hxxps://www[.]youtube[.]com/redirect?event=video_description&redir_token=QUFFLUhqbTVNWjF6MHBEdjVLWS15NTNFYkVyTXBuVGFKd3xBQ3Jtc0ttcnlQX0Z2QktfSFFQWDdSbll5Vnc3VGs0X3BwU1dCVDdqakZKeldDX2gzOTExTkIzZmd2TmhZSm5YMllsd184b1JDd09xMy1Fc01ObDF1aDBhQ1ppRTF5NEc0Sm5ydjR1WENPNWFZWEdPRWFmSVVKWQ&q=https%3A%2F%2Fwipet[.]malwarewatch[.]org%2Fmalware&v=E90DD9gkOCo

Analysis

max time kernel
1189s
max time network
1214s
platform
windows10-2004_x64
resource
win10v2004-20230221-en
resource tags

arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
submitted
06-04-2023 15:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbTVNWjF6MHBEdjVLWS15NTNFYkVyTXBuVGFKd3xBQ3Jtc0ttcnlQX0Z2QktfSFFQWDdSbll5Vnc3VGs0X3BwU1dCVDdqakZKeldDX2gzOTExTkIzZmd2TmhZSm5YMllsd184b1JDd09xMy1Fc01ObDF1aDBhQ1ppRTF5NEc0Sm5ydjR1WENPNWFZWEdPRWFmSVVKWQ&q=https%3A%2F%2Fwipet.malwarewatch.org%2Fmalware&v=E90DD9gkOCo

Score

7^/10

bootkit persistence

Malware Config

Signatures

Executes dropped EXE 4 IoCs

Processes:

vcredist_x64.EXESulfoxide.exeSulfoxide.exeSulfoxide.exe

pid process

3392 vcredist_x64.EXE
2132 Sulfoxide.exe
2468 Sulfoxide.exe
2664 Sulfoxide.exe
Loads dropped DLL 1 IoCs

Processes:

MsiExec.exe

pid process

692 MsiExec.exe

pid	process
3392	vcredist_x64.EXE
2132	Sulfoxide.exe
2468	Sulfoxide.exe
2664	Sulfoxide.exe

pid	process
692	MsiExec.exe

Adds Run key to start application 2 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

chrome.exevcredist_x64.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Software\Microsoft\Windows\CurrentVersion\Run	chrome.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce	vcredist_x64.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\""	vcredist_x64.EXE

Enumerates connected drives 3 TTPs 49 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

msiexec.exemsiexec.exesdclt.exe

description	ioc	process
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\D:	sdclt.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\F:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\F:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1067

Processes:

MEMZ.exe

description ioc process

File opened for modification \??\PhysicalDrive0 MEMZ.exe

description	ioc	process
File opened for modification	\??\PhysicalDrive0	MEMZ.exe

Drops file in Program Files directory 3 IoCs

Processes:

setup.exemsiexec.exe

description	ioc	process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\2a126e53-8aae-420f-84a1-88011ed14dd2.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230406175653.pma	setup.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\VC\amd64\msdia80.dll	msiexec.exe

Drops file in Windows directory 57 IoCs

Processes:

msiexec.exe

description	ioc	process
File created	C:\Windows\WinSxS\InstallTemp\20230406175214544.0\amd64_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_d6cffeda.cat	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20230406175214919.0\amd64_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_4716846b.manifest	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20230406175215231.0\mfc80CHT.dll	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20230406175215591.0\vcomp.dll	msiexec.exe
File opened for modification	C:\Windows\WinSxS\InstallTemp\20230406175215591.0	msiexec.exe
File opened for modification	C:\Windows\Installer\e5daf6d.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIB2A9.tmp	msiexec.exe
File opened for modification	C:\Windows\WinSxS\InstallTemp\20230406175214669.0	msiexec.exe
File opened for modification	C:\Windows\WinSxS\InstallTemp\20230406175215747.0	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20230406175214544.0\amd64_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_d6cffeda.manifest	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20230406175215731.0\8.0.50727.6195.policy	msiexec.exe
File created	C:\Windows\Installer\e5daf70.msi	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20230406175214919.0\mfcm80u.dll	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20230406175214669.0\msvcp80.dll	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20230406175215231.0\mfc80ESP.dll	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20230406175215231.0\mfc80DEU.dll	msiexec.exe
File opened for modification	C:\Windows\WinSxS\InstallTemp\20230406175215669.0	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20230406175215231.0\mfc80ENU.dll	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20230406175215669.0\8.0.50727.6195.policy	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20230406175215684.0\8.0.50727.6195.cat	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20230406175215731.0\8.0.50727.6195.cat	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20230406175214669.0\msvcr80.dll	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20230406175214669.0\msvcm80.dll	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20230406175215231.0\amd64_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_9c659d69.cat	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20230406175215716.0\8.0.50727.6195.policy	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20230406175214919.0\mfc80u.dll	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20230406175215591.0\amd64_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_7735df00.cat	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20230406175215231.0\mfc80CHS.dll	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20230406175215669.0\8.0.50727.6195.cat	msiexec.exe
File created	C:\Windows\Installer\e5daf6d.msi	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20230406175214669.0\amd64_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_76301166.manifest	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20230406175215231.0\mfc80FRA.dll	msiexec.exe
File opened for modification	C:\Windows\WinSxS\InstallTemp\20230406175215716.0	msiexec.exe
File created	C:\Windows\Installer\SourceHash{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20230406175215231.0\mfc80ITA.dll	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20230406175215747.0\8.0.50727.6195.cat	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20230406175215231.0\mfc80JPN.dll	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20230406175215716.0\8.0.50727.6195.cat	msiexec.exe
File opened for modification	C:\Windows\WinSxS\InstallTemp\20230406175215231.0	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIBA2C.tmp	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20230406175215747.0\8.0.50727.6195.policy	msiexec.exe
File opened for modification	C:\Windows\WinSxS\InstallTemp\20230406175214544.0	msiexec.exe
File opened for modification	C:\Windows\WinSxS\InstallTemp\20230406175215731.0	msiexec.exe
File opened for modification	C:\Windows\WinSxS\InstallTemp\20230406175215684.0	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20230406175214919.0\amd64_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_4716846b.cat	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20230406175214919.0\mfc80.dll	msiexec.exe
File opened for modification	C:\Windows\WinSxS\InstallTemp\20230406175214919.0	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20230406175215591.0\amd64_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_7735df00.manifest	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20230406175215684.0\8.0.50727.6195.policy	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20230406175214669.0\amd64_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_76301166.cat	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20230406175215231.0\mfc80KOR.dll	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20230406175214544.0\ATL80.dll	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20230406175214919.0\mfcm80.dll	msiexec.exe
File created	C:\Windows\WinSxS\InstallTemp\20230406175215231.0\amd64_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_9c659d69.manifest	msiexec.exe

Program crash 2 IoCs

Processes:

WerFault.exeWerFault.exe

pid pid_target process target process

5052 4104 WerFault.exe
4280 5028 WerFault.exe

pid	pid_target	process	target process
5052	4104	WerFault.exe
4280	5028	WerFault.exe

Checks SCSI registry key(s) 3 TTPs 9 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

vssvc.exeTaskmgr.exesdclt.exe

description	ioc	process
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 00000000040000008ccb747e6bc781e30000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff0000000027010100000800008ccb747e0000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3f000000ffffffff0000000007000100006809008ccb747e000000000000d0120000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000008ccb747e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000008ccb747e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	sdclt.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	Taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	Taskmgr.exe

Enumerates system info in registry 2 TTPs 24 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exechrome.exemsedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

Processes:

explorer.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe

Modifies data under HKEY_USERS 5 IoCs

Processes:

chrome.exemsiexec.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133252766648440694"	chrome.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\1E\52C64B7E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1f	msiexec.exe

Modifies registry class 64 IoCs

Processes:

msiexec.exeexplorer.exemsedge.execontrol.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1af2a8da7e60d0b429d7e6453b3d0182\PackageCode = "C558A51006735C645AEE5A0FC6A310C9"	msiexec.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 000000000200000001000000ffffffff	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\telephon.cpl,-1#immutable1 = "Phone and Modem"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\usercpl.dll,-1#immutable1 = "User Accounts"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\colorcpl.exe,-6#immutable1 = "Color Management"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3\0\0 = 1e00718000000000000000000000ea2b8ab9427d58458bd1832f41bac6fd0000	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\systemcpl.dll,-2#immutable1 = "View information about your computer, and change settings for hardware, performance, and remote connections."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\timedate.cpl,-52#immutable1 = "Set the date, time, and time zone for your computer."	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "2"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "48"	explorer.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Win32Assemblies\Global\Microsoft.VC80.OpenMP,type="win32",version="8.0.50727.6195",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="amd64" = 2c006c0076006a0060006f002c0042002d00400050002e0059002e00430039007300560073003000560043005f005200650064006900730074003e007a0050005400310026006e0073004b0064007a00650038004d006b0062004900640046007700550000000000	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1af2a8da7e60d0b429d7e6453b3d0182\AuthorizedLUAApp = "0"	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\powercpl.dll,-2#immutable1 = "Conserve energy or maximize performance by choosing how your computer manages power."	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7	explorer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1af2a8da7e60d0b429d7e6453b3d0182\SourceList\Media\3 = ";Microsoft Visual C++ 2005 Redistributable (x64) [Disk 1]"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sud.dll,-1#immutable1 = "Default Programs"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-102#immutable1 = "Keyboard"	explorer.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Win32Assemblies\Global\policy.8.0.Microsoft.VC80.ATL,type="win32-policy",version="8.0.50727.6195",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="amd64" = 2c006c0076006a0060006f002c0042002d00400050002e0059002e00430039007300560073003000560043005f005200650064006900730074003e007b004c0046003d0042004900620074004f002800650038004d006b0062004900640046007700550000000000	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Win32Assemblies\Global\policy.8.0.Microsoft.VC80.OpenMP,type="win32-policy",version="8.0.50727.6195",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="amd64" = 2c006c0076006a0060006f002c0042002d00400050002e0059002e00430039007300560073003000560043005f005200650064006900730074003e007e0078002d00360076007a0045007a007e003200650038004d006b0062004900640046007700550000000000	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\92091D8AC5E822E408118470F0E997E6\1af2a8da7e60d0b429d7e6453b3d0182	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\Vault.dll,-1#immutable1 = "Credential Manager"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\accessibilitycpl.dll,-10#immutable1 = "Ease of Access Center"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3\0	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\appwiz.cpl,-159#immutable1 = "Programs and Features"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\appwiz.cpl,-160#immutable1 = "Uninstall or change programs on your computer."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fvecpl.dll,-1#immutable1 = "BitLocker Drive Encryption"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202	explorer.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Win32Assemblies\Global\Microsoft.VC80.MFC,type="win32",version="8.0.50727.6195",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="amd64" = 2c006c0076006a0060006f002c0042002d00400050002e0059002e00430039007300560073003000560043005f005200650064006900730074003e0069002a0048004e00530057007d0024007e005500650038004d006b0062004900640046007700550000000000	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1af2a8da7e60d0b429d7e6453b3d0182\AdvertiseFlags = "388"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1af2a8da7e60d0b429d7e6453b3d0182\SourceList\Media\9 = ";Microsoft Visual C++ 2005 Redistributable (x64) [Disk 1]"	msiexec.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3\0 = 0c0001008421de39050000000000	explorer.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Win32Assemblies\Global\policy.8.0.Microsoft.VC80.MFCLOC,type="win32-policy",version="8.0.50727.6195",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="amd64" = 2c006c0076006a0060006f002c0042002d00400050002e0059002e00430039007300560073003000560043005f005200650064006900730074003e00500054005d002700660025002b0027004b002800650038004d006b0062004900640046007700550000000000	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1af2a8da7e60d0b429d7e6453b3d0182\SourceList\Media\7 = ";Microsoft Visual C++ 2005 Redistributable (x64) [Disk 1]"	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sud.dll,-10#immutable1 = "Choose which programs you want Windows to use for activities like web browsing, editing photos, sending e-mail, and playing music."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\FirewallControlPanel.dll,-12123#immutable1 = "Set firewall security options to help protect your computer from hackers and malicious software."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\netcenter.dll,-2#immutable1 = "Check network status, change network settings and set preferences for sharing files and printers."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\systemcpl.dll,-1#immutable1 = "System"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\Vid = "{65F125E5-7BE1-4810-BA9D-D271C8432CE3}"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3\MRUListEx = 00000000ffffffff	explorer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1af2a8da7e60d0b429d7e6453b3d0182\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\"	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\Speech\SpeechUX\speechuxcpl.dll,-1#immutable1 = "Speech Recognition"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sdcpl.dll,-100#immutable1 = "Recover copies of your files backed up in Windows 7"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fvecpl.dll,-2#immutable1 = "Protect your PC using BitLocker Drive Encryption."	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\Mode = "6"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\LogicalViewMode = "2"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8	explorer.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Win32Assemblies\Global\policy.8.0.Microsoft.VC80.CRT,type="win32-policy",version="8.0.50727.6195",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="amd64" = 2c006c0076006a0060006f002c0042002d00400050002e0059002e00430039007300560073003000560043005f005200650064006900730074003e004b0039007000540041002700650026005d002900650038004d006b0062004900640046007700550000000000	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1af2a8da7e60d0b429d7e6453b3d0182\SourceList\Media\8 = ";Microsoft Visual C++ 2005 Redistributable (x64) [Disk 1]"	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\DeviceCenter.dll,-1000#immutable1 = "Devices and Printers"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	explorer.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Win32Assemblies\Global\policy.8.0.Microsoft.VC80.MFC,type="win32-policy",version="8.0.50727.6195",publicKeyToken="1fc8b3b9a1e18e3b",processorArchitecture="amd64" = 2c006c0076006a0060006f002c0042002d00400050002e0059002e00430039007300560073003000560043005f005200650064006900730074003e00240062003000290043004b0076003d0035002700650038004d006b0062004900640046007700550000000000	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\1af2a8da7e60d0b429d7e6453b3d0182\SourceList\Media\1 = ";Microsoft Visual C++ 2005 Redistributable (x64) [Disk 1]"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings	control.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\Vault.dll,-2#immutable1 = "Manage your Windows credentials."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\devmgr.dll,-5#immutable1 = "View and update your device hardware settings and driver software."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\SyncCenter.dll,-3001#immutable1 = "Sync files between your computer and network folders"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\DeviceCenter.dll,-2000#immutable1 = "View and manage devices, printers, and print jobs"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\accessibilitycpl.dll,-45#immutable1 = "Make your computer easier to use."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fhcpl.dll,-52#immutable1 = "File History"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	explorer.exe

