	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4712	chrome.exe
Token: SeCreatePagefilePrivilege	4712	chrome.exe
Token: SeShutdownPrivilege	4712	chrome.exe
Token: SeCreatePagefilePrivilege	4712	chrome.exe
Token: SeShutdownPrivilege	4712	chrome.exe
Token: SeCreatePagefilePrivilege	4712	chrome.exe
Token: SeShutdownPrivilege	4712	chrome.exe
Token: SeCreatePagefilePrivilege	4712	chrome.exe
Token: SeShutdownPrivilege	4712	chrome.exe
Token: SeCreatePagefilePrivilege	4712	chrome.exe
Token: SeShutdownPrivilege	4712	chrome.exe
Token: SeCreatePagefilePrivilege	4712	chrome.exe
Token: SeShutdownPrivilege	4712	chrome.exe
Token: SeCreatePagefilePrivilege	4712	chrome.exe
Token: SeShutdownPrivilege	4712	chrome.exe
Token: SeCreatePagefilePrivilege	4712	chrome.exe
Token: SeShutdownPrivilege	4712	chrome.exe
Token: SeCreatePagefilePrivilege	4712	chrome.exe
Token: SeShutdownPrivilege	4712	chrome.exe
Token: SeCreatePagefilePrivilege	4712	chrome.exe
Token: SeShutdownPrivilege	4712	chrome.exe
Token: SeCreatePagefilePrivilege	4712	chrome.exe
Token: SeShutdownPrivilege	4712	chrome.exe
Token: SeCreatePagefilePrivilege	4712	chrome.exe
Token: SeShutdownPrivilege	4712	chrome.exe
Token: SeCreatePagefilePrivilege	4712	chrome.exe
Token: SeShutdownPrivilege	4712	chrome.exe
Token: SeCreatePagefilePrivilege	4712	chrome.exe
Token: SeShutdownPrivilege	4712	chrome.exe
Token: SeCreatePagefilePrivilege	4712	chrome.exe
Token: SeShutdownPrivilege	4712	chrome.exe
Token: SeCreatePagefilePrivilege	4712	chrome.exe
Token: SeShutdownPrivilege	4712	chrome.exe
Token: SeCreatePagefilePrivilege	4712	chrome.exe
Token: SeShutdownPrivilege	4712	chrome.exe
Token: SeCreatePagefilePrivilege	4712	chrome.exe
Token: SeShutdownPrivilege	4712	chrome.exe
Token: SeCreatePagefilePrivilege	4712	chrome.exe
Token: SeShutdownPrivilege	4712	chrome.exe
Token: SeCreatePagefilePrivilege	4712	chrome.exe
Token: SeShutdownPrivilege	4712	chrome.exe
Token: SeCreatePagefilePrivilege	4712	chrome.exe
Token: SeShutdownPrivilege	4712	chrome.exe
Token: SeCreatePagefilePrivilege	4712	chrome.exe
Token: SeShutdownPrivilege	4712	chrome.exe
Token: SeCreatePagefilePrivilege	4712	chrome.exe
Token: SeShutdownPrivilege	4712	chrome.exe
Token: SeCreatePagefilePrivilege	4712	chrome.exe
Token: SeShutdownPrivilege	4712	chrome.exe
Token: SeCreatePagefilePrivilege	4712	chrome.exe
Token: SeShutdownPrivilege	4712	chrome.exe
Token: SeCreatePagefilePrivilege	4712	chrome.exe
Token: SeShutdownPrivilege	4712	chrome.exe
Token: SeCreatePagefilePrivilege	4712	chrome.exe
Token: SeShutdownPrivilege	4712	chrome.exe
Token: SeCreatePagefilePrivilege	4712	chrome.exe
Token: SeShutdownPrivilege	4712	chrome.exe
Token: SeCreatePagefilePrivilege	4712	chrome.exe
Token: SeShutdownPrivilege	4712	chrome.exe
Token: SeCreatePagefilePrivilege	4712	chrome.exe
Token: SeShutdownPrivilege	4712	chrome.exe
Token: SeCreatePagefilePrivilege	4712	chrome.exe
Token: SeShutdownPrivilege	4712	chrome.exe
Token: SeCreatePagefilePrivilege	4712	chrome.exe

