mystic | 12223241a9facbd10636ceeccd28f086b8da8a41472cbad989297ab60a1cfd77

Analysis

max time kernel
2s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
12-11-2023 18:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.12223241a9facbd10636ceeccd28f086b8da8a41472cbad989297ab60a1cfd77.exe
Size

1.4MB
MD5

8392dcdaa6e876e9e52bca0f819a3d38
SHA1

49c37b0ab1ecbeafe23feb00c8bf1cbdb7717fd8
SHA256

12223241a9facbd10636ceeccd28f086b8da8a41472cbad989297ab60a1cfd77
SHA512

be65f9cc1fcc669a6f86b9f707b10e84e5c4e3863236b74b6d4b9432521403f6e543f2ee6b102ab2f99c871a57d05eadd0558325aa8cc6672315acdabf9ef8d5
SSDEEP

24576:VyMQ2RP0Feid+HqrAnefIs/JoG71XDE5PR+DvIgNZRPk40bk7m9rZFTaQBelGPuC:wMvueiH+ewUSG1w5kAgpUg6dZ7BelGP7

Score

10^/10

mystic redline smokeloader zgrat taiga backdoor evasion infostealer persistence rat stealer themida trojan upx

Malware Config

Extracted

Family

smokeloader

Version

2022

http://5.42.92.190/fks/index.php

rc4.i32

Extracted

Family

redline

Botnet

taiga

5.42.92.51:19057

Signatures

Detect Mystic stealer payload 4 IoCs

resource	yara_rule
behavioral1/memory/6292-235-0x0000000000400000-0x0000000000433000-memory.dmp	mystic_family
behavioral1/memory/6292-248-0x0000000000400000-0x0000000000433000-memory.dmp	mystic_family
behavioral1/memory/6292-250-0x0000000000400000-0x0000000000433000-memory.dmp	mystic_family
behavioral1/memory/6292-247-0x0000000000400000-0x0000000000433000-memory.dmp	mystic_family

Detect ZGRat V1 22 IoCs

resource	yara_rule
behavioral1/memory/7140-828-0x000001F7EA570000-0x000001F7EA650000-memory.dmp	family_zgrat_v1
behavioral1/memory/7140-830-0x000001F7EA570000-0x000001F7EA650000-memory.dmp	family_zgrat_v1
behavioral1/memory/7140-839-0x000001F7EA570000-0x000001F7EA650000-memory.dmp	family_zgrat_v1
behavioral1/memory/7140-841-0x000001F7EA570000-0x000001F7EA650000-memory.dmp	family_zgrat_v1
behavioral1/memory/7140-843-0x000001F7EA570000-0x000001F7EA650000-memory.dmp	family_zgrat_v1
behavioral1/memory/7140-850-0x000001F7EA570000-0x000001F7EA650000-memory.dmp	family_zgrat_v1
behavioral1/memory/7140-854-0x000001F7EA570000-0x000001F7EA650000-memory.dmp	family_zgrat_v1
behavioral1/memory/7140-862-0x000001F7EA570000-0x000001F7EA650000-memory.dmp	family_zgrat_v1
behavioral1/memory/7140-864-0x000001F7EA570000-0x000001F7EA650000-memory.dmp	family_zgrat_v1
behavioral1/memory/7140-858-0x000001F7EA570000-0x000001F7EA650000-memory.dmp	family_zgrat_v1
behavioral1/memory/7140-869-0x000001F7EA570000-0x000001F7EA650000-memory.dmp	family_zgrat_v1
behavioral1/memory/7140-846-0x000001F7EA570000-0x000001F7EA650000-memory.dmp	family_zgrat_v1
behavioral1/memory/7140-871-0x000001F7EA570000-0x000001F7EA650000-memory.dmp	family_zgrat_v1
behavioral1/memory/7140-874-0x000001F7EA570000-0x000001F7EA650000-memory.dmp	family_zgrat_v1
behavioral1/memory/7140-885-0x000001F7EA570000-0x000001F7EA650000-memory.dmp	family_zgrat_v1
behavioral1/memory/7140-896-0x000001F7EA570000-0x000001F7EA650000-memory.dmp	family_zgrat_v1
behavioral1/memory/7140-928-0x000001F7EA570000-0x000001F7EA650000-memory.dmp	family_zgrat_v1
behavioral1/memory/7140-972-0x000001F7EA570000-0x000001F7EA650000-memory.dmp	family_zgrat_v1
behavioral1/memory/7140-949-0x000001F7EA570000-0x000001F7EA650000-memory.dmp	family_zgrat_v1
behavioral1/memory/7140-945-0x000001F7EA570000-0x000001F7EA650000-memory.dmp	family_zgrat_v1
behavioral1/memory/7140-906-0x000001F7EA570000-0x000001F7EA650000-memory.dmp	family_zgrat_v1
behavioral1/memory/7140-822-0x000001F7EA570000-0x000001F7EA654000-memory.dmp	family_zgrat_v1

Mystic
Mystic is an infostealer written in C++.
stealer mystic
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 3 IoCs

resource	yara_rule
behavioral1/memory/5180-405-0x0000000000400000-0x000000000043C000-memory.dmp	family_redline
behavioral1/memory/3556-702-0x0000000000400000-0x000000000046F000-memory.dmp	family_redline
behavioral1/memory/3556-701-0x0000000000550000-0x00000000005AA000-memory.dmp	family_redline

SmokeLoader
Modular backdoor trojan in use since 2014.
trojan backdoor smokeloader
ZGRat
ZGRat is remote access trojan written in C#.
rat zgrat
Stops running service(s) 3 TTPs
evasion

Windows Service
T1543.003

Impair Defenses
T1562

Service Stop
T1489

Executes dropped EXE 4 IoCs

pid	Process
3252	kC0eO74.exe
2208	WE6UX34.exe
5016	pN7eR50.exe
1132	1nr65WW1.exe

Themida packer 1 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
behavioral1/files/0x0006000000022ec6-1092.dat	themida

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0006000000022eb0-979.dat	upx

Adds Run key to start application 2 TTPs 4 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\""	kC0eO74.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\""	WE6UX34.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup3 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP003.TMP\\\""	pN7eR50.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\""	NEAS.12223241a9facbd10636ceeccd28f086b8da8a41472cbad989297ab60a1cfd77.exe

AutoIT Executable 2 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
behavioral1/files/0x0007000000022d80-27.dat	autoit_exe
behavioral1/files/0x0007000000022d80-26.dat	autoit_exe

Launches sc.exe 10 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
7008	sc.exe
5956	sc.exe
4640	sc.exe
6684	sc.exe
5220	sc.exe
4916	sc.exe
4700	sc.exe
5872	sc.exe
2848	sc.exe
6928	sc.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
6948	6292	WerFault.exe	104
6916	1540	WerFault.exe	203

Creates scheduled task(s) 1 TTPs 1 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence

Scheduled Task/Job

T1053

pid	Process
4744	schtasks.exe

Delays execution with timeout.exe 2 IoCs

evasion

pid	Process
6100	timeout.exe
2128	timeout.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 1144 wrote to memory of 3252	1144	NEAS.12223241a9facbd10636ceeccd28f086b8da8a41472cbad989297ab60a1cfd77.exe	35
PID 1144 wrote to memory of 3252	1144	NEAS.12223241a9facbd10636ceeccd28f086b8da8a41472cbad989297ab60a1cfd77.exe	35
PID 1144 wrote to memory of 3252	1144	NEAS.12223241a9facbd10636ceeccd28f086b8da8a41472cbad989297ab60a1cfd77.exe	35
PID 3252 wrote to memory of 2208	3252	kC0eO74.exe	36
PID 3252 wrote to memory of 2208	3252	kC0eO74.exe	36
PID 3252 wrote to memory of 2208	3252	kC0eO74.exe	36
PID 2208 wrote to memory of 5016	2208	WE6UX34.exe	37
PID 2208 wrote to memory of 5016	2208	WE6UX34.exe	37
PID 2208 wrote to memory of 5016	2208	WE6UX34.exe	37
PID 5016 wrote to memory of 1132	5016	pN7eR50.exe	39
PID 5016 wrote to memory of 1132	5016	pN7eR50.exe	39
PID 5016 wrote to memory of 1132	5016	pN7eR50.exe	39

C:\Users\Admin\AppData\Local\Temp\NEAS.12223241a9facbd10636ceeccd28f086b8da8a41472cbad989297ab60a1cfd77.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.12223241a9facbd10636ceeccd28f086b8da8a41472cbad989297ab60a1cfd77.exe"
1⤵
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:1144
- C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\kC0eO74.exe
  C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\kC0eO74.exe
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - Suspicious use of WriteProcessMemory
  PID:3252
- - C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\WE6UX34.exe
    C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\WE6UX34.exe
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    - Suspicious use of WriteProcessMemory
    PID:2208
  - - C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\pN7eR50.exe
      C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\pN7eR50.exe
      4⤵
      Executes dropped EXE
      Adds Run key to start application
      Suspicious use of WriteProcessMemory
      PID:5016
    - - C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1nr65WW1.exe
        
        C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1nr65WW1.exe
        5⤵
        Executes dropped EXE
        
        PID:1132
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
        6⤵
        
        PID:2580
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,4370008756992184641,1959811248567792956,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
        7⤵
        
        PID:4368
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,4370008756992184641,1959811248567792956,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
        7⤵
        
        PID:4868
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7fffcfd646f8,0x7fffcfd64708,0x7fffcfd64718
        7⤵
        
        PID:3672
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login
        6⤵
        
        PID:4028
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7fffcfd646f8,0x7fffcfd64708,0x7fffcfd64718
        7⤵
        
