mystic | 4914228b4bc3cf5891cb064ae431098f07da199ea9c7fdefe109c92f362795d1

Analysis

max time kernel
151s
max time network
84s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
13-11-2023 01:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

26697ca6a89c20cbc034cf52f18535c64e354d83b9686b519b6b5c54517313e8.exe
Size

1.4MB
MD5

17a2c0150e6e483df2a2b93df792aaa5
SHA1

d55bdcaf26aeab2bc84782476aac126b92bfe62c
SHA256

26697ca6a89c20cbc034cf52f18535c64e354d83b9686b519b6b5c54517313e8
SHA512

3f1ea559a3971b5acd3006d8a4b2417d48f9d4fca9a541eb66a0ca2327f7389038499cc4115d313e977187900e4013cbac2d84dfd382f3b182eb3fdeddaf6269
SSDEEP

24576:DyLRy7LSIPMW0weTeaIs1W1GSYYDntp/K9fMoPQ/Qxlv6nCNjFQouJnP:WLCL/PM4Ueh6MG8ztN2fMOQYxlCnCdy5

Score

10^/10

mystic raccoon redline smokeloader zgrat c78f27a0d43f29dbd112dbd9e387406b taiga up3 backdoor evasion infostealer persistence rat stealer themida trojan upx

Malware Config

Extracted

Family

smokeloader

Version

2022

http://5.42.92.190/fks/index.php

rc4.i32

Extracted

Family

redline

Botnet

taiga

5.42.92.51:19057

Extracted

Family

raccoon

Botnet

c78f27a0d43f29dbd112dbd9e387406b

http://31.192.237.23:80/

http://193.233.132.12:80/

Attributes

user_agent
SunShineMoonLight

xor.plain

Extracted

Family

smokeloader

Botnet

up3

Extracted

Family

smokeloader

Version

2020

http://host-file-host6.com/

http://host-host-file8.com/

rc4.i32

Signatures

Detect Mystic stealer payload 4 IoCs

resource	yara_rule
behavioral1/memory/3488-95-0x0000000000400000-0x0000000000433000-memory.dmp	mystic_family
behavioral1/memory/3488-98-0x0000000000400000-0x0000000000433000-memory.dmp	mystic_family
behavioral1/memory/3488-96-0x0000000000400000-0x0000000000433000-memory.dmp	mystic_family
behavioral1/memory/3488-84-0x0000000000400000-0x0000000000433000-memory.dmp	mystic_family

Detect ZGRat V1 2 IoCs

resource	yara_rule
behavioral1/memory/6492-1575-0x0000026B0B380000-0x0000026B0B460000-memory.dmp	family_zgrat_v1
behavioral1/memory/6492-1577-0x0000026B0B380000-0x0000026B0B460000-memory.dmp	family_zgrat_v1

Mystic
Mystic is an infostealer written in C++.
stealer mystic
Raccoon
Raccoon is an infostealer written in C++ and first seen in 2019.
stealer raccoon

Raccoon Stealer payload 2 IoCs

resource	yara_rule
behavioral1/memory/4516-1450-0x0000000000400000-0x000000000041B000-memory.dmp	family_raccoon
behavioral1/memory/4516-1443-0x0000000000400000-0x000000000041B000-memory.dmp	family_raccoon

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 3 IoCs

resource	yara_rule
behavioral1/memory/6156-380-0x0000000000400000-0x000000000043C000-memory.dmp	family_redline
behavioral1/memory/404-1075-0x0000000000400000-0x0000000000467000-memory.dmp	family_redline
behavioral1/memory/404-1076-0x0000000000570000-0x00000000005CA000-memory.dmp	family_redline

SmokeLoader
Modular backdoor trojan in use since 2014.
trojan backdoor smokeloader
ZGRat
ZGRat is remote access trojan written in C#.
rat zgrat

Modifies Windows Firewall 1 TTPs 3 IoCs

evasion

Windows Service

T1543.003

pid	Process
7680	netsh.exe
1636	netsh.exe
8000	netsh.exe

Stops running service(s) 3 TTPs
evasion

Windows Service
T1543.003

Impair Defenses
T1562

Service Stop
T1489

Executes dropped EXE 4 IoCs

pid	Process
1532	mw4ab98.exe
1460	hv2ld49.exe
1684	msedge.exe
4972	sc.exe

Themida packer 2 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
behavioral1/files/0x000600000002307d-1491.dat	themida
behavioral1/memory/7100-1574-0x00007FF72C8B0000-0x00007FF72D6BC000-memory.dmp	themida

UPX packed file 7 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0006000000023052-1337.dat	upx
behavioral1/memory/5360-1361-0x0000000000DA0000-0x00000000012C9000-memory.dmp	upx
behavioral1/memory/6952-1366-0x0000000000DA0000-0x00000000012C9000-memory.dmp	upx
behavioral1/memory/5220-1373-0x00000000005D0000-0x0000000000AF9000-memory.dmp	upx
behavioral1/memory/5220-1378-0x00000000005D0000-0x0000000000AF9000-memory.dmp	upx
behavioral1/memory/6084-1390-0x0000000000DA0000-0x00000000012C9000-memory.dmp	upx
behavioral1/memory/2676-1398-0x0000000000DA0000-0x00000000012C9000-memory.dmp	upx

Adds Run key to start application 2 TTPs 4 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\""	26697ca6a89c20cbc034cf52f18535c64e354d83b9686b519b6b5c54517313e8.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\""	mw4ab98.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup2 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP002.TMP\\\""	hv2ld49.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup3 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP003.TMP\\\""	msedge.exe

AutoIT Executable 2 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
behavioral1/files/0x0007000000022e27-26.dat	autoit_exe
behavioral1/files/0x0007000000022e27-27.dat	autoit_exe

Launches sc.exe 10 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
7744	sc.exe
4736	sc.exe
8444	sc.exe
8504	sc.exe
4972	sc.exe
8068	sc.exe
4080	sc.exe
5632	sc.exe
4632	sc.exe
5568	sc.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
6560	3488	WerFault.exe	114
4924	5428	WerFault.exe	211

Delays execution with timeout.exe 2 IoCs

evasion

pid	Process
6216	timeout.exe
1636	timeout.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 3376 wrote to memory of 1532	3376	26697ca6a89c20cbc034cf52f18535c64e354d83b9686b519b6b5c54517313e8.exe	92
PID 3376 wrote to memory of 1532	3376	26697ca6a89c20cbc034cf52f18535c64e354d83b9686b519b6b5c54517313e8.exe	92
PID 3376 wrote to memory of 1532	3376	26697ca6a89c20cbc034cf52f18535c64e354d83b9686b519b6b5c54517313e8.exe	92
PID 1532 wrote to memory of 1460	1532	mw4ab98.exe	90
PID 1532 wrote to memory of 1460	1532	mw4ab98.exe	90
PID 1532 wrote to memory of 1460	1532	mw4ab98.exe	90
PID 1460 wrote to memory of 1684	1460	hv2ld49.exe	157
PID 1460 wrote to memory of 1684	1460	hv2ld49.exe	157
PID 1460 wrote to memory of 1684	1460	hv2ld49.exe	157
PID 1684 wrote to memory of 4972	1684	msedge.exe	247
PID 1684 wrote to memory of 4972	1684	msedge.exe	247
PID 1684 wrote to memory of 4972	1684	msedge.exe	247

C:\Users\Admin\AppData\Local\Temp\26697ca6a89c20cbc034cf52f18535c64e354d83b9686b519b6b5c54517313e8.exe
"C:\Users\Admin\AppData\Local\Temp\26697ca6a89c20cbc034cf52f18535c64e354d83b9686b519b6b5c54517313e8.exe"
1⤵
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:3376
- C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\mw4ab98.exe
  C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\mw4ab98.exe
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - Suspicious use of WriteProcessMemory
  PID:1532
- - C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\8mf509SN.exe
    C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\8mf509SN.exe
    3⤵
    PID:6132
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
      4⤵
      PID:6156
- C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\9Nm2Pl6.exe
  C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\9Nm2Pl6.exe
  2⤵
  PID:6044
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
    3⤵
    PID:8768
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
    3⤵
    PID:8792

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\hv2ld49.exe
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\hv2ld49.exe
1⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:1460
- C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\HU3jN94.exe
  C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\HU3jN94.exe
  2⤵
  PID:1684
- - C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1Sg76Ys4.exe
    C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1Sg76Ys4.exe
    3⤵
    PID:4972
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
      4⤵
      PID:4320
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2232,15623052970026011864,14003821561420008524,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:8
        5⤵
        
        PID:6052
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,15623052970026011864,14003821561420008524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3884 /prefetch:1
        5⤵
        
        PID:7512
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,15623052970026011864,14003821561420008524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4224 /prefetch:1
        5⤵
        
        PID:8044
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,15623052970026011864,14003821561420008524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4384 /prefetch:1
        5⤵
        
        PID:8172
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,15623052970026011864,14003821561420008524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4560 /prefetch:1
        5⤵
        
        PID:7768
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,15623052970026011864,14003821561420008524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4892 /prefetch:1
        5⤵
        
        PID:7940
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,15623052970026011864,14003821561420008524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1
        5⤵
        
        PID:2392
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,15623052970026011864,14003821561420008524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
        5⤵
        
        PID:8228
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,15623052970026011864,14003821561420008524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
        5⤵
        
        PID:8284
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,15623052970026011864,14003821561420008524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6348 /prefetch:1
        5⤵
        
        PID:8844
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,15623052970026011864,14003821561420008524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6468 /prefetch:1
        5⤵
        
        PID:8568
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,15623052970026011864,14003821561420008524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6988 /prefetch:1
        5⤵
        
        PID:8424
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,15623052970026011864,14003821561420008524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3856 /prefetch:1
        5⤵
        
        PID:7464
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,15623052970026011864,14003821561420008524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
        5⤵
        
        PID:6760
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,15623052970026011864,14003821561420008524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
        5⤵
        
        PID:6628
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2232,15623052970026011864,14003821561420008524,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
        5⤵
        
        PID:5648
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2232,15623052970026011864,14003821561420008524,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2248 /prefetch:2
        5⤵
        
        PID:5452
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,15623052970026011864,14003821561420008524,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7280 /prefetch:1
        5⤵
        
        PID:6332
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,15623052970026011864,14003821561420008524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7272 /prefetch:1
        5⤵
        
        PID:5512
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,15623052970026011864,14003821561420008524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7568 /prefetch:1
        5⤵
        
        PID:5524
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffbc32246f8,0x7ffbc3224708,0x7ffbc3224718
        5⤵
        
        PID:2068
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2232,15623052970026011864,14003821561420008524,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6908 /prefetch:8
        5⤵
        
        PID:5176
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2232,15623052970026011864,14003821561420008524,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6908 /prefetch:8
        5⤵
        
        PID:8412
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,15623052970026011864,14003821561420008524,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7996 /prefetch:1
        5⤵
        