Suspicious use of FindShellTrayWindow 52 IoCs

pid	Process
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe
4712	chrome.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
2068	Halter 2.0.exe
1012	Hydromatic.exe
3604	筮粮赮粮啮岮譮咮筮粮赮粮啮岮譮咮.exe
5444	OpenWith.exe
5668	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4712 wrote to memory of 4844	4712	chrome.exe	83
PID 4712 wrote to memory of 4844	4712	chrome.exe	83
PID 4712 wrote to memory of 3332	4712	chrome.exe	84
PID 4712 wrote to memory of 3332	4712	chrome.exe	84
PID 4712 wrote to memory of 3736	4712	chrome.exe	85
PID 4712 wrote to memory of 3736	4712	chrome.exe	85
PID 4712 wrote to memory of 3736	4712	chrome.exe	85
PID 4712 wrote to memory of 3736	4712	chrome.exe	85
PID 4712 wrote to memory of 3736	4712	chrome.exe	85
PID 4712 wrote to memory of 3736	4712	chrome.exe	85
PID 4712 wrote to memory of 3736	4712	chrome.exe	85
PID 4712 wrote to memory of 3736	4712	chrome.exe	85
PID 4712 wrote to memory of 3736	4712	chrome.exe	85
PID 4712 wrote to memory of 3736	4712	chrome.exe	85
PID 4712 wrote to memory of 3736	4712	chrome.exe	85
PID 4712 wrote to memory of 3736	4712	chrome.exe	85
PID 4712 wrote to memory of 3736	4712	chrome.exe	85
PID 4712 wrote to memory of 3736	4712	chrome.exe	85
PID 4712 wrote to memory of 3736	4712	chrome.exe	85
PID 4712 wrote to memory of 3736	4712	chrome.exe	85
PID 4712 wrote to memory of 3736	4712	chrome.exe	85
PID 4712 wrote to memory of 3736	4712	chrome.exe	85
PID 4712 wrote to memory of 3736	4712	chrome.exe	85
PID 4712 wrote to memory of 3736	4712	chrome.exe	85
PID 4712 wrote to memory of 3736	4712	chrome.exe	85
PID 4712 wrote to memory of 3736	4712	chrome.exe	85
PID 4712 wrote to memory of 3736	4712	chrome.exe	85
PID 4712 wrote to memory of 3736	4712	chrome.exe	85
PID 4712 wrote to memory of 3736	4712	chrome.exe	85
PID 4712 wrote to memory of 3736	4712	chrome.exe	85
PID 4712 wrote to memory of 3736	4712	chrome.exe	85
PID 4712 wrote to memory of 3736	4712	chrome.exe	85
PID 4712 wrote to memory of 3736	4712	chrome.exe	85
PID 4712 wrote to memory of 3736	4712	chrome.exe	85
PID 4712 wrote to memory of 2316	4712	chrome.exe	86
PID 4712 wrote to memory of 2316	4712	chrome.exe	86
PID 4712 wrote to memory of 2316	4712	chrome.exe	86
PID 4712 wrote to memory of 2316	4712	chrome.exe	86
PID 4712 wrote to memory of 2316	4712	chrome.exe	86
PID 4712 wrote to memory of 2316	4712	chrome.exe	86
PID 4712 wrote to memory of 2316	4712	chrome.exe	86
PID 4712 wrote to memory of 2316	4712	chrome.exe	86
PID 4712 wrote to memory of 2316	4712	chrome.exe	86
PID 4712 wrote to memory of 2316	4712	chrome.exe	86
PID 4712 wrote to memory of 2316	4712	chrome.exe	86
PID 4712 wrote to memory of 2316	4712	chrome.exe	86
PID 4712 wrote to memory of 2316	4712	chrome.exe	86
PID 4712 wrote to memory of 2316	4712	chrome.exe	86
PID 4712 wrote to memory of 2316	4712	chrome.exe	86
PID 4712 wrote to memory of 2316	4712	chrome.exe	86
PID 4712 wrote to memory of 2316	4712	chrome.exe	86
PID 4712 wrote to memory of 2316	4712	chrome.exe	86
PID 4712 wrote to memory of 2316	4712	chrome.exe	86
PID 4712 wrote to memory of 2316	4712	chrome.exe	86
PID 4712 wrote to memory of 2316	4712	chrome.exe	86
PID 4712 wrote to memory of 2316	4712	chrome.exe	86
PID 4712 wrote to memory of 2316	4712	chrome.exe	86
PID 4712 wrote to memory of 2316	4712	chrome.exe	86
PID 4712 wrote to memory of 2316	4712	chrome.exe	86
PID 4712 wrote to memory of 2316	4712	chrome.exe	86
PID 4712 wrote to memory of 2316	4712	chrome.exe	86
PID 4712 wrote to memory of 2316	4712	chrome.exe	86
PID 4712 wrote to memory of 2316	4712	chrome.exe	86
PID 4712 wrote to memory of 2316	4712	chrome.exe	86

C:\Users\Admin\AppData\Local\Temp\MovieDuels.x86.exe
"C:\Users\Admin\AppData\Local\Temp\MovieDuels.x86.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:5852