        PID:2328
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,13945381162944448720,8248747882278470149,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4296 /prefetch:1
        7⤵
        
        PID:6108
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,13945381162944448720,8248747882278470149,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1
        7⤵
        
        PID:6520
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,13945381162944448720,8248747882278470149,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
        7⤵
        
        PID:6644
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,13945381162944448720,8248747882278470149,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:1
        7⤵
        
        PID:6880
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,13945381162944448720,8248747882278470149,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6288 /prefetch:1
        7⤵
        
        PID:7004
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,13945381162944448720,8248747882278470149,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1
        7⤵
        
        PID:7108
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,13945381162944448720,8248747882278470149,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6596 /prefetch:1
        7⤵
        
        PID:5468
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,13945381162944448720,8248747882278470149,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4504 /prefetch:1
        7⤵
        
        PID:6412
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,13945381162944448720,8248747882278470149,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
        7⤵
        
        PID:6284
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,13945381162944448720,8248747882278470149,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4564 /prefetch:1
        7⤵
        
        PID:4644
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,13945381162944448720,8248747882278470149,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3976 /prefetch:1
        7⤵
        
        PID:5772
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,13945381162944448720,8248747882278470149,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
        7⤵
        
        PID:3596
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,13945381162944448720,8248747882278470149,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
        7⤵
        
        PID:4004
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2216,13945381162944448720,8248747882278470149,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2688 /prefetch:8
        7⤵
        
        PID:2712
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2216,13945381162944448720,8248747882278470149,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2340 /prefetch:3
        7⤵
        
        PID:4272
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,13945381162944448720,8248747882278470149,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2272 /prefetch:2
        7⤵
        
        PID:1572
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,13945381162944448720,8248747882278470149,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:1
        7⤵
        
        PID:3804
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,13945381162944448720,8248747882278470149,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:1
        7⤵
        
        PID:2556
        
        C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,13945381162944448720,8248747882278470149,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7340 /prefetch:8
        7⤵
        
        PID:5436
        
        C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,13945381162944448720,8248747882278470149,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7340 /prefetch:8
        7⤵
        
        PID:5352
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,13945381162944448720,8248747882278470149,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7620 /prefetch:1
        7⤵
        
        PID:6600
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,13945381162944448720,8248747882278470149,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7684 /prefetch:1
        7⤵
        
        PID:6416
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,13945381162944448720,8248747882278470149,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
        7⤵
        
        PID:4724
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,13945381162944448720,8248747882278470149,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8164 /prefetch:1
        7⤵
        
        PID:7016
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
        6⤵
        
        PID:4412
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7fffcfd646f8,0x7fffcfd64708,0x7fffcfd64718
        7⤵
        
        PID:3796
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,3918904907282486346,157634123824180099,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 /prefetch:3
        7⤵
        
        PID:5260
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,3918904907282486346,157634123824180099,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
        7⤵
        
        PID:5232
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/
        6⤵
        
        PID:3932
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7fffcfd646f8,0x7fffcfd64708,0x7fffcfd64718
        7⤵
        
        PID:2028
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,3290668659839076209,13102096885684869177,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 /prefetch:3
        7⤵
        
        PID:5548
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login
        6⤵
        
        PID:4248
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7fffcfd646f8,0x7fffcfd64708,0x7fffcfd64718
        7⤵
        
        PID:2352
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,7233523081759474982,16471734660057924157,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 /prefetch:3
        7⤵
        
        PID:6024
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/
        6⤵
        
        PID:748
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7fffcfd646f8,0x7fffcfd64708,0x7fffcfd64718
        7⤵
        
        PID:4256
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1572,15110919281832622408,6721184929260592946,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 /prefetch:3
        7⤵
        
        PID:5860
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin
        6⤵
        
        PID:5296
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7fffcfd646f8,0x7fffcfd64708,0x7fffcfd64718
        7⤵
        
        PID:5472
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
        6⤵
        
        PID:6536
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/
        6⤵
        
        PID:5156
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login
        6⤵
        
        PID:4716
    - - C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2or4646.exe
        
        C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2or4646.exe
        5⤵
        
        PID:6940
      - C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
        6⤵
        
        PID:6292
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6292 -s 540
        7⤵
        Program crash
        
        PID:6948
  - - C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7WI49RD.exe
      C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7WI49RD.exe
      4⤵
      PID:4760
- - C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\8in705vR.exe
    C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\8in705vR.exe
    3⤵
    PID:6924
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
      4⤵
      PID:5180
- C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\9mx3Zs8.exe
  C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\9mx3Zs8.exe
  2⤵
  PID:2092
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
    3⤵
    PID:6568
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
    3⤵
    PID:7068

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7fffcfd646f8,0x7fffcfd64708,0x7fffcfd64718
1⤵
PID:4756

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5248

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3212

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7fffcfd646f8,0x7fffcfd64708,0x7fffcfd64718
1⤵
PID:5424

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7fffcfd646f8,0x7fffcfd64708,0x7fffcfd64718
1⤵
PID:6752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 6292 -ip 6292
1⤵
PID:6916

C:\Users\Admin\AppData\Local\Temp\87A9.exe
C:\Users\Admin\AppData\Local\Temp\87A9.exe
1⤵
PID:3556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
  2⤵
  PID:2968
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffcfd646f8,0x7fffcfd64708,0x7fffcfd64718
    3⤵
    PID:5392
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,5034533481657971042,13706583000074423860,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
    3⤵
    PID:5108
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,5034533481657971042,13706583000074423860,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
    3⤵
    PID:3860
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,5034533481657971042,13706583000074423860,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
    3⤵
    PID:6192
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5034533481657971042,13706583000074423860,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
    3⤵
    PID:3252
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5034533481657971042,13706583000074423860,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
    3⤵
    PID:6852
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5034533481657971042,13706583000074423860,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
    3⤵
    PID:212
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5034533481657971042,13706583000074423860,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
    3⤵
    PID:2668
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5034533481657971042,13706583000074423860,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:1
    3⤵
    PID:3380
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5034533481657971042,13706583000074423860,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
    3⤵
    PID:4920
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5034533481657971042,13706583000074423860,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
    3⤵
    PID:4376
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,5034533481657971042,13706583000074423860,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5020 /prefetch:8
    3⤵
    PID:6344
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,5034533481657971042,13706583000074423860,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5020 /prefetch:8
    3⤵
    PID:4828

C:\Users\Admin\AppData\Local\Temp\AE1E.exe
C:\Users\Admin\AppData\Local\Temp\AE1E.exe
1⤵
PID:5260
- C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe
  "C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe"
  2⤵
  PID:2188
- - C:\Users\Admin\AppData\Local\Temp\Broom.exe
    C:\Users\Admin\AppData\Local\Temp\Broom.exe
    3⤵
    PID:6124
- C:\Users\Admin\AppData\Local\Temp\toolspub2.exe
  "C:\Users\Admin\AppData\Local\Temp\toolspub2.exe"
  2⤵
  PID:4128
- - C:\Users\Admin\AppData\Local\Temp\toolspub2.exe
    "C:\Users\Admin\AppData\Local\Temp\toolspub2.exe"
    3⤵
    PID:4928
- C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe
  "C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"
  2⤵
  PID:5612
- C:\Users\Admin\AppData\Local\Temp\random.exe
  "C:\Users\Admin\AppData\Local\Temp\random.exe"
  2⤵
  PID:1236
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe"
    3⤵
    PID:932
  - - C:\Users\Admin\Pictures\pZn8DGPDOEAyaXpZF5U3LBaT.exe
      "C:\Users\Admin\Pictures\pZn8DGPDOEAyaXpZF5U3LBaT.exe"
      4⤵
      PID:1672
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp\random.exe" -Force
    3⤵
    PID:3952
- C:\Users\Admin\AppData\Local\Temp\latestX.exe
  "C:\Users\Admin\AppData\Local\Temp\latestX.exe"
  2⤵
  PID:6220

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1236

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5344

C:\Users\Admin\AppData\Local\Temp\B87F.exe
C:\Users\Admin\AppData\Local\Temp\B87F.exe
1⤵
PID:1496
- C:\Users\Admin\AppData\Local\Temp\B87F.exe
  C:\Users\Admin\AppData\Local\Temp\B87F.exe
  2⤵
  PID:7140

C:\Users\Admin\AppData\Local\Temp\D678.exe
C:\Users\Admin\AppData\Local\Temp\D678.exe
1⤵
PID:5236
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
  C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
  2⤵
  PID:6372

C:\Users\Admin\Pictures\emyvPIv5hY4rjsC3a25hpXya.exe
"C:\Users\Admin\Pictures\emyvPIv5hY4rjsC3a25hpXya.exe"
1⤵
PID:6740
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /c timeout /t 5 & del /f /q "C:\Users\Admin\Pictures\emyvPIv5hY4rjsC3a25hpXya.exe" & del "C:\ProgramData\*.dll"" & exit
  2⤵
  PID:6272
- - C:\Windows\SysWOW64\timeout.exe
    timeout /t 5
    3⤵
    - Delays execution with timeout.exe
    PID:6100

C:\Users\Admin\Pictures\aAqTWLcKvD1uLtLAfd4K5c1O.exe
"C:\Users\Admin\Pictures\aAqTWLcKvD1uLtLAfd4K5c1O.exe"
1⤵
PID:5076

C:\Users\Admin\Pictures\ND5vKX6TYN0xCT1xt3KReXs5.exe
"C:\Users\Admin\Pictures\ND5vKX6TYN0xCT1xt3KReXs5.exe"
1⤵
PID:6376