        PID:8600
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,15623052970026011864,14003821561420008524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8072 /prefetch:1
        5⤵
        
        PID:8576
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2232,15623052970026011864,14003821561420008524,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7404 /prefetch:8
        5⤵
        
        PID:5740
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,15623052970026011864,14003821561420008524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7416 /prefetch:1
        5⤵
        
        PID:5624
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login
      4⤵
      PID:4128
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2184,996378398931166473,6262435120373788441,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
        5⤵
        
        PID:5288
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,996378398931166473,6262435120373788441,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2
        5⤵
        
        PID:5248
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffbc32246f8,0x7ffbc3224708,0x7ffbc3224718
        5⤵
        
        PID:4620
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login/
      4⤵
      PID:4484
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffbc32246f8,0x7ffbc3224708,0x7ffbc3224718
        5⤵
        
        PID:3136
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,6796537992176800980,1728294645165787190,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
        5⤵
        
        PID:2080
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,6796537992176800980,1728294645165787190,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
        5⤵
        
        PID:5144
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform/
      4⤵
      PID:4888
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffbc32246f8,0x7ffbc3224708,0x7ffbc3224718
        5⤵
        
        PID:1680
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,3458117849047701240,854527345349239117,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3
        5⤵
        
        PID:5508
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,3458117849047701240,854527345349239117,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
        5⤵
        Executes dropped EXE
        Adds Run key to start application
        Suspicious use of WriteProcessMemory
        
        PID:1684
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login
      4⤵
      PID:2596
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffbc32246f8,0x7ffbc3224708,0x7ffbc3224718
        5⤵
        
        PID:2648
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,6234585278444240175,17978333776687552898,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
        5⤵
        
        PID:6600
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,6234585278444240175,17978333776687552898,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
        5⤵
        
        PID:6592
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin
      4⤵
      PID:4248
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffbc32246f8,0x7ffbc3224708,0x7ffbc3224718
        5⤵
        
        PID:3428
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2272,7057039817012684499,15174151335852991165,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2480 /prefetch:3
        5⤵
        
        PID:6256
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2272,7057039817012684499,15174151335852991165,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2268 /prefetch:2
        5⤵
        
        PID:4256
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
      4⤵
      PID:2452
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffbc32246f8,0x7ffbc3224708,0x7ffbc3224718
        5⤵
        
        PID:3908
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1792,18393342417277967978,1596823886845262842,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
        5⤵
        
        PID:5244
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1792,18393342417277967978,1596823886845262842,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
        5⤵
        
        PID:1292
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/
      4⤵
      PID:1740
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login
      4⤵
      PID:3588
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
      4⤵
      PID:4868
- - C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2yF9615.exe
    C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2yF9615.exe
    3⤵
    PID:4256
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"
      4⤵
      PID:3488
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3488 -s 540
        5⤵
        Program crash
        
        PID:6560
- C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7Ty77Gi.exe
  C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7Ty77Gi.exe
  2⤵
  PID:5512

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffbc32246f8,0x7ffbc3224708,0x7ffbc3224718
1⤵
PID:2880

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffbc32246f8,0x7ffbc3224708,0x7ffbc3224718
1⤵
PID:4224

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffbc32246f8,0x7ffbc3224708,0x7ffbc3224718
1⤵
PID:4948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 3488 -ip 3488
1⤵
PID:5652

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6636

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:7724

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,4773379683348028041,7422644592163821288,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
1⤵
PID:5968

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,4773379683348028041,7422644592163821288,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
1⤵
PID:1852

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,13516835278848735888,1879259442538307493,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
1⤵
PID:5572

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,13516835278848735888,1879259442538307493,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
1⤵
PID:5520

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1896,13193072581638941705,7092146873496234660,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
1⤵
PID:5212

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,13193072581638941705,7092146873496234660,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
1⤵
PID:5460

C:\Users\Admin\AppData\Local\Temp\B36.exe
C:\Users\Admin\AppData\Local\Temp\B36.exe
1⤵
PID:404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
  2⤵
  PID:1840
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2192,6739824010314427085,7017372193941229660,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
    3⤵
    PID:6588
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,6739824010314427085,7017372193941229660,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
    3⤵
    PID:8424
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,6739824010314427085,7017372193941229660,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
    3⤵
    PID:6468
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2192,6739824010314427085,7017372193941229660,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2936 /prefetch:8
    3⤵
    PID:5644
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,6739824010314427085,7017372193941229660,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:2
    3⤵
    PID:5476
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,6739824010314427085,7017372193941229660,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4552 /prefetch:1
    3⤵
    PID:7780
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,6739824010314427085,7017372193941229660,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4528 /prefetch:1
    3⤵
    PID:5432
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,6739824010314427085,7017372193941229660,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:1
    3⤵
    PID:4840
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,6739824010314427085,7017372193941229660,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4484 /prefetch:1
    3⤵
    PID:3168
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,6739824010314427085,7017372193941229660,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
    3⤵
    PID:5944
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,6739824010314427085,7017372193941229660,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4604 /prefetch:8
    3⤵
    PID:7792
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,6739824010314427085,7017372193941229660,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4604 /prefetch:8
    3⤵
    PID:7804

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffbc32246f8,0x7ffbc3224708,0x7ffbc3224718
1⤵
PID:4152

C:\Users\Admin\AppData\Local\Temp\2259.exe
C:\Users\Admin\AppData\Local\Temp\2259.exe
1⤵
PID:6264
- C:\Users\Admin\AppData\Local\Temp\toolspub2.exe
  "C:\Users\Admin\AppData\Local\Temp\toolspub2.exe"
  2⤵
  PID:5204
- - C:\Users\Admin\AppData\Local\Temp\toolspub2.exe
    "C:\Users\Admin\AppData\Local\Temp\toolspub2.exe"
    3⤵
    PID:6264
- C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe
  "C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe"
  2⤵
  PID:5564
- - C:\Users\Admin\AppData\Local\Temp\Broom.exe
    C:\Users\Admin\AppData\Local\Temp\Broom.exe
    3⤵
    PID:6700
- C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe
  "C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"
  2⤵
  PID:7136
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell -nologo -noprofile
    3⤵
    PID:5984
- - C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe
    "C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe"
    3⤵
    PID:4564
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell -nologo -noprofile
      4⤵
      PID:7748
  - - C:\Windows\system32\cmd.exe
      C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"
      4⤵
      PID:1560
    - - C:\Windows\system32\netsh.exe
        
        netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes
        5⤵
        Modifies Windows Firewall
        
        PID:8000
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell -nologo -noprofile
      4⤵
      PID:5508
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      powershell -nologo -noprofile
      4⤵
      PID:8608
- C:\Users\Admin\AppData\Local\Temp\random.exe
  "C:\Users\Admin\AppData\Local\Temp\random.exe"
  2⤵
  PID:8792
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp\random.exe" -Force
    3⤵
    PID:7560
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe"
    3⤵
    PID:1876
  - - C:\Users\Admin\Pictures\XSNNHHukyzLiR1KKISDwnX7u.exe
      "C:\Users\Admin\Pictures\XSNNHHukyzLiR1KKISDwnX7u.exe"
      4⤵
      PID:5428
    - - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c timeout /t 5 & del /f /q "C:\Users\Admin\Pictures\XSNNHHukyzLiR1KKISDwnX7u.exe" & del "C:\ProgramData\*.dll"" & exit
        5⤵
        
        PID:8824
      - C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 5
        6⤵
        Delays execution with timeout.exe
        
        PID:1636
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5428 -s 1856
        5⤵
        Program crash
        
        PID:4924
  - - C:\Users\Admin\Pictures\2jVw4rLuu5pGJaItywUsZ5Ak.exe
      "C:\Users\Admin\Pictures\2jVw4rLuu5pGJaItywUsZ5Ak.exe"
      4⤵
      PID:388
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -nologo -noprofile
        5⤵
        
        PID:9108
    - - C:\Users\Admin\Pictures\2jVw4rLuu5pGJaItywUsZ5Ak.exe
        
        "C:\Users\Admin\Pictures\2jVw4rLuu5pGJaItywUsZ5Ak.exe"
        5⤵
        
        PID:7708
      - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -nologo -noprofile
        6⤵
        
        PID:3756
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"
        6⤵
        
        PID:8376
        
        C:\Windows\system32\netsh.exe
        
        netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes
        7⤵
        Modifies Windows Firewall
        
        PID:7680
      - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -nologo -noprofile
        6⤵
        
        PID:5868
      - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -nologo -noprofile
        6⤵
        
        PID:8960
  - - C:\Users\Admin\Pictures\wddTqaSYXU1x6PutbB8qlW3N.exe
      "C:\Users\Admin\Pictures\wddTqaSYXU1x6PutbB8qlW3N.exe"
      4⤵
      PID:5712
    - - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c timeout /t 5 & del /f /q "C:\Users\Admin\Pictures\wddTqaSYXU1x6PutbB8qlW3N.exe" & del "C:\ProgramData\*.dll"" & exit
        5⤵
        
        PID:4480
      - C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 5
        6⤵
        Delays execution with timeout.exe
        
        PID:6216
  - - C:\Users\Admin\Pictures\rqaoLdYuip87iViKEhizkGMS.exe
      "C:\Users\Admin\Pictures\rqaoLdYuip87iViKEhizkGMS.exe"
      4⤵
      PID:6332
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -nologo -noprofile
        5⤵
        
        PID:6496
    - - C:\Users\Admin\Pictures\rqaoLdYuip87iViKEhizkGMS.exe
        
        "C:\Users\Admin\Pictures\rqaoLdYuip87iViKEhizkGMS.exe"
        5⤵
        
        PID:6564
      - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -nologo -noprofile
        6⤵
        
        PID:8348
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"
        6⤵
        
        PID:5816
        
        C:\Windows\system32\netsh.exe
        
        netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes
        7⤵
        Modifies Windows Firewall
        
        PID:1636
      - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -nologo -noprofile
        6⤵
        
        PID:5140
      - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -nologo -noprofile
        6⤵
        
        PID:4956
  - - C:\Users\Admin\Pictures\I40bVB5Og9NizfLe9MYi0MYv.exe
      "C:\Users\Admin\Pictures\I40bVB5Og9NizfLe9MYi0MYv.exe" --silent --allusers=0
      4⤵
      PID:5360
    - - C:\Users\Admin\Pictures\I40bVB5Og9NizfLe9MYi0MYv.exe
        
        C:\Users\Admin\Pictures\I40bVB5Og9NizfLe9MYi0MYv.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=104.0.4944.54 --initial-client-data=0x2e0,0x2e4,0x2e8,0x2bc,0x2ec,0x6b6f5648,0x6b6f5658,0x6b6f5664
        5⤵
        
        PID:6952
    - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\I40bVB5Og9NizfLe9MYi0MYv.exe
        
        "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\I40bVB5Og9NizfLe9MYi0MYv.exe" --version
        5⤵
        