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7fff38cbdcf8,0x7fff38cbdd04,0x7fff38cbdd10
  2⤵
  PID:4844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1968,i,2267949640781498887,12418723472187235520,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=2168 /prefetch:11
  2⤵
  PID:3332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2104,i,2267949640781498887,12418723472187235520,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=2076 /prefetch:2
  2⤵
  PID:3736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2352,i,2267949640781498887,12418723472187235520,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=2364 /prefetch:13
  2⤵
  PID:2316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3200,i,2267949640781498887,12418723472187235520,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:2444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3260,i,2267949640781498887,12418723472187235520,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:4612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4168,i,2267949640781498887,12418723472187235520,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=4200 /prefetch:9
  2⤵
  PID:5492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4624,i,2267949640781498887,12418723472187235520,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=4612 /prefetch:1
  2⤵
  PID:5264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4796,i,2267949640781498887,12418723472187235520,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=4676 /prefetch:14
  2⤵
  PID:3972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4944,i,2267949640781498887,12418723472187235520,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=4936 /prefetch:14
  2⤵
  PID:3788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5236,i,2267949640781498887,12418723472187235520,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5280 /prefetch:14
  2⤵
  PID:5048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5228,i,2267949640781498887,12418723472187235520,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5408 /prefetch:14
  2⤵
  PID:3784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5300,i,2267949640781498887,12418723472187235520,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5660 /prefetch:14
  2⤵
  PID:2716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5668,i,2267949640781498887,12418723472187235520,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5328 /prefetch:14
  2⤵
  PID:3016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5264,i,2267949640781498887,12418723472187235520,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5412 /prefetch:14
  2⤵
  PID:4820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5312,i,2267949640781498887,12418723472187235520,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5800 /prefetch:14
  2⤵
  PID:1768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5380,i,2267949640781498887,12418723472187235520,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5788 /prefetch:1
  2⤵
  PID:6140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=3196,i,2267949640781498887,12418723472187235520,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:2724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3576,i,2267949640781498887,12418723472187235520,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=3488 /prefetch:14
  2⤵
  PID:5668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3636,i,2267949640781498887,12418723472187235520,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=3608 /prefetch:14
  2⤵
  PID:5056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3656,i,2267949640781498887,12418723472187235520,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=3588 /prefetch:14
  2⤵
  PID:3008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5420,i,2267949640781498887,12418723472187235520,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=4324 /prefetch:9
  2⤵
  PID:2360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=3416,i,2267949640781498887,12418723472187235520,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=4512 /prefetch:1
  2⤵
  PID:1856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=5528,i,2267949640781498887,12418723472187235520,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=4332 /prefetch:1
  2⤵
  PID:2800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=5824,i,2267949640781498887,12418723472187235520,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=5860 /prefetch:10
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5912,i,2267949640781498887,12418723472187235520,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=6036 /prefetch:14
  2⤵
  - NTFS ADS
  PID:1012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=on_device_model.mojom.OnDeviceModelService --lang=en-US --service-sandbox-type=on_device_model_execution --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4492,i,2267949640781498887,12418723472187235520,262144 --variations-seed-version=20250313-050105.095000 --mojo-platform-channel-handle=6028 /prefetch:14
  2⤵
  PID:2436

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:3964

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5792

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1332

C:\Users\Admin\Downloads\Malware1-main\Malware1-main\Halter 2.0.exe
"C:\Users\Admin\Downloads\Malware1-main\Malware1-main\Halter 2.0.exe"
1⤵
- Writes to the Master Boot Record (MBR)
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2068

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004BC 0x00000000000004B8
1⤵
PID:484

C:\Users\Admin\Downloads\Malware1-main\Malware1-main\Hydromatic.exe
"C:\Users\Admin\Downloads\Malware1-main\Malware1-main\Hydromatic.exe"
1⤵
- System Location Discovery: System Language Discovery
- NTFS ADS
- Suspicious use of SetWindowsHookEx
PID:1012
- C:\Users\Admin\AppData\Local\Temp\筮粮赮粮啮岮譮咮筮粮赮粮啮岮譮咮.exe
  "C:\Users\Admin\AppData\Local\Temp\筮粮赮粮啮岮譮咮筮粮赮粮啮岮譮咮.exe"
  2⤵
  - Disables RegEdit via registry modification
  - Executes dropped EXE
  - Enumerates connected drives
  - Writes to the Master Boot Record (MBR)
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:3604
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\89f5ea49dc59e1cbcff0\2010_x64.log.html
    3⤵
    PID:5572
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-skip-compat-layer-relaunch --single-argument C:\89f5ea49dc59e1cbcff0\2010_x64.log.html
      4⤵
      PID:924
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x2b8,0x7fff1651f208,0x7fff1651f214,0x7fff1651f220
        5⤵
        
        PID:3692
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1772,i,7062272404205021206,7326462000715683527,262144 --variations-seed-version --mojo-platform-channel-handle=2964 /prefetch:11
        5⤵
        
        PID:3160
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2936,i,7062272404205021206,7326462000715683527,262144 --variations-seed-version --mojo-platform-channel-handle=2908 /prefetch:2
        5⤵
        