C:\Users\Admin\Pictures\3vL6AuCFQiMgg3oirP7QZDw7.exe
"C:\Users\Admin\Pictures\3vL6AuCFQiMgg3oirP7QZDw7.exe"
1⤵
PID:5704

C:\Users\Admin\Pictures\aXSMWsBrCPvkfBaSxRiLtue4.exe
"C:\Users\Admin\Pictures\aXSMWsBrCPvkfBaSxRiLtue4.exe"
1⤵
PID:7048

C:\Users\Admin\Pictures\xR9VsomDZ4BkcJgBy0VjD4A7.exe
"C:\Users\Admin\Pictures\xR9VsomDZ4BkcJgBy0VjD4A7.exe" --silent --allusers=0
1⤵
PID:6288
- C:\Users\Admin\Pictures\xR9VsomDZ4BkcJgBy0VjD4A7.exe
  C:\Users\Admin\Pictures\xR9VsomDZ4BkcJgBy0VjD4A7.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=104.0.4944.54 --initial-client-data=0x2f4,0x2f8,0x2fc,0x2f0,0x300,0x6be95648,0x6be95658,0x6be95664
  2⤵
  PID:7124
- C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\xR9VsomDZ4BkcJgBy0VjD4A7.exe
  "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\xR9VsomDZ4BkcJgBy0VjD4A7.exe" --version
  2⤵
  PID:4372
- C:\Users\Admin\Pictures\xR9VsomDZ4BkcJgBy0VjD4A7.exe
  "C:\Users\Admin\Pictures\xR9VsomDZ4BkcJgBy0VjD4A7.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --show-intro-overlay --server-tracking-data=server_tracking_data --initial-pid=6288 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20231112190556" --session-guid=b31343cb-1430-4018-9ef6-6c47764917bd --server-tracking-blob=OGYzZGJjOTljMDQ1MmFkZDNiYzQ3MWY2Yjc5NmQ5M2ExNzQ2N2RmYzI1ZGIyYmMwMDkzNzI0YjlhM2JjMDEwYzp7ImNvdW50cnkiOiJOTCIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijp7Im5hbWUiOiJvcGVyYSJ9LCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cy8/dXRtX21lZGl1bT1hcGImdXRtX3NvdXJjZT1ta3QmdXRtX2NhbXBhaWduPTc2NyIsInN5c3RlbSI6eyJwbGF0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjEwIiwicGFja2FnZSI6IkVYRSJ9fSwidGltZXN0YW1wIjoiMTY5OTgxNTk1MS43MDY2IiwidXRtIjp7ImNhbXBhaWduIjoiNzY3IiwibWVkaXVtIjoiYXBiIiwic291cmNlIjoibWt0In0sInV1aWQiOiJjM2VjZmZmYy1jZjc0LTRlYjQtYTQ4ZC03MjBlNGYwYmJiN2MifQ== --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=1005000000000000
  2⤵
  PID:5808
- - C:\Users\Admin\Pictures\xR9VsomDZ4BkcJgBy0VjD4A7.exe
    C:\Users\Admin\Pictures\xR9VsomDZ4BkcJgBy0VjD4A7.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=104.0.4944.54 --initial-client-data=0x2e8,0x2ec,0x2f0,0x2c4,0x300,0x6a885648,0x6a885658,0x6a885664
    3⤵
    PID:1480
- C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202311121905561\assistant\Assistant_103.0.4928.25_Setup.exe_sfx.exe
  "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202311121905561\assistant\Assistant_103.0.4928.25_Setup.exe_sfx.exe"
  2⤵
  PID:4656
- C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202311121905561\assistant\assistant_installer.exe
  "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202311121905561\assistant\assistant_installer.exe" --version
  2⤵
  PID:5520
- - C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202311121905561\assistant\assistant_installer.exe
    "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202311121905561\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=103.0.4928.25 --initial-client-data=0x270,0x274,0x278,0x24c,0x27c,0x7b1588,0x7b1598,0x7b15a4
    3⤵
    PID:6356

C:\Users\Admin\Pictures\pVvnswME4djB4Wb948bbARLG.exe
"C:\Users\Admin\Pictures\pVvnswME4djB4Wb948bbARLG.exe"
1⤵
PID:1540
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /c timeout /t 5 & del /f /q "C:\Users\Admin\Pictures\pVvnswME4djB4Wb948bbARLG.exe" & del "C:\ProgramData\*.dll"" & exit
  2⤵
  PID:2212
- - C:\Windows\SysWOW64\timeout.exe
    timeout /t 5
    3⤵
    - Delays execution with timeout.exe
    PID:2128
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1540 -s 1372
  2⤵
  - Program crash
  PID:6916

C:\Users\Admin\Pictures\2IyvtptB7vejKZsgmyA5XBwv.exe
"C:\Users\Admin\Pictures\2IyvtptB7vejKZsgmyA5XBwv.exe"
1⤵
PID:5248
- C:\Users\Admin\AppData\Local\Temp\Broom.exe
  C:\Users\Admin\AppData\Local\Temp\Broom.exe
  2⤵
  PID:5804

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force
1⤵
PID:1236

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force
1⤵
PID:6096

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc
1⤵
PID:6052

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -s WPDBusEnum
1⤵
PID:4384

C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc
1⤵
PID:2132
- C:\Windows\System32\sc.exe
  sc stop UsoSvc
  2⤵
  - Launches sc.exe
  PID:7008
- C:\Windows\System32\sc.exe
  sc stop WaaSMedicSvc
  2⤵
  - Launches sc.exe
  PID:4640
- C:\Windows\System32\sc.exe
  sc stop wuauserv
  2⤵
  - Launches sc.exe
  PID:4700
- C:\Windows\System32\sc.exe
  sc stop bits
  2⤵
  - Launches sc.exe
  PID:4916
- C:\Windows\System32\sc.exe
  sc stop dosvc
  2⤵
  - Launches sc.exe
  PID:2848

C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc
1⤵
PID:6276
- C:\Windows\System32\sc.exe
  sc stop UsoSvc
  2⤵
  - Launches sc.exe
  PID:5956
- C:\Windows\System32\sc.exe
  sc stop WaaSMedicSvc
  2⤵
  - Launches sc.exe
  PID:6684
- C:\Windows\System32\sc.exe
  sc stop wuauserv
  2⤵
  - Launches sc.exe
  PID:5220
- C:\Windows\System32\sc.exe
  sc stop bits
  2⤵
  - Launches sc.exe
  PID:5872
- C:\Windows\System32\sc.exe
  sc stop dosvc
  2⤵
  - Launches sc.exe
  PID:6928

C:\Windows\System32\schtasks.exe
C:\Windows\System32\schtasks.exe /delete /f /tn "GoogleUpdateTaskMachineQC"
1⤵
PID:7012

C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0
1⤵
PID:4556
- C:\Windows\System32\powercfg.exe
  powercfg /x -hibernate-timeout-ac 0
  2⤵
  PID:6920
- C:\Windows\System32\powercfg.exe
  powercfg /x -hibernate-timeout-dc 0
  2⤵
  PID:1484
- C:\Windows\System32\powercfg.exe
  powercfg /x -standby-timeout-ac 0
  2⤵
  PID:2964
- C:\Windows\System32\powercfg.exe
  powercfg /x -standby-timeout-dc 0
  2⤵
  PID:4640

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#nvjdnn#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /ru 'System' /tn 'GoogleUpdateTaskMachineQC' /tr '''C:\Program Files\Google\Chrome\updater.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Program Files\Google\Chrome\updater.exe') -Trigger (New-ScheduledTaskTrigger -AtStartup) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'GoogleUpdateTaskMachineQC' -User 'System' -RunLevel 'Highest' -Force; }
1⤵
PID:6624

C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0
1⤵
PID:6048
- C:\Windows\System32\powercfg.exe
  powercfg /x -hibernate-timeout-ac 0
  2⤵
  PID:6740
- C:\Windows\System32\powercfg.exe
  powercfg /x -hibernate-timeout-dc 0
  2⤵
  PID:6844
- C:\Windows\System32\powercfg.exe
  powercfg /x -standby-timeout-ac 0
  2⤵
  PID:6712
- C:\Windows\System32\powercfg.exe
  powercfg /x -standby-timeout-dc 0
  2⤵
  PID:6468

C:\Windows\System32\schtasks.exe
C:\Windows\System32\schtasks.exe /create /f /ru "System" /tn "GoogleUpdateTaskMachineQC" /xml "C:\Users\Admin\AppData\Local\Temp\tlxvacrdjkek.xml"
1⤵
- Creates scheduled task(s)
PID:4744

C:\Windows\System32\schtasks.exe
C:\Windows\System32\schtasks.exe /run /tn "GoogleUpdateTaskMachineQC"
1⤵
PID:5304

C:\Program Files\Google\Chrome\updater.exe
"C:\Program Files\Google\Chrome\updater.exe"
1⤵
PID:3364

C:\Users\Admin\AppData\Local\Temp\FBFE.exe
C:\Users\Admin\AppData\Local\Temp\FBFE.exe
1⤵
PID:4284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 1540 -ip 1540
1⤵
PID:1636

C:\Windows\System32\schtasks.exe
C:\Windows\System32\schtasks.exe /run /tn "GoogleUpdateTaskMachineQC"
1⤵
PID:2476

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Scheduled Task/Job

T1053

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Scheduled Task/Job

T1053

Defense Evasion

Impair Defenses

T1562

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

T1489

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\HIIDGCGC

Filesize
116KB

MD5
f70aa3fa04f0536280f872ad17973c3d

SHA1
50a7b889329a92de1b272d0ecf5fce87395d3123

SHA256
8d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8

SHA512
30675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84

Download Submit
C:\ProgramData\IJJKKJJD

Filesize
92KB

MD5
2c49291f7cd253c173250751551fd2b5

SHA1
9d8a80c2a365675a63b5f50f63b72b76d625b1b1

SHA256
5766d76fbd9f797ab218de6c240dcae6f78066bc5812a99aeeed584fb0621f75

SHA512
de4a9ca73d663384264643be909726cb3393ea45779c888eb54bb3fbd2e36d8ad1c30260a16f1ced9fc5d8fe96dee761a655ff3764148b3e2678563417d6d933

Download Submit
C:\ProgramData\mozglue.dll

Filesize
593KB

MD5
c8fd9be83bc728cc04beffafc2907fe9

SHA1
95ab9f701e0024cedfbd312bcfe4e726744c4f2e

SHA256
ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a

SHA512
fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040

Download Submit
C:\ProgramData\nss3.dll

Filesize
2.0MB

MD5
1cc453cdf74f31e4d913ff9c10acdde2

SHA1
6e85eae544d6e965f15fa5c39700fa7202f3aafe

SHA256
ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5

SHA512
dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\4334f500-23a0-4514-a188-71b33a5caa10.tmp

Filesize
10KB

MD5
565d72bb3ca2e264c8d6686f4bf32dbc

SHA1
08f187bdac0cc1379405237aaa9f3a94ff84cb28

SHA256
a0fb93a24f88ed8cbc97ee7d3d591afdd1c2b30d0aeef89729b7c4ac96508329

SHA512
1650d81fe83a8dfee0f153a501ef56c5b986d576f8b84d8e506ad1480f5304a9a0bb5beba34224f6810afb556bf2249cd15e617ad20ae6234a8589ef980f2e5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6276613a51dae3b747451bc05e24edfa

SHA1
96ff591013fc8d378a9b37ea580d8ec6e98bbde5

SHA256
d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0

SHA512
dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6276613a51dae3b747451bc05e24edfa

SHA1
96ff591013fc8d378a9b37ea580d8ec6e98bbde5

SHA256
d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0

SHA512
dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6276613a51dae3b747451bc05e24edfa

SHA1
96ff591013fc8d378a9b37ea580d8ec6e98bbde5

SHA256
d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0

SHA512
dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6276613a51dae3b747451bc05e24edfa

SHA1
96ff591013fc8d378a9b37ea580d8ec6e98bbde5

SHA256
d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0

SHA512
dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6276613a51dae3b747451bc05e24edfa

SHA1
96ff591013fc8d378a9b37ea580d8ec6e98bbde5

SHA256
d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0

SHA512
dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6276613a51dae3b747451bc05e24edfa

SHA1
96ff591013fc8d378a9b37ea580d8ec6e98bbde5

SHA256
d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0

SHA512
dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8992ae6e99b277eea6fb99c4f267fa3f

SHA1
3715825c48f594068638351242fac7fdd77c1eb7

SHA256
525038333c02dff407d589fa407b493b7962543e205c587feceefbc870a08e3d

SHA512
a1f44fff4ea76358c7f2a909520527ec0bbc3ddcb722c5d1f874e03a0c4ac42dac386a49ccf72807ef2fa6ccc534490ad90de2f699b1e49f06f79157f251ab25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6276613a51dae3b747451bc05e24edfa

SHA1
96ff591013fc8d378a9b37ea580d8ec6e98bbde5

SHA256
d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0

SHA512
dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6276613a51dae3b747451bc05e24edfa

SHA1
96ff591013fc8d378a9b37ea580d8ec6e98bbde5

SHA256
d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0

SHA512
dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6276613a51dae3b747451bc05e24edfa

SHA1
96ff591013fc8d378a9b37ea580d8ec6e98bbde5

SHA256
d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0

SHA512
dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6276613a51dae3b747451bc05e24edfa

SHA1
96ff591013fc8d378a9b37ea580d8ec6e98bbde5

SHA256
d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0

SHA512
dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6276613a51dae3b747451bc05e24edfa

SHA1
96ff591013fc8d378a9b37ea580d8ec6e98bbde5

SHA256
d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0

SHA512
dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6276613a51dae3b747451bc05e24edfa

SHA1
96ff591013fc8d378a9b37ea580d8ec6e98bbde5

SHA256
d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0

SHA512
dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6276613a51dae3b747451bc05e24edfa

SHA1
96ff591013fc8d378a9b37ea580d8ec6e98bbde5

SHA256
d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0

SHA512
dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6276613a51dae3b747451bc05e24edfa

SHA1
96ff591013fc8d378a9b37ea580d8ec6e98bbde5

SHA256
d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0

SHA512
dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6276613a51dae3b747451bc05e24edfa

SHA1
96ff591013fc8d378a9b37ea580d8ec6e98bbde5

SHA256
d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0

SHA512
dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6276613a51dae3b747451bc05e24edfa

SHA1
96ff591013fc8d378a9b37ea580d8ec6e98bbde5

SHA256
d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0

SHA512
dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6276613a51dae3b747451bc05e24edfa

SHA1
96ff591013fc8d378a9b37ea580d8ec6e98bbde5

SHA256
d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0

SHA512
dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6276613a51dae3b747451bc05e24edfa

SHA1
96ff591013fc8d378a9b37ea580d8ec6e98bbde5

SHA256
d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0

SHA512
dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a5f595566f83e288991a95ff3747e1d7

SHA1
f3f4069819da237eea7e05a9caefb51d2a2df896

SHA256
50cecc4be2308132639e09216843eacc34bcde5d2cc88716a4355e3b3af643fe

SHA512
57f7ebeb715fa7205b463efa7844b1c58b0ccc681655970bd88aa5296dcc4579bb1edc8ee93dcb049275756c9e99469eee42498f84ced4996dc575b8a74ea003

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6276613a51dae3b747451bc05e24edfa

SHA1
96ff591013fc8d378a9b37ea580d8ec6e98bbde5

SHA256
d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0

SHA512
dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2c356792d25953a353537ff99d8ff763

SHA1
795b5dca39e4408f832dfcd6142e2b8c3242686b

SHA256
aa4c2fc1c9e566ebec324eac5a10c22f8e186be43d34e78d18ddffd664647f02

SHA512
0b9529ed29de80d3e8f195370bc44ae691151fb8e25a821327809533523f09ca4c54a508eddd873430b64f688938287f70f3c8b9297038edaba9f2db94a7ecbf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6276613a51dae3b747451bc05e24edfa

SHA1
96ff591013fc8d378a9b37ea580d8ec6e98bbde5

SHA256
d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0

SHA512
dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6276613a51dae3b747451bc05e24edfa

SHA1
96ff591013fc8d378a9b37ea580d8ec6e98bbde5

SHA256
d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0

SHA512
dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6276613a51dae3b747451bc05e24edfa

SHA1
96ff591013fc8d378a9b37ea580d8ec6e98bbde5

SHA256
d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0

SHA512
dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
73KB

MD5
6a42944023566ec0c278574b5d752fc6

SHA1
0ee11c34a0e0d537994a133a2e27b73756536e3c

SHA256
f0ac3833cdb8606be1942cf8f98b4112b7bfd01e8a427720b84d91bdc00dde65

SHA512
5ebdf0d7ec105800059c45ece883ce254f21c39f0e0a12d1992277fe11ef485de75d05827fbbabb4faf0af70b70776c02457873e415ade2df16b8ba726322935

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
20KB

MD5
923a543cc619ea568f91b723d9fb1ef0

SHA1
6f4ade25559645c741d7327c6e16521e43d7e1f9

SHA256
bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd

SHA512
a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
21KB

MD5
7d75a9eb3b38b5dd04b8a7ce4f1b87cc

SHA1
68f598c84936c9720c5ffd6685294f5c94000dff

SHA256
6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7

SHA512
cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
33KB

MD5
fdbf5bcfbb02e2894a519454c232d32f

SHA1
5e225710e9560458ac032ab80e24d0f3cb81b87a

SHA256
d9315d0678ac213bbe2c1de27528f82fd40dbff160f5a0c19850f891da29ea1c

SHA512
9eb86ebb1b50074df9bd94f7660df6f362b5a46411b35ce820740f629f8ef77f0b49a95c5550441a7db2b2638f0ed3d0204cb8f8c76391c05401506833b8c916

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033

Filesize
186KB

MD5
740a924b01c31c08ad37fe04d22af7c5

SHA1
34feb0face110afc3a7673e36d27eee2d4edbbff

SHA256
f0e1953b71cc4abbffdd5096d99dfb274688e517c381b15c3446c28a4ac416e0

SHA512
da7061f944c69245c2f66b0e6a8b5a9bca91bda8a73f99734dcb23db56c5047de796fa7e348ff8840d9ac123436e38a4206408573215b7e5e98942ea6d66bb7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
adfd82baae2adcb438105756040cac1d

SHA1
034257a451c1a95e4137a3167f5fd720f09c64f2

SHA256
af95e1b7ba19c58164ad7f1eb62ac95961cc353ff17a3e07112ac20dcff61073

SHA512
f62c9e8005b77fa059e3703878305e7c329415eb2f2bc90b9844aaba098596182a4e345fed385b48f2586c34b6c79f1a1a955b3b4a0019f9513cdb95dc7576e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
7b311e0dabf8859380350c7cbaeb7fe7

SHA1
f97e28fc864fa9eb5af07c0e01a6d37aba3b3108

SHA256
194fe9c10d5e65a3598c8bf64003cdef0dc6e54295fa59711299a4dcdd9cb33d

SHA512
c46f75aa9b64cb6d498c739a73d15686ae3c60a817337362bb9944031c8e116a58ef544d576b16be1a3360176a61dd1c0c1f17c1b272546771e640237a7fa942

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
379f9b39fb039a74f94c6d3ed3190a77

SHA1
5f86f1ba619171395bb4a3956bbfbd8c01354e03

SHA256
2484348c9398b57f4cd0bba26ddda655ec83ef7af018acee1f31da1b27021481

SHA512
c46241b3795f7b34962a8a8919850f3f8e36362aacf0bf6a2f0a9bc065f25a303296621a467ae23223fc5eed95bf0a257595f7f5f461b079d46fd88b13106aff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
7c03a44a652f546814869ddd7eef565e

SHA1
369f6b00d304a1ae076e2fc8844209d001b56663

SHA256
1e9618edb47b2380a0aabe4a5dc06d2323934bd4fe5e73ca95be46375fd7d3c6

SHA512
4a7d0f6e2f09fd4c0c04d63e08797ad7ba8381bffc881c79204672ecb044e650dc4af787c7a47301688ad38c5d801a824daf2add0d3985b121bf542fc718d884

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
fb25940ea3f533ab8bf4da35b648173f

SHA1
3f8f0b3474dfdca8b9fc119b05bba7432ff9556c

SHA256
986f42dc50a696475eba584bb38c9de2af1e1c253fd2136f32873b6efb86b079

SHA512
d3c0ef540dbb8bc184013266b6302c908d92aab32c02e87fcfacfdff816a65b754936ad7118dbc863fec725f5fb3f63448e651bddd85c277200aa2062e4f3cd7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
f1881400134252667af6731236741098

SHA1
6fbc4f34542d449afdb74c9cfd4a6d20e6cdc458

SHA256
d6fcec1880d69aaa0229f515403c1a5ac82787f442c37f1c0c96c82ec6c15b75

SHA512
18b9ac92c396a01b6662a4a8a21b995d456716b70144a136fced761fd0a84c99e8bd0afb9585625809b87332da75727b82a07b151560ea253a3b8c241b799450

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
1e29bd565974440e084c5fe3c4ca8bb2

SHA1
c48f74767f032f89a00839721c7b743f16e01e60

SHA256
4561142178e0bf213733901ec1f345e141d7a5f39c5639247231c119fbf118e6

SHA512
ac3d92b7eb94a48fcf01767fce48468b465fde5633235655346ace6372899860b04125a716a07a23c381b7b971bb1bfafe1379b4be4bd60a7bce27ec9fe03c19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
20a523f692758996a32131fbbff7a185

SHA1
a0efc061a151733c969b6ce63741aa1a44a71be6

SHA256
3b6d517a722056f47fbe87069da56003767e2f8690d187d7f6b6c827442bb68e

SHA512
88b2f89acc8abb9f584c50b5049ec7ae4c0ec50c7ab7d5c92db11d2bdbaeda22b7002004284fe4514834fa2dccd791adbccaae0eec1292bd38a02babeb72dd84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe587932.TMP

Filesize
1KB

MD5
102632c8644ca56e89dd5082d20716ed

SHA1
78a5f27084768629ed5fa1edd955c30abfe82c81

SHA256
f267bf955d68b2f47cf8b9722a0346fb49daa9c378d81b56d81813be2e46f43d

SHA512
2db2fc3cad6ecbab0d3938d18750ddf5b1dfe4d05bb26a0d9d47cb205337d317735ed9b895d24c726fd0afbc9fcde918412aa41c51b84fc438fc66cb56173df6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
69c9d862cd942b91baa03eb1dc4ad616

SHA1
1b492c73199c4bd0b13c9b028cfd15bac55e81a3

SHA256
a4a6ddf4c823dc2374bca0dbceb0c5c7cb2ff4a85b668b9a3353bfb32a40a286

SHA512
ec93dec9b20c5f60abf72554ea517f4c01498a2c5db593f85e0c624f40398fa20e1cd154691af17bbbca9128ac9c8df63c1a553f824d595e23095e9c336a04a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
69c9d862cd942b91baa03eb1dc4ad616

SHA1
1b492c73199c4bd0b13c9b028cfd15bac55e81a3

SHA256
a4a6ddf4c823dc2374bca0dbceb0c5c7cb2ff4a85b668b9a3353bfb32a40a286

SHA512
ec93dec9b20c5f60abf72554ea517f4c01498a2c5db593f85e0c624f40398fa20e1cd154691af17bbbca9128ac9c8df63c1a553f824d595e23095e9c336a04a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
a579232245914bbea6327db5e9d898fe

SHA1
e0b91bf378fe3160380f7a3f34532bdb76bcce97

SHA256
e060c08b66f7a5d7f76979d44c6486b1b7945e3041ccb7cb32d4008a09e21b5c

SHA512
5186c2a229acd3d81ee32b88c75439dac32c0d883d3b0b35bbff23b73c8bfc0f6362227b69c9eca7f3ef13b98409cb60ec87783ba7c26a1008c942e39c0fcf69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
6b7dbb611b4a908d2cc4ae44b76b0fbe

SHA1
7604bba3acb50c2270575b3adaab72578b8875ef

SHA256
21694e548f71a89cdb29b62166f95db2eb690092626fd4b1f7d7b4d47f4e89db

SHA512
079d475ca39211ac0b14826c62d57ee15cc8c2932061d5410348f1e0895996d79a4eebd794f400ba1e662fe7dc3b8ef86eb9a95feaf8ccabbe16cc15e981c890

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
2efa47c6db36bf4698900288e538212e

SHA1
120eb81f34dc758eb76e06af3404dce6b276d51c

SHA256
594bb59b4fcda8679cf9b195bde7b3900a355aad856dc7f0e4dbedf968ab44f6

SHA512
bab99bebe1a91cb319668b1bafa48f4fc4f40feac3d9e7c86f9766f8f35b35b8973b3548fc906a612fd5ea79d28e71593c807616ad3066118b8bc4621d22e167

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
2efa47c6db36bf4698900288e538212e

SHA1
120eb81f34dc758eb76e06af3404dce6b276d51c

SHA256
594bb59b4fcda8679cf9b195bde7b3900a355aad856dc7f0e4dbedf968ab44f6

SHA512
bab99bebe1a91cb319668b1bafa48f4fc4f40feac3d9e7c86f9766f8f35b35b8973b3548fc906a612fd5ea79d28e71593c807616ad3066118b8bc4621d22e167

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
0d39d27ca420d1c8c7918f785f151f74

SHA1
05eabeac77a10c73ec3a2896e637007e7533bbc7

SHA256
a906206d18ffa59992f14a7571282956b0fad24d3a5be4a2a487a890d8cdea8f

SHA512
af46ec1e3f05b7ffef0eb4560c1c8cf8a066a49221cc3d828c28b62e019f6e826b03f666bf0dd9e8b2873227589ff3a319925ecfc744cae4476a8fea0806a721

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
0d39d27ca420d1c8c7918f785f151f74

SHA1
05eabeac77a10c73ec3a2896e637007e7533bbc7

SHA256
a906206d18ffa59992f14a7571282956b0fad24d3a5be4a2a487a890d8cdea8f

SHA512
af46ec1e3f05b7ffef0eb4560c1c8cf8a066a49221cc3d828c28b62e019f6e826b03f666bf0dd9e8b2873227589ff3a319925ecfc744cae4476a8fea0806a721

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2dbfa081202af63f474cbd3be72a6708

SHA1
700cb31564224fd7f71951ad0b6de0a65aecabf0

SHA256
3bd0a87f054e6fa41947a0fd7e3d3c223187b1759447fc8416c46dc182ea3203

SHA512
b38f21bfa96ded8d45f37fb17aede613b1430c7fdf5839334c012eb3cc588a8a3a19df5c06379f5d64207ef0d996dfb8a7b014fb59a0f2624315afd796da094f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
a579232245914bbea6327db5e9d898fe

SHA1
e0b91bf378fe3160380f7a3f34532bdb76bcce97

SHA256
e060c08b66f7a5d7f76979d44c6486b1b7945e3041ccb7cb32d4008a09e21b5c

SHA512
5186c2a229acd3d81ee32b88c75439dac32c0d883d3b0b35bbff23b73c8bfc0f6362227b69c9eca7f3ef13b98409cb60ec87783ba7c26a1008c942e39c0fcf69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
2efa47c6db36bf4698900288e538212e

SHA1
120eb81f34dc758eb76e06af3404dce6b276d51c

SHA256
594bb59b4fcda8679cf9b195bde7b3900a355aad856dc7f0e4dbedf968ab44f6

SHA512
bab99bebe1a91cb319668b1bafa48f4fc4f40feac3d9e7c86f9766f8f35b35b8973b3548fc906a612fd5ea79d28e71593c807616ad3066118b8bc4621d22e167

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
69c9d862cd942b91baa03eb1dc4ad616

SHA1
1b492c73199c4bd0b13c9b028cfd15bac55e81a3

SHA256
a4a6ddf4c823dc2374bca0dbceb0c5c7cb2ff4a85b668b9a3353bfb32a40a286

SHA512
ec93dec9b20c5f60abf72554ea517f4c01498a2c5db593f85e0c624f40398fa20e1cd154691af17bbbca9128ac9c8df63c1a553f824d595e23095e9c336a04a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
6b7dbb611b4a908d2cc4ae44b76b0fbe

SHA1
7604bba3acb50c2270575b3adaab72578b8875ef

SHA256
21694e548f71a89cdb29b62166f95db2eb690092626fd4b1f7d7b4d47f4e89db

SHA512
079d475ca39211ac0b14826c62d57ee15cc8c2932061d5410348f1e0895996d79a4eebd794f400ba1e662fe7dc3b8ef86eb9a95feaf8ccabbe16cc15e981c890

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
0d39d27ca420d1c8c7918f785f151f74

SHA1
05eabeac77a10c73ec3a2896e637007e7533bbc7

SHA256
a906206d18ffa59992f14a7571282956b0fad24d3a5be4a2a487a890d8cdea8f

SHA512
af46ec1e3f05b7ffef0eb4560c1c8cf8a066a49221cc3d828c28b62e019f6e826b03f666bf0dd9e8b2873227589ff3a319925ecfc744cae4476a8fea0806a721

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\da40ddbe-3782-4c05-9444-d0700d1dc6e3.tmp

Filesize
2KB

MD5
6b7dbb611b4a908d2cc4ae44b76b0fbe

SHA1
7604bba3acb50c2270575b3adaab72578b8875ef

SHA256
21694e548f71a89cdb29b62166f95db2eb690092626fd4b1f7d7b4d47f4e89db

SHA512
079d475ca39211ac0b14826c62d57ee15cc8c2932061d5410348f1e0895996d79a4eebd794f400ba1e662fe7dc3b8ef86eb9a95feaf8ccabbe16cc15e981c890

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202311121905561\additional_file0.tmp

Filesize
1.9MB

MD5
b0f128c3579e6921cfff620179fb9864

SHA1
60e19c987a96182206994ffd509d2849fdb427e3

SHA256
1c3ddbdd3a8cc2e66a5f4c4db388dff028cd437d42f8982ddf7695cf38a1a9ee

SHA512
17977d85cbdbd4217098850d7eaff0a51e34d641648ec29e843fc299668d8127e367622c82b2a9ceab364099da8c707c8b4aa039e747102d7c950447a5d29212

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202311121905561\opera_package

Filesize
2.9MB

MD5
0f01476a254d9d8fa327504d0aad3395

SHA1
e720598f20521e6ca617075e8fcbecf5e0df28da

SHA256
c740f175e54bec1028bb57b2988494a51adc39ddbba0f81e8dac36fbab30042c

SHA512
3d349ef8e6e0752f47a036172c0910d49e3e8589bd0c6aec2b09578db31a4c45b35d6be9708e6b1865c71f45ec1c78663c5f1664b21182aaab6ee4f2599618e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe

Filesize
4.1MB

MD5
df8a130ef93c8922c459371bcd31d9c7

SHA1
7b4bdfdabb5ff08de0f83ed6858c57ba18f0d393

SHA256
0a394d266e36ef9b75ae2c390a7b68fa50e5188b8338217cf68deda683c84d40

SHA512
364f4c1cb242115266eea05a05bdc1068a6ce7778ae01f84dc3e570acbf5cda134f15e0addd2c7818fba326708b30362f29279e0ce96db51a8db73729f4af99a

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\kC0eO74.exe

Filesize
1003KB

MD5
9f15bae03e4c964828b1d041e6608528

SHA1
f193c8780cdcbc34956699ac37d74aa5047b15e8

SHA256
210e10f0fae231205fbbdaf1b5897b0311319c8657216fbdb8ed3280b4b04003

SHA512
ccfee9bd9cc4ccdffa53af82bcac5318631cba7425c70141e1ab7a37881b5bc6978be2a305fd897972216479045081d69a976f9b4aecb2265cac6f390a570891

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\kC0eO74.exe

Filesize
1003KB

MD5
9f15bae03e4c964828b1d041e6608528

SHA1
f193c8780cdcbc34956699ac37d74aa5047b15e8

SHA256
210e10f0fae231205fbbdaf1b5897b0311319c8657216fbdb8ed3280b4b04003

SHA512
ccfee9bd9cc4ccdffa53af82bcac5318631cba7425c70141e1ab7a37881b5bc6978be2a305fd897972216479045081d69a976f9b4aecb2265cac6f390a570891

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\WE6UX34.exe

Filesize
781KB

MD5
9a6eb4ed5353a5f956b6c8992c290cf1

SHA1
432d544df8150096bedc5719783f336496b33fb3

SHA256
0bf2af0a1980ab1ffe0586ed125bff5c56aea715a513cd97763034162e7d7826

SHA512
0794a39086ef7eb8f95fb649bf69772d81d9fc68b2697661b3c27a969f2e9ad562170273fe5bec95ed8e6ec5d46cb6781c5b70790d2f1d830e36b6ca933e3e63

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\WE6UX34.exe

Filesize
781KB

MD5
9a6eb4ed5353a5f956b6c8992c290cf1

SHA1
432d544df8150096bedc5719783f336496b33fb3

SHA256
0bf2af0a1980ab1ffe0586ed125bff5c56aea715a513cd97763034162e7d7826

SHA512
0794a39086ef7eb8f95fb649bf69772d81d9fc68b2697661b3c27a969f2e9ad562170273fe5bec95ed8e6ec5d46cb6781c5b70790d2f1d830e36b6ca933e3e63

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7WI49RD.exe

Filesize
37KB

MD5
b938034561ab089d7047093d46deea8f

SHA1
d778c32cc46be09b107fa47cf3505ba5b748853d

SHA256
260784b1afd8b819cb6ccb91f01090942375e527abdc060dd835992d88c04161

SHA512
4909585c112fba3575e07428679fd7add07453e11169f33922faca2012d8e8fa6dfb763d991c68d3b4bbc6e78b6f37d2380c502daada325d73c7fff6c647769b

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7WI49RD.exe

Filesize
37KB

MD5
b938034561ab089d7047093d46deea8f

SHA1
d778c32cc46be09b107fa47cf3505ba5b748853d

SHA256
260784b1afd8b819cb6ccb91f01090942375e527abdc060dd835992d88c04161

SHA512
4909585c112fba3575e07428679fd7add07453e11169f33922faca2012d8e8fa6dfb763d991c68d3b4bbc6e78b6f37d2380c502daada325d73c7fff6c647769b

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\pN7eR50.exe

Filesize
656KB

MD5
9884feb0002870e71c94ed30843e7f9b

SHA1
4f04d8d8fbb6cd46f3fddbc892e00e1a443372c3

SHA256
46fed99ae18a57f89a3ec64ed74238c71a22b2a6c4282ecca4c67bf4c2eeaf25

SHA512
2d94bef89f9c09608af0d2e890f052eb066854559f197f46e32b996a85370ce7520bf294bad27829f626013167035e5507cc462cb03bdbdeebfb38231cfc1326

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\pN7eR50.exe

Filesize
656KB

MD5
9884feb0002870e71c94ed30843e7f9b

SHA1
4f04d8d8fbb6cd46f3fddbc892e00e1a443372c3

SHA256
46fed99ae18a57f89a3ec64ed74238c71a22b2a6c4282ecca4c67bf4c2eeaf25

SHA512
2d94bef89f9c09608af0d2e890f052eb066854559f197f46e32b996a85370ce7520bf294bad27829f626013167035e5507cc462cb03bdbdeebfb38231cfc1326

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1nr65WW1.exe

Filesize
895KB

MD5
16c74bfe0cdf8ff514c4858f998a613d

SHA1
ff73b062e9ef3cd2f13899581cbfc73a0eeec6ad

SHA256
0f2ac45346698c5d96ce418c958a81b0be77f156a7013dc12802bb1f19bbbb9a

SHA512
123ed4505262b89eaf40616415def7db0bead1d8dafb2ca8cf6ce4dc3176f3265be4e447844feb8395f6ea73c6ca0ff4371d77801ea65c6fa4a4705431ff3610

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1nr65WW1.exe

Filesize
895KB

MD5
16c74bfe0cdf8ff514c4858f998a613d

SHA1
ff73b062e9ef3cd2f13899581cbfc73a0eeec6ad

SHA256
0f2ac45346698c5d96ce418c958a81b0be77f156a7013dc12802bb1f19bbbb9a

SHA512
123ed4505262b89eaf40616415def7db0bead1d8dafb2ca8cf6ce4dc3176f3265be4e447844feb8395f6ea73c6ca0ff4371d77801ea65c6fa4a4705431ff3610

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2or4646.exe

Filesize
276KB

MD5
a2611ecda3e7322c314b24c34507f514

SHA1
13cb36daa7bcdd31a7f436fcac9e547a0238d3a2

SHA256
0186fac1bc00cae83db349c4eebc9567302c93d1abdb8dd99bd675749a222f74

SHA512
5bcbf3467eb5d58c21b0d286cb857421df5d389faa3ae9732ef606138c4ebb38a04a166dd0c594b12ece38d370a7d9685a2fafaeaa4cd48c430419370869506a

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2or4646.exe

Filesize
276KB

MD5
a2611ecda3e7322c314b24c34507f514

SHA1
13cb36daa7bcdd31a7f436fcac9e547a0238d3a2

SHA256
0186fac1bc00cae83db349c4eebc9567302c93d1abdb8dd99bd675749a222f74

SHA512
5bcbf3467eb5d58c21b0d286cb857421df5d389faa3ae9732ef606138c4ebb38a04a166dd0c594b12ece38d370a7d9685a2fafaeaa4cd48c430419370869506a

Download Submit
C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe

Filesize
2.5MB

MD5
f13cf6c130d41595bc96be10a737cb18

SHA1
6b14ea97930141aa5caaeeeb13dd4c6dad55d102

SHA256
dd7aaf7ef0e5b3797eaf5182e7b192fa014b735e129e00e0c662829ce0c2515f

SHA512
ccd4f57b1af1f348fcf9f519a4789c04b499ac5e02ccb7333d0a42fa1cb1fdf9f969103b3a5467e278cd5c6cbbbbebaac4577d0c220e13335575a13408c79b48

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2311121905552544372.dll

Filesize
4.6MB

MD5
0d2cf5e6c13d156467618f37174dd4b5

SHA1
a324c41cbbf96e458072f337a2ef2a61db463d60

SHA256
1845335f4172bd93f2011ff12da6f3d2f99d33740cc1f3ab2201b8205cb773b6

SHA512
f2af281d0702aab8984de88376986f09efc1f4c891353bc6bd4f2c40576ae33858912261502c78b5e0fa92f255a992d4532cf9a9e76a53b46ea263a6b60e2cdc

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_gsfkhblo.qlj.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\latestX.exe

Filesize
5.6MB

MD5
bae29e49e8190bfbbf0d77ffab8de59d

SHA1
4a6352bb47c7e1666a60c76f9b17ca4707872bd9

SHA256
f91e4ff7811a5848561463d970c51870c9299a80117a89fb86a698b9f727de87

SHA512
9e6cf6519e21143f9b570a878a5ca1bba376256217c34ab676e8d632611d468f277a0d6f946ab8705121002d96a89274f38458affe3df3a3a1c75e336d7d66e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\random.exe

Filesize
141KB

MD5
326781a332c7040492dc96b13fb126e5

SHA1
d03d8e89a6c75a14f512eeabf180a2f69d30e884

SHA256
0f09f8f60741e8b3c28dc927ff1b3318d8faa623d641704b605bc38142f54f28

SHA512
e701babafad09f1115511949f3061275bc6fbc54756d40f038aa9be708ff06736413367395bff7e157035aa9260ada439ad9a8d4c2c48c14de94c42f6ec0c2bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\toolspub2.exe

Filesize
221KB

MD5
82cd8d85dc427bfd991758f573525d23

SHA1
8a9f53dced366c5afb0e2a26186059fc34f9423d

SHA256
728a6f117ca91dfa121d74832b9eac2b995ec9887700c7832603730e0300bf4b

SHA512
422ecd38f2d744138dbc9994756407c4bccb9d539cda18bcf873824d1658c9fd264f31af356e171ff728e98d1a90e88af776b238b8fb7d4b4102ff9a8cc10e8a

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat

Filesize
40B

MD5
eee2a401bedd9882077ff7f113f895db

SHA1
e754a7e7e340d99cd46f69d6ad97fa707cdd244d

SHA256
49d2c239e13ff410e7bdefa6c0bbe6a3ca84fe3f38b7c5cd28b8b46fbc616d43

SHA512
8bdccfe559714c293b5f551e9581e9e60e4c7ebf81e3007b1f215455c5f99bd3b66078abad440b72db5651213d378a94fa62b3cbb864e60c94853c447cd55ab2

Download Submit
C:\Users\Admin\Pictures\3vL6AuCFQiMgg3oirP7QZDw7.exe

Filesize
5.2MB

MD5
9873907d252dcecd6baea9a11ac4b0da

SHA1
102562c75d3dbb2c9b2922674f83c5f0f36e3d0c

SHA256
a5c68511132b9590f0d60bc6fa5f43999c25d636d0b29aae1ff3787688907fe7

SHA512
2054607e09f31d65060a8b8205755f785b5ea0be9b248977b00fa95ed2938313309876d91b7fef5d33866024cf52cf0dd7a73336e703e035770e24b506db19c8

Download Submit
C:\Users\Admin\Pictures\9k9ie1WRdRdUsmCm8E0YPh1b.exe

Filesize
7KB

MD5
fcad815e470706329e4e327194acc07c

SHA1
c4edd81d00318734028d73be94bc3904373018a9

SHA256
280d939a66a0107297091b3b6f86d6529ef6fac222a85dbc82822c3d5dc372b8

SHA512
f4031b49946da7c6c270e0354ac845b5c77b9dfcd267442e0571dd33ccd5146bc352ed42b59800c9d166c8c1ede61469a00a4e8d3738d937502584e8a1b72485

Download Submit
C:\Users\Admin\Pictures\ND5vKX6TYN0xCT1xt3KReXs5.exe

Filesize
4.1MB

MD5
33e2408ab2f3f47b3ad395d65edba49e

SHA1
b86af85e8e438c12c7abd1b047edd229cf67219b

SHA256
2652450865e1ce350dd9674cb08100d68e4018bf5b6f74720c57e03f5ad98c23

SHA512
d7e4fc31361b2933a0ad1aa3a4020452b7d84232eb5ecba411edaf68c6041242d6b3677bf25393965a5b54b555cf4307d2984aa1423afcbebff9833bdd5905fc

Download Submit
C:\Users\Admin\Pictures\aAqTWLcKvD1uLtLAfd4K5c1O.exe

Filesize
3.1MB

MD5
823b5fcdef282c5318b670008b9e6922

SHA1
d20cd5321d8a3d423af4c6dabc0ac905796bdc6d

SHA256
712f5bb403ca4ade2d3fa47b050aac51a9f573142fd8ba8bf18f5f8144214d8d

SHA512
4377d06a71291be3e52c28a2ada0b89ff185a8887c4a75972cdc5e85d95da6538d1776bc49fb190c67b8e6497225f1d63b86793f4095c8fb990a5f6659216472

Download Submit
C:\Users\Admin\Pictures\emyvPIv5hY4rjsC3a25hpXya.exe

Filesize
145KB

MD5
90dd1720cb5f0a539358d8895d3fd27a

SHA1
c1375d0b31adc36f91feb45df705c7e662c95d7d

SHA256
e69a88b0f9ec61f4acf22f9a3d96f60eb3a04db58a74eb4315700ac465de9e01

SHA512
c6e3f1e03f93f6aaa1b93bca21f3a93d6539ede45b06869d3a1daf983d5f1c68bc7e8895126b3d02d4b85854ac3991ecada77ddff2cbdc81c1e93f1f12c4ada1

Download Submit
C:\Users\Admin\Pictures\pVvnswME4djB4Wb948bbARLG.exe

Filesize
221KB

MD5
4ea71b88c6102990496206084fe59321

SHA1
32e2ccdb47350a561353fe2393f34839e3eef887

SHA256
f3a9883557b07a8bbe3ad42bf14420eb6a719c7e331c5611fe532edee2642cb6

SHA512
b7eb56da2f7ccbd70c7ec1064530e61419bb7b33eae1a74ae620caa4f58be562ee9f8edf07248d45165234fd42dba63d9b6d5d616b3815db7ef170c5b466cf39

Download Submit
C:\Users\Admin\Pictures\pZn8DGPDOEAyaXpZF5U3LBaT.exe

Filesize
4.8MB

MD5
ff6c6212c086b2ea7bb1537a6e9b0abb

SHA1
f058d292f83c16450af74d870056cb742d23b3a3

SHA256
1abe626a7cbd4639f1ba56a6c4dab7f2dd9ad08396eb80ee4a21b0f7ef69d875

SHA512
3b495b12a67cc1cfb73a195ffe62bcccd3d8cf7a8abe556f493d74c835e453b8ad80529b4a24150b25c0eee2807d5fc9e0d43f572869a926435017311cdd97d5

Download Submit
C:\Users\Admin\Pictures\xR9VsomDZ4BkcJgBy0VjD4A7.exe

Filesize
2.8MB

MD5
043ad18bc84267f9c1b19137e499fc18

SHA1
55c06c5405ba550fc5a29029306e7be4c5d9a6b2

SHA256
83aa7a34fb21c0fd6a1bc953e142bd01c468f1a402ca019cafde24d3a8631c79

SHA512
c1bc56fc70624dac7c42e94c1d41417b2be170008a362ea1ed8ba66f3434bde0abdbaafdf3b9bb323b3ef5f2105857e1bd9c8b03346313a67e114cb677e64b76

Download Submit
C:\Windows\System32\GroupPolicy\gpt.ini

Filesize
127B

MD5
8ef9853d1881c5fe4d681bfb31282a01

SHA1
a05609065520e4b4e553784c566430ad9736f19f

SHA256
9228f13d82c3dc96b957769f6081e5bac53cffca4ffde0ba1e102d9968f184a2

SHA512
5ddee931a08cfea5bb9d1c36355d47155a24d617c2a11d08364ffc54e593064011dee4fea8ac5b67029cab515d3071f0ba0422bb76af492a3115272ba8feb005

Download Submit
memory/932-838-0x0000000005200000-0x0000000005210000-memory.dmp

Filesize
64KB

Download
memory/932-826-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/932-829-0x0000000074360000-0x0000000074B10000-memory.dmp

Filesize
7.7MB

Download
memory/1236-804-0x0000000005560000-0x00000000055FC000-memory.dmp

Filesize
624KB

Download
memory/1236-802-0x0000000000CE0000-0x0000000000D0A000-memory.dmp

Filesize
168KB

Download
memory/1236-809-0x0000000074360000-0x0000000074B10000-memory.dmp

Filesize
7.7MB

Download
memory/1236-819-0x00000000057F0000-0x000000000580A000-memory.dmp

Filesize
104KB

Download
memory/1236-831-0x0000000074360000-0x0000000074B10000-memory.dmp

Filesize
7.7MB

Download
memory/1236-812-0x0000000005510000-0x0000000005520000-memory.dmp

Filesize
64KB

Download
memory/1236-817-0x00000000054B0000-0x00000000054CC000-memory.dmp

Filesize
112KB

Download
memory/1496-795-0x0000024E4A920000-0x0000024E4AA80000-memory.dmp

Filesize
1.4MB

Download
memory/1496-806-0x00007FFFCBA70000-0x00007FFFCC531000-memory.dmp

Filesize
10.8MB

Download
memory/1496-818-0x0000024E64F90000-0x0000024E64FDC000-memory.dmp

Filesize
304KB

Download
memory/1496-816-0x0000024E652F0000-0x0000024E653B8000-memory.dmp

Filesize
800KB

Download
memory/1496-811-0x0000024E65030000-0x0000024E65040000-memory.dmp

Filesize
64KB

Download
memory/1496-824-0x00007FFFCBA70000-0x00007FFFCC531000-memory.dmp

Filesize
10.8MB

Download
memory/1496-813-0x0000024E65120000-0x0000024E651E8000-memory.dmp

Filesize
800KB

Download
memory/1496-808-0x0000024E65040000-0x0000024E65120000-memory.dmp

Filesize
896KB

Download
memory/1496-803-0x0000024E64EA0000-0x0000024E64F86000-memory.dmp

Filesize
920KB

Download
memory/3300-356-0x0000000003000000-0x0000000003016000-memory.dmp

Filesize
88KB

Download
memory/3556-710-0x0000000008100000-0x0000000008166000-memory.dmp

Filesize
408KB

Download
memory/3556-719-0x0000000009A40000-0x0000000009AB6000-memory.dmp

Filesize
472KB

Download
memory/3556-741-0x0000000074360000-0x0000000074B10000-memory.dmp

Filesize
7.7MB

Download
memory/3556-708-0x00000000076F0000-0x0000000007700000-memory.dmp

Filesize
64KB

Download
memory/3556-720-0x0000000009B20000-0x0000000009CE2000-memory.dmp

Filesize
1.8MB

Download
memory/3556-721-0x0000000009D00000-0x000000000A22C000-memory.dmp

Filesize
5.2MB

Download
memory/3556-706-0x0000000074360000-0x0000000074B10000-memory.dmp

Filesize
7.7MB

Download
memory/3556-722-0x000000000A350000-0x000000000A36E000-memory.dmp

Filesize
120KB

Download
memory/3556-723-0x00000000024B0000-0x0000000002500000-memory.dmp

Filesize
320KB

Download
memory/3556-702-0x0000000000400000-0x000000000046F000-memory.dmp

Filesize
444KB

Download
memory/3556-701-0x0000000000550000-0x00000000005AA000-memory.dmp

Filesize
360KB

Download
memory/3952-849-0x00000000055F0000-0x0000000005600000-memory.dmp

Filesize
64KB

Download
memory/3952-892-0x0000000005B50000-0x0000000005B72000-memory.dmp

Filesize
136KB

Download
memory/3952-929-0x0000000006360000-0x00000000063C6000-memory.dmp

Filesize
408KB

Download
memory/3952-844-0x0000000002FF0000-0x0000000003026000-memory.dmp

Filesize
216KB

Download
memory/3952-855-0x0000000005C30000-0x0000000006258000-memory.dmp

Filesize
6.2MB

Download
memory/3952-851-0x00000000055F0000-0x0000000005600000-memory.dmp

Filesize
64KB

Download
memory/3952-847-0x0000000074360000-0x0000000074B10000-memory.dmp

Filesize
7.7MB

Download
memory/3952-950-0x0000000006440000-0x0000000006794000-memory.dmp

Filesize
3.3MB

Download
memory/4760-254-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/4760-357-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/5076-998-0x0000000074360000-0x0000000074B10000-memory.dmp

Filesize
7.7MB

Download
memory/5076-996-0x00000000000F0000-0x000000000040C000-memory.dmp

Filesize
3.1MB

Download
memory/5180-431-0x00000000081E0000-0x000000000822C000-memory.dmp

Filesize
304KB

Download
memory/5180-411-0x0000000074360000-0x0000000074B10000-memory.dmp

Filesize
7.7MB

Download
memory/5180-412-0x00000000083C0000-0x0000000008964000-memory.dmp

Filesize
5.6MB

Download
memory/5180-405-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/5180-413-0x0000000007EB0000-0x0000000007F42000-memory.dmp

Filesize
584KB

Download
memory/5180-414-0x00000000080F0000-0x0000000008100000-memory.dmp

Filesize
64KB

Download
memory/5180-423-0x0000000008060000-0x000000000806A000-memory.dmp

Filesize
40KB

Download
memory/5180-425-0x0000000008F90000-0x00000000095A8000-memory.dmp

Filesize
6.1MB

Download
memory/5180-426-0x0000000008970000-0x0000000008A7A000-memory.dmp

Filesize
1.0MB

Download
memory/5180-427-0x0000000008140000-0x0000000008152000-memory.dmp

Filesize
72KB

Download
memory/5180-428-0x00000000081A0000-0x00000000081DC000-memory.dmp

Filesize
240KB

Download
memory/5180-707-0x0000000074360000-0x0000000074B10000-memory.dmp

Filesize
7.7MB

Download
memory/5180-718-0x00000000080F0000-0x0000000008100000-memory.dmp

Filesize
64KB

Download
memory/5236-861-0x0000000074360000-0x0000000074B10000-memory.dmp

Filesize
7.7MB

Download
memory/5236-873-0x0000000005BE0000-0x0000000005BF0000-memory.dmp

Filesize
64KB

Download
memory/5236-859-0x0000000000C10000-0x0000000001008000-memory.dmp

Filesize
4.0MB

Download
memory/5260-755-0x0000000000760000-0x0000000001408000-memory.dmp

Filesize
12.7MB

Download
memory/5260-810-0x0000000074360000-0x0000000074B10000-memory.dmp

Filesize
7.7MB

Download
memory/5260-754-0x0000000074360000-0x0000000074B10000-memory.dmp

Filesize
7.7MB

Download
memory/6124-946-0x0000000000400000-0x0000000000965000-memory.dmp

Filesize
5.4MB

Download
memory/6124-796-0x0000000000B40000-0x0000000000B41000-memory.dmp

Filesize
4KB

Download
memory/6124-984-0x0000000000B40000-0x0000000000B41000-memory.dmp

Filesize
4KB

Download
memory/6220-957-0x00007FF6F72D0000-0x00007FF6F7871000-memory.dmp

Filesize
5.6MB

Download
memory/6292-250-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/6292-247-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/6292-248-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/6292-235-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/6740-990-0x0000000000050000-0x0000000000288000-memory.dmp

Filesize
2.2MB

Download
memory/7068-436-0x0000000000400000-0x0000000000488000-memory.dmp

Filesize
544KB

Download
memory/7068-434-0x0000000000400000-0x0000000000488000-memory.dmp

Filesize
544KB

Download
memory/7068-433-0x0000000000400000-0x0000000000488000-memory.dmp

Filesize
544KB

Download
memory/7068-432-0x0000000000400000-0x0000000000488000-memory.dmp

Filesize
544KB

Download
memory/7140-864-0x000001F7EA570000-0x000001F7EA650000-memory.dmp

Filesize
896KB

Download
memory/7140-854-0x000001F7EA570000-0x000001F7EA650000-memory.dmp

Filesize
896KB

Download
memory/7140-949-0x000001F7EA570000-0x000001F7EA650000-memory.dmp

Filesize
896KB

Download
memory/7140-945-0x000001F7EA570000-0x000001F7EA650000-memory.dmp

Filesize
896KB

Download
memory/7140-841-0x000001F7EA570000-0x000001F7EA650000-memory.dmp

Filesize
896KB

Download
memory/7140-839-0x000001F7EA570000-0x000001F7EA650000-memory.dmp

Filesize
896KB

Download
memory/7140-830-0x000001F7EA570000-0x000001F7EA650000-memory.dmp

Filesize
896KB

Download
memory/7140-828-0x000001F7EA570000-0x000001F7EA650000-memory.dmp

Filesize
896KB

Download
memory/7140-825-0x000001F7EA710000-0x000001F7EA720000-memory.dmp

Filesize
64KB

Download
memory/7140-906-0x000001F7EA570000-0x000001F7EA650000-memory.dmp

Filesize
896KB

Download
memory/7140-823-0x00007FFFCBA70000-0x00007FFFCC531000-memory.dmp

Filesize
10.8MB

Download
memory/7140-820-0x0000000000400000-0x00000000004AA000-memory.dmp

Filesize
680KB

Download
memory/7140-850-0x000001F7EA570000-0x000001F7EA650000-memory.dmp

Filesize
896KB

Download
memory/7140-843-0x000001F7EA570000-0x000001F7EA650000-memory.dmp

Filesize
896KB

Download
memory/7140-822-0x000001F7EA570000-0x000001F7EA654000-memory.dmp

Filesize
912KB

Download
memory/7140-862-0x000001F7EA570000-0x000001F7EA650000-memory.dmp

Filesize
896KB

Download
memory/7140-972-0x000001F7EA570000-0x000001F7EA650000-memory.dmp

Filesize
896KB

Download
memory/7140-846-0x000001F7EA570000-0x000001F7EA650000-memory.dmp

Filesize
896KB

Download
memory/7140-858-0x000001F7EA570000-0x000001F7EA650000-memory.dmp

Filesize
896KB

Download
memory/7140-928-0x000001F7EA570000-0x000001F7EA650000-memory.dmp

Filesize
896KB

Download
memory/7140-896-0x000001F7EA570000-0x000001F7EA650000-memory.dmp

Filesize
896KB

Download
memory/7140-885-0x000001F7EA570000-0x000001F7EA650000-memory.dmp

Filesize
896KB

Download
memory/7140-869-0x000001F7EA570000-0x000001F7EA650000-memory.dmp

Filesize
896KB

Download
memory/7140-874-0x000001F7EA570000-0x000001F7EA650000-memory.dmp

Filesize
896KB

Download
memory/7140-871-0x000001F7EA570000-0x000001F7EA650000-memory.dmp

Filesize
896KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads