Analysis

  • max time kernel
    151s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231127-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231127-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-12-2023 04:16

General

  • Target

    4b38e527eefdf1f4aaa38e1993e94abab89b99764f6953bf8425aa7a38dab3b6.exe

  • Size

    2.2MB

  • MD5

    ab3003d4338e98470f738441c9c48b8b

  • SHA1

    fcdc4dbd2c512f578920ee111f52c0a0db779109

  • SHA256

    4b38e527eefdf1f4aaa38e1993e94abab89b99764f6953bf8425aa7a38dab3b6

  • SHA512

    747389e0faa73ee770107d99fb99960a508c6195f9c3c7139ec2eedf57341e1fb666dd7e118235839c116da2c0cc3b4e56d80e593019931c6e29eeea245063fe

  • SSDEEP

    49152:8NOxFgiT5j3av9syNORgc5JcvN4C2U6xmy41NeOHpWFd:xAiTx3aO+O3EZYxj41UN

Malware Config

Extracted

Family

risepro

C2

193.233.132.51

Extracted

Family

smokeloader

Version

2022

C2

http://81.19.131.34/fks/index.php

rc4.i32
rc4.i32

Signatures

  • PrivateLoader

    PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

  • SmokeLoader

    Modular backdoor trojan in use since 2014.

  • Executes dropped EXE 6 IoCs
  • Adds Run key to start application 2 TTPs 3 IoCs
  • AutoIT Executable 1 IoCs

    AutoIT scripts compiled to PE executables.