        PID:3808
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2168,i,7062272404205021206,7326462000715683527,262144 --variations-seed-version --mojo-platform-channel-handle=2968 /prefetch:13
        5⤵
        
        PID:432
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3456,i,7062272404205021206,7326462000715683527,262144 --variations-seed-version --mojo-platform-channel-handle=3556 /prefetch:1
        5⤵
        
        PID:4536
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3464,i,7062272404205021206,7326462000715683527,262144 --variations-seed-version --mojo-platform-channel-handle=3560 /prefetch:1
        5⤵
        
        PID:5048
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4856,i,7062272404205021206,7326462000715683527,262144 --variations-seed-version --mojo-platform-channel-handle=4828 /prefetch:1
        5⤵
        
        PID:3052
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4736,i,7062272404205021206,7326462000715683527,262144 --variations-seed-version --mojo-platform-channel-handle=4704 /prefetch:14
        5⤵
        
        PID:4388
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4912,i,7062272404205021206,7326462000715683527,262144 --variations-seed-version --mojo-platform-channel-handle=5048 /prefetch:14
        5⤵
        
        PID:2308
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5392,i,7062272404205021206,7326462000715683527,262144 --variations-seed-version --mojo-platform-channel-handle=5400 /prefetch:14
        5⤵
        
        PID:6148
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5784,i,7062272404205021206,7326462000715683527,262144 --variations-seed-version --mojo-platform-channel-handle=5024 /prefetch:14
        5⤵
        
        PID:6644
      - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\cookie_exporter.exe
        
        cookie_exporter.exe --cookie-json=1140
        6⤵
        
        PID:6712
    - - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5892,i,7062272404205021206,7326462000715683527,262144 --variations-seed-version --mojo-platform-channel-handle=5912 /prefetch:14
        5⤵
        
        PID:6772
    - - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5892,i,7062272404205021206,7326462000715683527,262144 --variations-seed-version --mojo-platform-channel-handle=5912 /prefetch:14
        5⤵
        
        PID:6784
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5424,i,7062272404205021206,7326462000715683527,262144 --variations-seed-version --mojo-platform-channel-handle=6188 /prefetch:14
        5⤵
        
        PID:6344
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6268,i,7062272404205021206,7326462000715683527,262144 --variations-seed-version --mojo-platform-channel-handle=6232 /prefetch:14
        5⤵
        
        PID:6696
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=564,i,7062272404205021206,7326462000715683527,262144 --variations-seed-version --mojo-platform-channel-handle=5928 /prefetch:14
        5⤵
        
        PID:6612
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5912,i,7062272404205021206,7326462000715683527,262144 --variations-seed-version --mojo-platform-channel-handle=6100 /prefetch:14
        5⤵
        
        PID:6600
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6120,i,7062272404205021206,7326462000715683527,262144 --variations-seed-version --mojo-platform-channel-handle=6188 /prefetch:14
        5⤵
        
        PID:6592
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\cba37a1c7e92138576cf922e\2010_x86.log.html
    3⤵
    PID:5992
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-skip-compat-layer-relaunch --single-argument C:\cba37a1c7e92138576cf922e\2010_x86.log.html
      4⤵
      PID:3516
- - C:\Windows\hh.exe
    "C:\Windows\hh.exe" C:\Program Files\7-Zip\7-zip.chm
    3⤵
    PID:7108
- - C:\Program Files\7-Zip\7z.exe
    "C:\Program Files\7-Zip\7z.exe"
    3⤵
    PID:6232
- - C:\Program Files\7-Zip\7zFM.exe
    "C:\Program Files\7-Zip\7zFM.exe"
    3⤵
    PID:6640
- - C:\Program Files\7-Zip\7zG.exe
    "C:\Program Files\7-Zip\7zG.exe"
    3⤵
    PID:6688
- - C:\Windows\SysWOW64\NOTEPAD.EXE
    "C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\7-Zip\History.txt
    3⤵
    PID:1056
- - C:\Windows\SysWOW64\NOTEPAD.EXE
    "C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\7-Zip\Lang\af.txt
    3⤵
    PID:7064
- - C:\Windows\SysWOW64\NOTEPAD.EXE
    "C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\7-Zip\Lang\an.txt
    3⤵
    PID:7124
- - C:\Windows\SysWOW64\NOTEPAD.EXE
    "C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\7-Zip\Lang\ar.txt
    3⤵
    PID:5404
- - C:\Windows\SysWOW64\NOTEPAD.EXE
    "C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\7-Zip\Lang\ast.txt
    3⤵
    PID:6352
- - C:\Windows\SysWOW64\NOTEPAD.EXE
    "C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\7-Zip\Lang\az.txt
    3⤵
    PID:6524
- - C:\Windows\SysWOW64\NOTEPAD.EXE
    "C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\7-Zip\Lang\ba.txt
    3⤵
    PID:6528
- - C:\Windows\SysWOW64\NOTEPAD.EXE
    "C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\7-Zip\Lang\be.txt
    3⤵
    PID:6964
- - C:\Windows\SysWOW64\NOTEPAD.EXE
    "C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\7-Zip\Lang\bg.txt
    3⤵
    PID:6432
- - C:\Windows\SysWOW64\NOTEPAD.EXE
    "C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\7-Zip\Lang\bn.txt
    3⤵
    PID:6712
- - C:\Windows\SysWOW64\NOTEPAD.EXE
    "C:\Windows\system32\NOTEPAD.EXE" C:\Program Files\7-Zip\Lang\br.txt
    3⤵
    PID:6044