Runs regedit.exe 1 IoCs

Processes:

regedit.exe

pid process

384 regedit.exe
Suspicious behavior: AddClipboardFormatListener 1 IoCs

Processes:

explorer.exe

pid process

3188 explorer.exe

pid	process
384	regedit.exe

pid	process
3188	explorer.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

chrome.exechrome.exemsiexec.exemsedge.exemsedge.exeidentity_helper.exemsedge.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exe

pid	process
4784	chrome.exe
4784	chrome.exe
3116	chrome.exe
3116	chrome.exe
2752	msiexec.exe
2752	msiexec.exe
640	msedge.exe
640	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
1456	identity_helper.exe
1456	identity_helper.exe
4828	msedge.exe
4828	msedge.exe
2172	MEMZ.exe
2172	MEMZ.exe
4916	MEMZ.exe
4916	MEMZ.exe
1216	MEMZ.exe
1216	MEMZ.exe
4336	MEMZ.exe
2172	MEMZ.exe
2172	MEMZ.exe
4336	MEMZ.exe
4140	MEMZ.exe
4140	MEMZ.exe
1216	MEMZ.exe
1216	MEMZ.exe
4916	MEMZ.exe
4916	MEMZ.exe
4140	MEMZ.exe
4140	MEMZ.exe
2172	MEMZ.exe
2172	MEMZ.exe
4336	MEMZ.exe
4336	MEMZ.exe
2172	MEMZ.exe
4336	MEMZ.exe
2172	MEMZ.exe
4336	MEMZ.exe
4140	MEMZ.exe
4140	MEMZ.exe
4916	MEMZ.exe
4916	MEMZ.exe
1216	MEMZ.exe
1216	MEMZ.exe
1216	MEMZ.exe
1216	MEMZ.exe
4916	MEMZ.exe
4916	MEMZ.exe
4140	MEMZ.exe
4140	MEMZ.exe
4336	MEMZ.exe
4336	MEMZ.exe
2172	MEMZ.exe
2172	MEMZ.exe
2172	MEMZ.exe
2172	MEMZ.exe
4140	MEMZ.exe
4140	MEMZ.exe
4336	MEMZ.exe
4336	MEMZ.exe
1216	MEMZ.exe

Suspicious behavior: GetForegroundWindowSpam 4 IoCs

Processes:

7zFM.exeregedit.exesdclt.exeTaskmgr.exe

pid process

1344 7zFM.exe
384 regedit.exe
4264 sdclt.exe
4796 Taskmgr.exe
Suspicious behavior: LoadsDriver 6 IoCs

Processes:

pid

4
4
4
4
4
656

pid	process
1344	7zFM.exe
384	regedit.exe
4264	sdclt.exe
4796	Taskmgr.exe

pid
4
4
4
4
4
656

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

Processes:

chrome.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exe

pid	process
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
2652	msedge.exe
2652	msedge.exe
2652	msedge.exe
184	msedge.exe
184	msedge.exe
184	msedge.exe
184	msedge.exe
184	msedge.exe
184	msedge.exe
184	msedge.exe
184	msedge.exe
184	msedge.exe
1064	msedge.exe
1064	msedge.exe
1064	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
2572	msedge.exe
2572	msedge.exe
2572	msedge.exe
2572	msedge.exe
2572	msedge.exe
2572	msedge.exe
2572	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe
Token: SeShutdownPrivilege	4784	chrome.exe
Token: SeCreatePagefilePrivilege	4784	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exemsiexec.exe7zFM.exe7zFM.exemsedge.exe

pid	process
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
640	msiexec.exe
640	msiexec.exe
4784	chrome.exe
1344	7zFM.exe
1344	7zFM.exe
1344	7zFM.exe
1344	7zFM.exe
1616	7zFM.exe
1616	7zFM.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

chrome.exeTaskmgr.exe

pid	process
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4784	chrome.exe
4796	Taskmgr.exe
4796	Taskmgr.exe
4796	Taskmgr.exe
4796	Taskmgr.exe
4796	Taskmgr.exe
4796	Taskmgr.exe
4796	Taskmgr.exe
4796	Taskmgr.exe
4796	Taskmgr.exe
4796	Taskmgr.exe
4796	Taskmgr.exe
4796	Taskmgr.exe
4796	Taskmgr.exe
4796	Taskmgr.exe
4796	Taskmgr.exe
4796	Taskmgr.exe
4796	Taskmgr.exe
4796	Taskmgr.exe
4796	Taskmgr.exe
4796	Taskmgr.exe
4796	Taskmgr.exe
4796	Taskmgr.exe
4796	Taskmgr.exe
4796	Taskmgr.exe
4796	Taskmgr.exe
4796	Taskmgr.exe
4796	Taskmgr.exe
4796	Taskmgr.exe
4796	Taskmgr.exe
4796	Taskmgr.exe
4796	Taskmgr.exe
4796	Taskmgr.exe
4796	Taskmgr.exe
4796	Taskmgr.exe
4796	Taskmgr.exe
4796	Taskmgr.exe
4796	Taskmgr.exe
4796	Taskmgr.exe
4796	Taskmgr.exe
4796	Taskmgr.exe

Suspicious use of SetWindowsHookEx 13 IoCs

Processes:

OpenWith.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exe

pid	process
3724	OpenWith.exe
1844	MEMZ.exe
2172	MEMZ.exe
1216	MEMZ.exe
4916	MEMZ.exe
4140	MEMZ.exe
4336	MEMZ.exe
2600	MEMZ.exe
2600	MEMZ.exe
2600	MEMZ.exe
2600	MEMZ.exe
2600	MEMZ.exe
2600	MEMZ.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4784 wrote to memory of 4320	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 4320	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 4376	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 4376	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 4376	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 4376	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 4376	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 4376	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 4376	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 4376	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 4376	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 4376	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 4376	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 4376	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 4376	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 4376	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 4376	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 4376	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 4376	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 4376	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 4376	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 4376	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 4376	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 4376	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 4376	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 4376	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 4376	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 4376	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 4376	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 4376	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 4376	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 4376	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 4376	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 4376	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 4376	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 4376	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 4376	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 4376	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 4376	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 4376	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 1964	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 1964	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 3188	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 3188	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 3188	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 3188	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 3188	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 3188	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 3188	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 3188	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 3188	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 3188	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 3188	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 3188	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 3188	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 3188	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 3188	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 3188	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 3188	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 3188	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 3188	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 3188	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 3188	4784	chrome.exe	chrome.exe
PID 4784 wrote to memory of 3188	4784	chrome.exe	chrome.exe

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbTVNWjF6MHBEdjVLWS15NTNFYkVyTXBuVGFKd3xBQ3Jtc0ttcnlQX0Z2QktfSFFQWDdSbll5Vnc3VGs0X3BwU1dCVDdqakZKeldDX2gzOTExTkIzZmd2TmhZSm5YMllsd184b1JDd09xMy1Fc01ObDF1aDBhQ1ppRTF5NEc0Sm5ydjR1WENPNWFZWEdPRWFmSVVKWQ&q=https%3A%2F%2Fwipet.malwarewatch.org%2Fmalware&v=E90DD9gkOCo
1⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4784

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffae62e9758,0x7ffae62e9768,0x7ffae62e9778
2⤵
PID:4320

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1760 --field-trial-handle=1812,i,2969493205902166073,11290246350457774435,131072 /prefetch:2
2⤵
PID:4376

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1812,i,2969493205902166073,11290246350457774435,131072 /prefetch:8
2⤵
PID:1964

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2220 --field-trial-handle=1812,i,2969493205902166073,11290246350457774435,131072 /prefetch:8
2⤵
PID:3188

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3172 --field-trial-handle=1812,i,2969493205902166073,11290246350457774435,131072 /prefetch:1
2⤵
PID:3780

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3188 --field-trial-handle=1812,i,2969493205902166073,11290246350457774435,131072 /prefetch:1
2⤵
PID:916

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4520 --field-trial-handle=1812,i,2969493205902166073,11290246350457774435,131072 /prefetch:8
2⤵
PID:3992

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4796 --field-trial-handle=1812,i,2969493205902166073,11290246350457774435,131072 /prefetch:8
2⤵
PID:1572

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4840 --field-trial-handle=1812,i,2969493205902166073,11290246350457774435,131072 /prefetch:8
2⤵
PID:4312

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5068 --field-trial-handle=1812,i,2969493205902166073,11290246350457774435,131072 /prefetch:1
2⤵
PID:1496

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5060 --field-trial-handle=1812,i,2969493205902166073,11290246350457774435,131072 /prefetch:1
2⤵
PID:1128

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5204 --field-trial-handle=1812,i,2969493205902166073,11290246350457774435,131072 /prefetch:1
2⤵
PID:4792

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4956 --field-trial-handle=1812,i,2969493205902166073,11290246350457774435,131072 /prefetch:1
2⤵
PID:1240

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5248 --field-trial-handle=1812,i,2969493205902166073,11290246350457774435,131072 /prefetch:1
2⤵
PID:1924

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4756 --field-trial-handle=1812,i,2969493205902166073,11290246350457774435,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3116

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4932 --field-trial-handle=1812,i,2969493205902166073,11290246350457774435,131072 /prefetch:8
2⤵
PID:2168

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5024 --field-trial-handle=1812,i,2969493205902166073,11290246350457774435,131072 /prefetch:8
2⤵
PID:1228

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=1820 --field-trial-handle=1812,i,2969493205902166073,11290246350457774435,131072 /prefetch:1
2⤵
PID:2628

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=1800 --field-trial-handle=1812,i,2969493205902166073,11290246350457774435,131072 /prefetch:1
2⤵
PID:3856

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5436 --field-trial-handle=1812,i,2969493205902166073,11290246350457774435,131072 /prefetch:8
2⤵
PID:3376

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5624 --field-trial-handle=1812,i,2969493205902166073,11290246350457774435,131072 /prefetch:8
2⤵
PID:5016

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=3476 --field-trial-handle=1812,i,2969493205902166073,11290246350457774435,131072 /prefetch:1
2⤵
PID:1932

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=4864 --field-trial-handle=1812,i,2969493205902166073,11290246350457774435,131072 /prefetch:1
2⤵
PID:3048

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5456 --field-trial-handle=1812,i,2969493205902166073,11290246350457774435,131072 /prefetch:1
2⤵
PID:2440

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5400 --field-trial-handle=1812,i,2969493205902166073,11290246350457774435,131072 /prefetch:1
2⤵
PID:1880

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=4424 --field-trial-handle=1812,i,2969493205902166073,11290246350457774435,131072 /prefetch:1
2⤵
PID:952

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=5808 --field-trial-handle=1812,i,2969493205902166073,11290246350457774435,131072 /prefetch:1
2⤵
PID:2448

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=836 --field-trial-handle=1812,i,2969493205902166073,11290246350457774435,131072 /prefetch:8
2⤵
PID:1116

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3280 --field-trial-handle=1812,i,2969493205902166073,11290246350457774435,131072 /prefetch:8
2⤵
PID:3180

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=1656 --field-trial-handle=1812,i,2969493205902166073,11290246350457774435,131072 /prefetch:1
2⤵
PID:2164

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5064 --field-trial-handle=1812,i,2969493205902166073,11290246350457774435,131072 /prefetch:8
2⤵
PID:948

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5860 --field-trial-handle=1812,i,2969493205902166073,11290246350457774435,131072 /prefetch:8
2⤵
PID:5112

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5824 --field-trial-handle=1812,i,2969493205902166073,11290246350457774435,131072 /prefetch:8
2⤵
PID:5068

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5324 --field-trial-handle=1812,i,2969493205902166073,11290246350457774435,131072 /prefetch:8
2⤵
PID:1036

C:\Users\Admin\Downloads\vcredist_x64.EXE
"C:\Users\Admin\Downloads\vcredist_x64.EXE"
2⤵
- Executes dropped EXE
- Adds Run key to start application
PID:3392

C:\Windows\SysWOW64\msiexec.exe
msiexec /i vcredist.msi
3⤵
- Enumerates connected drives
- Suspicious use of FindShellTrayWindow
PID:640

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2080

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:2752

C:\Windows\system32\srtasks.exe
C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
2⤵
PID:1712

C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 1334D826A1DD79CFABB1E01F71776BCF
2⤵
- Loads dropped DLL
PID:692

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Checks SCSI registry key(s)
PID:4024

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:848

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Sulfoxide 1.4.7z"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
PID:1344

C:\Users\Admin\AppData\Local\Temp\7zO0455184F\Sulfoxide.exe
"C:\Users\Admin\AppData\Local\Temp\7zO0455184F\Sulfoxide.exe"
2⤵
- Executes dropped EXE
PID:2132

C:\Users\Admin\AppData\Local\Temp\7zO045BBC2F\Sulfoxide.exe
"C:\Users\Admin\AppData\Local\Temp\7zO045BBC2F\Sulfoxide.exe"
2⤵
- Executes dropped EXE
PID:2468

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:3724

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Sulfoxide 1.4.7z"
1⤵
- Suspicious use of FindShellTrayWindow
PID:1616

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
PID:4612

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffae66e46f8,0x7ffae66e4708,0x7ffae66e4718
2⤵
PID:4932

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,367764010557132595,16766364451038070709,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
2⤵
PID:4028

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,367764010557132595,16766364451038070709,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:640

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,367764010557132595,16766364451038070709,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
2⤵
PID:1396

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,367764010557132595,16766364451038070709,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
2⤵
PID:3308

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,367764010557132595,16766364451038070709,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
2⤵
PID:3036

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,367764010557132595,16766364451038070709,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
2⤵
PID:3208

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,367764010557132595,16766364451038070709,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4004 /prefetch:1
2⤵
PID:1056

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,367764010557132595,16766364451038070709,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3548 /prefetch:8
2⤵
PID:4540

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
2⤵
- Drops file in Program Files directory
PID:3916

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x23c,0x240,0x244,0x218,0x248,0x7ff741ab5460,0x7ff741ab5470,0x7ff741ab5480
3⤵
PID:1148

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,367764010557132595,16766364451038070709,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3548 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1456

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,367764010557132595,16766364451038070709,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3536 /prefetch:1
2⤵
PID:3748

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,367764010557132595,16766364451038070709,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
2⤵
PID:4800

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,367764010557132595,16766364451038070709,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:1
2⤵
PID:2316

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,367764010557132595,16766364451038070709,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2004 /prefetch:1
2⤵
PID:4360

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,367764010557132595,16766364451038070709,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1
2⤵
PID:4916

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2152,367764010557132595,16766364451038070709,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5520 /prefetch:8
2⤵
PID:4200

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,367764010557132595,16766364451038070709,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1892 /prefetch:1
2⤵
PID:2572

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,367764010557132595,16766364451038070709,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
2⤵
PID:3316

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,367764010557132595,16766364451038070709,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5940 /prefetch:1
2⤵
PID:3976

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2152,367764010557132595,16766364451038070709,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6220 /prefetch:8
2⤵
PID:4976

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2152,367764010557132595,16766364451038070709,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6320 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4828

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,367764010557132595,16766364451038070709,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1
2⤵
PID:244

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,367764010557132595,16766364451038070709,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6648 /prefetch:2
2⤵
PID:5084

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4592

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4f8 0x4e0
1⤵
PID:436

C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ 3.0 (1).zip\MEMZ 3.0\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ 3.0 (1).zip\MEMZ 3.0\MEMZ.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:1844

C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ 3.0 (1).zip\MEMZ 3.0\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ 3.0 (1).zip\MEMZ 3.0\MEMZ.exe" /watchdog
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2172

C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ 3.0 (1).zip\MEMZ 3.0\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ 3.0 (1).zip\MEMZ 3.0\MEMZ.exe" /watchdog
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1216

C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ 3.0 (1).zip\MEMZ 3.0\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ 3.0 (1).zip\MEMZ 3.0\MEMZ.exe" /watchdog
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4916

C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ 3.0 (1).zip\MEMZ 3.0\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ 3.0 (1).zip\MEMZ 3.0\MEMZ.exe" /watchdog
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4140

C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ 3.0 (1).zip\MEMZ 3.0\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ 3.0 (1).zip\MEMZ 3.0\MEMZ.exe" /watchdog
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4336

C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ 3.0 (1).zip\MEMZ 3.0\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ 3.0 (1).zip\MEMZ 3.0\MEMZ.exe" /main
2⤵
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetWindowsHookEx
PID:2600

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe" \note.txt
3⤵
PID:1616

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=mcafee+vs+norton
3⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:2652

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffae66e46f8,0x7ffae66e4708,0x7ffae66e4718
4⤵
PID:3832

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,5107844869714905390,4333459761341044830,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:2
4⤵
PID:1280

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2192,5107844869714905390,4333459761341044830,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
4⤵
PID:2016

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2192,5107844869714905390,4333459761341044830,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2956 /prefetch:8
4⤵
PID:576

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,5107844869714905390,4333459761341044830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1
4⤵
PID:1664

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,5107844869714905390,4333459761341044830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
4⤵
PID:3300

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,5107844869714905390,4333459761341044830,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:1
4⤵
PID:880

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,5107844869714905390,4333459761341044830,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5320 /prefetch:8
4⤵
PID:4036

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,5107844869714905390,4333459761341044830,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5320 /prefetch:8
4⤵
PID:1056

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=mcafee+vs+norton
3⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:184

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffae66e46f8,0x7ffae66e4708,0x7ffae66e4718
4⤵
PID:1572

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2196,4744446745986789600,8597449334920182705,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3
4⤵
PID:776

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,4744446745986789600,8597449334920182705,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2228 /prefetch:2
4⤵
PID:708

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2196,4744446745986789600,8597449334920182705,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
4⤵
PID:3668

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,4744446745986789600,8597449334920182705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
4⤵
PID:2336

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,4744446745986789600,8597449334920182705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
4⤵
PID:1616

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,4744446745986789600,8597449334920182705,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:1
4⤵
PID:4848

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,4744446745986789600,8597449334920182705,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5016 /prefetch:8
4⤵
PID:1480

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,4744446745986789600,8597449334920182705,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5016 /prefetch:8
4⤵
PID:1788

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,4744446745986789600,8597449334920182705,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
4⤵
PID:3140

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,4744446745986789600,8597449334920182705,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
4⤵
PID:2472

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,4744446745986789600,8597449334920182705,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3656 /prefetch:1
4⤵
PID:1396

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,4744446745986789600,8597449334920182705,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
4⤵
PID:4448

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,4744446745986789600,8597449334920182705,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
4⤵
PID:4864

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,4744446745986789600,8597449334920182705,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1
4⤵
PID:4284

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=g3t+r3kt
3⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:1064

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffae66e46f8,0x7ffae66e4708,0x7ffae66e4718
4⤵
PID:1776

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2208,16695226937690225792,15688495856755541691,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
4⤵
PID:1272

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2208,16695226937690225792,15688495856755541691,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2680 /prefetch:8
4⤵
PID:384

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,16695226937690225792,15688495856755541691,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2220 /prefetch:2
4⤵
PID:4552

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,16695226937690225792,15688495856755541691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
4⤵
PID:2316

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,16695226937690225792,15688495856755541691,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
4⤵
PID:4400

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,16695226937690225792,15688495856755541691,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:1
4⤵
PID:4368

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,16695226937690225792,15688495856755541691,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5204 /prefetch:8
4⤵
PID:1576

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,16695226937690225792,15688495856755541691,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5204 /prefetch:8
4⤵
PID:3588

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pcoptimizerpro.com/
3⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:64

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffae66e46f8,0x7ffae66e4708,0x7ffae66e4718
4⤵
PID:1364

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,1174477150401125777,6843264053157506737,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
4⤵
PID:4120

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,1174477150401125777,6843264053157506737,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8
4⤵
PID:4032

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,1174477150401125777,6843264053157506737,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2424 /prefetch:3
4⤵
PID:1060

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1174477150401125777,6843264053157506737,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
4⤵
PID:1496

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1174477150401125777,6843264053157506737,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
4⤵
PID:388

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1174477150401125777,6843264053157506737,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
4⤵
PID:4796

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,1174477150401125777,6843264053157506737,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5292 /prefetch:8
4⤵
PID:2272

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,1174477150401125777,6843264053157506737,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5292 /prefetch:8
4⤵
PID:4748

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1174477150401125777,6843264053157506737,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
4⤵
PID:3724

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1174477150401125777,6843264053157506737,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1
4⤵
PID:2136

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1174477150401125777,6843264053157506737,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
4⤵
PID:1936

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1174477150401125777,6843264053157506737,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
4⤵
PID:1252

C:\Windows\SysWOW64\Taskmgr.exe
"C:\Windows\System32\Taskmgr.exe"
3⤵
- Checks SCSI registry key(s)
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SendNotifyMessage
PID:4796

C:\Windows\SysWOW64\explorer.exe
"C:\Windows\System32\explorer.exe"
3⤵
PID:2324

C:\Windows\SysWOW64\control.exe
"C:\Windows\System32\control.exe"
3⤵
- Modifies registry class
PID:3332

C:\Windows\SysWOW64\explorer.exe
"C:\Windows\System32\explorer.exe"
3⤵
PID:2092

C:\Windows\SysWOW64\explorer.exe
"C:\Windows\System32\explorer.exe"
3⤵
PID:1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=virus+builder+legit+free+download
3⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:2572

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffae66e46f8,0x7ffae66e4708,0x7ffae66e4718
4⤵
PID:668

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,9441960463586739115,10738289532331029837,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
4⤵
PID:3820

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2180,9441960463586739115,10738289532331029837,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2992 /prefetch:8
4⤵
PID:3624

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,9441960463586739115,10738289532331029837,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
4⤵
PID:2848

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,9441960463586739115,10738289532331029837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
4⤵
PID:5116

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,9441960463586739115,10738289532331029837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
4⤵
PID:4052

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,9441960463586739115,10738289532331029837,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1
4⤵
PID:1224

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,9441960463586739115,10738289532331029837,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5088 /prefetch:8
4⤵
PID:772

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,9441960463586739115,10738289532331029837,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5088 /prefetch:8
4⤵
PID:5024

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,9441960463586739115,10738289532331029837,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
4⤵
PID:3176

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,9441960463586739115,10738289532331029837,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3632 /prefetch:1
4⤵
PID:3748

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,9441960463586739115,10738289532331029837,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4148 /prefetch:1
4⤵
PID:4368

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,9441960463586739115,10738289532331029837,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
4⤵
PID:4520

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=mcafee+vs+norton
3⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:3668

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0x108,0x128,0x7ffae66e46f8,0x7ffae66e4708,0x7ffae66e4718
4⤵
PID:3840

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2248,7349105148789950430,11389480561541328668,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:3
4⤵
PID:4260

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2248,7349105148789950430,11389480561541328668,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2924 /prefetch:8
4⤵
PID:3784

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,7349105148789950430,11389480561541328668,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
4⤵
PID:2344

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,7349105148789950430,11389480561541328668,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
4⤵
PID:4428

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2248,7349105148789950430,11389480561541328668,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2268 /prefetch:2
4⤵
PID:2584

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,7349105148789950430,11389480561541328668,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4828 /prefetch:1
4⤵
PID:1876

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2248,7349105148789950430,11389480561541328668,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5180 /prefetch:8
4⤵
PID:1536

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2248,7349105148789950430,11389480561541328668,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5180 /prefetch:8
4⤵
PID:2148

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,7349105148789950430,11389480561541328668,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
4⤵
PID:3584

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,7349105148789950430,11389480561541328668,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3592 /prefetch:1
4⤵
PID:1280

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,7349105148789950430,11389480561541328668,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
4⤵
PID:4664

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,7349105148789950430,11389480561541328668,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3564 /prefetch:1
4⤵
PID:2344

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,7349105148789950430,11389480561541328668,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
4⤵
PID:4804

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,7349105148789950430,11389480561541328668,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
4⤵
PID:1356

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,7349105148789950430,11389480561541328668,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3120 /prefetch:1
4⤵
PID:952

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,7349105148789950430,11389480561541328668,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
4⤵
PID:2344

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+to+create+your+own+ransomware
3⤵
PID:1208

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xf8,0x128,0x7ffae66e46f8,0x7ffae66e4708,0x7ffae66e4718
4⤵
PID:3152

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+to+send+a+virus+to+my+friend
3⤵
PID:3596

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffae66e46f8,0x7ffae66e4708,0x7ffae66e4718
4⤵
PID:1396

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3704

C:\Users\Admin\Desktop\Sulfoxide.exe
"C:\Users\Admin\Desktop\Sulfoxide.exe"
1⤵
- Executes dropped EXE
PID:2664

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 456 -p 4104 -ip 4104
1⤵
PID:8

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 4104 -s 2924
1⤵
- Program crash
PID:5052

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 412 -p 5028 -ip 5028
1⤵
PID:2336

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 5028 -s 2936
1⤵
- Program crash
PID:4280

C:\Windows\regedit.exe
"C:\Windows\regedit.exe"
1⤵
- Runs regedit.exe
- Suspicious behavior: GetForegroundWindowSpam
PID:384