  • Detected potential entity reuse from brand paypal.
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 2 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs
  • Suspicious use of AdjustPrivilegeToken 54 IoCs
  • Suspicious use of FindShellTrayWindow 35 IoCs
  • Suspicious use of SendNotifyMessage 30 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4b38e527eefdf1f4aaa38e1993e94abab89b99764f6953bf8425aa7a38dab3b6.exe
    "C:\Users\Admin\AppData\Local\Temp\4b38e527eefdf1f4aaa38e1993e94abab89b99764f6953bf8425aa7a38dab3b6.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:2744
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Eq9cU73.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Eq9cU73.exe
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious use of WriteProcessMemory
      PID:744
      • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\dy6GC88.exe
        C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\dy6GC88.exe
        3⤵
        • Executes dropped EXE
        • Adds Run key to start application
        • Suspicious use of WriteProcessMemory
        PID:2260
        • C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1FZ20aG9.exe
          C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1FZ20aG9.exe
          4⤵
          • Executes dropped EXE
          PID:3120
          • C:\Windows\SysWOW64\WerFault.exe
            C:\Windows\SysWOW64\WerFault.exe -u -p 3120 -s 624
            5⤵
            • Program crash
            PID:3908
        • C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3MD71nX.exe
          C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3MD71nX.exe
          4⤵
          • Executes dropped EXE
          • Checks SCSI registry key(s)
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious behavior: MapViewOfSection
          PID:2084
      • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\4kH255ai.exe
        C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\4kH255ai.exe
        3⤵
        • Executes dropped EXE
        PID:1156
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 1156 -s 608
          4⤵
          • Program crash
          PID:2356
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6jC5HK2.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6jC5HK2.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:4032
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
        3⤵
        • Enumerates system info in registry
        • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of WriteProcessMemory
        PID:1280
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ff81e4046f8,0x7ff81e404708,0x7ff81e404718
          4⤵
            PID:640
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,2758988271248265159,41817790840067666,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:8
            4⤵
              PID:6484
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,2758988271248265159,41817790840067666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
              4⤵
                PID:7088
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,2758988271248265159,41817790840067666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
                4⤵
                  PID:7076
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,2758988271248265159,41817790840067666,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
                  4⤵
                    PID:6276
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,2758988271248265159,41817790840067666,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
                    4⤵
                      PID:6268
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,2758988271248265159,41817790840067666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3844 /prefetch:1
                      4⤵
                        PID:8148
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,2758988271248265159,41817790840067666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4108 /prefetch:1
                        4⤵
                          PID:7536
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,2758988271248265159,41817790840067666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4252 /prefetch:1
                          4⤵
                            PID:7672
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,2758988271248265159,41817790840067666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4384 /prefetch:1
                            4⤵
                              PID:7776
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,2758988271248265159,41817790840067666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4528 /prefetch:1
                              4⤵
                                PID:8132
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,2758988271248265159,41817790840067666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1
                                4⤵
                                  PID:7848
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,2758988271248265159,41817790840067666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:1
                                  4⤵
                                    PID:8012
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,2758988271248265159,41817790840067666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4812 /prefetch:1
                                    4⤵
                                      PID:6680
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,2758988271248265159,41817790840067666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
                                      4⤵
                                        PID:8284
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,2758988271248265159,41817790840067666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6628 /prefetch:1
                                        4⤵
                                          PID:8552
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,2758988271248265159,41817790840067666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6664 /prefetch:1
                                          4⤵
                                            PID:8560
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,2758988271248265159,41817790840067666,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6948 /prefetch:1
                                            4⤵
                                              PID:9068
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,2758988271248265159,41817790840067666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6536 /prefetch:1
                                              4⤵
                                                PID:9060
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,2758988271248265159,41817790840067666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6776 /prefetch:1
                                                4⤵
                                                  PID:6368
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,2758988271248265159,41817790840067666,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7540 /prefetch:1
                                                  4⤵
                                                    PID:8620
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,2758988271248265159,41817790840067666,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7812 /prefetch:8
                                                    4⤵
                                                      PID:3320
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,2758988271248265159,41817790840067666,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7812 /prefetch:8
                                                      4⤵
                                                        PID:7496
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,2758988271248265159,41817790840067666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6840 /prefetch:1
                                                        4⤵
                                                          PID:5004
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,2758988271248265159,41817790840067666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7252 /prefetch:1
                                                          4⤵
                                                            PID:5692
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2176,2758988271248265159,41817790840067666,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7868 /prefetch:8
                                                            4⤵
                                                              PID:2072
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,2758988271248265159,41817790840067666,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2416 /prefetch:1
                                                              4⤵
                                                                PID:3448
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,2758988271248265159,41817790840067666,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3012 /prefetch:2
                                                                4⤵
                                                                  PID:6048
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login
                                                                3⤵
                                                                • Suspicious use of WriteProcessMemory
                                                                PID:4732
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff81e4046f8,0x7ff81e404708,0x7ff81e404718
                                                                  4⤵
                                                                    PID:220
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,100901682929911578,6098915292236352620,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
                                                                    4⤵
                                                                      PID:6332
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,100901682929911578,6098915292236352620,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
                                                                      4⤵
                                                                        PID:6324
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
                                                                      3⤵
                                                                      • Suspicious use of WriteProcessMemory
                                                                      PID:3224
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff81e4046f8,0x7ff81e404708,0x7ff81e404718
                                                                        4⤵
                                                                          PID:3068
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,16303125894958144152,15962854801342520621,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
                                                                          4⤵
                                                                            PID:6364
                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,16303125894958144152,15962854801342520621,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
                                                                            4⤵
                                                                              PID:6356
                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login
                                                                            3⤵
                                                                            • Suspicious use of WriteProcessMemory
                                                                            PID:4616
                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff81e4046f8,0x7ff81e404708,0x7ff81e404718
                                                                              4⤵
                                                                                PID:4056
                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1468,15248925237503926048,8053500385991410071,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3
                                                                                4⤵
                                                                                  PID:6400
                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1468,15248925237503926048,8053500385991410071,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
                                                                                  4⤵
                                                                                    PID:6392
                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login
                                                                                  3⤵
                                                                                  • Suspicious use of WriteProcessMemory
                                                                                  PID:1284
                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff81e4046f8,0x7ff81e404708,0x7ff81e404718
                                                                                    4⤵
                                                                                      PID:3972
                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1956,8030804542917262836,9698969198669934245,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
                                                                                      4⤵
                                                                                        PID:6348
                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1956,8030804542917262836,9698969198669934245,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
                                                                                        4⤵
                                                                                          PID:6340
                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform
                                                                                        3⤵
                                                                                        • Suspicious use of WriteProcessMemory
                                                                                        PID:2524
                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x140,0x16c,0x7ff81e4046f8,0x7ff81e404708,0x7ff81e404718
                                                                                          4⤵
                                                                                            PID:4496
                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,16186802874992581780,18083647635023642150,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
                                                                                            4⤵
                                                                                              PID:6440
                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,16186802874992581780,18083647635023642150,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
                                                                                              4⤵
                                                                                                PID:6428
                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login
                                                                                              3⤵
                                                                                              • Suspicious use of WriteProcessMemory
                                                                                              PID:4520
                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff81e4046f8,0x7ff81e404708,0x7ff81e404718
                                                                                                4⤵
                                                                                                  PID:4240
                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,8807546995848943103,5707792706379382669,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
                                                                                                  4⤵
                                                                                                    PID:6168
                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,8807546995848943103,5707792706379382669,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
                                                                                                    4⤵
                                                                                                      PID:6176
                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin
                                                                                                    3⤵
                                                                                                    • Suspicious use of WriteProcessMemory
                                                                                                    PID:1060
                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff81e4046f8,0x7ff81e404708,0x7ff81e404718
                                                                                                      4⤵
                                                                                                        PID:4528
                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,14596740801009576490,10665121030275793601,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
                                                                                                        4⤵
                                                                                                          PID:6316
                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,14596740801009576490,10665121030275793601,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
                                                                                                          4⤵
                                                                                                            PID:6300
                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/
                                                                                                          3⤵
                                                                                                          • Suspicious use of WriteProcessMemory
                                                                                                          PID:1808
                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff81e4046f8,0x7ff81e404708,0x7ff81e404718
                                                                                                            4⤵
                                                                                                              PID:1196
                                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,14890214551924726663,139484376126283883,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
                                                                                                              4⤵
                                                                                                                PID:6380
                                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,14890214551924726663,139484376126283883,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
                                                                                                                4⤵
                                                                                                                  PID:6372
                                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
                                                                                                                3⤵
                                                                                                                • Suspicious use of WriteProcessMemory
                                                                                                                PID:372
                                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ff81e4046f8,0x7ff81e404708,0x7ff81e404718
                                                                                                                  4⤵
                                                                                                                    PID:3964
                                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,15839206318432138545,3453003784574769154,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 /prefetch:3
                                                                                                                    4⤵
                                                                                                                      PID:7832
                                                                                                              • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 3120 -ip 3120
                                                                                                                1⤵
                                                                                                                  PID:1532
                                                                                                                • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                  C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 1156 -ip 1156
                                                                                                                  1⤵
                                                                                                                    PID:4332
                                                                                                                  • C:\Windows\System32\CompPkgSrv.exe
                                                                                                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                                    1⤵
                                                                                                                      PID:2820
                                                                                                                    • C:\Windows\System32\CompPkgSrv.exe
                                                                                                                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                                      1⤵
                                                                                                                        PID:7628
                                                                                                                      • C:\Windows\System32\CompPkgSrv.exe
                                                                                                                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                                        1⤵
                                                                                                                          PID:2916

                                                                                                                        Network

                                                                                                                        MITRE ATT&CK Enterprise v15

                                                                                                                        Replay Monitor

                                                                                                                        Loading Replay Monitor...

                                                                                                                        Downloads

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\3d8fce69-3043-4986-a6b8-806d6b6bbd4f.tmp

                                                                                                                          Filesize

                                                                                                                          2KB

                                                                                                                          MD5

                                                                                                                          31820ef3efe94c128a9f20ff1ca9bfb9

                                                                                                                          SHA1

                                                                                                                          2d3dd657f039c851c91d5dfd702af3d81ca8f238

                                                                                                                          SHA256

                                                                                                                          96465ece276dfcded2f336ed71fc8c56fb6421c177767cf2704ce4344e7c7931

                                                                                                                          SHA512

                                                                                                                          957b3b30b165ce779c65afab4d1e9cf90533a9b6af5adf7fdbf9ed06971c86d960d825fd3d02671d0835cfb1cb8d8846bcc52e4aaff341b7f8750a14bd625ebc

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\7325a1c1-b7e7-40ac-867a-9a6f9e7a17a2.tmp

                                                                                                                          Filesize

                                                                                                                          2KB

                                                                                                                          MD5

                                                                                                                          ea3fcc8e9a7096086dd0495b4632968d

                                                                                                                          SHA1

                                                                                                                          40f18e990d259ee8f73f170452fb52377d05235e

                                                                                                                          SHA256

                                                                                                                          783236e390a13afc047bd1c2ecba0df2e91b66fb81267cec2eb1c99b0503ea63

                                                                                                                          SHA512

                                                                                                                          736eaa6c45bc123a416ed184bf0110c2739d116fe9bb22d7c40949a1598fe8e41bbcfaca653c02fa37bf4f01d2e47468fd4fc08d6caaea3521d9a5cd06cfeb0d

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\86020df6-42c7-43b1-b185-9512642d5b8e.tmp

                                                                                                                          Filesize

                                                                                                                          2KB

                                                                                                                          MD5

                                                                                                                          d1b554dfdfd02e4e7d7fa4ed935bc261

                                                                                                                          SHA1

                                                                                                                          8193e8c8841049b8ba91e3799e967df1510b61d7

                                                                                                                          SHA256

                                                                                                                          9b52efb830bbea3939f31de3ec775d2453a71fbcf8f039910e1a53a65b6c3995

                                                                                                                          SHA512

                                                                                                                          e9f1f694c88a65145c943ddab3636fe226c4ab56c2cbf9f434fe8dc0d4f5db536bee78ff2eebe3d480131b4117e6c48c309c4b5a130642e27e4a8c03a805875b

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                          Filesize

                                                                                                                          152B

                                                                                                                          MD5

                                                                                                                          5990c020b2d5158c9e2f12f42d296465

                                                                                                                          SHA1

                                                                                                                          dcb52612d301824d3a7fdfd0ea20c3fcfbb7a1b4

                                                                                                                          SHA256

                                                                                                                          2f33956ce5a0bb01abb3c0fee9a321c8f8f7abcf1d7535800bf25f1dc44b1643

                                                                                                                          SHA512

                                                                                                                          9efb70c4922365967c5fa7e89967e21eede96979a149e027099da786cd8b198d4e81bb3bf2b39c8d65a8796c5d72ca79241e66fc69e2502fdec8a0c5f230412c

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                          Filesize

                                                                                                                          152B

                                                                                                                          MD5

                                                                                                                          208a234643c411e1b919e904ee20115e

                                                                                                                          SHA1

                                                                                                                          400b6e6860953f981bfe4716c345b797ed5b2b5b

                                                                                                                          SHA256

                                                                                                                          af80020ae43388bbd3db31c75aade369d489a30a933574dea19163e094d5f458

                                                                                                                          SHA512

                                                                                                                          2779b96325234c836cbb91820ee332ed56c15b534ec0c7770b322a5c03849ec3ee67b0ec7978e1fab563eeed1cea96f5155d7b942702555d9352ff6711a548d2

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

                                                                                                                          Filesize

                                                                                                                          20KB

                                                                                                                          MD5

                                                                                                                          923a543cc619ea568f91b723d9fb1ef0

                                                                                                                          SHA1

                                                                                                                          6f4ade25559645c741d7327c6e16521e43d7e1f9

                                                                                                                          SHA256

                                                                                                                          bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd

                                                                                                                          SHA512

                                                                                                                          a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

                                                                                                                          Filesize

                                                                                                                          21KB

                                                                                                                          MD5

                                                                                                                          7d75a9eb3b38b5dd04b8a7ce4f1b87cc

                                                                                                                          SHA1

                                                                                                                          68f598c84936c9720c5ffd6685294f5c94000dff

                                                                                                                          SHA256

                                                                                                                          6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7

                                                                                                                          SHA512

                                                                                                                          cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

                                                                                                                          Filesize

                                                                                                                          190KB

                                                                                                                          MD5

                                                                                                                          d55250dc737ef207ba326220fff903d1

                                                                                                                          SHA1

                                                                                                                          cbdc4af13a2ca8219d5c0b13d2c091a4234347c6

                                                                                                                          SHA256

                                                                                                                          d3e913618a52fe57ab4320e62a5ace58a699d6bce8187164e198abe3279726fd

                                                                                                                          SHA512

                                                                                                                          13adff61e2cfa25dc535eba9d63209b7e7e9bd29fc4d6c868b057df7f680aa66ef5783a0e82a8367185debf7f6fe5bae89adc0770daff5317d2e16db5ad3ab39

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

                                                                                                                          Filesize

                                                                                                                          33KB

                                                                                                                          MD5

                                                                                                                          909324d9c20060e3e73a7b5ff1f19dd8

                                                                                                                          SHA1

                                                                                                                          feea7790740db1e87419c8f5920859ea0234b76b

                                                                                                                          SHA256

                                                                                                                          dfc749d2afefe484d9aa9f8f06d461ad104a0ca9b75b46abfaaddda64a5e9278

                                                                                                                          SHA512

                                                                                                                          b64d2dce1f9a185fbb8a32adc1ff402d8045d379600bf3f9154bbde18303610f18af9fce258442db1e621ecf10b77aafe99cffedfcbe2a1490056c50cc42d0f9

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003c

                                                                                                                          Filesize

                                                                                                                          200KB

                                                                                                                          MD5

                                                                                                                          b3ba9decc3bb52ed5cca8158e05928a9

                                                                                                                          SHA1

                                                                                                                          19d045a3fbccbf788a29a4dba443d9ccf5a12fb0

                                                                                                                          SHA256

                                                                                                                          8bd1b2afcbe2fa046b0937197f1b2f393ef821ff89331f99754b9006f0114df4

                                                                                                                          SHA512

                                                                                                                          86a86d370e96fa29c0c1d12991c2287936b400830869ff7b5abe4de6f32db2df782b626d724496cd6de27f8cbd32101ba34cbcd4c650ef11afa26bc048d68529

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                                          Filesize

                                                                                                                          5KB

                                                                                                                          MD5

                                                                                                                          3cf2a7d3db5a09ac02adb82e91dd1a27

                                                                                                                          SHA1

                                                                                                                          6309c3379ba6663621c704a8a0e3cc6c925c6a27

                                                                                                                          SHA256

                                                                                                                          be366124917f5e1b1e44d2bf91b34edfa988dd7e8a7489d01fe6d884e83f871c

                                                                                                                          SHA512

                                                                                                                          5347b857ff43a76247c1f891b18dd4e4b42f028500b38094cee4f24b962cdf86762a6f6bc5cabad66bf779cca404a3929372698658c47d1a32bb0ede9c7c71e0