        PID:5220
    - - C:\Users\Admin\Pictures\I40bVB5Og9NizfLe9MYi0MYv.exe
        
        "C:\Users\Admin\Pictures\I40bVB5Og9NizfLe9MYi0MYv.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --show-intro-overlay --server-tracking-data=server_tracking_data --initial-pid=5360 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20231113011210" --session-guid=760705aa-9669-4d35-9405-a0d0cc3f6ed0 --server-tracking-blob=ZGI5OGU4ZTYxYzFhZDQ2OTY0ZDBlMjU1MDFmNDgzZjIwODhiMzRiODdiNTk2NmFlMGU1Nzg3NTJmNjBjZTk1Yzp7ImNvdW50cnkiOiJOTCIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijp7Im5hbWUiOiJvcGVyYSJ9LCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cy8/dXRtX21lZGl1bT1hcGImdXRtX3NvdXJjZT1ta3QmdXRtX2NhbXBhaWduPTc2NyIsInN5c3RlbSI6eyJwbGF0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjEwIiwicGFja2FnZSI6IkVYRSJ9fSwidGltZXN0YW1wIjoiMTY5OTgzNzkyNy4wNzI1IiwidXRtIjp7ImNhbXBhaWduIjoiNzY3IiwibWVkaXVtIjoiYXBiIiwic291cmNlIjoibWt0In0sInV1aWQiOiJjZjcyMDkzMC0xNjgzLTRiMGYtOWEzZC1hNGMzZDhkYjYwNzIifQ== --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=6004000000000000
        5⤵
        
        PID:6084
      - C:\Users\Admin\Pictures\I40bVB5Og9NizfLe9MYi0MYv.exe
        
        C:\Users\Admin\Pictures\I40bVB5Og9NizfLe9MYi0MYv.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=104.0.4944.54 --initial-client-data=0x2ec,0x2f0,0x2f4,0x2bc,0x2f8,0x6ac05648,0x6ac05658,0x6ac05664
        6⤵
        
        PID:2676
    - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202311130112101\assistant\Assistant_103.0.4928.25_Setup.exe_sfx.exe
        
        "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202311130112101\assistant\Assistant_103.0.4928.25_Setup.exe_sfx.exe"
        5⤵
        
        PID:9064
    - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202311130112101\assistant\assistant_installer.exe
        
        "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202311130112101\assistant\assistant_installer.exe" --version
        5⤵
        
        PID:6652
      - C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202311130112101\assistant\assistant_installer.exe
        
        "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202311130112101\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=103.0.4928.25 --initial-client-data=0x268,0x26c,0x270,0x244,0x274,0xba1588,0xba1598,0xba15a4
        6⤵
        
        PID:4240
  - - C:\Users\Admin\Pictures\I0OmDs4a2GT1Iq26noqs4QRF.exe
      "C:\Users\Admin\Pictures\I0OmDs4a2GT1Iq26noqs4QRF.exe"
      4⤵
      PID:6012
    - - C:\Users\Admin\AppData\Local\Temp\Broom.exe
        
        C:\Users\Admin\AppData\Local\Temp\Broom.exe
        5⤵
        
        PID:6812
  - - C:\Users\Admin\Pictures\w3haUGLm1nxgcaFeRZ87BQ2K.exe
      "C:\Users\Admin\Pictures\w3haUGLm1nxgcaFeRZ87BQ2K.exe"
      4⤵
      PID:7100
- C:\Users\Admin\AppData\Local\Temp\latestX.exe
  "C:\Users\Admin\AppData\Local\Temp\latestX.exe"
  2⤵
  PID:7736

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5388

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1408

C:\Users\Admin\AppData\Local\Temp\26DE.exe
C:\Users\Admin\AppData\Local\Temp\26DE.exe
1⤵
PID:6868
- C:\Users\Admin\AppData\Local\Temp\26DE.exe
  C:\Users\Admin\AppData\Local\Temp\26DE.exe
  2⤵
  PID:6492

C:\Users\Admin\AppData\Local\Temp\3508.exe
C:\Users\Admin\AppData\Local\Temp\3508.exe
1⤵
PID:4812
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
  C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
  2⤵
  PID:4516
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
  C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
  2⤵
  PID:5448

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force
1⤵
PID:5528

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -s WPDBusEnum
1⤵
PID:456

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc
1⤵
PID:5076

C:\Users\Admin\AppData\Local\Temp\EC72.exe
C:\Users\Admin\AppData\Local\Temp\EC72.exe
1⤵
PID:5540
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe
  C:\Windows\Microsoft.NET\Framework\v4.0.30319\jsc.exe
  2⤵
  PID:4432

C:\Users\Admin\AppData\Local\Temp\F06B.exe
C:\Users\Admin\AppData\Local\Temp\F06B.exe
1⤵
PID:7812

C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc
1⤵
PID:7124
- C:\Windows\System32\sc.exe
  sc stop UsoSvc
  2⤵
  - Executes dropped EXE
  - Launches sc.exe
  PID:4972
- C:\Windows\System32\sc.exe
  sc stop WaaSMedicSvc
  2⤵
  - Launches sc.exe
  PID:5568
- C:\Windows\System32\sc.exe
  sc stop wuauserv
  2⤵
  - Launches sc.exe
  PID:8068
- C:\Windows\System32\sc.exe
  sc stop bits
  2⤵
  - Launches sc.exe
  PID:4080
- C:\Windows\System32\sc.exe
  sc stop dosvc
  2⤵
  - Launches sc.exe
  PID:7744

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#nvjdnn#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /ru 'System' /tn 'GoogleUpdateTaskMachineQC' /tr '''C:\Program Files\Google\Chrome\updater.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Program Files\Google\Chrome\updater.exe') -Trigger (New-ScheduledTaskTrigger -AtStartup) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'GoogleUpdateTaskMachineQC' -User 'System' -RunLevel 'Highest' -Force; }
1⤵
PID:7604

C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0
1⤵
PID:3904
- C:\Windows\System32\powercfg.exe
  powercfg /x -hibernate-timeout-ac 0
  2⤵
  PID:5740
- C:\Windows\System32\powercfg.exe
  powercfg /x -hibernate-timeout-dc 0
  2⤵
  PID:6276
- C:\Windows\System32\powercfg.exe
  powercfg /x -standby-timeout-ac 0
  2⤵
  PID:2732
- C:\Windows\System32\powercfg.exe
  powercfg /x -standby-timeout-dc 0
  2⤵
  PID:6704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 5428 -ip 5428
1⤵
PID:6004

C:\Windows\System32\schtasks.exe
C:\Windows\System32\schtasks.exe /run /tn "GoogleUpdateTaskMachineQC"
1⤵
PID:7800

C:\Program Files\Google\Chrome\updater.exe
"C:\Program Files\Google\Chrome\updater.exe"
1⤵
PID:1244

C:\Users\Admin\AppData\Local\Temp\4840.exe
C:\Users\Admin\AppData\Local\Temp\4840.exe
1⤵
PID:3196

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force
1⤵
PID:3436

C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc
1⤵
PID:8060
- C:\Windows\System32\sc.exe
  sc stop UsoSvc
  2⤵
  - Launches sc.exe
  PID:5632
- C:\Windows\System32\sc.exe
  sc stop WaaSMedicSvc
  2⤵
  - Launches sc.exe
  PID:4736
- C:\Windows\System32\sc.exe
  sc stop wuauserv
  2⤵
  - Launches sc.exe
  PID:8444
- C:\Windows\System32\sc.exe
  sc stop bits
  2⤵
  - Launches sc.exe
  PID:8504
- C:\Windows\System32\sc.exe
  sc stop dosvc
  2⤵
  - Launches sc.exe
  PID:4632

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Impair Defenses

T1562

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

T1489

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\GCBKFIEB

Filesize
116KB

MD5
6f3e8173f9c6778e52ad1e3e290b52d8

SHA1
34191765ef3d78b32f6589a0af07d5b5718cd95f

SHA256
39e37353e24fb81e4c70898a502a9930e91107d69ec32007d613d84b11741ae5

SHA512
12b0db06154efa53616fc9ba7760c87386bab10d2da790e806ceaa6bdc64e6e3a6c9bbbf90c907e54b28a3f91766c56b030a9b8e5c62a3f16a676156be3b0d3b

Download Submit
C:\ProgramData\JKEGHDGH

Filesize
92KB

MD5
aeb9754f2b16a25ed0bd9742f00cddf5

SHA1
ef96e9173c3f742c4efbc3d77605b85470115e65

SHA256
df20bc98e43d13f417cd68d31d7550a1febdeaf335230b8a6a91669d3e69d005

SHA512
725662143a3ef985f28e43cc2775e798c8420a6d115fb9506fdfcc283fc67054149e22c6bc0470d1627426c9a33c7174cefd8dc9756bf2f5fc37734d5fcecc75

Download Submit
C:\ProgramData\mozglue.dll

Filesize
593KB

MD5
c8fd9be83bc728cc04beffafc2907fe9

SHA1
95ab9f701e0024cedfbd312bcfe4e726744c4f2e

SHA256
ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a

SHA512
fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040

Download Submit
C:\ProgramData\nss3.dll

Filesize
1.9MB

MD5
1e9833835577d2204c89e30a630ee35c

SHA1
caf6bee09251472d3b44dc2ace2ded6d4e71cc7e

SHA256
64eb460f13e2140f394ed17e13a3fa3be1826cd7ab58cca73a3a3d05d48df1cd

SHA512
f9e2c800a0e9837123d17234057fc73cabaa5176d0e34332b13a68101e85ac9e9ac00705ebc99c5399f885c041c2414ac6b5dba8f2a61e02f38b41f76fadd120

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\2bf57b57-f9c7-4bff-8c9f-c007f9251d15.tmp

Filesize
2KB

MD5
debd88115bf0fba5325f3a9f8447e83b

SHA1
2312ab30101d9b7f3f4266de73f1ddb8983c4eb5

SHA256
8b196fda6966cf973239fb3b99ad2e6c4c096244985a45d9715759234d2f9b67

SHA512
7fe7c93da95315652a0d0c87d5d5919bcba00aa8d2d9fa9dd12a72a08fe84b20827e7d6aee95a50a720d520ba315884b92a6a57f9b6596efd287b2168632297a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\78878b72-4d8f-495e-a913-f044e50cbc95.tmp

Filesize
2KB

MD5
f2f676187a915447d5a47fb1e8b35b95

SHA1
ebe8d154cd4a8bf56f1a8c61cec841a11e64b50b

SHA256
436f625c803e915108680dcaf462e95e960a099d1536c929c0766ff4f71d0269

SHA512
f706510ff95406f49d59ac6a335ac7fa939646913e11f8a5cda8e098424302a2f60d6570d9673c733960dcf2be0fb45d07a423f52489126a85f77c344ef71c89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
483924abaaa7ce1345acd8547cfe77f4

SHA1
4190d880b95d9506385087d6c2f5434f0e9f63e8

SHA256
9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684

SHA512
e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
483924abaaa7ce1345acd8547cfe77f4