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5444

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5668

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:5852

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:1576

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:1836

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:6880

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6456

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6448

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6772

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
ba8272b84ae5d14a7d66798346806ca5

SHA1
98dc90dd462c5ad86558ef96895c7d832736ab37

SHA256
a56f27e8ee09e706dd35157d3247c698e5c880949737bc5944a7019af5d35dea

SHA512
448600ba3412a383963956c09eed1367f9f6ac6c10ab4a0a77f7525afbafa24086a5adea1e2cc5e386de6bf7784357fbd29658ca4517980648b8b3953825cb00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
a1887e7bd627f2fe089ea2875a34665a

SHA1
17591b8a526fdb399ec9312f0a6667f71f017552

SHA256
53c82e0a81c80ce81152d20700c683743fabce992ab87ffb34de6de1fd81b052

SHA512
8e5296d455a3278fd0e16a2c1aeae3dac88e80349c6a23ebc153ec39d9d6a6fb75e83ee2b30fd22b20894111dfa7ffb961b497c1c018ec36956913bc548b63c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
995faa5549cecf7c689bc9dea78cfb99

SHA1
d0a7fc1c21e933c20ed507c446fa20dec4dddd2a

SHA256
5f02490b3e2fefccd723f9c89020b47efb5f376dedfe847b97ff884c6ebc9b62

SHA512
68ee3aeba51086e9b5cd6f9b99b3b4bad4d19f5d81c7bc6d013cac1162e7159978c3fe7c3d9a70a30cf8658f7f18befe898f4a53e86a3ac5ff526821715b48a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.90.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
1d9bfff7e5069b0f25d30f2940885aaf

SHA1
455a51215c14baef70036e1ec9f889f7987d30a1

SHA256
4d3d0ed34824273fa5f2b5ac7ee7602c13dc0d778e76b60a5ecddb5d8bebc509

SHA512
718805c67d3733d602e4b0edaf3e980a0e756e3b52735458ed6cc8ffc91f96a197ee9f3d7f760baf25d2c04c16110548992b50818323a6d864d54f388a5ed182

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
10KB

MD5
be06615a327f936a4b46b8a4a3cb808f

SHA1
d5c5f4ebed3ed217064ba8ebc823c5e7b6374b4e

SHA256
e2fac96b6bb2b86927c85776e28a13260ed271c85275b9fde614490f3d7fc47f

SHA512
8e95a9bb5be57cdc366c6ba977cc914ab59ec498df15c98603af10f3debba1317b8090b5a11575aba536f6d5ee2aad8b2626e7cb12a6c23bf4e1474324b72001

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
28944762ae9f3c192741f672a1173b62

SHA1
6ddcba8e4f8fedcd0e70d5074604a1d04b01c974

SHA256
34eec71103319a9511ffafb5f8105fa62039b9751ab113afd526820f28553664

SHA512
fd486696097891be05422e0550118ca2e5231a12498bc4f8bc80870b1df2b0531f4bea4de01319e6df7e1f2a80a88ae1a3d37bb7f14044b9f93af15298fb1d8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
a803cbaa097d28609810358de9e0f307

SHA1
c92bfa13143607fc14b962a9ff084982a2000784

SHA256
e0d5621a5464483d28382cba4c852038857981cccc6caec5520733f270b29bd4

SHA512
710e892300c8868a052139f382e84c5935375d4ab881dd8c36745298be1b6924a860e9ecc662e6347ce87a548db309b90c2e3687cac866ebc85932a200e16c0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
d1b26db48f8fc26a74192104121b347b

SHA1
24d3ac1e7e3dd98e521427ae50b358a346b73a5c

SHA256
58a6cfbb9e08922a3caffb67458b22a06d8b55f0b6263e0e1cd00bae0c6f82c3

SHA512
b4cfe8496e2e292617fd2a29882fe225a0a2a71e0e71fe885a6e56b804d5183fa57e9c8681563c3d7d80c85c8f4f20cecfdbbcc176922d8acac810e84a37ab34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
244be217fdca133b7f5e0980cb1f9285