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                                          Filesize

                                                                                                                          5KB

                                                                                                                          MD5

                                                                                                                          e5887e77e107aaefc30fcf2cb2bd419c

                                                                                                                          SHA1

                                                                                                                          589a0a94936339d779ce2c9efa89ed0be396825a

                                                                                                                          SHA256

                                                                                                                          aaca8e028c295ad2b4921855896d82bb945587c0e9e701dd20a3208d653cf25c

                                                                                                                          SHA512

                                                                                                                          c05a1c3dcd65b2896fd36d439dc01bddcc9c72e5ecc59589485c3599e5b4d3f5f2f398cd6227347fe3a1aa32ee4a10bca54b320a510e249da0c38a196a58227b

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                                          Filesize

                                                                                                                          5KB

                                                                                                                          MD5

                                                                                                                          d6afcd0e37917491c4e15dbd5a60794e

                                                                                                                          SHA1

                                                                                                                          b886df9c130b69f866ed3de8dff36d1216337971

                                                                                                                          SHA256

                                                                                                                          aa33ce45f3410f144d1ce9d194459682abbbfe903cbfaea1efdbc1cf3d23f9b7

                                                                                                                          SHA512

                                                                                                                          da34dfa5d1b907a15129194e1a5c6b447303ccc6f11f60b366c6739df415cad2f60f93333d04d705fd44018cf53a3ba9d28e215800f238e3e0abea786648af92

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                                                                          Filesize

                                                                                                                          111B

                                                                                                                          MD5

                                                                                                                          285252a2f6327d41eab203dc2f402c67

                                                                                                                          SHA1

                                                                                                                          acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

                                                                                                                          SHA256

                                                                                                                          5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

                                                                                                                          SHA512

                                                                                                                          11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                                                                          Filesize

                                                                                                                          3KB

                                                                                                                          MD5

                                                                                                                          4cbf33a72ae94088c1e233db25a1cd3a

                                                                                                                          SHA1

                                                                                                                          0f6ad9a3f029360b03eb1d6dd9e010d6e606e5cf

                                                                                                                          SHA256

                                                                                                                          ba259017597682f4e313edcd5d713490140ec43f65cdb95b61d7f7598d14f100

                                                                                                                          SHA512

                                                                                                                          524a45ec255f3a3491a1ab7e6d486629c886e5ab74e09f39f36a6c00463bc325e1e116dc391dc177fdae2cb20198de08863c56f376f839408618498d6cfcd756

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                          Filesize

                                                                                                                          8KB

                                                                                                                          MD5

                                                                                                                          08795c6fa21d907278a1111ca5556873

                                                                                                                          SHA1

                                                                                                                          78bb0ccda051a42123e1353cf54e4dcac05db3d6

                                                                                                                          SHA256

                                                                                                                          ee6d99e5b337e6a1a50f5192f8086648a1840161f6a8acfa1f50bf084727f252

                                                                                                                          SHA512

                                                                                                                          d88a511f49f0b58e08fcb0469d3f6cd985cbfd5c19593ed2c5ca608db72959044d78f0e5000c1538efe79e5acb0978ad739ae6030ee2d8aa0f808b54ae480d23

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                          Filesize

                                                                                                                          8KB

                                                                                                                          MD5

                                                                                                                          91a42f90b763a5d2b212f459fbb5a75d

                                                                                                                          SHA1

                                                                                                                          d1c61812d008fc352f8e2fac05915a8db4739ad3

                                                                                                                          SHA256

                                                                                                                          a737ac417a727a4e6b473d1e110f01a62812ae7c9938a79114d99abeb5ab9dc8

                                                                                                                          SHA512

                                                                                                                          39a7f1ae5f6dfa7cf3cfa0ccaf891a0b900489e767a013bb7e253d0a162147e7df9e347d2edb36a7160a319b778f50fe86b93403bddda145dfdf2e335146918a

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                          Filesize

                                                                                                                          8KB

                                                                                                                          MD5

                                                                                                                          6f80d51dcca6a7f3b2f8e195cb1df52a

                                                                                                                          SHA1

                                                                                                                          91f20edc726a0cc195cf82fc84c432e9ef8d80ee

                                                                                                                          SHA256

                                                                                                                          79907f06ce2d7a6c07ead7dfc5a2be650a959d935e11aba4fa093a286b3b024d

                                                                                                                          SHA512

                                                                                                                          d667d0308ecc2f29b2dd5c508ad8117311ead558fa56be4521779e0e2e8850660956c1c0c8a1bdf7a0c4f7fc738e3687db9d4a62cb5b58ece23d03bc20c24625

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                          Filesize

                                                                                                                          8KB

                                                                                                                          MD5

                                                                                                                          9b7fb4c2558b9df4358c808ad98cf5bf

                                                                                                                          SHA1

                                                                                                                          05ff07a680da290406cf1ee270e64824cc1210a6

                                                                                                                          SHA256

                                                                                                                          8e9a61e6f993687da2c7557808afc8eb2bede95e09c742055fcb5701949623b9

                                                                                                                          SHA512

                                                                                                                          6fa31a9b1cc83cb310a08f62dd46ebf92b7f018d8770ea2f49e6bd6af74f1e36009ad03ff2bf9f38ca577489f2b0b74692ef32340f3a7227ae25d2a457cd124b

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                          Filesize

                                                                                                                          5KB

                                                                                                                          MD5

                                                                                                                          2dea52a625ba1ccd714e40fbb37513f7

                                                                                                                          SHA1

                                                                                                                          2ca5015cc24ccd15fbccadeb86b19944b2d5405e

                                                                                                                          SHA256

                                                                                                                          83fe4e3ffa21e6c6aa0faff339b6df1e4867238b1507f1bbd6198eeaae26ebf7

                                                                                                                          SHA512

                                                                                                                          8ed2f55eac5dd1119faba61cd26758feb3d5000be18682396687115a46daa828ce5d3a39a34629559a7c7901906f805951115c2ee94f180f9a4456107f4f276c

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                          Filesize

                                                                                                                          9KB

                                                                                                                          MD5

                                                                                                                          a3c72d7470e7e4637661c3fec08c8422

                                                                                                                          SHA1

                                                                                                                          c28acb0de95da9fb96c4c3e9707fb1a790e36e96

                                                                                                                          SHA256

                                                                                                                          355eccb9f5ebcb2de50864498801fb0cad3d684b15b8db91e34c287a9e3edeaf

                                                                                                                          SHA512

                                                                                                                          13f8410bea97cf3133c5e877963f75544b86550c03c5fcf0c744f9621513d4ffdf3fd9fa650784d7217a1dff2503224f7d6da7c3208810a0a1f962d485f82099

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

                                                                                                                          Filesize

                                                                                                                          24KB

                                                                                                                          MD5

                                                                                                                          5a6206a3489650bf4a9c3ce44a428126

                                                                                                                          SHA1

                                                                                                                          3137a909ef8b098687ec536c57caa1bacc77224b

                                                                                                                          SHA256

                                                                                                                          0a9e623c6df237c02a585539bffb8249de48949c6d074fe0aaf43063731a3e28

                                                                                                                          SHA512

                                                                                                                          980da83c3142bf08433ec1770a2ec5f5560daf3ee680466f89beae8290e921c0db677489daad055fbc1f196388f8bc4f60e050600381f860b06d330062440a78

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

                                                                                                                          Filesize

                                                                                                                          89B

                                                                                                                          MD5

                                                                                                                          be18b979f666bd70bd9d547a45e331be

                                                                                                                          SHA1

                                                                                                                          63cc4a3303d3ee1b1bffe3735c63a0d45edf082c

                                                                                                                          SHA256

                                                                                                                          af0d86357ab364207382824975e418f201d45cd7c6a8aa1687391e8cefcb8d4a

                                                                                                                          SHA512

                                                                                                                          22a7ba0a2cd31e932024f76a64bcfd4a3ac1911f409ed24757f68be789fe2024b77f8d0052d512a6a60676e77862f044dec41979a170707644b79b5b0b1a6a01

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

                                                                                                                          Filesize

                                                                                                                          146B

                                                                                                                          MD5

                                                                                                                          97a1a8512315580620a39d944beefe97

                                                                                                                          SHA1

                                                                                                                          2b40f104ae1fb8cbfbdabf8740a4923f8b0b1e25

                                                                                                                          SHA256

                                                                                                                          f3e4462f50d0709a6684f9544734c252dbd82be05ed8960ee8402d9ea5a419d7

                                                                                                                          SHA512

                                                                                                                          4106ce1d8f0c2870f4804ce8f39625f726bd854c13d1b78e5be90e33321f8b4d90bf01210c259aa81fafe3aa5a9accde68391a553631177a61ecdf3358918288

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

                                                                                                                          Filesize

                                                                                                                          82B

                                                                                                                          MD5

                                                                                                                          39a5b3daf99f7529b0388a8f6319669d

                                                                                                                          SHA1

                                                                                                                          c3ce86b2f29da840bbfac74cf95f1576d5253515

                                                                                                                          SHA256

                                                                                                                          4d1420153ebc90fe227db90d3baa4bfc47a1d703701bfad228a8d8c047773c48

                                                                                                                          SHA512

                                                                                                                          bc4f8c7e6a60d936bd3f626ee64926492708914344744311870f3d2f32719c86a41125bc3be38ef238b0caca9aa04f647e753338ed9a6c41ae6561f738c0340d

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\851a4075-7f84-48f2-b79c-673d0a34ffac\index-dir\the-real-index

                                                                                                                          Filesize

                                                                                                                          6KB

                                                                                                                          MD5

                                                                                                                          91c242e40ed279cb0d24fdfafdf5a121

                                                                                                                          SHA1

                                                                                                                          f36a2faca819a1fd46c227efaf31eeebb10e03f3

                                                                                                                          SHA256

                                                                                                                          69fe8aa2330c12b4263da48b189d90492dca5fe9394b84d73df936552d1a2af3

                                                                                                                          SHA512

                                                                                                                          7f76b4d6b8b47c2778d6ef123645159bc8c60f51fb525839092abf955fe8973a181ff7d42386facf784e4187ebd4e108875d421557646d0678d32eb95998da4a

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\851a4075-7f84-48f2-b79c-673d0a34ffac\index-dir\the-real-index~RFe5a01e6.TMP

                                                                                                                          Filesize

                                                                                                                          48B

                                                                                                                          MD5

                                                                                                                          811fb9b7403cfba4f6d245c29d04a5fb

                                                                                                                          SHA1

                                                                                                                          3c9a3942ac59c1c32fabc0ce1e6afde1838e9a29

                                                                                                                          SHA256

                                                                                                                          ad8de5a0840deb6c09ce94b95ae7e9db27cf7e6104e0f85daec6e40089c37c96

                                                                                                                          SHA512

                                                                                                                          1dbe370145e81dff200ddcdaf8591a831f1ce9f9c47f9f52ee088c0cae5776f7ffa005b0934f8ddc1b8ef72d79a92706960b198561e20b7bd471eab3def0a606

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

                                                                                                                          Filesize

                                                                                                                          83B

                                                                                                                          MD5

                                                                                                                          e040f12b497b746e7bff49e6d7c446bc

                                                                                                                          SHA1

                                                                                                                          b4295bd633364561290bf768af13e423bb6efb9a

                                                                                                                          SHA256

                                                                                                                          63ecef19f26a3844ccc4207d4a886368f365d9520246000b75797c8f4d3490f2

                                                                                                                          SHA512

                                                                                                                          17b59a83f7105ab970a4ae7c1b4dfe17f247d88d1f3a8e2adf3d68f42930dee415c3f53513a3b8f312d5dabb4529db8f7429f14a917acc5e47176a74caabdfd3

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

                                                                                                                          Filesize

                                                                                                                          79B

                                                                                                                          MD5

                                                                                                                          3686dde913fcf4f2c2eb1e8e1f7e99ae

                                                                                                                          SHA1

                                                                                                                          3852340335f8d70a6a599993117869b0aefdd5a4

                                                                                                                          SHA256

                                                                                                                          cddcf1e87c065550d5102e7b688eee65ac0677d53bfdd9a48daeb9a8970bc6f1

                                                                                                                          SHA512

                                                                                                                          238f795a2e9f97441d7729fa88b4e3303b9ec893cc31baf20054b9869c69fe880a2138a27c2705cf7b6bf73641d32a872f14b50d545df33986bbfb5787bfc8b4

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

                                                                                                                          Filesize

                                                                                                                          16B

                                                                                                                          MD5

                                                                                                                          46295cac801e5d4857d09837238a6394

                                                                                                                          SHA1

                                                                                                                          44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                                                                                          SHA256

                                                                                                                          0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                                                                                          SHA512

                                                                                                                          8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

                                                                                                                          Filesize

                                                                                                                          120B

                                                                                                                          MD5

                                                                                                                          dc1a019f732ac1f91bc4d50c3b2536b0

                                                                                                                          SHA1

                                                                                                                          c70a1e7321035d9e6366283d4b8c129e5d37d3e7

                                                                                                                          SHA256

                                                                                                                          a1392eba5313be831b53ee18dc884e9c63422ba69aaae6add2eb018faf51e744

                                                                                                                          SHA512

                                                                                                                          e1cbb8dacf46dff730abfa13f108d4e5c9aa29ddddf3ecf0e83b528f0ca44728447f92c04abf008401e85791cc02be4b4d5db1809417987ad3ce4e80449764fc

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe59ca1c.TMP

                                                                                                                          Filesize

                                                                                                                          48B

                                                                                                                          MD5

                                                                                                                          3e8c6739f2b108a6544bfb1ac506161e

                                                                                                                          SHA1

                                                                                                                          2cb1b6f7e8479766542fc517387c74c68930f846

                                                                                                                          SHA256

                                                                                                                          f3af3197b6dd69f3e7fbbf5f4cab46a0982821f4fc3946e3290e0b7df344007b

                                                                                                                          SHA512

                                                                                                                          41cd95b172c0ae3665dc4f7e3d81e9d930ec6886adf848be30b4918033dea6f3d71b570340845a14c1cd423b925cee474b132793f9cb15f547683cbd7827ded2

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                                          Filesize

                                                                                                                          2KB

                                                                                                                          MD5

                                                                                                                          68d17e6812a1305ef3db6bff7f239546

                                                                                                                          SHA1

                                                                                                                          a523910fc810c61607c2bd8dab0ceb3c58cbfd44

                                                                                                                          SHA256

                                                                                                                          11d1cef72bf3279eadd39981ff4453b7bfd202fc13b413bb9d8b44f3469b9374

                                                                                                                          SHA512

                                                                                                                          b145ece5abf1e65e2bd292832a8172af60089c4e7e782ab96cd69995187368825ea86b80b42b21d4edfc6748cf8346c201331326cb4247d65bec05bac368e472

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                                          Filesize

                                                                                                                          2KB

                                                                                                                          MD5

                                                                                                                          042b2c30080c5aed3104944c36b627ec

                                                                                                                          SHA1

                                                                                                                          b6fc4e4ff15e22fe3fef97b47361233743aa422e

                                                                                                                          SHA256

                                                                                                                          e4c2c10ecabbb72549a7236dffa91531da78a3d97a47be5e18c26c49bd2f8f21

                                                                                                                          SHA512

                                                                                                                          1545384a890034d4b8b7b46375ec4afb3639610d20c9eca9f8dda2f8f0e7fb2fa902d266154dd6998096fad2c343d0e2508bc738b8c719bea74a733af5c79aa8

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                                          Filesize

                                                                                                                          3KB

                                                                                                                          MD5

                                                                                                                          e23e9309ebd89bdd24b805714fcd8c33

                                                                                                                          SHA1

                                                                                                                          167fee3da340fd0a30eda9b1095e793d84daa44a

                                                                                                                          SHA256

                                                                                                                          3e10d10785ad506c2f01d7c2b38adccc98b6188c927b7841e138f918686a040d

                                                                                                                          SHA512

                                                                                                                          4a76fa68bf4b081cfdf4bc2239012773fbc8148a9fa0b52b606ed0bbb98082004fe9a41808270f8a035acb6dec7c02b526be7054c22d956ff4fc04673e138228

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                                          Filesize

                                                                                                                          4KB

                                                                                                                          MD5

                                                                                                                          cb95d669669f1d5231f2a3bf2496dde8

                                                                                                                          SHA1

                                                                                                                          e3930bdc8b037a7f0bebc21790b7f4abb5426f97

                                                                                                                          SHA256

                                                                                                                          418beb8c8fa6f26ca465d4d7defb25f3ccbb63747ed3f766bb24e822c2f1385d

                                                                                                                          SHA512

                                                                                                                          346a97759f01ed6b1d9c4f012f24ea868479af0766c690358613be23106471bf9a8dcfd9a029914bfe9b9fa70b68844392fb30dfbaa6326d3d4beabd03297b9b

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                                          Filesize

                                                                                                                          4KB

                                                                                                                          MD5

                                                                                                                          2b076eb742d67f2ac90d3e32ae34fab0

                                                                                                                          SHA1

                                                                                                                          f1daef58158e48c339c5aa371d21517b5b56b36b

                                                                                                                          SHA256

                                                                                                                          c94a3a8bd90508e96b43f35661b9b0fcacb02a6fa8c0c2cce43f36a5ab13b13e

                                                                                                                          SHA512

                                                                                                                          7e9a901dea9951d83f4e3979eca55d8f63b408154ebe6b164a0ad9d3335d1ccea28d80180945bcbb5a29a75f42368ec459b9d34171f1da3c18c101a1680565c2

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                                          Filesize

                                                                                                                          4KB

                                                                                                                          MD5

                                                                                                                          effd4d926459b47151b4dd417438a0db

                                                                                                                          SHA1

                                                                                                                          75abdd13f15d6b09e4888d878e641012b74b26dd

                                                                                                                          SHA256

                                                                                                                          f1cbf812503e7229ad45ec81d0d303671ea6dd1390e058616b0b5139edc83256

                                                                                                                          SHA512

                                                                                                                          8fabfdaf50377fbf40efe1ec50ae840847ee9e0aa63b1d5a3cdc891cd7095aa75fca9df4b553c68d4801186ef13be9dce9d3e1931d3e62c70b5dbd48d6384d38

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                                          Filesize

                                                                                                                          4KB

                                                                                                                          MD5

                                                                                                                          65adb6b9dfad61c20708086d413c6443

                                                                                                                          SHA1

                                                                                                                          2366f0443dc444c9b8fc98a7f9fb810b6edf8cec

                                                                                                                          SHA256

                                                                                                                          65b90cbbbb2d174099008af725d5857700da71e4c49d66b010bd77aeb5e9f87d

                                                                                                                          SHA512

                                                                                                                          ba578ebfd07490ff63357128aa563d010a0cda2a6dc267f7d233b4c932e4015278719495bf14f6217b144ad1477590c133327074d8e6a79d34f08d9a73a93b82

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe590640.TMP

                                                                                                                          Filesize

                                                                                                                          1KB

                                                                                                                          MD5

                                                                                                                          8dd0172d0ce656cef642f40ca3189a48

                                                                                                                          SHA1

                                                                                                                          4bb50947784b71312470ee3042caaa84c45d1cbd

                                                                                                                          SHA256

                                                                                                                          9a047d2e2563bbc85de1b91dd92e650caa3485bc811f15f98c2f5751e27a66aa

                                                                                                                          SHA512

                                                                                                                          fa5a4057e7731cef2971059d147ee32194fafb85dec0fff5ce7f618fa605d7160a33c9dba1cdc02b889ed7355f758e6ab7adba37953a5456016a9918214d326f

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                                                                                          Filesize

                                                                                                                          16B

                                                                                                                          MD5

                                                                                                                          6752a1d65b201c13b62ea44016eb221f

                                                                                                                          SHA1

                                                                                                                          58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                                                                                          SHA256

                                                                                                                          0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                                                                                          SHA512

                                                                                                                          9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                                          Filesize

                                                                                                                          2KB

                                                                                                                          MD5

                                                                                                                          3d82802805ca1ec6451054715bb3c6c5

                                                                                                                          SHA1

                                                                                                                          83b4a788b0d63c875609137321523f0396b4917e

                                                                                                                          SHA256

                                                                                                                          8f9611dd9ec8891b4f0007b399a9c069830cc18e7b22f34fb1cd3a1fd847f9be

                                                                                                                          SHA512

                                                                                                                          48802f8eb8a1c08c99b2455b2a4f645ebc6db1f34c188a91b9faab1b8eb1a2127cb4cac4ccd99f332102a52b534ff02acff3c1cd70be09408b6cc473f88fa8e0

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                                          Filesize

                                                                                                                          10KB

                                                                                                                          MD5

                                                                                                                          48d6f6a2733fd7859ca0c9510ba1b6f2

                                                                                                                          SHA1

                                                                                                                          8ae1eb7af0409c8d955636928f83a41456df2d24

                                                                                                                          SHA256

                                                                                                                          3211b691ea05cf585a5afcda9053d4fff5898268c8d1cd1b5958c2d874b3da3c

                                                                                                                          SHA512

                                                                                                                          7b66c1ef8a56e5c0977610cdbafbe34baded8d999403bca3907671043c2e854b1f3aa80ad8422f6c02a0e274574a6e5c0730460c5005a54da104228ace99672a

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                                          Filesize

                                                                                                                          2KB

                                                                                                                          MD5

                                                                                                                          1c459a874326705b42f438dbc1746ada

                                                                                                                          SHA1

                                                                                                                          2aeb7c2edca01c05493257b1ffa98b78e76a1cf9

                                                                                                                          SHA256

                                                                                                                          8a665ad7c4803edbc7c0fd13699293fa3e82b043e5965a32f10165cbfa101155

                                                                                                                          SHA512

                                                                                                                          bf44132789024101602b03b493d3590f32a272f97b0f0af46ab13d91b92ba4beb91012cbc00a967f660a534e898069cd74541b39b3f7f13d93d16efe92b6fa8b

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                                          Filesize

                                                                                                                          2KB

                                                                                                                          MD5

                                                                                                                          3ae1780fac4a5ce47693082bd2950a49

                                                                                                                          SHA1

                                                                                                                          1e1cba6be0d6e2e599a6b77c71c5ee319be60372

                                                                                                                          SHA256

                                                                                                                          4233571ba13e1c632c30a0c70fa6a472cdabe5db2763fdb810579d9a715cd5ca

                                                                                                                          SHA512

                                                                                                                          dfa985b7b31c02c3c76a42fd7d88e95660c1fba0b3c89dee23e91e3458acdf5f7376e50d2c8019d22a7cfb5857c87e2e2d9fcc0070a3784aa4e21a9003d426a4

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                                          Filesize

                                                                                                                          2KB

                                                                                                                          MD5

                                                                                                                          f4e0c5c1234dafafee612e7c22d9ea81

                                                                                                                          SHA1

                                                                                                                          7f4017ea087fac05979c23c80ee7fadffc22090e

                                                                                                                          SHA256

                                                                                                                          88e106afbf7493c1dee1051b26c743a2f31be04178eb60a5e7179d8d16fd1402

                                                                                                                          SHA512

                                                                                                                          da687bcc236e8fc434e699edd3f0a4aa5e90118bd1dbe654491eee487f5337eea729dc0b821e1cc54eeb635a3684e2233c418aaf1a85065b462cb60e3d956727

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                                          Filesize

                                                                                                                          2KB

                                                                                                                          MD5

                                                                                                                          0f77adcbc6ab37c14d227f1bb29d4134

                                                                                                                          SHA1

                                                                                                                          3bee97f1e0d57ac543b61262af9b64165dca1be3

                                                                                                                          SHA256

                                                                                                                          01915cbbcbee704c572b5c34c0691c176fedb6b5406ed8d7575f41fef02272de

                                                                                                                          SHA512

                                                                                                                          0fb9fc57cc3be32ff18eba5f20e2b7cb8e127b2deabaf0e715bea5c4ac8135896bfca1e63d454eafe4e15f198e733060e47c89c77027238cec9807ee9164fb55

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\affe3144-c2be-4bb8-a163-20e079c403cf.tmp

                                                                                                                          Filesize

                                                                                                                          2KB

                                                                                                                          MD5

                                                                                                                          e93b8175b0d19a6fa5f041ca92f958af

                                                                                                                          SHA1

                                                                                                                          3b09af444cfc6efa456e83b55fb985218b48a365

                                                                                                                          SHA256

                                                                                                                          136f0e91fd7fe0060f159d9252b6de3e73e4a219c8267e139ccbd96e0fce8f20

                                                                                                                          SHA512

                                                                                                                          fbd2d6de79f27e6b9ef2b21447c0ac84f164e18c6c810afb965e559ea2fd93333791784b16ac1fbcffc79860812ab464c3135605e4e9ef606813842e78b509ac

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6jC5HK2.exe

                                                                                                                          Filesize

                                                                                                                          898KB

                                                                                                                          MD5

                                                                                                                          27ecc836a50bd373e578a22cae0ded66

                                                                                                                          SHA1

                                                                                                                          80f7a99f176ffd26d0130d1c44f9ad39d708073f

                                                                                                                          SHA256

                                                                                                                          7726f23ddd869d9d2f6a9bdd8e003d7c30cacba0e075a5de66d0264a1bf02d27

                                                                                                                          SHA512

                                                                                                                          9ba4597008019697ebdbe8690e49be5090966110d540967544eec900286bf7a9a7898bba30be2e33fdf6fd5d473a1654896432cc17a153b513f53f0145151de9

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Eq9cU73.exe

                                                                                                                          Filesize

                                                                                                                          1.7MB

                                                                                                                          MD5

                                                                                                                          8a1b009fc8e0974b528e4275f99db886

                                                                                                                          SHA1

                                                                                                                          c345cc99a28217ab0876172d29c5e1e9f93b587c

                                                                                                                          SHA256

                                                                                                                          11b197fa1eb91de877de87d1b2b09da5620c62f65b24d0fb42b928fb03b6348e

                                                                                                                          SHA512

                                                                                                                          759ed4b7657c9bff0e1df45fadc189767398c327008d9b9a2fa51748d6fcbb1f828f3ba2f00e7f6a1e4b7f22ad25fa87b2e3a6f412f94ed86672bacdcf95639f

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\4kH255ai.exe

                                                                                                                          Filesize

                                                                                                                          1.6MB

                                                                                                                          MD5

                                                                                                                          0baa764db0a83573db49f94110dd9381

                                                                                                                          SHA1

                                                                                                                          30884d5f10ece6cae446939465cfd7e37b637db1

                                                                                                                          SHA256

                                                                                                                          d267aa9df74c04396d27f886d9f43bfefe24b7e65236b2d993c075bbbc799d2a

                                                                                                                          SHA512

                                                                                                                          ff795d7ceddb7231ed58a67084226b494ccf0259113959047abd55df719728550548b1333aa031eba16116562f5ae8312f3321d4f548f1b983f45cd038bc5f7a

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\dy6GC88.exe

                                                                                                                          Filesize

                                                                                                                          149KB

                                                                                                                          MD5

                                                                                                                          9c8c314a47a2fc78cc7e734b75da68ee

                                                                                                                          SHA1

                                                                                                                          7017a7fabed0fe4f8a3fa89ff2277dd0c3b79961

                                                                                                                          SHA256

                                                                                                                          85140a79939ca950c05769211d0cc339f1373b2a27730f90543ae6b467704d83

                                                                                                                          SHA512

                                                                                                                          abbf80bbf9a8ebb438c7da6fca6f86186545b68b1ac035e5ed0a8b878d4e0950d76e8cac0de380f8e5a4d4fe0ac21f5b9e9ca819e049e92ded2f5e21433fb35a

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\dy6GC88.exe

                                                                                                                          Filesize

                                                                                                                          640KB

                                                                                                                          MD5

                                                                                                                          a73436ed412970e6b02c4f59f2b75da2

                                                                                                                          SHA1

                                                                                                                          167fab21123f2da83b27f2a3a9d2590bf0088df2

                                                                                                                          SHA256

                                                                                                                          7c7a43260a7d65e16ccb9af2ab93968aab06afe3b5f7c161b5a66042f0627274

                                                                                                                          SHA512

                                                                                                                          52d352f3c3b8beba06bb8efc95ec3f231ac5f6d1c146f3cbad048492145c33af929a69aee351839901cfec1da86f1d0ffd88d1e45be1715517c5c8f60c9de435

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1FZ20aG9.exe

                                                                                                                          Filesize

                                                                                                                          919KB

                                                                                                                          MD5

                                                                                                                          604ee8b2814d90766d4d59e25dc25a1e

                                                                                                                          SHA1

                                                                                                                          7d50ebede35897b3a836345674519fd282246b8a

                                                                                                                          SHA256

                                                                                                                          bea82422145d7acb3fe26ca44f26971c323fe71253e3dccac2554cb2652ab4b8

                                                                                                                          SHA512

                                                                                                                          c0883eb5b5d7990adf9b3c7cb9fe63ba34c6a9cdd7174082ba79a0260661feb44d451f0bb88929c56f7da62873b42091ada537dea33cd15b079f003921fcf3ed

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3MD71nX.exe

                                                                                                                          Filesize

                                                                                                                          38KB

                                                                                                                          MD5

                                                                                                                          0d4c5ced76b9d05f84648b15ab9850e5

                                                                                                                          SHA1

                                                                                                                          e8a343b83ec680da6e905f0e72e4930c6a0be10d

                                                                                                                          SHA256

                                                                                                                          2713a143cd98927693fe914987b35b171e1f777d5ef2d414153488a4a5960925

                                                                                                                          SHA512

                                                                                                                          ef880d6751caac01ddc2b9c752ca9437e41f943a0481b616fce9675aa75c8ec9467fd20ec26d630d254bf2316bb7c042c971720d28b6903da1d822513461ddb0

                                                                                                                        • memory/2084-33-0x0000000000400000-0x000000000040B000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          44KB

                                                                                                                        • memory/2084-29-0x0000000000400000-0x000000000040B000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          44KB

                                                                                                                        • memory/3120-26-0x0000000002680000-0x0000000002815000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          1.6MB

                                                                                                                        • memory/3120-23-0x0000000002680000-0x0000000002815000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          1.6MB

                                                                                                                        • memory/3120-24-0x0000000000400000-0x0000000000908000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          5.0MB

                                                                                                                        • memory/3120-22-0x00000000025A0000-0x0000000002678000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          864KB

                                                                                                                        • memory/3292-31-0x0000000002290000-0x00000000022A6000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          88KB