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2400

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4432

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2128

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
PID:3188

C:\Windows\System32\sdclt.exe
"C:\Windows\System32\sdclt.exe" /foreignrestore
2⤵
- Enumerates connected drives
- Checks SCSI registry key(s)
- Suspicious behavior: GetForegroundWindowSpam
PID:4264

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:2972

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:2324

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
1⤵
PID:3320

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4136

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3584

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Bootkit

T1067

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e5daf6f.rbs
Filesize
73KB

MD5
f7ad843579b572273a6ed601c9729988

SHA1
f14338a624d8d2f18e036980a991d38c2c28127e

SHA256
440d8d35ed5f911d6067f7cc887151d85c93d45db55cf9ef2229004cdd2a42e4

SHA512
d39cd92de3a5c96a2a0e4d46c53e13097bea77cb735941029ac09c45542a0cf274a9fc275ab19e6eca9c836edf194a884e586a50da5fb633f83d9eeedd2facd1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c
Filesize
162KB

MD5
b81d6636c3ad72c63e532e5180eaf7f9

SHA1
ddcd059999fff6218e98af62dbe3fa9c885a0de8

SHA256
2fb4351c49b47b7cdaa9516237a8b1e690e4448339d09d70a84c658729e461ef

SHA512
4f0b87bbf60061a8efca4906554f958b7c28cf582452e01a8316d8c5ea8c98beda6c3230afff207f0b92d316c4c2e0ca1b4631e7d7364344b4a76394115af06b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
168B

MD5
a602112ef2b0f419231ac866b644af41

SHA1
8982522ec41e14ba21754658c400d91668798b06

SHA256
86419cb542eae770abbc0ec3f6b43507543357401e13e6a04f82987c5ccaf7d6

SHA512
a6ffc5632afd6383dbc9ea01c6a0fd909a2e1a2b6d4b9b2772213276f5f1a9a8910db5153f7384651d2a75597a28d2c39c8541a29594c60b20df60dda3e6a011

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
216B

MD5
ce093108e3bd76f3f59e1aab3320eb5e

SHA1
56d109f68190fddaaca225af857f4d59599045a2

SHA256
5a47164a8d836600b065c85852e044bf3e0cbc2936734a35345f5713b5929396

SHA512
3c45e2f62a446ac65044696fb16344fd6543f4f22a309e8b58fd22650189a8212d1dd924b3a0db8525bd3150b878527c0fa2a50e80fd003236cd6769f3576fca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
120B

MD5
8483cd8f8e81983516387a0f7663d49a

SHA1
043d6fe82cb474eb8c6727dca86294c7ee112ba0

SHA256
d9306510bcf94a2012457b1e3cc645345574e59ed7c2b35249af3712f12d3f69

SHA512
96acbed9a9bd65d1361529f4e542df4f30a4908f2301babe0d15db43bc4e3250091addbdab5e4ad1bc8c17919cee8542e4ce1a74731d9b93d5c7c20902ae9957

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
7c8b0b17a85c7f3e764e23c778789718

SHA1
3f41ff693f5c1d3283dca1c1497ca9024afe9d83

SHA256
cb5ebb74909bc386fff218fa64c8d88285754842bb932af7b048912b48e38111

SHA512
da7a4013b248d98b83ba1455732128f9360d6bf8536bf321687d9c0d6aa58ac0c4dff6ecb81102e6c468588e3e392dae8788f67d080350de47569e508b34cceb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1
Filesize
264KB

MD5
5de5a967c4d5281d1ab33a3b81b59a16

SHA1
f426c4ede82fcd14e07b6fc8ec7e531d1d3676a3

SHA256
c44933ed096e7d20f3be9fb4b6ac73eeed0941d9a8e56b0817c8ce5d68731906

SHA512
58011983d1778f1f787441b4cfedb767ad8a10470d70aecdae6846c69c9036256c57052900a0b09ea421a48344a3a96942c3c7bd246768418b6edb7b0aa053b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
24450f4dba292c9e1675206dd15e6e07

SHA1
39e44618b7cdcfa3a5abe495d1c23a9bde4dacd0

SHA256
c2fc7c9d21795a0e85d05402278d8b4507c3bb797d9ea8864bb42f3a9cc0bc1f

SHA512
02d65f0c072c36d389cf54dbbe8dff567a118d06e7660d22872d5c515a1cb81aeacc3ff9cb27fd6326b7fac0330842f50b4da491d702a29097c3d2a85c36cdad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
1116fd9742360dbb7394c7fed58e6370

SHA1
957d99057aa9e486c9fc277c019f605addbe201a

SHA256
ae8972b153a2d4f17013cd1a50332c3b895eee829198e52e6a6316249100414b

SHA512
91c4cec60c8886b8a34866cba192ede4ad5c871f2e4a638a26d1322029165512887861aa3b03b909365ea134b2f41b2311e3a65d5eeba77c4be6e2278c90eaeb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
cce746ce2a0d10eac7f93588a29597f1

SHA1
b7cdfd7c54f7ee3a0739b11282e04de6dbb0695e

SHA256
70ea46f6b28e5e7d92d7c7aabaa078875198714cb59d611716bec2050885e1d7

SHA512
52e189f8686c53e3b50e9e75197393a73df7d933098897400184515bc8617ded7b87aae08a3d17df3a3f22f45e2aa87c5918e4ead7c9cdd2ec870978a99e0f2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
4KB

MD5
d8e23aa99120bc14a2d18cca0f51bbd8

SHA1
9579d4c56eef43565c7d0e826521c6e7b48aa3a4

SHA256
6b9f094a121279aacbad477cb9acbc73d16d5dc2f40a37e76b1b5e0192153e5c

SHA512
0b3f82b7b91fd47bcd8e3ce31944bb43a5fda2877824def7279439acd7b3bc193181b5c2799b9a9b21af3bc91eea0ffc1f25a502629daaf74621f1d8fb990604

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
fb66cc5a8f0ba511187b564f072e83b7

SHA1
8218a319deadf8dcc2864de61a6015f47af74d49

SHA256
30bb1b441e24b5d9e735ce7042de2569a0222b006977c501c83d41ba4480a085

SHA512
7236f3205baa76a4d9a302fc93e9006b1f052bc66dd0fc89acbd16b4605916e94aa11e2f954fe20b621d7c0e2ce9091f90f394c487186f9485db0aa6e480bce2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
77919e1be9275c6339c02499bab928b7

SHA1
6367c76914af3a3bf43d83df864c6fe739c88c84

SHA256
36b0c87766bc559eb5c5e7e08f694ffadd4a25ed82e3b4b3aa56450f0a87a1fd

SHA512
b2eecb3c706e9b728d69363f9f9bfdbf70211eb9de4720f84915af7c8a056ffcdcac59a3ee2c693d0685b378b9d7a042b5ee0b5192c13425bba0e22534bfa4be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
5KB

MD5
fe769d736f5401eda19d77d06ff8c158

SHA1
096f38ee25ca9c43d67d1e5792530af43bf648f1

SHA256
3a309bd9e694ae518d57bf922f135bba6debffc1d74563870ba3546b1919bacc

SHA512
a55c932525c1fd914bee5f6e13e73599b3d07f2e9d83c91d1021c0e8df1a5745691e24a263ab16973bb23e050fccf71400900f867539f7f089a6a1e86e4639b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
707B

MD5
a8f987418aefb8b7ea6052a28f43ac90

SHA1
611600f0c76bd235a002bcf4031479b83ee37b0a

SHA256
23bcd5e3f48f3b58bcdd03f42d8f1c2b377fe7a943709f3b40540a64d8a4c88b

SHA512
395fee21ee94c97bf39e17fc4fb18c9bc5cc20e2a91ad9507f9d141d01f478e927b0bdee45e9f1217a70d310fb376cabe8e694c19a54e2df1c075f926c48eacd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
707B

MD5
5b18bb93b9290dd8e8063fbe05836539

SHA1
9cc87f79ff1056da5ca1d9d30386b43cb35ab55d

SHA256
6d28469980623a214124f4579e8ccceeedb804c7489c52ae302a2b146220ba19

SHA512
1297f57e20a0e7e67114379a10fef0b60902e425cd36d00c762ea7799221341844526e30d4519055fc3b3955e9fdab06570bf536d20b6a5b0dc8999ca2d76497

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
539B

MD5
b32f025f2cbb5d6d27664e1302dbad04

SHA1
9e448e96a06f90793924cfde41247f1818aa3a64

SHA256
95eca2519065c09af8b9a881f5e5d3967fa1d71cb0c54b04b7d079bf77f03707

SHA512
ca419af809f8ca5d3b49c847c5d51bfdd55e020430f09d20d033e3340ba9ddabb8959f4ee67d0d06be5e970ec3c0b7a0980cf31598f7a9c48cf54aaf045660a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
707B

MD5
442f7e0d61cf6de58a95dabeee464911

SHA1
788bef2d948ddcb446d59f3d81036980014debd4

SHA256
a005d6e6e1fc61fe93a3a0054a24957cf8ab8334c2c856e345b70b003e7bb34f

SHA512
b8d7c0c3724caf08f99008d6c45e5eb5f1c942b607f5d14849dfd4643c23ca02b3cb39c4616b832931a42a51c88f95b97ebd13f5bdfe3004b035634ccc3ab621

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
707B

MD5
a3c80345fffe52cc767b795b70b902e7

SHA1
aa94001210ee8d27251bfa89f701647e3270cca1

SHA256
49ffbd66fe3fb32802a4ae5e1cdc7c943198206f9a807b3a11798bb3597d4d02

SHA512
8818aed2ef1885e2e0614de6a48e8269ef549335a5c27c112da8979992ec1e2e03850b9495a42203bbf99d67ab40b38816978198e8c2a6213b04391eadc032ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
707B

MD5
01e32951fd1cc5d9112eeb1ed3a94467

SHA1
00f1b12ed1ae01087e9f181e136f0a9d4e75d8fa

SHA256
33bf7f3f577dc6f30025f6b6690c5c3be07769a3fe829bcada9cda8200dfeafb

SHA512
6eb1caf2c89907bf9ed58edae7eb08b85f987e7bd06bf38c296ea15d2293b5c12e979db91d1447196dde591c4581028a014dd55945ea9750ae54aace2b13703d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
27906d2d98f6b436bcb054a583cf24ed

SHA1
c97d3ca217ab22e147fb6ad8a6c5b0570cca0dd6

SHA256
c413164c861f3465263d1e96e3739a8f4cccacc90a85756b9e054d6517ca1fd8

SHA512
acaad7610a623a2527381fae567109d8ececbf83dabdb50292e4ce3882b7f990285352d74ac993b30351f8bf33199d3749e4872af53730e804116ca7c66fe55f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
0536d2c3bbb2c7886b191fe1501c919a

SHA1
a64db6d32d22f8d97cdcbd79221d5c5a99480a01

SHA256
b73b1beb9e51a3b60222f81a0366e5613c416c7ef53a14e075906925f4144ad4

SHA512
20dd09ff73e57d065978bc6456a344cc006b386d172b0f1719714052a2c7258b0b14985f378fbc9fdaa93ef0a5d3ea0c5423676ea47ea363ca31135b9fec53e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
2ae56a005b93fca88c675d41f42c115b

SHA1
cf9a0a27705f698b6513ddcaa23071562c189d13

SHA256
80baa6440d5a30b32624535c3f2e9ecac9af2d85141dbb35b42f76174426a5da

SHA512
def280ca90494e981e6bda8aa34198418eddc42b3f6c122f8fa4d12ed5a7e073bc4dd2681b39577daaba19be1d4f9ddb0084d40fcacb23c1d9052e1d03c59b01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
707B

MD5
003992f33441130ab1d3e8bed9207d35

SHA1
d069293c2a65e998aec7997cdc5a7f34f98c5203

SHA256
41a801ccaf841071f7541788d07c8f681c3b1b0b2af9302432873a167a5e6988

SHA512
8223f32e877b0276ae78529f7cc79c8f4c85f92acd6514be8b9394039399272cf7262e2a268b1bc8319cac44f87356624f5f14e365c01c2d8366d92b0ab19301

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
29ae6635ee1e16a9ececc330a383c7d1

SHA1
293a04a02538258cbb54d9658b30271c9ad2948b

SHA256
ccd1a5635ccb946abce8212b60372bf396505f7b349c986e0224fda62e0a0f46

SHA512
31d1a3c1ae4a11da3fafe226442ac632db1548172d5aae61b8503f6af5169a95a68587e736cc770c527eb0a06a0f04101a8f01d8fedd4a5a1f326defe5e8dda2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
705a6110e6b0db845c45c84e6982a88e

SHA1
a34896d47f1e8c180bd35ba1ce305ced8574a17d

SHA256
e60b0ae0fe2576209e43caa4d4436ba36b9e2057827fa7e55b33b8f3d33611ec

SHA512
5e74ddc3cf58fd8da8af2a606250636d5984bf17da307e5717c95f7d24d96da1656c041a6e3c2194b58b78559a323760db805d181dfc64526909b4fcf448c609

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
996cd3d68dbd99e52c559ef61e7d6e00