SHA1
4190d880b95d9506385087d6c2f5434f0e9f63e8

SHA256
9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684

SHA512
e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a6f7b2ec8ee0370d856a5d57385c1863

SHA1
f099e9985e62022ffd4977e26a6b0e98cc30dba1

SHA256
8f211731345f55a3a6fba8a3dcb1263ea8a6d2ab2fb8d0bf7a44ef3c041e3ada

SHA512
5f64034051886f20f42b0136855cbb7ea6c0486a9e71c73e5c28efbdfbfe871b661bd675d5789c4222cfc450751db68f9cc0b054c2de2337fa285b7ef496d268

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
851b75ac3883d544da0fe0aecb139e99

SHA1
ab0fd94cf6138da740ade917317df06539039653

SHA256
f0448c0801e3385f343e32b9bab7335d3e6fdb7f3dfb77913f1282fa9a352b0e

SHA512
6714aa5b5c3bfd16f9a9bee96eb4a500b2f604e942a98d0bad93e948774305730ba8d48a53654dec843862ef7a704d059063ad65656ba0987b6a1b08bc0e598b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
483924abaaa7ce1345acd8547cfe77f4

SHA1
4190d880b95d9506385087d6c2f5434f0e9f63e8

SHA256
9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684

SHA512
e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
483924abaaa7ce1345acd8547cfe77f4

SHA1
4190d880b95d9506385087d6c2f5434f0e9f63e8

SHA256
9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684

SHA512
e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
483924abaaa7ce1345acd8547cfe77f4

SHA1
4190d880b95d9506385087d6c2f5434f0e9f63e8

SHA256
9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684

SHA512
e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
483924abaaa7ce1345acd8547cfe77f4

SHA1
4190d880b95d9506385087d6c2f5434f0e9f63e8

SHA256
9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684

SHA512
e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
483924abaaa7ce1345acd8547cfe77f4

SHA1
4190d880b95d9506385087d6c2f5434f0e9f63e8

SHA256
9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684

SHA512
e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
483924abaaa7ce1345acd8547cfe77f4

SHA1
4190d880b95d9506385087d6c2f5434f0e9f63e8

SHA256
9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684

SHA512
e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
483924abaaa7ce1345acd8547cfe77f4

SHA1
4190d880b95d9506385087d6c2f5434f0e9f63e8

SHA256
9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684

SHA512
e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
483924abaaa7ce1345acd8547cfe77f4

SHA1
4190d880b95d9506385087d6c2f5434f0e9f63e8

SHA256
9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684

SHA512
e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
483924abaaa7ce1345acd8547cfe77f4

SHA1
4190d880b95d9506385087d6c2f5434f0e9f63e8

SHA256
9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684

SHA512
e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
777424efaa0b7dc4020fed63a05319cf

SHA1
f4ff37d51b7dd7a46606762c1531644b8fbc99c7

SHA256
30d13502553b37ca0221b08f834e49be44ba9b9c2bbb032dded6e3ab3f0480d5

SHA512
7e61eab7b512ac99d2c5a5c4140bf0e27e638eb02235cd32364f0d43ee0784e2d8ac212d06a082c1dce9f61c63b507cb8feb17efffbd1954b617208740f72ad9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
777424efaa0b7dc4020fed63a05319cf

SHA1
f4ff37d51b7dd7a46606762c1531644b8fbc99c7

SHA256
30d13502553b37ca0221b08f834e49be44ba9b9c2bbb032dded6e3ab3f0480d5

SHA512
7e61eab7b512ac99d2c5a5c4140bf0e27e638eb02235cd32364f0d43ee0784e2d8ac212d06a082c1dce9f61c63b507cb8feb17efffbd1954b617208740f72ad9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
777424efaa0b7dc4020fed63a05319cf

SHA1
f4ff37d51b7dd7a46606762c1531644b8fbc99c7

SHA256
30d13502553b37ca0221b08f834e49be44ba9b9c2bbb032dded6e3ab3f0480d5

SHA512
7e61eab7b512ac99d2c5a5c4140bf0e27e638eb02235cd32364f0d43ee0784e2d8ac212d06a082c1dce9f61c63b507cb8feb17efffbd1954b617208740f72ad9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
777424efaa0b7dc4020fed63a05319cf

SHA1
f4ff37d51b7dd7a46606762c1531644b8fbc99c7

SHA256
30d13502553b37ca0221b08f834e49be44ba9b9c2bbb032dded6e3ab3f0480d5

SHA512
7e61eab7b512ac99d2c5a5c4140bf0e27e638eb02235cd32364f0d43ee0784e2d8ac212d06a082c1dce9f61c63b507cb8feb17efffbd1954b617208740f72ad9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
777424efaa0b7dc4020fed63a05319cf

SHA1
f4ff37d51b7dd7a46606762c1531644b8fbc99c7

SHA256
30d13502553b37ca0221b08f834e49be44ba9b9c2bbb032dded6e3ab3f0480d5

SHA512
7e61eab7b512ac99d2c5a5c4140bf0e27e638eb02235cd32364f0d43ee0784e2d8ac212d06a082c1dce9f61c63b507cb8feb17efffbd1954b617208740f72ad9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
777424efaa0b7dc4020fed63a05319cf

SHA1
f4ff37d51b7dd7a46606762c1531644b8fbc99c7

SHA256
30d13502553b37ca0221b08f834e49be44ba9b9c2bbb032dded6e3ab3f0480d5

SHA512
7e61eab7b512ac99d2c5a5c4140bf0e27e638eb02235cd32364f0d43ee0784e2d8ac212d06a082c1dce9f61c63b507cb8feb17efffbd1954b617208740f72ad9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
777424efaa0b7dc4020fed63a05319cf

SHA1
f4ff37d51b7dd7a46606762c1531644b8fbc99c7

SHA256
30d13502553b37ca0221b08f834e49be44ba9b9c2bbb032dded6e3ab3f0480d5

SHA512
7e61eab7b512ac99d2c5a5c4140bf0e27e638eb02235cd32364f0d43ee0784e2d8ac212d06a082c1dce9f61c63b507cb8feb17efffbd1954b617208740f72ad9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
777424efaa0b7dc4020fed63a05319cf

SHA1
f4ff37d51b7dd7a46606762c1531644b8fbc99c7

SHA256
30d13502553b37ca0221b08f834e49be44ba9b9c2bbb032dded6e3ab3f0480d5

SHA512
7e61eab7b512ac99d2c5a5c4140bf0e27e638eb02235cd32364f0d43ee0784e2d8ac212d06a082c1dce9f61c63b507cb8feb17efffbd1954b617208740f72ad9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
777424efaa0b7dc4020fed63a05319cf

SHA1
f4ff37d51b7dd7a46606762c1531644b8fbc99c7

SHA256
30d13502553b37ca0221b08f834e49be44ba9b9c2bbb032dded6e3ab3f0480d5

SHA512
7e61eab7b512ac99d2c5a5c4140bf0e27e638eb02235cd32364f0d43ee0784e2d8ac212d06a082c1dce9f61c63b507cb8feb17efffbd1954b617208740f72ad9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
483924abaaa7ce1345acd8547cfe77f4

SHA1
4190d880b95d9506385087d6c2f5434f0e9f63e8

SHA256
9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684

SHA512
e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
483924abaaa7ce1345acd8547cfe77f4

SHA1
4190d880b95d9506385087d6c2f5434f0e9f63e8

SHA256
9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684

SHA512
e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
483924abaaa7ce1345acd8547cfe77f4

SHA1
4190d880b95d9506385087d6c2f5434f0e9f63e8

SHA256
9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684

SHA512
e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
483924abaaa7ce1345acd8547cfe77f4

SHA1
4190d880b95d9506385087d6c2f5434f0e9f63e8

SHA256
9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684

SHA512
e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
483924abaaa7ce1345acd8547cfe77f4

SHA1
4190d880b95d9506385087d6c2f5434f0e9f63e8

SHA256
9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684

SHA512
e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
483924abaaa7ce1345acd8547cfe77f4

SHA1
4190d880b95d9506385087d6c2f5434f0e9f63e8

SHA256
9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684

SHA512
e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
483924abaaa7ce1345acd8547cfe77f4

SHA1
4190d880b95d9506385087d6c2f5434f0e9f63e8

SHA256
9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684

SHA512
e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
483924abaaa7ce1345acd8547cfe77f4

SHA1
4190d880b95d9506385087d6c2f5434f0e9f63e8

SHA256
9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684

SHA512
e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
483924abaaa7ce1345acd8547cfe77f4

SHA1
4190d880b95d9506385087d6c2f5434f0e9f63e8

SHA256
9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684

SHA512
e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
483924abaaa7ce1345acd8547cfe77f4

SHA1
4190d880b95d9506385087d6c2f5434f0e9f63e8

SHA256
9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684

SHA512
e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
483924abaaa7ce1345acd8547cfe77f4

SHA1
4190d880b95d9506385087d6c2f5434f0e9f63e8

SHA256
9a111c2b76c1b5f6d4f702502b9ff4326b7b5682921c2760286dd073824cb684

SHA512
e4ac0a0d5f06e056901c68488e34358a32a5bc7aeffcd82af7eba6043d0fa35eaa67a67c3716dcb661aaca441677819bcba7d35bc4efc6103f3ce32f78e32310

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
73KB

MD5
d439aa40127eb4c49c97bd689cf1d222

SHA1
420b5ea10d3dc13070c9a1022160aaac4f28a352

SHA256
f38b31ffce521cb614481e3bd6ca9b130e862663ac7134ee30dfe121ec2b6091

SHA512
172c61e97d8bf3dd5b8cdb59b102c0e6e660864da859e5db451fa9820b39c4f118ee5f54fb18e60c0022eaf7570522cb18303e2a759e9143af4b14bb50a94958

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

Filesize
186KB

MD5
740a924b01c31c08ad37fe04d22af7c5

SHA1
34feb0face110afc3a7673e36d27eee2d4edbbff

SHA256
f0e1953b71cc4abbffdd5096d99dfb274688e517c381b15c3446c28a4ac416e0

SHA512
da7061f944c69245c2f66b0e6a8b5a9bca91bda8a73f99734dcb23db56c5047de796fa7e348ff8840d9ac123436e38a4206408573215b7e5e98942ea6d66bb7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

Filesize
21KB

MD5
7d75a9eb3b38b5dd04b8a7ce4f1b87cc

SHA1
68f598c84936c9720c5ffd6685294f5c94000dff

SHA256
6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7

SHA512
cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

Filesize
33KB

MD5
fdbf5bcfbb02e2894a519454c232d32f

SHA1
5e225710e9560458ac032ab80e24d0f3cb81b87a

SHA256
d9315d0678ac213bbe2c1de27528f82fd40dbff160f5a0c19850f891da29ea1c

SHA512
9eb86ebb1b50074df9bd94f7660df6f362b5a46411b35ce820740f629f8ef77f0b49a95c5550441a7db2b2638f0ed3d0204cb8f8c76391c05401506833b8c916