SHA1
3c5a8136037c85e719e9b1c05758a9761246cea8

SHA256
d79d4cf91cea3b195ceeb0f22ab013024434dccd2bb90e1f71efff013358fe33

SHA512
47a7e8e13462ace72e219916dcde08b97804c60c9363559038eb1a2a1f8e55a37be56ac0874034767d06e06d0c26f4382ff13e042556b7a1b85c3fdf9b798797

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
c6862ab59b6ae17a38cf59f7ec372990

SHA1
9fa581b5196ae0193dc3cd3733d75dd4e0b87d94

SHA256
c34225e08c781b9b9e062d2ac472ba2dc60a23b3d8c3e2cc1a7afa8d61d52e07

SHA512
0184cd9defc63a5f89f244de2bf7f513f418f24ed1c7ed9a134d18d4f70637fd5505386a63f2ffd3e277430d40c9fd7620b921802b3a5863e10b87aeebab534b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
843b92f23b9040347c86d437d5a8d610

SHA1
8d426706ac1867ca80ad1e867ab0ca7dfa13f034

SHA256
0eecc433d49760f4ace562357ec81215eb8b5bcfbcf80b26cfc823766f14c26b

SHA512
c11e5480dac126e3587af056148b92529a7cff22f80f7027331e983d02fc49cab579ab494f988295a5a83a275924483080f160f3359a13dd366396fcfad994d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
18KB

MD5
231b14a92a5eb4b9e7c44fb726445547

SHA1
cbb8fa0932d17997aff4b218dca9e62fe99a1734

SHA256
a556888f3d6868386730bc8d2e612e8fe1f739efd27d10fa5c400e0fd1920c12

SHA512
afd297f6aea73b142ee4d63ac5a33000378533218ccde1ac89dee1a8d5839f154593fa9ea47f0f7f14658cebb5329b6ea840826f65331b81231250e3396641fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
9fcd54adcdd8577952c82aa01c3fb560

SHA1
55b130aaa7d7345512feeb159c74fffee40ea352

SHA256
b03ac2dc03de7f0c126e6ed82defac483eef994b55f9f9901cedcd1d6c5077b0

SHA512
586bacc7089f280f9bcb1048ce621a5f4151712a5f0a3a10edc2367f996421a53955223a8a18e6296fad6cd2022a464c9ef9acd5ebb6a7075694ffbf0d8a0ee1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
911fa39f226eae9b7bec11b9bc5d252a

SHA1
9d9260d5e2ad70acc3bc14bbc8935114df8f7149

SHA256
1d04d06709269db84c4e3a50bd438c257935138092166a016cc638e078419235

SHA512
c0050264b801968982451ad77cd9c628693e3ccd7adc13b9c9e40e5004d6863fe3cc8c97ce1e8c6a679ecff32249fc0c88ec170fbaaf3fd423a930471365ad43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
67c1142b1ea90cb63dcad10d5c3ede22

SHA1
3b44e99807348a61b33785a875d27899bcb4cbd7

SHA256
69b62732e96f5b52e51d9a69718ab53b13e4a7cb3453c7eeb47b5d8f48acc9da

SHA512
74f4a52901f56801dcd9bd82f5fe2f81a9cd23c510b4ec03ea03679e46df6c5d3f5965fd1ce4d819724845c9e20872edbfcb21931db325a2f5a9c1150b1d961e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe583747.TMP

Filesize
48B

MD5
81093cbfd33acaadfbdb2ccebe675d41

SHA1
e57f957c77a1b4b0b48bc0d7fb56e92f8df5e6c3

SHA256
567110d721dcb7ee62048b1e8585c4dabb79a2558e10ac214002bdd3446612f2

SHA512
b0c7ad5840882809a285dfb8705fc59a0c4548d022686a5207e4d893801388d9045fbf2727637d32c8ffe5c0335fca99db1d1bdb2abaa14b203a54f578b15159

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt

Filesize
76B

MD5
a7a2f6dbe4e14a9267f786d0d5e06097

SHA1
5513aebb0bda58551acacbfc338d903316851a7b

SHA256
dd9045ea2f3beaf0282320db70fdf395854071bf212ad747e8765837ec390cbc

SHA512
aa5d81e7ee3a646afec55aee5435dc84fe06d84d3e7e1c45c934f258292c0c4dc2f2853a13d2f2b37a98fe2f1dcc7639eacf51b09e7dcccb2e29c2cbd3ba1835

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt~RFe599fa1.TMP

Filesize
140B

MD5
dbf7320b5c926848f0ba83419c1c568f

SHA1
bd5d565e8f0e3f0495ee595119f9458c6bd15fb3

SHA256
d9b438a50569d9ea5cabaca2964b19a3b34f53aaa9425c69f44b2efa53615fcf

SHA512
9fd0f4fb84717d12704e140b52ee7fd8075217108b1c296825b6f4e36b3992886d2e068ef742ecf701698fa7621e05320ef2903a3d7634292457921deede1fe2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\IndexedDB\indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
156KB

MD5
20cb0aa42bc9b2058771c3854a2fc22d

SHA1
5a971477a892773948f3d303cc6c27c425a1ab35

SHA256
f887f00e62675e2d76b70079e340430650e5951c1fe852333b50343517bd2ffa

SHA512
4d76c0b011937240f0110ef9db864a7f3088e4193b17039d2c737f50b2da4f00f5770671b4a9bfa6bf29f0aff4e18e4ff449b1ae0b8ea185cc2520f10c988643

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
80KB

MD5
888c4f7b0c6b79db6c20cdd9a0197e1b

SHA1
5167c2544b3149188343aedfbc25e87dbcceee75

SHA256
f52c9f5175e20f5fb283eadeb999908a3eff66bb989dd04a5f0f79f447ccee22

SHA512
bcb466ba3a38bb62f77ddf93173a53f4256e2d1be43283380911c5ad07db46941798c538bd8c83db072ffee1503f67fa4423c62ee4b085ecd1139121a225a75a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
155KB

MD5
1597686597ad84cc65bf93cb927478e1

SHA1
5857d932122915732f1016fac197213f05016816

SHA256
e3d940b50dd9c56bee89953eeba18adf6644260def5620359a93f0f4dac4ac0f

SHA512
defb71c64df7cccea4e19738f119a2fb02caa0d6ecbd3168048d8c354322f72f99d7a95fd4f6a59c01d1c7439dc42e8caeb23ac49b92351848f866243c73375e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
156KB

MD5
cde0e3bfd134cc1ce4990a63ae940da9

SHA1
ab3d001f133dd96b5d9642cd74e25c82c1ce0ec5

SHA256
16963dcc0e4dea41e9a30ecf5a0909b696f82b9b67968bb277208d62ca7941fa

SHA512
f9a66284331a7b7b425bbbf8b51f818c92150b7942b4637381aa6d5252673657b2c976613c723f940fb52d1ff00e1dfa2af7d915974682f3cf70081bc69479e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
623d0eb0c4a36135a270354557aae018

SHA1
864d2599207960d2aedba50ada4a3b1b2a5a8b87

SHA256
52b485675b621aa85ff48f5cef95a29f845616b63d9a683bb7503f324cee3d03

SHA512
685e69631c295fee7ddb6bedccb9ddab7ac0fd5d5476f5236ee22d7b8af871f9705be8f30ec71b0bfdeabc69927be677942bf8bfcfbdb7ed1151e7dfe80105ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.90.1_0\_locales\en_US\messages.json

Filesize
1KB

MD5
578215fbb8c12cb7e6cd73fbd16ec994

SHA1
9471d71fa6d82ce1863b74e24237ad4fd9477187

SHA256
102b586b197ea7d6edfeb874b97f95b05d229ea6a92780ea8544c4ff1e6bc5b1

SHA512
e698b1a6a6ed6963182f7d25ac12c6de06c45d14499ddc91e81bdb35474e7ec9071cfebd869b7d129cb2cd127bc1442c75e408e21eb8e5e6906a607a3982b212

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
b751bceafb9cbf39ab8cf7fe962e15bc

SHA1
395c4cd2f3531ccb63954ca9e6c9adcf4c3fa80e

SHA256
b232f686229ee6ee9bb9337d5399ab1dda34bdb212050d56b17304d3c220c74a

SHA512
3df873e01826c187f8e0e439762ab2913cdaeb507c5fc1eccbe5d9bba62f4d6520c89f942b7e868370f4a24a7fafbc33f3cec6dc2bf3d66c27f7d4de2c67737e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
37KB

MD5
5f814d34c56bdf3304274147d2a0905b

SHA1
4f2c8daaf45ffb5b3b913844cc2d10c885b21a3b

SHA256
3e3b8c06d8b18b64dfadb56bf0452648327cbe41d96770ff465fd30ac7343d95

SHA512
d377b6840c06b3626adc87513c0a8e288cc7cfef20c70ca821d63d98e01e2015587bcbe32d5f10da8c6910b2c7c64eb896ab4b01099e34a1adf618829eeb5fd7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
dd853b10e4e1ea9723955036c29e8cf5

SHA1
565af93bb321e722546a822c88b4e1e2ec95dffc

SHA256
63cc71691c06b231c98163140ddab6cfd50ab43b0f0e0da57e9a2c7eb0adadbc

SHA512
32d027568c82845a2ad75a30d4c5f59797f6b553004ec8a914ac12b7ea3243ec582d79c31b1e38268da0c9351288e494b9fcbafc393c2ed1b2e0732bcc881ef0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\dd697c27-5bbc-4188-83ea-f587a6ec99f5.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
5370d39307152b51fcaa7483e2ee2bd9

SHA1
d4e38cee091d296d9976c838406e6f16596b2a04

SHA256
f2475722be4f5ad6451488eaf2818e4cf151ba437146883e133415619174c74f

SHA512
389ff54160aaabcd79b2d6a908b3a9291ad6eb18510e36db5575021c95f87201bd3f1d78f58c33c2ffee50275f10d95105befca9b48d8475004793b3feca9d68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
50KB

MD5
1b3a53660d8e8182c271f21c11266b60

SHA1
309c9ad5a5d1c6252885e8ce46b430c9a2b75726

SHA256
c9c8711257f9f8a5c64c207b7fc55127b91433ae033bb6aa42d84bba209ee2ca

SHA512
e23a8c47586f1501db7a8d8eb2fd9bde925eefacbfdb3aeb3f6bbd1f499e8dae928d77ae158c3a69a84a374366533c5671883debf951af90b481002900bcc096

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
e4c732fc3b507b0eb1d501932d20fafc

SHA1
cfa55ed2405cd926ec289bf019ad9e73ba48a20a

SHA256
edc4159ece869f86dab59120abf770903181250681688a69b740a5b42f38190f

SHA512
6266763eb9d9649b76ca1cb87a0c181d6d4f115d49ce8a4788c1ece0755fd0ea6f62b1a97e091116991a0a398f7bfb5e88844706aa333b0c32b3f16d9dd08f12

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir4712_373278526\38647bfd-e121-4ad4-80ee-3483218dcdd8.tmp

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir924_1514049209\CRX_INSTALL\_locales\en\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir924_1514049209\CRX_INSTALL\_locales\en_US\messages.json

Filesize
1KB

MD5
64eaeb92cb15bf128429c2354ef22977

SHA1
45ec549acaa1fda7c664d3906835ced6295ee752

SHA256
4f70eca8e28541855a11ec7a4e6b3bc6dd16c672ff9b596ecfb7715bb3b5898c

SHA512
f63ee02159812146eee84c4eb2034edfc2858a287119cc34a8b38c309c1b98953e14ca1ca6304d6b32b715754b15ba1b3aa4b46976631b5944d50581b2f49def

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir924_1514049209\CRX_INSTALL\manifest.json

Filesize
1KB

MD5
2a738ca67be8dd698c70974c9d4bb21b

SHA1
45a4086c876d276954ffce187af2ebe3dc667b5f

SHA256
b08d566a5705247ddc9abf5e970fc93034970b02cf4cb3d5ccc90e1a1f8c816e

SHA512
f72b9190f9f2b1acc52f7fbb920d48797a96e62dfc0659c418edbbc0299dccf1931f6c508b86c940b976016745b9877f88f2ee081d3e3d5dcdcc2cc7e7884492

Download Submit
C:\Users\Admin\AppData\Local\Temp\筮粮赮粮啮岮譮咮筮粮赮粮啮岮譮咮.exe

Filesize
67KB

MD5
4033ef7bba1229a8f28e6d9062d1943a

SHA1
73ef4f5b4f3383d22b2cc06fd2939a330ea89fc6

SHA256
08f881b563c396b41efa011503fa151e091584874ece328a5cf75d96a1b4ffa7

SHA512
85c33862cfde2b134d577115367b11fc56a84e0145f606ae9aacc0fe5fac3a772776ec65025745735612696547e677c556a12bde2f6045fc413151aa44f75654

Download Submit
C:\Users\Admin\AppData\Local\Temp\筮粮赮粮啮岮譮咮筮粮赮粮啮岮譮咮.txt

Filesize
260B

MD5
1ae727ff8f6de9764f4723635c3a01d0

SHA1
fdf032a3c93e79ee6ed076483423b56374fecdeb

SHA256
068064ad6dbbd2202de933d2e23970d24f7ee48285a2ebeff274b883c99777d4

SHA512
baeff5fc5241758d61b0dbfd9494ce8e33f0c049d2422cd87d85bc0f8189ad928a7286639c257521f3a124ec4fbd96c8d70d8c39c7fb4ba7093db112c1baa636

Download Submit
C:\Users\Admin\Downloads\Malware1-main.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping924_871374444\_locales\en\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
memory/1012-1113-0x00000000000B0000-0x00000000000E2000-memory.dmp

Filesize
200KB

Download
memory/3604-1117-0x0000000000F70000-0x0000000000FA2000-memory.dmp

Filesize
200KB

Download
memory/3604-1166-0x0000000000F70000-0x0000000000FA2000-memory.dmp

Filesize
200KB

Download
memory/3604-1120-0x0000000000F70000-0x0000000000FA2000-memory.dmp

Filesize
200KB

Download
memory/3604-1119-0x0000000000F70000-0x0000000000FA2000-memory.dmp

Filesize
200KB

Download
memory/3604-1590-0x0000000000F70000-0x0000000000FA2000-memory.dmp

Filesize
200KB

Download
memory/3604-1615-0x0000000000F70000-0x0000000000FA2000-memory.dmp

Filesize
200KB

Download