SHA1
c8bf0d2395ffcff01858a3bf039e524b906ff78a

SHA256
66ee6050c35588e6b1d876f68531281ce925f5d913cbacaade8f6fbc1c20ce74

SHA512
5836516ca2be38e2e18304a56184d743658546d3b7e471faa33302b60a50e0bd0331a21379b74f45192e333e5f408749ded000a319a87a0705691496b5e7a46f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
2d5c0d6185a0ff715993e6b0f91377a2

SHA1
8c5000792b9afb1ffa605858b07c381dd3d3d22b

SHA256
973de4ebc645931842910f0eee271111855c89df17170641a32f72f79fb8688a

SHA512
5708012b78d68e2f3020c5781a689bca0f054174b5383b3423100b9d508ba4643a6fb163cecac9ef4957b5d19028e83506f74fc84419dfdebbe7b804472367bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
2f8035d3c1853a9e482372e9f2f1872c

SHA1
3c470b0bba63857a53eea47ad8094edd0ad620ae

SHA256
705f2dee20e69c15a3c305dd4c65323973a2a5777c00aa70ddf636aba1bd3068

SHA512
d9b11e50012de561c295ed070580f9dcca2bbe8b3cfe29db4e72a6c7d2776602b6819b60883fd41d50b732dea2a0b6148d371a884029a67cfa598534dc4f86cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
c5358ab59d1a72b8ecd3493b0969b973

SHA1
aec8a49d90e1606fbaf133fdb92a4e25d75b8a43

SHA256
0b7accbb31ea9f00ab2d40a75d834aafc40a61e741a19d923cf1aa8f8bce6718

SHA512
c736c064d6195dc610f754009e5f6b96e2106dee0706cf660894ba28f51cfb8dbad60e0a05bc3d892f018f3711e97cb613378a3c3d5e8467b1ec1fe28d1509c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
5c13d2339cf4c1fcd2b438fb8ad8a9f2

SHA1
c7c271df840022dc29790d2a12311deb09448ff4

SHA256
9974b36da2d16f97bfcf05b957cf4daba64d32aed22e7ee409278a8fa7d26999

SHA512
2f3e3f4b1310d3ee01cc8f607e8f21ec0a50ca5bb4eaa0aba05a6cb98cef22c6488eca9a45963ee1b02b22a0dac71d1453eca9482f033a6bead90475a815de34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
a5285b8e9c8583261d7f0abd10ac4d77

SHA1
c8e98a6c5cc1adc0788160df18231c0ac7f7e2c8

SHA256
64d22432f953aa3db1f8368ed50cf67c8fdd8d5f561ae3b181c5c08983ecab05

SHA512
df6c9cbd612d7093ba065adf2906a3dcac96cf32e61525487f2751bf91bdd67efd66f150f3abba145fff1f78f05cd5b5a4d189eea9278939ecbf079ce0bf1dec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
15KB

MD5
083e85380584386495c00969d73d5a9d

SHA1
d44f52e59192999c41b84d3cf1f9638bae4b4c02

SHA256
314e46a451eeb5915c641b3ed3cb8b3b29fdb73821822328eac826948538f2c1

SHA512
39272a3bfdc3528087e50a812fc03be75a7e87327a05bca110f1e5024d7595b5e6e33774eaf9b145c6fba2d2cbead2691f093c28db22b7938dfdcf36a41bc79e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
200KB

MD5
b502c08204ab674d7cecce86f5ec3c60

SHA1
265bc9ab45f20e99c1fc8a6bcc5463235c35f094

SHA256
82af3f2b5477caef91cc40bc51e7b4e450cbda11bedffbf1a75e2a5d7abfc3d7

SHA512
b86cdb4cea7184357d310cf443927c6074c32b9c3ecfeaaf525f079c4a4f372f4707426bd93fc8e2b4c9d3910b33110cc8a7feab5f4881a1ca0eea9b54c31ca7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
200KB

MD5
ec15a06259c737e8ef01e8fa186f6093

SHA1
d70200aeb751b1a57b07adc4a535bdf79c06c0b6

SHA256
fcc51e096478e2a910394186992854ce836a1a284b71b9bd7db27462683fe7b7

SHA512
b4c3fcda47cf4211e7b77d7938bb499230036ac51d1c70360eed68ca9b22f83baaa2e20ce181e407bfe43ae5acaf2259f554b7d2082b93322fd0f0b57ca912e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
200KB

MD5
e99d0edc6a0a6c7d5bee49fbfa855c2d

SHA1
e6614475f545ac7b3564540722a17d4993970b30

SHA256
ffd2635736cc2408b8899e76d365780895361e631aa81b23aa0b71e982ae2e74

SHA512
5c53bd0f6617b1de1d992043cffcf582bc8564b9aca7dd44b7a1c09b8fe602cd4ad4d69697a5e7fd1a912c7c53d50e16c3f539548fec0ac06d30c4c4237c91e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
200KB

MD5
e99d0edc6a0a6c7d5bee49fbfa855c2d

SHA1
e6614475f545ac7b3564540722a17d4993970b30

SHA256
ffd2635736cc2408b8899e76d365780895361e631aa81b23aa0b71e982ae2e74

SHA512
5c53bd0f6617b1de1d992043cffcf582bc8564b9aca7dd44b7a1c09b8fe602cd4ad4d69697a5e7fd1a912c7c53d50e16c3f539548fec0ac06d30c4c4237c91e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
108KB

MD5
af548a22aabd3a1dc9092ef34be02506

SHA1
e064baa0c7b5002a73eea92227e75ba3d4b39e0a

SHA256
c943b30669096e5515a3b340cdd96c3b68becafab26d4404cd005663018382bf

SHA512
922aa9533070ec5d74561e140b35ef9993284570bad497f8e61a283bc8660484b52084438082f37dc408e41c8e9339c352d03f77b6846c378b5c367c611e4a8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
116KB

MD5
a9bb1eef05277f205357f75aeb133090

SHA1
cf402d27baf382feff7f22c9d97078b26a2507f7

SHA256
add9e47db82f3346288e7bbd24ea52b52d2d6ac94203c6d23c1a11d9c4924181

SHA512
562bd70dc5e384a94201f5d842e6aa7dbdaa1a5cea1dfcd81c7e07a9aefe46f414eba4da956d3e9fb37590a3dca9092d1a92d41c3087cd6372dbc785ce809cae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58f690.TMP
Filesize
103KB

MD5
09568d6d02cfc186017e4a7604f2feb2

SHA1
a075bd7ba25022606ce51ae969e00b6c2eabf76d

SHA256
65e238a0a21c80ee3c36194200a2ca26b49341d79d28dc015cda53eb67d50609

SHA512
37ecb05699f6f13c2ae4c9bd50ebf5b84c63dade4156a1d07a09fb7ac8d89e7450bd8749f7ee63245080b862f99b9b6fdafd89cc33671f7767254486475159cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\fefd58a3-e210-42f5-a4a3-624c8aad8eeb.tmp
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
4c7eb8599cb69ab9c2c93109119c1546

SHA1
ceb70768ad5f085994636ccfac0e123a0e9b66bd

SHA256
386fbed2ec27163dd16df71e9d04b30581431b75e43673ec879bf08740587642

SHA512
b5e758bb90e9adebff06f6189925acfb1a5dda3dc4c6f744ae8d8c9d708541f16abd630127d9a3c249115c4dabbeba432f39ee6b03e530632a0f3826193f5bc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
843986a42db45fa28fc6f1cc6a827aa8

SHA1
7975727538d8d2ea9f5d8aeb676e678da9664e71

SHA256
b443f664185e2f3b90ce7fc51ac81b3dcb5efb0429e1183dece266573023f362

SHA512
f046dfd89a71f041da2679e5a0df283f8b068a009d4a14aafeb0dff0e9edc4a12660c161e962b4eb45edf756179fb29920294ebddbe3ae92d38e4f817c93c61e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
0546df19c7db5009272baec2c2fb6a62

SHA1
3a8ebacd3467a886dfec8d4c6d5ceeda90f3825d

SHA256
45001310161749481636913d74c55d77ab02112b7d238ee8bf9f5c0f3febf053

SHA512
70cae37117c408d3dffb1149b12aaed8f0ed66c27b364f53e6635a2c525f64c7f552956f09dc0895503c61a4f41362fcb7687f97e1da24a8017d0bdd8ff52835

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
9223ddf9c5f6740074da0b51fcea1a8d

SHA1
88de41029802bb60d4aa5ede29785d5765a384fa

SHA256
ff338dd9949cdbe39758a0162f97be799eb8da8bee08154d0d278c0d00a4b69e

SHA512
7cb44c111b805472ae628dc670c58f0edd94611d8f060f65a5a9973b91508788508048bf8ccd5bb734d706a10f4d7841f8e8ebb5c3c223d9231b035199809398

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
bbb3aeb35b619f0238aa18e86f323e69

SHA1
965c89fd3add878c776fbecf9a1fa20c4654d59c

SHA256
a67dd3d1efd9e435309c8d30b21e780bda982a8713da2a1ba2486d952743cad9

SHA512
afe6e768fbf2abc042d01c9222f6827c197220a02322fcf4cfb52777a651484657c5e2e0ee64a5ba751bf9f271c20e9918096ea2721c3c4b21a6b746a38865d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
a3354bd65c32f9512218cd7f537e4855

SHA1
6b080f53434a169ee879e36fe15d0b5f2e0bef6b

SHA256
0bf1afb6b411f150b0da1dfde9ac5959532becd4926014deb9ab90c249df3e72

SHA512
61f6e275acf035dd259c5a3c0fc26de6cc1c21fea843f4dd988b39fffdf0101222b749af4233b9271851acf8ae40087f113639d90f2e3d6d703b8697a999f476

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
d032eb00e08e284b098fb00837e95b79

SHA1
743be07ff01bda2bbac471f6d494273f4ddf373a

SHA256
77f490b883af345b2f165086a69d78f8107023e284102ac0b6fa0b812c7172fe

SHA512
a4c04dcb3bd2ff6ee3d279f54be91b49eb5dc04a9650bbccb0beca96b2b069c7a9db00b1af0d25f889068c45fea94c16bf4134566abfef61f0ac193a4fd07c7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
b9ddb5d9571544714c713987349860a2

SHA1
614dd3b128a56d739f731bdcf9dd844abbad00fb

SHA256
c617541bdaecc595f019b3a88a2520ad67fc55f252cbb628b85eea09aef39d19

SHA512
0c4920645368b152ec875a1bd8fdebda1c5ee8c233d04b4985e34540f285332c915fb3a6d5caa07eeb53dc2bc410f543a4c1906ae19dba3f4108523ee235180e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
5a10efe23009825eadc90c37a38d9401

SHA1
fd98f2ca011408d4b43ed4dfd5b6906fbc7b87c0

SHA256
05e135dee0260b4f601a0486401b64ff8653875d74bf259c2da232550dbfb4f5

SHA512
89416a3f5bf50cd4a432ac72cd0a7fb79d5aeb10bdcc468c55bbfa79b9f43fab17141305d44cb1fe980ec76cc6575c27e2bcfcbad5ccd886d45b9de03fb9d6d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
c1a3c45dc07f766430f7feaa3000fb18

SHA1
698a0485bcf0ab2a9283d4ebd31ade980b0661d1

SHA256
adaba08026551b1b8f6c120143686da79f916d02adbef4a8d1c184e32a19fd48

SHA512
9fc93f01ab4b14f555791d757ffe881787cc697102547c61847552e597e206e70c6d35fedff559c72a0a67d1b95e769095ecb0a8a7d4f07cf58a7a0d57d3e9f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
48B

MD5
0051e237e8e84c34586bf9237b27f452

SHA1
469f9425d7a1162fb2467764d2609155e2e22fb9

SHA256
acc98d7550431b0cb945d7d045a10f34c81c29f20a7f4c6455a165f63d55ab6b

SHA512
a5ecb35f0604165d93225fd066cbcad00a51b5391359969deb6de811b4dc12cc5fa07f10bd031e0cb1cdddd32166330d8a0cc55bbe56433f2570b49c28fd762b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
6d94e3cdbc7083b63995a2036d560148

SHA1
a8c94afedddb1dda2cb135e73e7fa48b5707fa63

SHA256
343744b531aa785f412a58b21113701f082efae9d30038066f59ecf03eab44ee

SHA512
58dd87a68fa435a9a344f2b29200f25b87c61919e179833b20c830f184a02a0ff6448b92781627f02d2b1704d6a3b7f38c348bc4638b76c43c0c29bb9d608916

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
23cd69b81366e1699230309866ccaa2c

SHA1
1075451fd4f01d6f7fad5f9c97d19bd571cc4170

SHA256
3f63cdca8a97dca62077df8d5f4db40033f72a0f0a16699cb81e5e9cbd3585bb

SHA512
09804061699357d287913da419a4e10ae4ca536a225ddfb135da5bb7c618458cf3a129987c996ff271b0498bd98708240359b7bddda4effdf2b86821108c0fdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
d74225cece6b413c093a43e45fd82852

SHA1
0a0377b28a6cc60cdf32ccc328a8cd24caf7eb33

SHA256
662f85beb7c908c39b398eac15f423de16ecdd151c2cb27bd015f978fa6d4d8c

SHA512
8b1a6ed459ff8724f8260db22e8bb2a60ae9e7a1de292eb70dccb83bb670255a0aac683562d2df09cf63914bc22360735df6c05ffea71b665805225513d14c32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
950179555edad3ddf3f000fafc852f09

SHA1
656a971e186f3944ed9cd89baeb4423d7ac6a04a

SHA256
25bbfe4ceb3b33d5e92b295d6ea8c6d6cb9a4ad70b553621ddecb74a03e394c7

SHA512
65c60b6e7f9284addca1de2241ca168643a7985a93252d9920bf7a98882328348a6501a434a27114530f663dcf81045f80b74f73a23bc4f46d2f5c8452c1bb6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
c4e760e69cdcea276300bc35e3600e6a

SHA1
ae52ef692af6d90b5ffedbda130d67ddbd2c6394

SHA256
0e1274942dc89c216830aa5e1f174ba1d2be096ac4982ae0447e0903f8e6db46

SHA512
1a834e99c3f8fa49b18c964105e2337f0d98597be9d1cf57ff5144d594a7759005af39d2377ee6d61a56ecc5b277035b8ec674e92e4615e6f3a3e9c4fae28f91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
c2f034702d8ad7b76f67ddde8acf7fed

SHA1
2c5b945a08359b4753292bcb04c2e25cd9aae3e2

SHA256
d53b55c6456e648d86ab8e121bf6b9c1b2442ba596ec2094c91fef3474133e33

SHA512
199abcf4f287cf3c619c683fc21b74bfd590d5e5906b89bd232b8b1376d09df10daec6b82af1e3753c1b20ce815b7d2d01d4dd9ff3501de33c95e76a958421ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk
Filesize
2KB

MD5
3135d82eb5e6e0a1c0f6060e83378498

SHA1
dd68021a64d4910a50b553425328d3fa666d2ee1

SHA256
71ec219a604652f2c9b3566854fbd745a6d56536d58e7d4b271743af5688fe93

SHA512
adf031a2abce259b51eb63f68b2c20680072ba36cae6894589a971cb30c62eb5426ca755c702151c4b216c41244a81b087d903904add214de61c5fa7da91328a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
780B

MD5
486f43dcaf88ae3c04afb58d0f3f52ca

SHA1
f766016b43d83991db7c282133f869f76ce3ab39

SHA256
ec4df2eb7997c951b35cee322ab8eb7a68e0559c45e2d495a46b02d014d8eb20

SHA512
9915e06d1a39ce2f930a2c65ad10906853a3282162eee0d455bf55ca24d93c75bfe90b23d1cf9762a196f1ee2a50ed461e669d3ff99269e5977db164025799e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
2KB

MD5
dab13e3483e35d0c3145b9b0607ca80d

SHA1
360bab07c50c578b3a854d01bd39182a0eb95ebe

SHA256
e372cd20a0e82cf138a9762516a2bf1abe67fcd51c8846e0fd122a61b0e2fd9b

SHA512
5b864b09ec5ab592711b6da67b3debfdb0bcfab89ef749a1244fc0fb8ffce6ab4350edcc8bf06a0ccf7d4268d5743d7daa0bcd8294076efb04e17dc164721e70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
4KB

MD5
03f8339ce9abe37d1ea1e6b44a34fb44

SHA1
6322635be1768c8bf171914d9653f1eb50b0e9dd

SHA256
bdaadda88b1e83bd3626e9a3eaed5f03f6a164a8d1f0786ca4a4714e56c065db

SHA512
922364abbbebac0e81058ad9299d06701c3241b5124897e5112ce3d8f494dbadf01df3b56f1354584cb502f85042d32888c48e717db59e6aee966ece3c4e32b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
780B

MD5
f46545459ac198c56423abdb0ae20a11

SHA1
01e7556e95cb48a7126d4371cd669e76b31f5be0

SHA256
d90d1378c422832cd5d36ec56638ddd2b5395100eb303b5bb26d63eaed325139

SHA512
0457f5ead60f01591ba92d2b6e779017c27cd73cf0e4e86ddeec546894111ddaf8c0bd3dc450113fdb9c5c40e712b893f89cf4437e82c450eeebbd7275785b14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
4KB

MD5
a54d4879874d1358523b11bb8a8eefc3

SHA1
7474201ebee0433a06fd6aa9551b293c8245f254

SHA256
af61a4fe3506d04f6a3b4b725dd05cdbde7747cc985570d371b6b5df3934c406

SHA512
7c22a41e6b5a1fe2c74966f357509e5987d29b64ddd991d91c7894b355fa21b4a3b757b5a900eed981c92e80c586e806bceddaa8b6bf5e3492e027dbebd1201b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
2KB

MD5
14baaf010fbfc7b83f1f6a16d8e37445

SHA1
33bbfdd071dd46314f0f79048831cbb095747f51

SHA256
c2c62049fe6392de7d3727235d67389434c8199ae2d47df49506d8d8d6d61045

SHA512
9a67341f4eb1863b130a3efd1d2c66b97e48a3f46d384d8dc69b9f33d9621af56ca8b5821eb51004045c4f846fe9eb5967f585bc0a6c15fa942c6f761e68e7d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
2KB

MD5
d86fe7f9ca18a674c58e8d56e348ae11

SHA1
c8a16d644e5339889803938ced28b328ce4a7e70

SHA256
bec9c3bda027018d3ae630b6ac2f73ddd1f403b451d53a4e9b52016729379e74

SHA512
50f6d660b2daf31bfa68cf2a08e1d672a6b8d8daaa0705b124ffd7170ed0c100b6d2d0f002786adddc3f2b0fccf9e38c23943fa5bbaf08f4053d3dd6e514f802

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
2KB

MD5
76f78f7c313c8a0f4f4d4f4190592c5b

SHA1
90b07e9a1529b17d3d8f6f834fc0d8dffba5ff5c

SHA256
3eef715234f197bcb66cbfb9f1f00a38fc97c91f123674b6ba1a4fce5699616b

SHA512
a102495b03c847c61995927aace21f9a5c7e974061b19ace491f6ecb34833629d2a1b4f513416fb159411fa443134e29be9552f603fd6f1b54f3c0b0d3b90da9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
c28ae9d3655f7eef5b5548fb880c51cb

SHA1
4cbad373ef929d12f42442a5c960296c23439d7e

SHA256
79ba29bf672d05dcde10a83820f43cc9f9ff5787f6958376d46d2f1b61292dd0

SHA512
e6b2e3e07ba2182add30f4b77c8b5da1086e95dde58b4efc379cc3a7495d6b7fabb98b53e1706dba832a8f5e05f3e726a075d312e65094eaef2e7af90628d914

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
4KB

MD5
8dce364cf54bb48806aa49e3bca795dc

SHA1
f21bf59f874c4dac8e73df9f308f22d0d88e222e

SHA256
dcbe2ede09aa7751dd70b652721751036e4478fb8156977c81828029668ce954

SHA512
8660bd9c34fba16572a611a756bf609f11aa93f08260b663ddef266659c2855ac0d671666c82bc8c94e2ac17827daa0556f5de07aee03bcd3a4329273dcb3e1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
1cf5c7b797fee1099a2c9038f2d5de48

SHA1
2d940e839094bf4c4ac4cebefa663d6101393468

SHA256
78b499b4a70499e8327e2f62ff450c2808415cfc8ccb9dfee091644fc4c89224

SHA512
8de2c0d1d2549f11b2572f13aa83556920fbcb7f226c3a335f667d3043631576c3009cfb95d5cd3c20e5d0da95eff64a9260be1b359884e77caa2276b63c7784

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
c00cdd6dd26004764af6d43d1018f5bc

SHA1
209b25109bbff91fb59d4c6572496d512f18bd77

SHA256
a213a6108b90a9725ce55ac75aabfc3a88b0fb54050bd4f5ea9442fea73e3fa5

SHA512
4872a51e08bcfd64bc4e6fa0bc947ddcbb7b463137ad545fe039de2150494f0a12ddc2da92ef898f1ad5404adf05d3f3b7bbeb8d05903ace36daaecaa4e26546

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
0ebbab6604325629aed371632ee7ef6b

SHA1
6aff4f360996e5ad6ab866cd7748d9579eb97ae6

SHA256
45ef4afc3875ff6383862d6e75ded41061f916b867d953541edc902d7b653268

SHA512
80e2901ce757a779d1a544e433b89c240872cf19755c2f485ce765a68fadb5787d6eefefc7946aa52ae81efb8f8e933ac7a0aba3ab1a81f336b50f2e21bf0e68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
31a99b86449d36b74e533624fa36d5f5

SHA1
8393c2083baa8cf9eeaa995545c3bea566f57933

SHA256
ccebb654700da49f847d7a352cf4b4867e0745c3730a1f7556e3430a30ab50ac

SHA512
4e698fef4dc909375cbac1512473065ff3a165e6c61d50a927bfe8d7db283dae71ebc6b14b758f76aac2f06caa4e2e04408b4676d1320decd163dab3181279ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
d96ba1e91721cd196f0cbf4a96da7ce8

SHA1
3e3f843c055c006d409317e6345ca4ad8b4bbceb

SHA256
12193cae2cb819b62a4b5c74b027131dbe95dc3c25e168bbde13d586c66183c8

SHA512
300af5fac12de011be4d329e64d2ce82a9fbf0ae16caafe71012e65608086ca825dcbb7064aa7a8dd525100576c2f8a9b7de2e07f75c517dd5cfe727b1dfca5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
1463903a4cd0ffe433bed5bcdd5a2efa

SHA1
7d0858ac78a1eb80c5ee938b0cefe53d59629a79

SHA256
03ecaaab35a953c6cc32e16a7a65d6dcb9a13e00391d8789998f61952738ae5c

SHA512
cf3e248376e13a3f7b7b1dadd6398ff588a42b5830ab18198d6534dbf36814d5f52f2a54525595e037fe1d3ebff430c33d83358ea21b72ec63a7010625871cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
6c308d19a0fbec2cf7c6db1f53b6c840

SHA1
fbd10c88e0b20095b963116d9348f598ed91f310

SHA256
47d22911b3b9b07a9538b08465cfa96c6907eca33ae6cc1eb84a7570a39caafb

SHA512
703cf540ed26bfac470a6ebb8573ae775af9c87743505c91ee72e62499f869501bf424360cd2eb9ad4519ac021aaf1d472e3266530acf5425071af98a7d21f8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
57d56e411159959db36abaeffc2e4b3a

SHA1
12f8e8c55302299e6f129b7df08f8df4611c96a1

SHA256
e069bb3e951e9d0d0731b8158b4d146cef9d9335a6aca56337b3436a5bf28af7

SHA512
1e2ecc5dbf34daf4d40db2a241c72c3c66a5ff68ed6444304438345c4a6a8c50636f029f141e15aef9dd1a1ead7017a9fa4ad0b72bd25f9f8ca1f10aa076a99b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
1e8d5b0fcf53b5d66cfd0f5e1418dfdf

SHA1
7b613459beec19b9a5f14a69d34340281c5cc099

SHA256
96ff70739d11baae853c69217c1746cc5b0bd71000b45e6b64b23d791172d6d1

SHA512
a9dd4b85e6d465111e2d7928e1e15c3faac5459b0771da5c52d5f2499c29d297c02e135f8a5b678f2f8918f8916666a290d9db0ef33a36d614782e6a12742e39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
33964ee3fda20d6d46fea8468e73c225

SHA1
6c38d7093e97e46375d06d16143cc76f6ebff53e

SHA256
ddbc44992f2f5b92ddd63b949ce167c8ada2cbcf9f7dca015c8d7496a8bbe10b

SHA512
5e9ef3b6bfc815b448215ce3a2a614a2105d51eb909ffc63885f7e116cf4e9fc1dab6842af37e6eb4fdc3b8c3bb1fdda62340a2ba79e8dd874c2aa2389d99d7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
6781589a31dba3e93854d7805a62d919

SHA1
5c1472755356ebb234d1b50ad0e9d3347a248659

SHA256
bb8ea22b0d0a243b407f4be49fc72791228a6071e01cc9dd80df76de7f290b4b

SHA512
e68e61967839e64ee07af0ce23f69f1203d476a4f58f17dfd8ae75c049311a27425a0319d221c6c9ea8b577ed2a8ff4040bba8c3e513c0ba359355164709f8d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
cba5118c49833608884630f5da061683

SHA1
9d92027932a5590fa01211295677454d05867ef2

SHA256
91584e54c638e7709f15e91ac95494dec97a47c42ab918932e89e573be6e4887

SHA512
0a5b7dffaeb284916b16fcffe03dec2268bee63750d35786ccf63dc7fbf9ae2285d6cc4c54e7265b9e964a9f39e2c5a01e15ae70e002e8f3243f062c8e063afe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
0027dc207a9859b0232bd20eb0d86d33

SHA1
c268da7f9e58f98344a2a2804bf33967dc1fe1a9

SHA256
d5e86edea379b757d911477051e29ba9e915de098462ca5bb097a4d0cd6d711f

SHA512
e54e07e07c50f5b52a3b8281f6ef64ba88e52659d01ca0d1f8531d2835a41b717590195a3fcffcc398238888a7f7f1c692e355c4b0d739bfbb180e630fc59b6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
81e587251ec4079e20a09f0051e71263

SHA1
5d15519fd439f6114bf2c7217b022c4a997aa3f3

SHA256
c6e6dc83c0884e0b2fde78481f4889c66f50b9e72287d241956a8dbdf1d2a415

SHA512
73c3b839b3abc8d0173c253a6297e3517ff654c23661261e9bbbb0cfa8d7741e74e11e58897135c4060d52a95be7908b241d8705630c8bac1eff917ebf919ae6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
c7f3a212cd71d6ca971e1ae466b31ee2

SHA1
15cedcd4d7ca7bf2ff112b2cae9d364a3ca3f39f

SHA256
eb351737410e4c79f2865794ad7b04fe45d828a4548281a69ddf062f258a6b5a

SHA512
685ec85bfd7dca1727e99761d20c9bc20f40a6eebf614005d804f8bd7de2cae8dd760868e03524c9579330b0557287aeb321bdbd6fe889d80dd2243f87de0842

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
dccf5e21d0943a4f021e277dd7cf4e46

SHA1
f29743db07de9c66204493343e37d12cf24860df

SHA256
cd44406263cd42ed4e74c7c2b943d16a538e65909a368f8bab8dbb70b87dc563

SHA512
c8ccfa65f873f206316f76b5a014cb261d38249d435780d818fe083c69ba75e413dc721e943fec279d73f3512b86433e390efeb480a0c4711aa3b2ec8aa6b5f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
2b8930b1d006a2556e2e1a00e8a952a4

SHA1
940620ecd8a0818d5d29880b4c0f1c1460d3ff19

SHA256
e8ee692682294ce42c36e9d971b300ed35bc65e25fb016133b2cab080150629f

SHA512
79965b48ef272eccd50c08d14bbd2088cc5fd2efea3e1d71f561d2d4f0e0b0e6cbf86ec129b25dbb84a0dd58035bac0840a8c0032bbe5109199db6db842ac6ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
fbcfc1a0335f0141c3e6c1203d54158b

SHA1
5df50f8ba9d2d1723666482109357d6cc6ff73b8

SHA256
38defd8a0e78d8ae501ca02e4f0d55e93c9693ae51ca33b905ac998dc9091806

SHA512
7c3cbd562f894c9485ced2cf21178b04c28fd01aad90d085645a434e48f81a1893b06e1e85a7aad7c20b22c0f0bf287749bb24b5de248383477f6215881d9d81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
145be5ab218518ead7e333868f762767

SHA1
b376e187762c583b1e98f54170e7242ea88b5e54

SHA256
fd4ce76a5af36a8f8ee012ca4b5893d036bd2893a495e46c7a39e9b90de17f8d

SHA512
f672902868f5afb2450b629919d599dcd595455fa2e184db58a5c5e533679301a5a553b357c011bbbca6371946af108ad09e89f10b6bac797ad54cf0ac6747a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
f618a9dcba441528f77940f82a27798f

SHA1
8ae9249106e4f0fd6f63b172fc16c1e3be063aa5

SHA256
a0dbcbf50da15759cdab008db3692577c429afc09ae2994736310a860ea4c41d

SHA512
d4d17c564f468a71803ff8b713b5f4a44faa5dfd9ab4b7911f64725b14535beb85f49dd8ee46b206aa43948c37fac27c99ee5ff141debb61fe0742b40630b53d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
5edab6d3ffbeee247ccb4423f929a323

SHA1
a4ad201d149d59392a2a3163bd86ee900e20f3d9

SHA256
460cddb95ea1d9bc8d95d295dd051b49a1436437a91ddec5f131235b2d516933

SHA512
263fa99f03ea1ef381ca19f10fbe0362c1f9c129502dc6b730b076cafcf34b40a70ee8a0ee9446ec9c89c3a2d9855450609ec0f8cf9d0a1b2aebdd12be58d38c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13325277803589447
Filesize
17KB

MD5
3be9213cfe8e0842b9048a7b99338f37

SHA1
8a759a58c42dea76c38e50671a8299f2482e0ab2

SHA256
ae186cf85d6dba8fee7bf9f7e40c754e80508048be9e073987bdbc1f650781a1

SHA512
79ef2df7622691ff39c63c4f7a31b723bd0635c83bed0a0735efe718fa607aa96618ee4dfd4344cae21e9162ad6c1af1a1121d581c371f31749b03c9d7daa18d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
8df2aa0ab9be62502651a50287a3b986

SHA1
435be97ec63aa09c986871e94bb2dd6e5575206f

SHA256
facddae85874f647baa5c3f1e1c6e9703225d68ff6981f64d5e0ec7fcb138b7b

SHA512
9b3cac18cb48234f8b24473be07565b5c27a8b3d21a2ed2564bd8d5211dbefae2b19862544027d0fb39b1ee276532eb0975076a942cc139c5dceef6e0e2c036c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
190c178219525eaf0e3d930f8d7b367a

SHA1
4ff583533e8582412a3a6381e7bebfb2658551b1

SHA256
b649a3e27af3ede7a856b0f7860d0ef03cb65acbb5d4a6adad8dc5025dcef58f

SHA512
e23e994c565d51787d9f977e075a743ca60c19d6c3eb14aef70122da7d5f9bdb6a01c67b78f4d83597e666d8f644072c59b3fa424285859e3ef648671c55a402

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe6316d9.TMP
Filesize
536B

MD5
bf52f76abc9fc0020ddd8283d1c59a97

SHA1
e82dcb1ee49ab7ef43e6352a0875c3cdf5635022

SHA256
513a7452c08e8645ebcfa38013e2b86ffc392fc60c1efde26d3bb1c204faab77

SHA512
297e6b58bdc3180e9e251042254834cdb935f0da7d988a67fb15766d89706e9afa1e23a3810f8b1d156cac8448117e3f5803a6ba4750cf55aa208b4903c272b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a2cf2894-d175-4a55-ac6d-0b0c84058827.tmp
Filesize
9KB

MD5
a3e50aaa3bc2bb9fdcf1ed7ac4fb56b6

SHA1
51b53f8fcbb0274cbb0e59dd8edd6863cae42e1d

SHA256
2dc808cf896333c67a51ad6240890d0a6e698f1722ed95fe2be88e702ebcf28d

SHA512
99b1c327205c02287901d23e7705234e18c907117b424afbb5224d78b975bc78653b4ab709a465778529683b40c3573faf46cdd940825dc855b2d52b502702fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c0d90589-8bf5-481f-8242-b54e05e8f805.tmp
Filesize
9KB

MD5
6367a8e11d4924564d73be0330ee75cf

SHA1
0d290fcb61c64159a9d19c4b5e4d44c5539d140f

SHA256
a047859c8567bfb68ada7db5bf594f0588829e4df8c2f735bb8e60c054c0cbf2

SHA512
c21d33d90404ac21e9b50b532420fb8addc730fbedf2e90e66f0391eae0c34d2010770edf2dbfe27c65ea2656ec09c6a1a74cef0009604f710996668100b9b92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
589c49f8a8e18ec6998a7a30b4958ebc

SHA1
cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e

SHA256
26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8

SHA512
e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
60e3f691077715586b918375dd23c6b0

SHA1
476d3eab15649c40c6aebfb6ac2366db50283d1b

SHA256
e91d13722e31f9b06c5df3582cad1ea5b73547ce3dc08b12ed461f095aad48ee

SHA512
d1c146d27bbf19362d6571e2865bb472ce4fe43dc535305615d92d6a2366f98533747a8a70a578d1f00199f716a61ce39fac5cab9dd67e9c044bc49e7343130e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
ebc863bd1c035289fe8190da28b400bc

SHA1
1e63d5bda5f389ce1692da89776e8a51fa12be13

SHA256
61657118abc562d70c10cbea1e8c92fab3a92739f5445033e813c3511688c625

SHA512
f21506feeed984486121a09c1d43d4825ec1ec87f8977fa8c9cd4ff7fe15a49f74dc1b874293409bd309006c7bbc81e1c4bcba8d297c5875ca009b02e6d2b7be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
ab6ab31fbc80601ffb8ed2de18f4e3d3

SHA1
983df2e897edf98f32988ea814e1b97adfc01a01

SHA256
eaab30ed3bde0318e208d83e6b0701b3ee9eb6b11da2d9fbab1552e8e4ce88f8

SHA512
41b42e6ab664319d68d86ce94a6db73789b2e34cba9b0c02d55dfb0816af654b02284aa3bfd9ae4f1a10e920087615b750fb2c54e9b3f646f721afb9a0d1aea3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\e127a981-37ab-4bfb-8446-dd6faa047dd4.tmp
Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\ff9b0efd-f368-4305-9714-605ab4c65a57.tmp
Filesize
2KB

MD5
3fe141ffe32d24f2d7df264d55de3f00

SHA1
eff346e24e54c8b49151de9f000e970b60bb66cc

SHA256
e398047dab704dc01f6db7bbf63bec4b3cbeff1861a418168f6c9c3541c5189a

SHA512
d87b29904fa2574a73dac0ad70f201337004489db5d9c45516bb4949caa292ce2aff4718947c96a203d27551c2d5b27b5a02018c91c19c9870102cbd38a038af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Browser
Filesize
120B

MD5
a397e5983d4a1619e36143b4d804b870

SHA1
aa135a8cc2469cfd1ef2d7955f027d95be5dfbd4

SHA256
9c70f766d3b84fc2bb298efa37cc9191f28bec336329cc11468cfadbc3b137f4

SHA512
4159ea654152d2810c95648694dd71957c84ea825fcca87b36f7e3282a72b30ef741805c610c5fa847ca186e34bde9c289aaa7b6931c5b257f1d11255cd2a816

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
990899f0ea461083c73689589d6ce000

SHA1
a7a3ae7979922e4fc35a79b44e3d074a38140cea

SHA256
f02eabc47ccd810944e0f055a958a54ee4f3858a8f3387d392e0e5e6e989790e

SHA512
e8fef258985376f2fdfbd56f4ed72ce30cced950cf41671a4d95ba7902f0c83b2c5cc4962a35da9b139eb5f8c4d5174b36fdb9ed1781d1110f119e2f8b18fca4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
10KB

MD5
9931c76867d238b5ee104c327dbc1048

SHA1
88cac11c65a98247b6a934b91156ee55a6ba1a65

SHA256
8aa10277ff97bc5b899e969de4f7db1919de46fd5c11b471c537df86621832ad

SHA512
a07d64d7a004e074c0ef1479eca6334a7b461f3e6404cfa93cafabe12995ef9fd7152170ea6c4c1f99c96cce3281d0804519378007e783d7ffa3c0e10dfd938f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
5b5e45773baf9bb16aad1a93e88d07ab

SHA1
48f6586c4c8cd9af870ad7a3dcd7dd9fdb7220e4

SHA256
57bff5f8bbc7b4c516f673160ce4dd8cbe439c25a49c5dea32f1fd003864c361

SHA512
efabe2a563210330e730f3bd8275ac518f5e49ad3a5e6c7c3552bdb9888b0045f7e2c040a94db33ee30c5577b430e31cbb304415834fc83f218c3ca89aa7e03b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
545439af4ca5e190df983a46376fff14

SHA1
881c8074b28ac36f38f4ddac3b114b42d30c08e0

SHA256
d34acb323c564102c704d468b9c85b5c5cd10759f1eede3ba8dba4e3d4b8eab2

SHA512
8a4ac2dd547735144f13eb1e7f135f61fc4161eb98a26526586b4f5268f57a7b7d19ce38a8b38d317ff91200bf74c1601a162ebdfaf8339176fa7ff70cc4e282

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
52f0b6037695561ee020dca353954bd7

SHA1
f5d9d30a01db985cab115d4ca5222cd75f1b7072

SHA256
b6e9111c2cb2a93a0d1bf4e44984d7860c23ee4e89ef7383e95ce7d3e229cb23

SHA512
be29941f6076ce1ea2ac19cc3d5e5e1e4694d9904217a99ba570f2e1aac6d690121cf5bbec4e0465b733103257b10bd7c19deb45834ecaabd1a006c339943952

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
006231e5962e1c073c13c6ca51a82e6b

SHA1
d148dd65999cc0aee38efb42e593b7f087f94b99

SHA256
840c853714c9aee03027e673e9e1a2811b7886473f2a7b7752395b52b1ecf5cf

SHA512
3039d0eaec417cb55417425e59e61e02cedb6125d236dee98b030beee9c8417c1fe7b8fc1780837b481bd525c45911bb48b3e53d834155ab3a51fa8af66cd3c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
4923a61b0da27f84454e6c2aec1fbf36

SHA1
b695ec64adb61eb7596ea0ab30265bd2e2b26399

SHA256
08f58d15a6a8b708e89991fe4451698cf142b92c062002659aff0e069b2bf0a3

SHA512
99bf5db6fd0817e5c99612f8b662cd5ed03312b0d0af5b5d6772fe4174f0f67004729c40a69c8053f2eeacdda53e7ad4bd4a63655ba66c9277f93cb598405cb1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
cfee415e4319d90b7e63a40e2f2199da

SHA1
ee398139023f32aa6667d40958f20c0bf04c2186

SHA256
a61245cdb7f01816f88993dc98dfcd3f2944a1fff37b388f67fa600fbfb39b35

SHA512
624e72b07ddabcccf81d16c7d28453f1b89307b42bb7ed7f9fc77e1008c1572e72128f96fb9faa9dbd0102d486ce9d5d60ef267cb5223c9e2f7b4d5566157b1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
715c2d5b2b94bf481a131a72c32ea4c9

SHA1
a3583cbab113302c27d5ea9d0a864cfab0c07928

SHA256
7c77f739c133ae6b8d7614e6305d117bdc7b3bc1b3bd9a5a379298337348e930

SHA512
366372d712b70c9f86da7f693100a6873371db336b6da8556cb62ce6165be8a0dba3603a776d2b51bfef0e8b98d85eccb26f87549a2fd06662643827d1f51633

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
da98b91f6534d92de94f0eeb20c2e948

SHA1
ba9c1694eaf0e7660f1528f700ddb9201c97cdbd

SHA256
6af0b3e703f23c1dbf0d09beb3322c819873091d61011297485706aff762e29e

SHA512
b11125ba5962c950e62261bd35e672392563e92f5f9ea6afc6b6c8bcd1381b83c054664ed235e6ebbdb9653767cf49ef2010768d8c39755c78eeeb48eb914d60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
37466d18f26627ba141cdca775711119

SHA1
217cafb916d98fafdd17ce17c3c0092d7c494736

SHA256
42fcf130b0bbfdf2974a200890e977879d87a00764269f20d3deb35a35f50137

SHA512
82899c250e094aca9739d6cba8c7b7e724f4bdc5ae714f4211ac186eb74330bf19c069f052e48bd8a7181835600422277e179bb73d9e8776535d8aa0d6b8dbcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
34ab4a8ee9b223f58cfc845d21edab51

SHA1
56bd6f3c5ef18cc7bc81b48b9f6ef94924153dd2

SHA256
bcfe969d28ddfa52d2853b96cb9a3023096c5af560ef4202217d2043374af1f3

SHA512
b566b8b33de66b00c5137781d5caa58d3cf70e160b94c97d7ab9b5cc32e3b201428be08a4c7415dfbe94fbfec6481855c2df246e9817ed95eb069a88fab96382

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zO0455184F\Sulfoxide.exe
Filesize
320KB

MD5
8fc94fde580157356fb0186246a814e6

SHA1
a7d44d37570c67b25bcc5b6ed1891b6e3b700abe

SHA256
9188c9e15123585764eeaf2664acab784a64c629ad7bde14696788bd4fe9e805

SHA512
383714930d92e09dce23ba2450eebc876bf5da5531f29ded21535e8f962617dd8b889f509a53933b876f50f182e902986928609a7795ad064de575fd2be20d36

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zO0455184F\Sulfoxide.exe
Filesize
320KB

MD5
8fc94fde580157356fb0186246a814e6

SHA1
a7d44d37570c67b25bcc5b6ed1891b6e3b700abe

SHA256
9188c9e15123585764eeaf2664acab784a64c629ad7bde14696788bd4fe9e805

SHA512
383714930d92e09dce23ba2450eebc876bf5da5531f29ded21535e8f962617dd8b889f509a53933b876f50f182e902986928609a7795ad064de575fd2be20d36

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zO045BBC2F\Sulfoxide.exe
Filesize
320KB

MD5
8fc94fde580157356fb0186246a814e6

SHA1
a7d44d37570c67b25bcc5b6ed1891b6e3b700abe

SHA256
9188c9e15123585764eeaf2664acab784a64c629ad7bde14696788bd4fe9e805

SHA512
383714930d92e09dce23ba2450eebc876bf5da5531f29ded21535e8f962617dd8b889f509a53933b876f50f182e902986928609a7795ad064de575fd2be20d36

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\vcredis1.cab
Filesize
312KB

MD5
77a9bff5af149160775741e204734d47

SHA1
7b5126af69b5a79593f39db94180f1ff11b0e39d

SHA256
20a26ed9a1edf7763a9b515522c5e29720048a482c7fbc8b7ff6bbdd27e61038

SHA512
bb0440f58f07e113bddd9a0afb5aab8af6493218784fe5fa6f4032e3a37088f91b7e766dee87cec4a9ea11d425d27b3b536430de3a52222e8bca3e0247d81e3b

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\vcredist.msi
Filesize
3.0MB

MD5
6dbdf338a0a25cdb236d43ea3ca2395e

SHA1
685b6ea61e574e628392eaac8b10aff4309f1081

SHA256
200fef5d4994523a02c4daa00060db28eb289b99d47fc6c1305183101e72bdeb

SHA512
6b5b31c55cf72ab92b17fb6074b3901a1e6afe0796ef9bc831e4dfb97450376d2889cd24b1cf3fce60eb3c1bcd1b31254b5cfa3ef6107974dfa0b35c233daf5a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize
3KB

MD5
f7f3b16bb7b22c6be623987aef21ee1e

SHA1
d195e3f3d733851f6ab16736be786d9ee06c4f95

SHA256
a607f6fc2d97fe931d00b4c3ef63a7476bfcb3330c7559c382e7d98cfc720a74

SHA512
ff21a91eb221c9ff2d6083ab7b2ec1742801d88e38ceec155962c80588e38fca0b9b545db42be73faf9c2c64146bde5eb68af781124f28e4367e6571e7e603f7

Download Submit
C:\Users\Admin\Downloads\Sulfoxide 1.4.7z
Filesize
70KB

MD5
a06a4b9f04737742961ebfc4cbbc39de

SHA1
3c405ad06b8f160479b3170ccc0380964df86f57

SHA256
bf5130b6134c0df6086d5312d6af9b9701a8a434291fe1dc8927a58b9411df73

SHA512
b3898bc6481cce9f82857cbe16d541c26f274c54e76f706cc4246193a9725ab57e88e4d110972d304c84b177039ebfdf53e02f534f32ea41ea9bdbe494d1c6ef

Download Submit
C:\Users\Admin\Downloads\Sulfoxide 1.4.7z.crdownload
Filesize
70KB

MD5
a06a4b9f04737742961ebfc4cbbc39de

SHA1
3c405ad06b8f160479b3170ccc0380964df86f57

SHA256
bf5130b6134c0df6086d5312d6af9b9701a8a434291fe1dc8927a58b9411df73

SHA512
b3898bc6481cce9f82857cbe16d541c26f274c54e76f706cc4246193a9725ab57e88e4d110972d304c84b177039ebfdf53e02f534f32ea41ea9bdbe494d1c6ef

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 750697.crdownload
Filesize
3.0MB

MD5
e231fbcce2c2cb16dcc299d36c734df3

SHA1
f4d74643a0e117ea80b2c7ebcd908a6dd26aa9ea

SHA256
4487570bd86e2e1aac29db2a1d0a91eb63361fcaac570808eb327cd4e0e2240d

SHA512
4a3d27791f72d6feb38e55fe06b8a08f99bac315415d11e32cb6895cdd6f7145d46d070cd94ac879c4b87ff2a025b3781e662b32848ff2dbdd350cb46fe9177a

Download Submit
C:\Users\Admin\Downloads\memz-main.zip
Filesize
16KB

MD5
103fbf0c1c832fb7893471f0fb8afe26

SHA1
cfdc1a5ce3864e0049ca8b1cbe14f221aee5f9b4

SHA256
7a80a9cbb48c81b3bcf3a4482acb3af6f5cd2318bfbaddf9d9581d55b0540bf2

SHA512
48316225933b9fc92eee25013da06d4ddda454a0ec00e2d1dfc0af3fd31df26e6bebe49119b040449c970862794ebb9b4df460343b863a986858c957d97dd771

Download Submit
C:\Users\Admin\Downloads\vcredist_x64.EXE
Filesize
3.0MB

MD5
e231fbcce2c2cb16dcc299d36c734df3

SHA1
f4d74643a0e117ea80b2c7ebcd908a6dd26aa9ea

SHA256
4487570bd86e2e1aac29db2a1d0a91eb63361fcaac570808eb327cd4e0e2240d

SHA512
4a3d27791f72d6feb38e55fe06b8a08f99bac315415d11e32cb6895cdd6f7145d46d070cd94ac879c4b87ff2a025b3781e662b32848ff2dbdd350cb46fe9177a

Download Submit
C:\Users\Admin\Downloads\vcredist_x64.EXE
Filesize
3.0MB

MD5
e231fbcce2c2cb16dcc299d36c734df3

SHA1
f4d74643a0e117ea80b2c7ebcd908a6dd26aa9ea

SHA256
4487570bd86e2e1aac29db2a1d0a91eb63361fcaac570808eb327cd4e0e2240d

SHA512
4a3d27791f72d6feb38e55fe06b8a08f99bac315415d11e32cb6895cdd6f7145d46d070cd94ac879c4b87ff2a025b3781e662b32848ff2dbdd350cb46fe9177a

Download Submit
C:\Windows\Installer\MSIB2A9.tmp
Filesize
28KB

MD5
85221b3bcba8dbe4b4a46581aa49f760

SHA1
746645c92594bfc739f77812d67cfd85f4b92474

SHA256
f6e34a4550e499346f5ab1d245508f16bf765ff24c4988984b89e049ca55737f

SHA512
060e35c4de14a03a2cda313f968e372291866cc4acd59977d7a48ac3745494abc54df83fff63cf30be4e10ff69a3b3c8b6c38f43ebd2a8d23d6c86fbee7ba87d

Download Submit
C:\Windows\Installer\MSIB2A9.tmp
Filesize
28KB

MD5
85221b3bcba8dbe4b4a46581aa49f760

SHA1
746645c92594bfc739f77812d67cfd85f4b92474

SHA256
f6e34a4550e499346f5ab1d245508f16bf765ff24c4988984b89e049ca55737f

SHA512
060e35c4de14a03a2cda313f968e372291866cc4acd59977d7a48ac3745494abc54df83fff63cf30be4e10ff69a3b3c8b6c38f43ebd2a8d23d6c86fbee7ba87d

Download Submit
C:\Windows\Installer\e5daf6d.msi
Filesize
3.0MB

MD5
6dbdf338a0a25cdb236d43ea3ca2395e

SHA1
685b6ea61e574e628392eaac8b10aff4309f1081

SHA256
200fef5d4994523a02c4daa00060db28eb289b99d47fc6c1305183101e72bdeb

SHA512
6b5b31c55cf72ab92b17fb6074b3901a1e6afe0796ef9bc831e4dfb97450376d2889cd24b1cf3fce60eb3c1bcd1b31254b5cfa3ef6107974dfa0b35c233daf5a

Download Submit
\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2
Filesize
23.0MB

MD5
0d9f8f69551de7494026dc9028ac0c2f

SHA1
4754094173244c6ff9a9e4355960ea1ec10492d6

SHA256
a630c15764d54fc537fd21b9a72ccd5ed34df01adcab14d8e4c3a6584c12dde0

SHA512
7e59403dc9d6afc4234e45e286a0181fd9d056efff8defd7c2e7d4cb2741346064d8b432ab04cbbff7458cf17b3580b66727890ce48513a227fa39606710bc52

Download Submit
\??\Volume{7e74cb8c-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{630f2813-f626-4747-96fe-3c61c980ab62}_OnDiskSnapshotProp
Filesize
5KB

MD5
ae6befc4fe6ba530197ea9c2ab0deac8

SHA1
e64047dfc72bfe7931ebd3872f736c9e91bcb891

SHA256
6fedae9b98f8ba5ef69fecf9829317fb75e32037cd7232d46fa7646a0e3dcdba

SHA512
0dbd52c5f63a89111c82e253d744613d176d4c60bd1229e7b19d70b4ee4715431506fabc119efac7daacf1508b29fcb7b3a5d69f4c9892ca9b65cf4881a3a377

Download Submit
\??\pipe\LOCAL\crashpad_4612_WOBIPJOHNIVHNOMK
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\??\pipe\crashpad_4784_CDCQGDKJNMILHDZI
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1056-1735-0x000001DC10740000-0x000001DC10889000-memory.dmp

Filesize
1.3MB

Download
memory/1788-1787-0x000001BBEECE0000-0x000001BBEEEC4000-memory.dmp

Filesize
1.9MB

Download
memory/3588-1935-0x000001E50D1E0000-0x000001E50D3C4000-memory.dmp

Filesize
1.9MB

Download
memory/4748-2232-0x0000018D922E0000-0x0000018D924C4000-memory.dmp

Filesize
1.9MB

Download
memory/4796-2244-0x0000000005600000-0x0000000005601000-memory.dmp

Filesize
4KB

Download
memory/4796-2235-0x0000000005600000-0x0000000005601000-memory.dmp

Filesize
4KB

Download
memory/4796-2236-0x0000000005600000-0x0000000005601000-memory.dmp

Filesize
4KB

Download
memory/4796-2237-0x0000000005600000-0x0000000005601000-memory.dmp

Filesize
4KB

Download
memory/4796-2241-0x0000000005600000-0x0000000005601000-memory.dmp

Filesize
4KB

Download
memory/4796-2243-0x0000000005600000-0x0000000005601000-memory.dmp

Filesize
4KB

Download
memory/4796-2246-0x0000000005600000-0x0000000005601000-memory.dmp

Filesize
4KB

Download
memory/4796-2245-0x0000000005600000-0x0000000005601000-memory.dmp

Filesize
4KB

Download
memory/4796-2247-0x0000000005600000-0x0000000005601000-memory.dmp

Filesize
4KB

Download
memory/4796-2242-0x0000000005600000-0x0000000005601000-memory.dmp

Filesize
4KB

Download