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d

Filesize
224KB

MD5
4e08109ee6888eeb2f5d6987513366bc

SHA1
86340f5fa46d1a73db2031d80699937878da635e

SHA256
bf44187e1683e78d3040bcef6263e25783c6936096ff0a621677d411dd9d1339

SHA512
4e477fd9e58676c0e00744dbe3421e528dd2faeca2ab998ebbeb349b35bb3711dcf78d8c9e7adba66b4d681d1982c31cac42024c8b19e19537a5615dac39c661

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
da2fdc0d5e0d04d3aa11d88cf1f7716d

SHA1
adb6c7051ce1a7e3988847a7282da026ac7f6849

SHA256
ff350a9eba7035a951ea450743ad8b393055a95b9223d58ef9c53428889c711f

SHA512
55cad6064ee88e160d797f1967fa8b4861d7a56faaa5d3b8aebd8d5024b33b4d7af3309329dd56b0546571da38dbc000a1b3be3c09bdb0a8d240809f75ea2207

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
72ca6ee3eae8cde5f6a234ceea1f3ff7

SHA1
6b0f62c73a0b1967b9dd66e320de0dc6738a21a7

SHA256
45fef596d0462e00177652cd52588e70d9dab16c5b5692fe35094f2f6f8f829d

SHA512
6a18fd98a80d135e0210e854c2e4f4a2b1686ff17dbbd3c57d3e1a1b5b3850f53ade91a669d37cf7d6d5ece42a85e79dc93504dadf5bee0c6077b0ff3dde27e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
10fd27d2da15566cce96b5b9c68030cc

SHA1
e6ce9c18c8e57a552295d59da2c3f3a23d215e44

SHA256
258179c3d9f8f7f7d093b22399322b5eca3e5fef52c45f0a9200f19957bb7116

SHA512
e83046b8b71eaadae84a122c763564c1c5e3b4153a13847308821109e196b04b041a59e3fdb896478807e4c9288cdf6b2cd3131b24d5987326fe5b1026163f5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
f5b3698c57f630ee5246b81c1ea71d3f

SHA1
ff96cb1c061d3cfa489b7f00c771e6316777c612

SHA256
9812c50f7bceb86920f03bb6e8afaeb7c7e4f9136132cb82ea26cfa4e35f33b4

SHA512
bc367c7dbf4120f9b9ba32abfcb91ec96255526576f2f4537071db2e7b4ff8d57f50aebe3376a767562dfaf512d2d199d4b0e13edb417cca32b6699352b30b5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
1c706d53e85fb5321a8396d197051531

SHA1
0d92aa8524fb1d47e7ee5d614e58a398c06141a4

SHA256
80c44553381f37e930f1c82a1dc2e77acd7b955ec0dc99d090d5bd6b32c3c932

SHA512
d43867392c553d4afffa45a1b87a74e819964011fb1226ee54e23a98fc63ca80e266730cec6796a2afa435b1ea28aed72c55eae1ae5d31ec778f53be3e2162fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\f1f87785-ab6f-491e-99d3-14d90f2808ee\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
d3310b90657ed677c96afa2a054a8b6e

SHA1
3719cb7ec5c4ee302529b5e1050a8a642b1e934a

SHA256
11f8e9d0381878655217a197de1df574245ffc2273dbc4e15879538b0356a4ea

SHA512
fb37e6a7a69aac6e20603f7c46085225c2528c2b4950ca73ff9d6af658f957d9c100c167d6146d6916d9770888ae7c7d9e76595bb2819fa07de59fd89d777df4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
92806a11d7ec7c085102aeee7b361b9c

SHA1
5de602d6dd278dfb80ba04229afba4c20b4bf816

SHA256
d75fde9b2d83cfbbc81eb3c709fe9428ecaacb2fbfa21ac0f16df0cdd68a6320

SHA512
b1a873960551c6cdaf4f0be832d7e213e8ac6524c7c67c8d875924dd6daa5856f1c11431edcb948b2b68f78d8296d90e12d97696b762d881873b7454ab42f78b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
6d313b9fa621838df5f4424f88bf3a4a

SHA1
c787b7bd67d80dcf14b4165f615a1ba403cf53eb

SHA256
5ed37b0ffb242a71d8007668e633368bec39d5104a4d85ec3411f17be870892f

SHA512
6e72c897d6df64066a0139af893cef2a87f3eb87e274d88fb1284608be3ca6de72dbeef43c3aa5c64b9f736af9f518acc2a3b1b4e3099313d59ced6b4a89dde2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

Filesize
140B

MD5
f8668c437df80f38d07de9c5ab43e36a

SHA1
60f312c404490a93da3b114d5ef90db54eec73fa

SHA256
aea844a1678e080458af385f262f765f39418faf63b0d95c9e7d3fa12b7c9985

SHA512
dd8e965d19279b4db68bf67cfe3bee9e4c3185a97b8f4c6b4f2c0882da970af11c32ad882697ec526599f538430b9d05ef1ea79b280dd8957482df6926405498

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt~RFe57fe84.TMP

Filesize
83B

MD5
65ceea2c69181c1bf1b6399be40a53c7

SHA1
a7bceda2899bfa7a84987cfa07bd5b5e9a8a570c

SHA256
871b1be22a24677fafe5a12c67db9d0377e848ad32d95a43be7c9b887e16a738

SHA512
df432a41f8a944d84ce52961a60381f39809fb6f31b0551c210673eb2d4b08021e6d4b9b6f527880d728be8dcac34dad67665b865dfd48c8899889340f2682ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
9a6563916c796cedcb2f654121d10c4b

SHA1
563aaccc5ffe06ef445ef745b1d0a2efcee6eee9

SHA256
5c85b2dc2d9cf3d88cf4960960ef97db2f9426a262335aa330d61abdbf047442

SHA512
6875c0626b39c3ff77ce8ee76f88fd4a4c6caf66e1dd603f08e0b838c53a9ed6f611ea4993a45b66248f4c3c1fc974b7f39af7c41e1f4e2b81b72201a09cd508

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580cec.TMP

Filesize
2KB

MD5
1ec999f83f2bca9b9837e852c13ea746

SHA1
a89ce7ae5e76175b863e68c899a85903975d1da3

SHA256
62439e453bb2511b25603a94852b071cd9ef00035269980772f86cf4cad76e9d

SHA512
aecf64f6a7a0cf8fe97a91dcd83f21861b62a6d9a7f13cb5008e646d90e382f9a37da2530b69e7ab372800b2d8b6af37638a0d745411a8227921316a4f2f4be4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
4914e88a3711f67061bcb322b9c5546b

SHA1
e04c5c02017d59ffc7862a7f1bea0b72a853dda7

SHA256
6c30cde63541ae9232164e6754480f934e9023863f904e234da0dbbee7105b1a

SHA512
59550dae560f15771d5c99985962ca91df708fb298938e8ec08226e8d1d1bd8554622cb80f3edf793e0bc8be55cb3ede73fa4779f2bd2dff42ed92b62e8f813b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
4914e88a3711f67061bcb322b9c5546b

SHA1
e04c5c02017d59ffc7862a7f1bea0b72a853dda7

SHA256
6c30cde63541ae9232164e6754480f934e9023863f904e234da0dbbee7105b1a

SHA512
59550dae560f15771d5c99985962ca91df708fb298938e8ec08226e8d1d1bd8554622cb80f3edf793e0bc8be55cb3ede73fa4779f2bd2dff42ed92b62e8f813b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
b127918ca053c782f90ed1694fa6b5da

SHA1
6e12af649a78e4734c9e0c979e15120f589c3893

SHA256
4f90bde0391be984631f69b948cb682257ff18023272a11ddac977d066e4ae9d

SHA512
55bbeca7723e62c3062440c26821ef695f58bcead903ced67e4c54a6e38cc09a26a9a863fbbf94f3d09ad85739d59dbd15f905ea4da89a937fd8354cf6977062

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
b127918ca053c782f90ed1694fa6b5da

SHA1
6e12af649a78e4734c9e0c979e15120f589c3893

SHA256
4f90bde0391be984631f69b948cb682257ff18023272a11ddac977d066e4ae9d

SHA512
55bbeca7723e62c3062440c26821ef695f58bcead903ced67e4c54a6e38cc09a26a9a863fbbf94f3d09ad85739d59dbd15f905ea4da89a937fd8354cf6977062

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
1c5de8494394276ebc5616e4978b52c9

SHA1
de43a0d401eeba8682325fab42f54bed69241fd4

SHA256
71df34ff57713eb10ae0cd5c3363256b8394ac547998a0ff37effc03b8dde661

SHA512
13bc564a11b90d3a2aee8c168b3fc0d72d60df6d2b491c65a85f9e398141ff4c966df0569a0e81c12caea54d7738dd1473701ae2ca08dd5dd7ba2faafbec793f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
1c5de8494394276ebc5616e4978b52c9

SHA1
de43a0d401eeba8682325fab42f54bed69241fd4

SHA256
71df34ff57713eb10ae0cd5c3363256b8394ac547998a0ff37effc03b8dde661

SHA512
13bc564a11b90d3a2aee8c168b3fc0d72d60df6d2b491c65a85f9e398141ff4c966df0569a0e81c12caea54d7738dd1473701ae2ca08dd5dd7ba2faafbec793f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
83fdbeb3126f1c53d4d241d57b4fc8be

SHA1
01d25e65ddf70843c3ea23bec69f663a0e1b5ad6

SHA256
32838f1cf44655124443d636bdfe43b9af0e988479f90447d19f22f3861bfba5

SHA512
a2de61aa95e052bd20f35c63412c64aacae89286a6db79ea8461f46f9befb44c828715b5b38daf3808905d824c9ed545349817bfbc679a73dcb4d8923edde329

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
83fdbeb3126f1c53d4d241d57b4fc8be

SHA1
01d25e65ddf70843c3ea23bec69f663a0e1b5ad6

SHA256
32838f1cf44655124443d636bdfe43b9af0e988479f90447d19f22f3861bfba5

SHA512
a2de61aa95e052bd20f35c63412c64aacae89286a6db79ea8461f46f9befb44c828715b5b38daf3808905d824c9ed545349817bfbc679a73dcb4d8923edde329

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
74bd125f9f88f3338858f221406975c4

SHA1
24facb0e7dac1be39acc99795b26cb2e9de01612

SHA256
0102703be0ba406da21fa76c8e0a38a2f2618d382e165793198187b7037a7c29

SHA512
1a16b0497163c9ab51b16a49e770c03167d36bef4b5ae3aeeb3315535accd459c192620e38e7d0da38787efaefcd07787c0d1c74fef9448b3b07e5c285255f2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
74bd125f9f88f3338858f221406975c4

SHA1
24facb0e7dac1be39acc99795b26cb2e9de01612

SHA256
0102703be0ba406da21fa76c8e0a38a2f2618d382e165793198187b7037a7c29

SHA512
1a16b0497163c9ab51b16a49e770c03167d36bef4b5ae3aeeb3315535accd459c192620e38e7d0da38787efaefcd07787c0d1c74fef9448b3b07e5c285255f2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
9092136d2c088d7caab4474b786d8483

SHA1
e802aee1fbd5dffced3f80ca6c9a0b3f66eed1f4

SHA256
55c70d07ea9534b1448caa11d9ffa4c81040ca33454358096d85843bf96ec4be

SHA512
d8da90e02b4c3c033405d57350506054c0ffa9c0c301eb45a93ff7659da98b722f4fe6d578507d933603c275f48bdddf37ffe19558bf944255a52f4f699772f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
9092136d2c088d7caab4474b786d8483

SHA1
e802aee1fbd5dffced3f80ca6c9a0b3f66eed1f4

SHA256
55c70d07ea9534b1448caa11d9ffa4c81040ca33454358096d85843bf96ec4be

SHA512
d8da90e02b4c3c033405d57350506054c0ffa9c0c301eb45a93ff7659da98b722f4fe6d578507d933603c275f48bdddf37ffe19558bf944255a52f4f699772f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
7d709c77396cc43755a1e907cd5a7e39

SHA1
9001daa4edef6882be0b277926c965413c1ce9b4

SHA256
2462b0e5def28e88dc312f8534612f05a9bd01877eeb9e515c9efc22e84fb79a

SHA512
546fc78cceb64b011ca91ac593a8c7e93919a42a0a48e5bd464a3aaf59f8e52d2f9565d929631dba3db634a49c3cc342b55c7a2be71b3140ad08c6b05aab3525

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
7d709c77396cc43755a1e907cd5a7e39

SHA1
9001daa4edef6882be0b277926c965413c1ce9b4

SHA256
2462b0e5def28e88dc312f8534612f05a9bd01877eeb9e515c9efc22e84fb79a

SHA512
546fc78cceb64b011ca91ac593a8c7e93919a42a0a48e5bd464a3aaf59f8e52d2f9565d929631dba3db634a49c3cc342b55c7a2be71b3140ad08c6b05aab3525

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
debd88115bf0fba5325f3a9f8447e83b

SHA1
2312ab30101d9b7f3f4266de73f1ddb8983c4eb5

SHA256
8b196fda6966cf973239fb3b99ad2e6c4c096244985a45d9715759234d2f9b67

SHA512
7fe7c93da95315652a0d0c87d5d5919bcba00aa8d2d9fa9dd12a72a08fe84b20827e7d6aee95a50a720d520ba315884b92a6a57f9b6596efd287b2168632297a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
8218e5a29d8c4d786cdf5e1a33033715

SHA1
0a48b892af5b9631d9f05fc0afaf8f040e31945d

SHA256
a538fc6649d083003d0313919b2184d4c355faf369feecf17c9392f3d88db3f3

SHA512
8e709efc96d9a6ad3c13cca8447bf474b1e77dc5bc17fd13c0bdf73f8e2a1f942d780fd665a501e0cf0639d5d9ea6536a23e85f114da1155bb989f1865c42adf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
8411c7a3852c06e3ce457895b5329a0d

SHA1
e1fdac0fd30edc6053cabb931c081d4486bf761b

SHA256
bf6a6a24424ed0c76ab33aad3e57a26f511cdadfaf3d16ff2b354ec3477daf53

SHA512
84e728a22d55e787c8570c4e2d1ef0fefc1caf6e3d38caadcd7b23a20c86225ea83f0398198e236559dd66759b9b2f3cb3b399b583d09ab6c77d996f2e798e21

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202311130112101\additional_file0.tmp

Filesize
1.9MB

MD5
b0f128c3579e6921cfff620179fb9864

SHA1
60e19c987a96182206994ffd509d2849fdb427e3

SHA256
1c3ddbdd3a8cc2e66a5f4c4db388dff028cd437d42f8982ddf7695cf38a1a9ee

SHA512
17977d85cbdbd4217098850d7eaff0a51e34d641648ec29e843fc299668d8127e367622c82b2a9ceab364099da8c707c8b4aa039e747102d7c950447a5d29212

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202311130112101\opera_package

Filesize
2.3MB

MD5
36c59fde75ebd16cc9fc73d3a2491da1

SHA1
83b4fdde2c2be53ad589710ec3f559f9f4139b12

SHA256
0d130ab5a59ce8aa57cfd0e76d375ed85569ca3e1002c55f4ac18ee70acdc733

SHA512
2b064e5a0890a2b995c01c047609791e927cedbbf308f1c6b16e7fd19ab2cc60bc4bd0bf0a9eb0ce2439f35459003ff479ee137528ced2ecd6d46515ab5ea8cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\31839b57a4f11171d6abc8bbc4451ee4.exe

Filesize
4.1MB

MD5
df8a130ef93c8922c459371bcd31d9c7

SHA1
7b4bdfdabb5ff08de0f83ed6858c57ba18f0d393

SHA256
0a394d266e36ef9b75ae2c390a7b68fa50e5188b8338217cf68deda683c84d40

SHA512
364f4c1cb242115266eea05a05bdc1068a6ce7778ae01f84dc3e570acbf5cda134f15e0addd2c7818fba326708b30362f29279e0ce96db51a8db73729f4af99a

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\mw4ab98.exe

Filesize
1003KB

MD5
e129485a1ca21b90a97df39fe0ca5d61

SHA1
60a1347b61f1b4cce333f6a20d55f4c42e6bd8d2

SHA256
ff6dccd02ae9acb85a2767c493790082ff34806b7f1b83cc835a3ed4ebd64a75

SHA512
4f4fe0fe5c9d33c6d5f865bb8f31b0cf10d08caf97cbf8fd31f92115aa2e63ca7023d3a2a3db51cb7cd00ccd7daaed335d0569fc58c793d392fe56c6cc6ed9ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\mw4ab98.exe

Filesize
1003KB

MD5
e129485a1ca21b90a97df39fe0ca5d61

SHA1
60a1347b61f1b4cce333f6a20d55f4c42e6bd8d2

SHA256
ff6dccd02ae9acb85a2767c493790082ff34806b7f1b83cc835a3ed4ebd64a75

SHA512
4f4fe0fe5c9d33c6d5f865bb8f31b0cf10d08caf97cbf8fd31f92115aa2e63ca7023d3a2a3db51cb7cd00ccd7daaed335d0569fc58c793d392fe56c6cc6ed9ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\hv2ld49.exe

Filesize
782KB

MD5
0b0144d142a4162f693a8c937f7c3580

SHA1
48f22f58d6a855ed19b86e53d7399345f032108b

SHA256
7384db2f2834cd4c56023f3ce1cfb5b083347e08928dd578aeb8e0ce55b7d8f1

SHA512
a459bb7c5095a415a3ac96620c3a40ed2d928e67cb234d1bbec9ca72d704edd354e0f48a0d17a4904b29af0b8ee4b66aa5afadb159c47d43b89d94cf9ef1f115

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\hv2ld49.exe

Filesize
782KB

MD5
0b0144d142a4162f693a8c937f7c3580

SHA1
48f22f58d6a855ed19b86e53d7399345f032108b

SHA256
7384db2f2834cd4c56023f3ce1cfb5b083347e08928dd578aeb8e0ce55b7d8f1

SHA512
a459bb7c5095a415a3ac96620c3a40ed2d928e67cb234d1bbec9ca72d704edd354e0f48a0d17a4904b29af0b8ee4b66aa5afadb159c47d43b89d94cf9ef1f115

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7Ty77Gi.exe

Filesize
37KB

MD5
b938034561ab089d7047093d46deea8f

SHA1
d778c32cc46be09b107fa47cf3505ba5b748853d

SHA256
260784b1afd8b819cb6ccb91f01090942375e527abdc060dd835992d88c04161

SHA512
4909585c112fba3575e07428679fd7add07453e11169f33922faca2012d8e8fa6dfb763d991c68d3b4bbc6e78b6f37d2380c502daada325d73c7fff6c647769b

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\7Ty77Gi.exe

Filesize
37KB

MD5
b938034561ab089d7047093d46deea8f

SHA1
d778c32cc46be09b107fa47cf3505ba5b748853d

SHA256
260784b1afd8b819cb6ccb91f01090942375e527abdc060dd835992d88c04161

SHA512
4909585c112fba3575e07428679fd7add07453e11169f33922faca2012d8e8fa6dfb763d991c68d3b4bbc6e78b6f37d2380c502daada325d73c7fff6c647769b

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\HU3jN94.exe

Filesize
657KB

MD5
c02b69d4fb972655ae569c7ca830873e

SHA1
f95efda2ba8b1732dc65192d08482d1481264ce5

SHA256
8d31ad51e930f1f07cc1e67a329ec08ca4d1adb121a6cb1aadd3d748d3810467

SHA512
cc3baeaca9ff731ddc440a0f45aea876047ff330a91e3491b17aa09cfd7cb978a16e7166a99a588da073fd1659cc8c6bb9caf7daeb026e6e34931b7026626762

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\HU3jN94.exe

Filesize
657KB

MD5
c02b69d4fb972655ae569c7ca830873e

SHA1
f95efda2ba8b1732dc65192d08482d1481264ce5

SHA256
8d31ad51e930f1f07cc1e67a329ec08ca4d1adb121a6cb1aadd3d748d3810467

SHA512
cc3baeaca9ff731ddc440a0f45aea876047ff330a91e3491b17aa09cfd7cb978a16e7166a99a588da073fd1659cc8c6bb9caf7daeb026e6e34931b7026626762

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1Sg76Ys4.exe

Filesize
895KB

MD5
87ca7f495f86f14bbfce51ac31468b98

SHA1
af3fe640f5c47adc5033f9006fd14b8efea4c381

SHA256
5269384926468d42ace30cd3f0d1ba4d10b8e9f123a97c2b1889e3a69af951a2

SHA512
844ba79ea3a1d39360b8eefb6dec35e62cc27e432d0552a3e25d1c30a5dca11a005af5f32c624cacede7971e70100ae072ffd3733783452c94e6a81aa210faa1

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\1Sg76Ys4.exe

Filesize
895KB

MD5
87ca7f495f86f14bbfce51ac31468b98

SHA1
af3fe640f5c47adc5033f9006fd14b8efea4c381

SHA256
5269384926468d42ace30cd3f0d1ba4d10b8e9f123a97c2b1889e3a69af951a2

SHA512
844ba79ea3a1d39360b8eefb6dec35e62cc27e432d0552a3e25d1c30a5dca11a005af5f32c624cacede7971e70100ae072ffd3733783452c94e6a81aa210faa1

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2yF9615.exe

Filesize
276KB

MD5
a1ac81f992c298312c217e9738498e72

SHA1
a2f3ecf7877bc2482946a500d5bfa69dd5c7c0b9

SHA256
659f4da9a5b6e5b7a145bde25ac565edd23f0e455c12df883d7da2d1a44d9303

SHA512
ed12e26107a3a45dad138663b73c1e4bf05e033e23363eb5618c5ede4fa54abddf164f34c108579f42a59b08c8e4be8ff608c838814353dd34cba95e5d2c840e

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP003.TMP\2yF9615.exe

Filesize
276KB

MD5
a1ac81f992c298312c217e9738498e72

SHA1
a2f3ecf7877bc2482946a500d5bfa69dd5c7c0b9

SHA256
659f4da9a5b6e5b7a145bde25ac565edd23f0e455c12df883d7da2d1a44d9303

SHA512
ed12e26107a3a45dad138663b73c1e4bf05e033e23363eb5618c5ede4fa54abddf164f34c108579f42a59b08c8e4be8ff608c838814353dd34cba95e5d2c840e

Download Submit
C:\Users\Admin\AppData\Local\Temp\InstallSetup5.exe

Filesize
2.5MB

MD5
f13cf6c130d41595bc96be10a737cb18

SHA1
6b14ea97930141aa5caaeeeb13dd4c6dad55d102

SHA256
dd7aaf7ef0e5b3797eaf5182e7b192fa014b735e129e00e0c662829ce0c2515f

SHA512
ccd4f57b1af1f348fcf9f519a4789c04b499ac5e02ccb7333d0a42fa1cb1fdf9f969103b3a5467e278cd5c6cbbbbebaac4577d0c220e13335575a13408c79b48

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2311130112102905220.dll

Filesize
3.4MB

MD5
297e30272310cd6275ef0778867fca21

SHA1
b672178eb11720e00dfff5dbd220553a0d466f51

SHA256
a52bc3d77c252ea2a5bd17d5da0dbd1e11f4a1de48d313a17bc22664ab3276e3

SHA512
e7157ad9717deefd2ce0530098910d0e3f7bd609efe61a87b7b4ae1fff02851ad3f1a77b63e52cca5ca2c7ea8bb07a761fa88423b876ce0c36ffb4da132221ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_51slatn0.uw0.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\latestX.exe

Filesize
3.4MB

MD5
c352d9cd74fe85dad78b9e45d14f61ab

SHA1
6a9e248311041068bfd6207cdf65422b1e0a3672

SHA256
1ab7d82d71e45a87fea53a6eb57b201f1f0edb7e3bb08e3f3a627cf5e2b4259f

SHA512
26f934d60b3f9b9bc459d1f8aded4e4bb0b4f86fed7ef269264b1298f2c5958da91793067c63696a4880ab90586b7f60d4b714e4a6cb45ce65f1bef955c8352d

Download Submit
C:\Users\Admin\AppData\Local\Temp\random.exe

Filesize
141KB

MD5
326781a332c7040492dc96b13fb126e5

SHA1
d03d8e89a6c75a14f512eeabf180a2f69d30e884

SHA256
0f09f8f60741e8b3c28dc927ff1b3318d8faa623d641704b605bc38142f54f28

SHA512
e701babafad09f1115511949f3061275bc6fbc54756d40f038aa9be708ff06736413367395bff7e157035aa9260ada439ad9a8d4c2c48c14de94c42f6ec0c2bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp94E3.tmp

Filesize
46KB

MD5
02d2c46697e3714e49f46b680b9a6b83

SHA1
84f98b56d49f01e9b6b76a4e21accf64fd319140

SHA256
522cad95d3fa6ebb3274709b8d09bbb1ca37389d0a924cd29e934a75aa04c6c9

SHA512
60348a145bfc71b1e07cb35fa79ab5ff472a3d0a557741ea2d39b3772bc395b86e261bd616f65307ae0d997294e49b5548d32f11e86ef3e2704959ca63da8aac

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp9592.tmp

Filesize
48KB

MD5
349e6eb110e34a08924d92f6b334801d

SHA1
bdfb289daff51890cc71697b6322aa4b35ec9169

SHA256
c9fd7be4579e4aa942e8c2b44ab10115fa6c2fe6afd0c584865413d9d53f3b2a

SHA512
2a635b815a5e117ea181ee79305ee1baf591459427acc5210d8c6c7e447be3513ead871c605eb3d32e4ab4111b2a335f26520d0ef8c1245a4af44e1faec44574

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp95A7.tmp

Filesize
20KB

MD5
49693267e0adbcd119f9f5e02adf3a80

SHA1
3ba3d7f89b8ad195ca82c92737e960e1f2b349df

SHA256
d76e7512e496b7c8d9fcd3010a55e2e566881dc6dacaf0343652a4915d47829f

SHA512
b4b9fcecf8d277bb0ccbb25e08f3559e3fc519d85d8761d8ad5bca983d04eb55a20d3b742b15b9b31a7c9187da40ad5c48baa7a54664cae4c40aa253165cbaa2

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp9618.tmp

Filesize
96KB

MD5
d367ddfda80fdcf578726bc3b0bc3e3c

SHA1
23fcd5e4e0e5e296bee7e5224a8404ecd92cf671

SHA256
0b8607fdf72f3e651a2a8b0ac7be171b4cb44909d76bb8d6c47393b8ea3d84a0

SHA512
40e9239e3f084b4b981431817ca282feb986cf49227911bf3d68845baf2ee626b564c8fabe6e13b97e6eb214da1c02ca09a62bcf5e837900160cf479c104bf77

Download Submit
C:\Users\Admin\AppData\Local\Temp\toolspub2.exe

Filesize
221KB

MD5
82cd8d85dc427bfd991758f573525d23

SHA1
8a9f53dced366c5afb0e2a26186059fc34f9423d

SHA256
728a6f117ca91dfa121d74832b9eac2b995ec9887700c7832603730e0300bf4b

SHA512
422ecd38f2d744138dbc9994756407c4bccb9d539cda18bcf873824d1658c9fd264f31af356e171ff728e98d1a90e88af776b238b8fb7d4b4102ff9a8cc10e8a

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat

Filesize
40B

MD5
2865324445681500ae53963245a6673a

SHA1
4945e65fd02fe20daef0d831949a9949910854d5

SHA256
774584c8de021e1ef101f7a9f4c32398aab3005fc25a8cc7d68a9549d17cd5b6

SHA512
356ac64b56d55610e58e5e7781426456465ebfdc406f9b55a48fb9da3b173ffa367beb1346dbfed8da26ff0bdc77d2f91e70a7ddcc96a4b90f7af9fc444cbab6

Download Submit
C:\Users\Admin\Pictures\2jVw4rLuu5pGJaItywUsZ5Ak.exe

Filesize
3.4MB

MD5
408cac5f19a32e3e3a1b7fea3de45fde

SHA1
42f1ffc5c3f9eeaa9f0514a7d2ef8352d7be79a0

SHA256
e24ab19eb7cb8c84940c5da3092ec8b94990e3c7faf69ea04e469aec69cbee7f

SHA512
d75b24bd532d9b4fc7aa367ffd6418b55c0ab71ceeed9e859ea5bd5f5ca3624b690cb985ef1db3ea1db8eea2d48170f884be86ce7356eb52453b34b2f79dbe12

Download Submit
C:\Users\Admin\Pictures\I40bVB5Og9NizfLe9MYi0MYv.exe

Filesize
2.8MB

MD5
aba1baa7b860f5f51e699c66b3dd905a

SHA1
bb6c9d32ead4e200eaa0e6bfe0fcf30cc0f83add

SHA256
70c11770eb6ca0756d1302682b8df9d9e2ca79dd96c201b6a19462ebe1aefab5

SHA512
7aa3f066c24cb7cc910770a614304689a28d1a32463103a57e7920b2283d2f916eb59b1f968efe55cc3c2cd22a06f5b577b27e1821ceae64c2087bd9d196ec1c

Download Submit
C:\Users\Admin\Pictures\XSNNHHukyzLiR1KKISDwnX7u.exe

Filesize
221KB

MD5
4ea71b88c6102990496206084fe59321

SHA1
32e2ccdb47350a561353fe2393f34839e3eef887

SHA256
f3a9883557b07a8bbe3ad42bf14420eb6a719c7e331c5611fe532edee2642cb6

SHA512
b7eb56da2f7ccbd70c7ec1064530e61419bb7b33eae1a74ae620caa4f58be562ee9f8edf07248d45165234fd42dba63d9b6d5d616b3815db7ef170c5b466cf39

Download Submit
C:\Users\Admin\Pictures\Z8ODobhepmiIhfZrICXsb2XC.exe

Filesize
7KB

MD5
fcad815e470706329e4e327194acc07c

SHA1
c4edd81d00318734028d73be94bc3904373018a9

SHA256
280d939a66a0107297091b3b6f86d6529ef6fac222a85dbc82822c3d5dc372b8

SHA512
f4031b49946da7c6c270e0354ac845b5c77b9dfcd267442e0571dd33ccd5146bc352ed42b59800c9d166c8c1ede61469a00a4e8d3738d937502584e8a1b72485

Download Submit
C:\Users\Admin\Pictures\rqaoLdYuip87iViKEhizkGMS.exe

Filesize
3.4MB

MD5
daa20fb3bd14fb9378bbe824bfc1baa5

SHA1
0fb0d82e0b87997d942114a2e4f8743e49a06cec

SHA256
f67cf1ce1b17c51a2963faab0fbe0a60bca24e261041f05bbb6e3accad40aafc

SHA512
6b5fd541ef6360848e630121d23767df782880695c20c6f7c2fe1b150fcab4179bef8c5f26145cb7111f8cc54c7363817f041f420bd38b1ee0fe8b721ed8545d

Download Submit
C:\Users\Admin\Pictures\w3haUGLm1nxgcaFeRZ87BQ2K.exe

Filesize
2.9MB

MD5
2b792f09d6a975d04a4179b9cce416bb

SHA1
914557bc89821244a6f578f79ed3aa5ddcfaf6ad

SHA256
64a0be979eb4c6e93f83f5d8e869147ca6aaf29ef5bdfe341d4be45e471a4e93

SHA512
fe08f4e02d22e9afd597d6cbc98ee6bec7e0e5211b6458bb05738ed526d486b147394d5ae76a5890cb3bc572f4f1e16859673ec19dc327e294031e062dbbd816

Download Submit
C:\Users\Admin\Pictures\wddTqaSYXU1x6PutbB8qlW3N.exe

Filesize
145KB

MD5
90dd1720cb5f0a539358d8895d3fd27a

SHA1
c1375d0b31adc36f91feb45df705c7e662c95d7d

SHA256
e69a88b0f9ec61f4acf22f9a3d96f60eb3a04db58a74eb4315700ac465de9e01

SHA512
c6e3f1e03f93f6aaa1b93bca21f3a93d6539ede45b06869d3a1daf983d5f1c68bc7e8895126b3d02d4b85854ac3991ecada77ddff2cbdc81c1e93f1f12c4ada1

Download Submit
C:\Windows\System32\GroupPolicy\gpt.ini

Filesize
127B

MD5
8ef9853d1881c5fe4d681bfb31282a01

SHA1
a05609065520e4b4e553784c566430ad9736f19f

SHA256
9228f13d82c3dc96b957769f6081e5bac53cffca4ffde0ba1e102d9968f184a2

SHA512
5ddee931a08cfea5bb9d1c36355d47155a24d617c2a11d08364ffc54e593064011dee4fea8ac5b67029cab515d3071f0ba0422bb76af492a3115272ba8feb005

Download Submit
memory/404-1084-0x00000000742F0000-0x0000000074AA0000-memory.dmp

Filesize
7.7MB

Download
memory/404-1264-0x00000000076D0000-0x00000000076E0000-memory.dmp

Filesize
64KB

Download
memory/404-1155-0x0000000009050000-0x000000000957C000-memory.dmp

Filesize
5.2MB

Download
memory/404-1142-0x00000000024E0000-0x00000000024FE000-memory.dmp

Filesize
120KB

Download
memory/404-1104-0x0000000008B50000-0x0000000008BA0000-memory.dmp

Filesize
320KB

Download
memory/404-1154-0x0000000008E80000-0x0000000009042000-memory.dmp

Filesize
1.8MB

Download
memory/404-1105-0x0000000008BB0000-0x0000000008C26000-memory.dmp

Filesize
472KB

Download
memory/404-1076-0x0000000000570000-0x00000000005CA000-memory.dmp

Filesize
360KB

Download
memory/404-1097-0x0000000008100000-0x0000000008166000-memory.dmp

Filesize
408KB

Download
memory/404-1075-0x0000000000400000-0x0000000000467000-memory.dmp

Filesize
412KB

Download
memory/404-1086-0x00000000076D0000-0x00000000076E0000-memory.dmp

Filesize
64KB

Download
memory/404-1283-0x00000000742F0000-0x0000000074AA0000-memory.dmp

Filesize
7.7MB

Download
memory/404-1260-0x00000000742F0000-0x0000000074AA0000-memory.dmp

Filesize
7.7MB

Download
memory/1876-1253-0x00000000742F0000-0x0000000074AA0000-memory.dmp

Filesize
7.7MB

Download
memory/1876-1380-0x00000000742F0000-0x0000000074AA0000-memory.dmp

Filesize
7.7MB

Download
memory/1876-1255-0x0000000005430000-0x0000000005440000-memory.dmp

Filesize
64KB

Download
memory/1876-1389-0x0000000005430000-0x0000000005440000-memory.dmp

Filesize
64KB

Download
memory/1876-1250-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2676-1398-0x0000000000DA0000-0x00000000012C9000-memory.dmp

Filesize
5.2MB

Download
memory/2940-1516-0x0000000002B10000-0x0000000002B26000-memory.dmp

Filesize
88KB

Download
memory/2940-358-0x0000000002C50000-0x0000000002C66000-memory.dmp

Filesize
88KB

Download
memory/3488-95-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/3488-96-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/3488-84-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/3488-98-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/4516-1450-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4516-1443-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/4812-1394-0x00000000742F0000-0x0000000074AA0000-memory.dmp

Filesize
7.7MB

Download
memory/4812-1257-0x00000000742F0000-0x0000000074AA0000-memory.dmp

Filesize
7.7MB

Download
memory/4812-1258-0x0000000000F30000-0x0000000001328000-memory.dmp

Filesize
4.0MB

Download
memory/4812-1265-0x0000000005EB0000-0x0000000005EC0000-memory.dmp

Filesize
64KB

Download
memory/5220-1378-0x00000000005D0000-0x0000000000AF9000-memory.dmp

Filesize
5.2MB

Download
memory/5220-1373-0x00000000005D0000-0x0000000000AF9000-memory.dmp

Filesize
5.2MB

Download
memory/5360-1361-0x0000000000DA0000-0x00000000012C9000-memory.dmp

Filesize
5.2MB

Download
memory/5512-107-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/5512-359-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/5712-1324-0x00000000008D0000-0x0000000000B08000-memory.dmp

Filesize
2.2MB

Download
memory/5712-1484-0x0000000061E00000-0x0000000061EF3000-memory.dmp

Filesize
972KB

Download
memory/6084-1390-0x0000000000DA0000-0x00000000012C9000-memory.dmp

Filesize
5.2MB

Download
memory/6156-637-0x00000000072A0000-0x00000000072EC000-memory.dmp

Filesize
304KB

Download
memory/6156-579-0x0000000006F10000-0x0000000006F20000-memory.dmp

Filesize
64KB

Download
memory/6156-622-0x0000000007980000-0x0000000007A8A000-memory.dmp

Filesize
1.0MB

Download
memory/6156-634-0x0000000007260000-0x000000000729C000-memory.dmp

Filesize
240KB

Download
memory/6156-486-0x0000000006F20000-0x0000000006FB2000-memory.dmp

Filesize
584KB

Download
memory/6156-483-0x00000000073D0000-0x0000000007974000-memory.dmp

Filesize
5.6MB

Download
memory/6156-435-0x00000000742F0000-0x0000000074AA0000-memory.dmp

Filesize
7.7MB

Download
memory/6156-1085-0x00000000742F0000-0x0000000074AA0000-memory.dmp

Filesize
7.7MB

Download
memory/6156-624-0x0000000007200000-0x0000000007212000-memory.dmp

Filesize
72KB

Download
memory/6156-616-0x0000000007FA0000-0x00000000085B8000-memory.dmp

Filesize
6.1MB

Download
memory/6156-595-0x0000000007130000-0x000000000713A000-memory.dmp

Filesize
40KB

Download
memory/6156-1191-0x0000000006F10000-0x0000000006F20000-memory.dmp

Filesize
64KB

Download
memory/6156-380-0x0000000000400000-0x000000000043C000-memory.dmp

Filesize
240KB

Download
memory/6264-1192-0x00000000742F0000-0x0000000074AA0000-memory.dmp

Filesize
7.7MB

Download
memory/6264-1243-0x00000000742F0000-0x0000000074AA0000-memory.dmp

Filesize
7.7MB

Download
memory/6264-1473-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/6264-1519-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/6264-1193-0x0000000000570000-0x0000000001218000-memory.dmp

Filesize
12.7MB

Download
memory/6492-1561-0x0000000000400000-0x00000000004AA000-memory.dmp

Filesize
680KB

Download
memory/6492-1577-0x0000026B0B380000-0x0000026B0B460000-memory.dmp

Filesize
896KB

Download
memory/6492-1575-0x0000026B0B380000-0x0000026B0B460000-memory.dmp

Filesize
896KB

Download
memory/6700-1325-0x0000000000D40000-0x0000000000D41000-memory.dmp

Filesize
4KB

Download
memory/6700-1234-0x0000000000D40000-0x0000000000D41000-memory.dmp

Filesize
4KB

Download
memory/6700-1576-0x0000000000400000-0x0000000000965000-memory.dmp

Filesize
5.4MB

Download
memory/6812-1391-0x0000000000B40000-0x0000000000B41000-memory.dmp

Filesize
4KB

Download
memory/6952-1366-0x0000000000DA0000-0x00000000012C9000-memory.dmp

Filesize
5.2MB

Download
memory/7100-1566-0x00007FFBE1A20000-0x00007FFBE1A22000-memory.dmp

Filesize
8KB

Download
memory/7100-1558-0x00007FFBE2ED0000-0x00007FFBE2ED2000-memory.dmp

Filesize
8KB

Download
memory/7100-1560-0x00007FFBE2EE0000-0x00007FFBE2EE2000-memory.dmp

Filesize
8KB

Download
memory/7100-1567-0x00007FFBE0880000-0x00007FFBE0882000-memory.dmp

Filesize
8KB

Download
memory/7100-1574-0x00007FF72C8B0000-0x00007FF72D6BC000-memory.dmp

Filesize
14.0MB

Download
memory/7100-1573-0x00007FFBE0890000-0x00007FFBE0892000-memory.dmp

Filesize
8KB

Download
memory/7100-1562-0x00007FFBE1A10000-0x00007FFBE1A12000-memory.dmp

Filesize
8KB

Download
memory/7136-1559-0x0000000000400000-0x0000000000D1C000-memory.dmp

Filesize
9.1MB

Download
memory/7560-1273-0x0000000005B60000-0x0000000005EB4000-memory.dmp

Filesize
3.3MB

Download
memory/7560-1262-0x0000000004EF0000-0x0000000004F00000-memory.dmp

Filesize
64KB

Download
memory/7560-1259-0x0000000002740000-0x0000000002776000-memory.dmp

Filesize
216KB

Download
memory/7560-1261-0x00000000742F0000-0x0000000074AA0000-memory.dmp

Filesize
7.7MB

Download
memory/7560-1397-0x00000000742F0000-0x0000000074AA0000-memory.dmp

Filesize
7.7MB

Download
memory/7560-1263-0x0000000005530000-0x0000000005B58000-memory.dmp

Filesize
6.2MB

Download
memory/7560-1272-0x0000000005350000-0x00000000053B6000-memory.dmp

Filesize
408KB

Download
memory/7560-1326-0x00000000060A0000-0x00000000060BE000-memory.dmp

Filesize
120KB

Download
memory/7560-1271-0x00000000051B0000-0x00000000051D2000-memory.dmp

Filesize
136KB

Download
memory/7560-1383-0x0000000004EF0000-0x0000000004F00000-memory.dmp

Filesize
64KB

Download
memory/7560-1402-0x000000007F700000-0x000000007F710000-memory.dmp

Filesize
64KB

Download
memory/7736-1581-0x00007FF7887B0000-0x00007FF788D51000-memory.dmp

Filesize
5.6MB

Download
memory/8792-1242-0x00000000008A0000-0x00000000008CA000-memory.dmp

Filesize
168KB

Download
memory/8792-1256-0x00000000742F0000-0x0000000074AA0000-memory.dmp

Filesize
7.7MB

Download
memory/8792-1240-0x00000000742F0000-0x0000000074AA0000-memory.dmp

Filesize
7.7MB

Download
memory/8792-1244-0x0000000005130000-0x00000000051CC000-memory.dmp

Filesize
624KB

Download
memory/8792-1249-0x0000000005250000-0x000000000526A000-memory.dmp

Filesize
104KB

Download
memory/8792-415-0x0000000000400000-0x0000000000488000-memory.dmp

Filesize
544KB

Download
memory/8792-416-0x0000000000400000-0x0000000000488000-memory.dmp

Filesize
544KB

Download
memory/8792-422-0x0000000000400000-0x0000000000488000-memory.dmp

Filesize
544KB

Download
memory/8792-418-0x0000000000400000-0x0000000000488000-memory.dmp

Filesize
544KB

Download
memory/8792-1248-0x0000000005100000-0x000000000511C000-memory.dmp

Filesize
112KB

Download
memory/8792-1245-0x00000000052D0000-0x00000000052E0000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Extracted

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads