Analysis

  • max time kernel
    153s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231127-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231127-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-12-2023 04:48

General

  • Target

    b382da86a6f436a30fec38e5c87c02608cc9a7f3b0605bf8335f76f6eb94d83b.exe

  • Size

    2.2MB

  • MD5

    8059182a10a66a117b43d2a3c7aa1cfe

  • SHA1

    a8900b8ec130c4b8c66c9b009c5273fe4dc0965c

  • SHA256

    b382da86a6f436a30fec38e5c87c02608cc9a7f3b0605bf8335f76f6eb94d83b

  • SHA512

    14251ea4a3e9be8d3a594a70119996b609ced01c33f0be3d00311d15e17bed8e52201a2e593f914d618dcda7fb2ced5f52ee3da16800baec79abc2de074c7f65

  • SSDEEP

    49152:3CfzuGA9J6e2dRsyUYpgMEJwec9DoTyfc/SnNQYTypkVfZ:OzuGA9we2UtYfsIcTy0C3Ty6V

Malware Config

Extracted

Family

risepro

C2

193.233.132.51

Extracted

Family

smokeloader

Version

2022

C2

http://81.19.131.34/fks/index.php

rc4.i32
rc4.i32

Signatures

  • PrivateLoader

    PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

  • SmokeLoader

    Modular backdoor trojan in use since 2014.

  • Executes dropped EXE 6 IoCs
  • Adds Run key to start application 2 TTPs 3 IoCs
  • AutoIT Executable 1 IoCs

    AutoIT scripts compiled to PE executables.

  • Detected potential entity reuse from brand paypal.
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 2 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs
  • Suspicious use of AdjustPrivilegeToken 54 IoCs
  • Suspicious use of FindShellTrayWindow 39 IoCs
  • Suspicious use of SendNotifyMessage 34 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b382da86a6f436a30fec38e5c87c02608cc9a7f3b0605bf8335f76f6eb94d83b.exe
    "C:\Users\Admin\AppData\Local\Temp\b382da86a6f436a30fec38e5c87c02608cc9a7f3b0605bf8335f76f6eb94d83b.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:2008
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\oR3ny00.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\oR3ny00.exe
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious use of WriteProcessMemory
      PID:4672
      • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\kj3qv78.exe
        C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\kj3qv78.exe
        3⤵
        • Executes dropped EXE
        • Adds Run key to start application
        • Suspicious use of WriteProcessMemory
        PID:644
        • C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1TY31zg9.exe
          C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1TY31zg9.exe
          4⤵
          • Executes dropped EXE
          PID:1592
          • C:\Windows\SysWOW64\WerFault.exe
            C:\Windows\SysWOW64\WerFault.exe -u -p 1592 -s 632
            5⤵
            • Program crash
            PID:1840
        • C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3nC48Vv.exe
          C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3nC48Vv.exe
          4⤵
          • Executes dropped EXE
          • Checks SCSI registry key(s)
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious behavior: MapViewOfSection
          PID:2944
      • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\4Yg507bR.exe
        C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\4Yg507bR.exe
        3⤵
        • Executes dropped EXE
        PID:4144
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 4144 -s 608
          4⤵
          • Program crash
          PID:4692
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6Uu3ED7.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6Uu3ED7.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:2092
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:532
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x16c,0x170,0x174,0x148,0x178,0x7fff19b446f8,0x7fff19b44708,0x7fff19b44718
          4⤵
            PID:3996
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,1472081695434753538,17157748974154309803,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
            4⤵
              PID:2984
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,1472081695434753538,17157748974154309803,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
              4⤵
                PID:2540
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login
              3⤵
              • Suspicious use of WriteProcessMemory
              PID:3540
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7fff19b446f8,0x7fff19b44708,0x7fff19b44718
                4⤵
                  PID:1176
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,10007660865944489708,17464568666789840264,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
                  4⤵
                    PID:5996
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,10007660865944489708,17464568666789840264,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
                    4⤵
                      PID:5840
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
                    3⤵
                    • Enumerates system info in registry
                    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                    • Suspicious use of FindShellTrayWindow
                    • Suspicious use of SendNotifyMessage
                    • Suspicious use of WriteProcessMemory
                    PID:1392
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7fff19b446f8,0x7fff19b44708,0x7fff19b44718
                      4⤵
                        PID:4196
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,8377005773930595084,17738863247681011987,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
                        4⤵
                          PID:6184
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,8377005773930595084,17738863247681011987,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
                          4⤵
                            PID:6164
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,8377005773930595084,17738863247681011987,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
                            4⤵
                              PID:6496
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8377005773930595084,17738863247681011987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
                              4⤵
                                PID:5852
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8377005773930595084,17738863247681011987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
                                4⤵
                                  PID:5844
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8377005773930595084,17738863247681011987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2912 /prefetch:1
                                  4⤵
                                    PID:7964
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8377005773930595084,17738863247681011987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4076 /prefetch:1
                                    4⤵
                                      PID:8164
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8377005773930595084,17738863247681011987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4016 /prefetch:1
                                      4⤵
                                        PID:7892
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8377005773930595084,17738863247681011987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4396 /prefetch:1
                                        4⤵
                                          PID:7704
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8377005773930595084,17738863247681011987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4632 /prefetch:1
                                          4⤵
                                            PID:464
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8377005773930595084,17738863247681011987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1
                                            4⤵
                                              PID:6384
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8377005773930595084,17738863247681011987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2464 /prefetch:1
                                              4⤵
                                                PID:3900
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8377005773930595084,17738863247681011987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
                                                4⤵
                                                  PID:8176
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8377005773930595084,17738863247681011987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
                                                  4⤵
                                                    PID:8296
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8377005773930595084,17738863247681011987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6388 /prefetch:1
                                                    4⤵
                                                      PID:8540
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8377005773930595084,17738863247681011987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6472 /prefetch:1
                                                      4⤵
                                                        PID:8512
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8377005773930595084,17738863247681011987,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7392 /prefetch:1
                                                        4⤵
                                                          PID:8856
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8377005773930595084,17738863247681011987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7372 /prefetch:1
                                                          4⤵
                                                            PID:8820
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8377005773930595084,17738863247681011987,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8668 /prefetch:1
                                                            4⤵
                                                              PID:6352
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8377005773930595084,17738863247681011987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8644 /prefetch:1
                                                              4⤵
                                                                PID:9060
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,8377005773930595084,17738863247681011987,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9088 /prefetch:8
                                                                4⤵
                                                                  PID:6880
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,8377005773930595084,17738863247681011987,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9088 /prefetch:8
                                                                  4⤵
                                                                    PID:8928
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8377005773930595084,17738863247681011987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7672 /prefetch:1
                                                                    4⤵
                                                                      PID:4092
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8377005773930595084,17738863247681011987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8584 /prefetch:1
                                                                      4⤵
                                                                        PID:6624
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2148,8377005773930595084,17738863247681011987,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7008 /prefetch:8
                                                                        4⤵
                                                                          PID:5360
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,8377005773930595084,17738863247681011987,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7304 /prefetch:1
                                                                          4⤵
                                                                            PID:8664
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login
                                                                          3⤵
                                                                          • Suspicious use of WriteProcessMemory
                                                                          PID:3852
                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7fff19b446f8,0x7fff19b44708,0x7fff19b44718
                                                                            4⤵
                                                                              PID:2992
                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,839795633518278672,3514023208850757686,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
                                                                              4⤵
                                                                                PID:2252
                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,839795633518278672,3514023208850757686,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
                                                                                4⤵
                                                                                  PID:5556
                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login
                                                                                3⤵
                                                                                • Suspicious use of WriteProcessMemory
                                                                                PID:3480
                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7fff19b446f8,0x7fff19b44708,0x7fff19b44718
                                                                                  4⤵
                                                                                    PID:3048
                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1832,8645596334096709533,5861987586367555021,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
                                                                                    4⤵
                                                                                      PID:7136
                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1832,8645596334096709533,5861987586367555021,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
                                                                                      4⤵
                                                                                        PID:7128
                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform
                                                                                      3⤵
                                                                                      • Suspicious use of WriteProcessMemory
                                                                                      PID:1552
                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7fff19b446f8,0x7fff19b44708,0x7fff19b44718
                                                                                        4⤵
                                                                                          PID:3348
                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,6134722261490435395,5914231634753445249,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
                                                                                          4⤵
                                                                                            PID:6280
                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,6134722261490435395,5914231634753445249,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
                                                                                            4⤵
                                                                                              PID:6272
                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login
                                                                                            3⤵
                                                                                            • Suspicious use of WriteProcessMemory
                                                                                            PID:4924
                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7fff19b446f8,0x7fff19b44708,0x7fff19b44718
                                                                                              4⤵
                                                                                                PID:4392
                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2200,12683298696804192781,5739533448483614880,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
                                                                                                4⤵
                                                                                                  PID:6720
                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,12683298696804192781,5739533448483614880,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:2
                                                                                                  4⤵
                                                                                                    PID:6680
                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin
                                                                                                  3⤵
                                                                                                  • Suspicious use of WriteProcessMemory
                                                                                                  PID:4632
                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x84,0x16c,0x7fff19b446f8,0x7fff19b44708,0x7fff19b44718
                                                                                                    4⤵
                                                                                                      PID:3108
                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,5747996681981409494,4554770919684477117,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
                                                                                                      4⤵
                                                                                                        PID:6192
                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,5747996681981409494,4554770919684477117,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
                                                                                                        4⤵
                                                                                                          PID:6172
                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/
                                                                                                        3⤵
                                                                                                        • Suspicious use of WriteProcessMemory
                                                                                                        PID:4500
                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7fff19b446f8,0x7fff19b44708,0x7fff19b44718
                                                                                                          4⤵
                                                                                                            PID:4908
                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,3762772305351290841,17058082060331673399,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
                                                                                                            4⤵
                                                                                                              PID:6296
                                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,3762772305351290841,17058082060331673399,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
                                                                                                              4⤵
                                                                                                                PID:6288
                                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
                                                                                                              3⤵
                                                                                                              • Suspicious use of WriteProcessMemory
                                                                                                              PID:2944
                                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7fff19b446f8,0x7fff19b44708,0x7fff19b44718
                                                                                                                4⤵
                                                                                                                  PID:2068
                                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1468,18200337598355312956,15234244180633474596,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
                                                                                                                  4⤵
                                                                                                                    PID:6316
                                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1468,18200337598355312956,15234244180633474596,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
                                                                                                                    4⤵
                                                                                                                      PID:6308
                                                                                                              • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 1592 -ip 1592
                                                                                                                1⤵
                                                                                                                  PID:1448
                                                                                                                • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                  C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 4144 -ip 4144
                                                                                                                  1⤵
                                                                                                                    PID:2316
                                                                                                                  • C:\Windows\System32\CompPkgSrv.exe
                                                                                                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                                    1⤵
                                                                                                                      PID:8124
                                                                                                                    • C:\Windows\System32\CompPkgSrv.exe
                                                                                                                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                                      1⤵
                                                                                                                        PID:6388
                                                                                                                      • C:\Windows\System32\CompPkgSrv.exe
                                                                                                                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                                        1⤵
                                                                                                                          PID:7152

                                                                                                                        Network

                                                                                                                        MITRE ATT&CK Enterprise v15

                                                                                                                        Replay Monitor

                                                                                                                        Loading Replay Monitor...

                                                                                                                        Downloads

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\15d6c9f6-9192-45e6-9547-b06185a5aee2.tmp

                                                                                                                          Filesize

                                                                                                                          2KB

                                                                                                                          MD5

                                                                                                                          486c15007a2ae84f156b15ed04d8fa8e

                                                                                                                          SHA1

                                                                                                                          94d649edfa4db562fe2f8af7052d1b36cf952ded

                                                                                                                          SHA256

                                                                                                                          af7e4c3c009dc24b7467ac3228f262fde17ee9bc65ace2e4dc7ece27a95a19c4

                                                                                                                          SHA512

                                                                                                                          68a789830b50d7665e40d718d8470d499dc9043449cf5d410d28d8c82f2eadf2a868eca18b27a3a9c625f5fd35a681a1a460420dc157aaa4838dd5e77530bb2a

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\599664d9-e2a0-42c9-bc55-8a1ca583a010.tmp

                                                                                                                          Filesize

                                                                                                                          2KB

                                                                                                                          MD5

                                                                                                                          9c93b0b61910c44c603eaa94313887d0

                                                                                                                          SHA1

                                                                                                                          bfca1489037c0a434eef3f62bd678bad0c7ad4c6

                                                                                                                          SHA256

                                                                                                                          904ad43f9c1dc2d979584cc619d5a4709754bff9eb52ead4a00638f52b0f7a34

                                                                                                                          SHA512

                                                                                                                          f04492c264dc21244b8a88e6854419e1f1407a2e3ce8bcda4df8f0a00bb5b416975921a1fb62d3c1a069b7f618cf272a06d3dc3661cc8f6bfc2e88258036b517

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                          Filesize

                                                                                                                          152B

                                                                                                                          MD5

                                                                                                                          5990c020b2d5158c9e2f12f42d296465

                                                                                                                          SHA1

                                                                                                                          dcb52612d301824d3a7fdfd0ea20c3fcfbb7a1b4

                                                                                                                          SHA256

                                                                                                                          2f33956ce5a0bb01abb3c0fee9a321c8f8f7abcf1d7535800bf25f1dc44b1643

                                                                                                                          SHA512

                                                                                                                          9efb70c4922365967c5fa7e89967e21eede96979a149e027099da786cd8b198d4e81bb3bf2b39c8d65a8796c5d72ca79241e66fc69e2502fdec8a0c5f230412c

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                          Filesize

                                                                                                                          152B

                                                                                                                          MD5

                                                                                                                          208a234643c411e1b919e904ee20115e

                                                                                                                          SHA1

                                                                                                                          400b6e6860953f981bfe4716c345b797ed5b2b5b

                                                                                                                          SHA256

                                                                                                                          af80020ae43388bbd3db31c75aade369d489a30a933574dea19163e094d5f458

                                                                                                                          SHA512

                                                                                                                          2779b96325234c836cbb91820ee332ed56c15b534ec0c7770b322a5c03849ec3ee67b0ec7978e1fab563eeed1cea96f5155d7b942702555d9352ff6711a548d2

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

                                                                                                                          Filesize

                                                                                                                          20KB

                                                                                                                          MD5

                                                                                                                          923a543cc619ea568f91b723d9fb1ef0

                                                                                                                          SHA1

                                                                                                                          6f4ade25559645c741d7327c6e16521e43d7e1f9

                                                                                                                          SHA256

                                                                                                                          bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd

                                                                                                                          SHA512

                                                                                                                          a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

                                                                                                                          Filesize

                                                                                                                          21KB

                                                                                                                          MD5

                                                                                                                          7d75a9eb3b38b5dd04b8a7ce4f1b87cc

                                                                                                                          SHA1

                                                                                                                          68f598c84936c9720c5ffd6685294f5c94000dff

                                                                                                                          SHA256

                                                                                                                          6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7

                                                                                                                          SHA512

                                                                                                                          cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000056

                                                                                                                          Filesize

                                                                                                                          33KB

                                                                                                                          MD5

                                                                                                                          909324d9c20060e3e73a7b5ff1f19dd8

                                                                                                                          SHA1

                                                                                                                          feea7790740db1e87419c8f5920859ea0234b76b

                                                                                                                          SHA256

                                                                                                                          dfc749d2afefe484d9aa9f8f06d461ad104a0ca9b75b46abfaaddda64a5e9278

                                                                                                                          SHA512

                                                                                                                          b64d2dce1f9a185fbb8a32adc1ff402d8045d379600bf3f9154bbde18303610f18af9fce258442db1e621ecf10b77aafe99cffedfcbe2a1490056c50cc42d0f9

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000057

                                                                                                                          Filesize

                                                                                                                          190KB

                                                                                                                          MD5

                                                                                                                          d55250dc737ef207ba326220fff903d1

                                                                                                                          SHA1

                                                                                                                          cbdc4af13a2ca8219d5c0b13d2c091a4234347c6

                                                                                                                          SHA256

                                                                                                                          d3e913618a52fe57ab4320e62a5ace58a699d6bce8187164e198abe3279726fd

                                                                                                                          SHA512

                                                                                                                          13adff61e2cfa25dc535eba9d63209b7e7e9bd29fc4d6c868b057df7f680aa66ef5783a0e82a8367185debf7f6fe5bae89adc0770daff5317d2e16db5ad3ab39

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005c

                                                                                                                          Filesize

                                                                                                                          200KB

                                                                                                                          MD5

                                                                                                                          b3ba9decc3bb52ed5cca8158e05928a9

                                                                                                                          SHA1

                                                                                                                          19d045a3fbccbf788a29a4dba443d9ccf5a12fb0

                                                                                                                          SHA256

                                                                                                                          8bd1b2afcbe2fa046b0937197f1b2f393ef821ff89331f99754b9006f0114df4

                                                                                                                          SHA512

                                                                                                                          86a86d370e96fa29c0c1d12991c2287936b400830869ff7b5abe4de6f32db2df782b626d724496cd6de27f8cbd32101ba34cbcd4c650ef11afa26bc048d68529

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                                          Filesize

                                                                                                                          5KB

                                                                                                                          MD5

                                                                                                                          229a0d58ea050fcabaf8bca5f5a7f427

                                                                                                                          SHA1

                                                                                                                          f9af4ccb477f8c868698dc5fc927df3c1cb51384

                                                                                                                          SHA256

                                                                                                                          0d8c9b1853e3c9ee15132200f7e2bcb11a516b37c11fd3cc7e6c94bdfd5ef0f2

                                                                                                                          SHA512

                                                                                                                          1c4f8efa6deb8b20d7c3cc947fe64134d100d2210fe9199e87a06d46e4fe93789ac85d7221fe4debd6a9e560c4132157fd360e3fdbfdecd13bf74cb8fb586e71

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                                          Filesize

                                                                                                                          5KB

                                                                                                                          MD5

                                                                                                                          7c43664813e164c5be7f2b504ecb2854

                                                                                                                          SHA1

                                                                                                                          a0c5ff2dae2dad4ecb8a2e590a3dd5ba852f64a0

                                                                                                                          SHA256

                                                                                                                          906beb320bb234f2cd85dd46f05c7580c4db340c24d03ba2163e3d1dc0b9b262

                                                                                                                          SHA512

                                                                                                                          49f0830b8064f48ff58c8f4f05edf67149e353092b4360bdc4f95f1cdc3ebe2560d2ec75d42f9df0e6751d9d0ae43b2f183afe1fcc193aab00bcd9e47cf8e79c

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                                                                          Filesize

                                                                                                                          111B

                                                                                                                          MD5

                                                                                                                          285252a2f6327d41eab203dc2f402c67

                                                                                                                          SHA1

                                                                                                                          acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

                                                                                                                          SHA256

                                                                                                                          5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

                                                                                                                          SHA512

                                                                                                                          11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                                                                          Filesize

                                                                                                                          3KB

                                                                                                                          MD5

                                                                                                                          ffd14658db9a623b71ab301c2800994a

                                                                                                                          SHA1

                                                                                                                          adda3f294ab87006b8c97b8555698b60469381b4

                                                                                                                          SHA256

                                                                                                                          410d271eb5a940da959758bafa5e0b5146b7724349026a92b649a06ec5326788

                                                                                                                          SHA512

                                                                                                                          2514e0bf9b54d3c0ce1dff9da9141e9e079228a31fc1d0a276e9f9b24b392d25f4a4ac69fa4ceffda607f250e8600514b927e1e11063f21057b4f23ce91fe685

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                          Filesize

                                                                                                                          5KB

                                                                                                                          MD5

                                                                                                                          7482f64180a626a6f77755f8a5d7d020

                                                                                                                          SHA1

                                                                                                                          7e05fe68f6e7ad401d8e592219c10f54ff448585

                                                                                                                          SHA256

                                                                                                                          14cbedb35218482a3296eb5939a291fbad771f110a12b53c8e9278c02fe969b5

                                                                                                                          SHA512

                                                                                                                          39299372c98b364cce45e6cbdf8fa205aa31ff6bec7928a6425cb8d14b31c034ef99213ab87f50a4dbf204ef50db2bc8bd1029b0d8765f3b4eae5f18d6500c6e

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                          Filesize

                                                                                                                          7KB

                                                                                                                          MD5

                                                                                                                          80ace3be3b9ba7a13d74b82e0f7e410c

                                                                                                                          SHA1

                                                                                                                          eab4ca75f58aee2ab7f76d1f439555434023fa82

                                                                                                                          SHA256

                                                                                                                          29d038090ea791c94bda6d58b5ed8eef65b3d2c87d28f3efc65c895539ad791a

                                                                                                                          SHA512

                                                                                                                          cf1409c25043d0b67fb3df6d04f6d6c67c6a399772c74f2350f14947397ba78b0dd3d4a5c365364f0516fb677de732eb8095161a10ce988277edc4e3a4ba367a

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                          Filesize

                                                                                                                          8KB

                                                                                                                          MD5

                                                                                                                          acb5b784a0d4024430d8fac3f3e6b928

                                                                                                                          SHA1

                                                                                                                          0409cda88468c02c8becc446394bceef77949e60

                                                                                                                          SHA256

                                                                                                                          269bb471ea1f6e709aefceeb1e02edcff1dc20562c993850c2d844d7d39dc631

                                                                                                                          SHA512

                                                                                                                          2e08ef9ebb9b795147952dae9c6b036d599cc532e7d62f500d16af65251309aed79f2798ba022554699d97fa8495f5ac2e0084b541d73530ae0d1297f1d0215d

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                          Filesize

                                                                                                                          8KB

                                                                                                                          MD5

                                                                                                                          784d650421b560297303d60dfed13d73

                                                                                                                          SHA1

                                                                                                                          c11bcd14f146ab3f7b4a4184442c9f146bbf7b19

                                                                                                                          SHA256

                                                                                                                          7b7e422e24b30338d8462105fa324cda45ada8f6bdce207a13a97f345ebd549c

                                                                                                                          SHA512

                                                                                                                          acb8687760d57f0cceeac55317cca37b3e2e0b98d0c48365dd7d16ab9f3d254eee4ea81b17b37188f94f3df18fabe28ef075edf8f25f619377e1c95fed341cb7

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                          Filesize

                                                                                                                          9KB

                                                                                                                          MD5

                                                                                                                          80e0f1e25fd143d3c23782022443f925

                                                                                                                          SHA1

                                                                                                                          1eaedcb8f9d88192bd52cbb148c15a60bd9e42ea

                                                                                                                          SHA256

                                                                                                                          f56c5556d490dcd0f803c56d4d83148ee8fbacf565b0b90e318d56e1cfb69ef4

                                                                                                                          SHA512

                                                                                                                          3fe774a30c59f2ae506f219aef0b9eba47ab876ac9ee88467ab6889887c1dae825e1581e8a92dd5d03929603f3a6f090a1c34226c29cffddcc7ba8cd33cc5fe7

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                          Filesize

                                                                                                                          9KB

                                                                                                                          MD5

                                                                                                                          4ffb3eb8cfa0bb147c0c3c988204b4ab

                                                                                                                          SHA1

                                                                                                                          fb063c44afc15c07c9833707b32b574ee3923a96

                                                                                                                          SHA256

                                                                                                                          f1ef42ad2198d90501b579d26be5fe261f468487438042fee224b2a4092c7403

                                                                                                                          SHA512

                                                                                                                          c60a638a0aa06003d9d4bd0dc16c5b3e6a5da6861d53feb3e90f5784b9933a21cff7aa04425c0ef5055984b6ccd10da97422751ab987d2ad40c6b032daa77afb

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

                                                                                                                          Filesize

                                                                                                                          24KB

                                                                                                                          MD5

                                                                                                                          5a6206a3489650bf4a9c3ce44a428126

                                                                                                                          SHA1

                                                                                                                          3137a909ef8b098687ec536c57caa1bacc77224b

                                                                                                                          SHA256

                                                                                                                          0a9e623c6df237c02a585539bffb8249de48949c6d074fe0aaf43063731a3e28

                                                                                                                          SHA512

                                                                                                                          980da83c3142bf08433ec1770a2ec5f5560daf3ee680466f89beae8290e921c0db677489daad055fbc1f196388f8bc4f60e050600381f860b06d330062440a78

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

                                                                                                                          Filesize

                                                                                                                          89B

                                                                                                                          MD5

                                                                                                                          599ffa169095642bb101299ed6941807

                                                                                                                          SHA1

                                                                                                                          cb6075d883fb8e60fb82cba0d5a41cb6ff618945

                                                                                                                          SHA256

                                                                                                                          8f61da07b2abb134d601d74fc376a73917324c9248e6d6ca75238eabf2285798

                                                                                                                          SHA512

                                                                                                                          e5d46f7816252ed29d520f1ade43211c93106d1b70313bae281fa3c2728e5c704c2567753acf2e2384338233a7f7a3c6c002494244aa7dbd5862753a919b45c8

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

                                                                                                                          Filesize

                                                                                                                          146B

                                                                                                                          MD5

                                                                                                                          eca280de5d14659aebf8cba2982fd703

                                                                                                                          SHA1

                                                                                                                          8f8f9843a930282cbaa63240ec69ac21f5d8e51a

                                                                                                                          SHA256

                                                                                                                          d3128b30ee61e71f1b4bad4de7dae452870ccef2e283a61070d7ff9cee052481

                                                                                                                          SHA512

                                                                                                                          625eb12b338a1bb4ebaa89d7fbe723c74e6d67ba4affeb982db110a7369ac3d44ec0a4c42c87cdd5436e82f98ded3cf85591a7b5d2775828bc4ae172c37c7745

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

                                                                                                                          Filesize

                                                                                                                          82B

                                                                                                                          MD5

                                                                                                                          e5e238484efb65dd018506d8dd827a94

                                                                                                                          SHA1

                                                                                                                          9bce99b29b6548f59448974dbd7ff413465b282a

                                                                                                                          SHA256

                                                                                                                          e4381c1669f14013fd577952bf2e4e85ad3604f4f78105db20fd017c14965f75

                                                                                                                          SHA512

                                                                                                                          315830e47e95f876ee97ea228b3fa84955fd5373c8abd438cb43bce8534571916df0a505c282cf90d25b3f80b06b78c6385554ea5c8e037a82d17c9ff9ca1b09

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\bae34c61-2bfa-41ff-982d-0bf7e49aed15\index-dir\the-real-index

                                                                                                                          Filesize

                                                                                                                          6KB

                                                                                                                          MD5

                                                                                                                          181445e5b42ac2331658615661faf669

                                                                                                                          SHA1

                                                                                                                          cd423c8db3ac18c9f9947589dc8100fa64870c27

                                                                                                                          SHA256

                                                                                                                          973c7594fb05dfa653f712c4f32a3b1a78aa7791118901e780fe8571a95851fb

                                                                                                                          SHA512

                                                                                                                          fe472f540739ab0daca6dfa59d1022faaf5fa4d94c6d201847026bc7508ac2eed8f7586e693e89648de9bd56bab6b49e95402f04ede8a1d7dc983dba27c99254

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\bae34c61-2bfa-41ff-982d-0bf7e49aed15\index-dir\the-real-index~RFe59d2f6.TMP

                                                                                                                          Filesize

                                                                                                                          48B

                                                                                                                          MD5

                                                                                                                          0f4d962b61e8e88a5b828f9c9dc0446f

                                                                                                                          SHA1

                                                                                                                          7fc7b2c48dffcb47865942fcf7e139dbc69b5856

                                                                                                                          SHA256

                                                                                                                          a7771ce2e8d3b368923b505c042e7d30e7351b7fb4047c017c9e70c7b654ae8c

                                                                                                                          SHA512

                                                                                                                          c08c34ea01b95b7cd81888fc09556bc0df0aeb5d0c68e20f2baf91112853fa2abbbf55e3a449a9245573165a3168b8c967ace5c390b8af5a846e672f2e8f5b4e

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

                                                                                                                          Filesize

                                                                                                                          83B

                                                                                                                          MD5

                                                                                                                          a94e418c5aec8df613b546e687507b1d

                                                                                                                          SHA1

                                                                                                                          153efce08b231c3de822dc72af45f063a7872ef4

                                                                                                                          SHA256

                                                                                                                          815cbeb4ccd394ed6ada6c825987e22afdc880eef1b1fb301bdd334f39ecc363

                                                                                                                          SHA512

                                                                                                                          2474da8c2ef45fe55e30154318cc9415c2e93677091a1ef6bba896475c8bc1d245b96a14a63cd856e8bbe3b91d7aec114e835e2c7a90a23d7aaf8a0de1cb2947

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

                                                                                                                          Filesize

                                                                                                                          79B

                                                                                                                          MD5

                                                                                                                          7393f703adad12b41211cee6ae629d4c

                                                                                                                          SHA1

                                                                                                                          15195edc1f9d7241d207d6e0c754db07a5c1e5aa

                                                                                                                          SHA256

                                                                                                                          ec1a587468638e3a2f64728c75688cc604b5f3ba4b5cc73756146af3833f5d59

                                                                                                                          SHA512

                                                                                                                          1af04d799eea6e311043b94bb3d77827728df505fb55ea6e7eaec7ce3f318d950e5cdc919cad3f13438368f4de208513877cc49c2a1f08d8f7b5a00df11fad05

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

                                                                                                                          Filesize

                                                                                                                          16B

                                                                                                                          MD5

                                                                                                                          46295cac801e5d4857d09837238a6394

                                                                                                                          SHA1

                                                                                                                          44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                                                                                          SHA256

                                                                                                                          0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                                                                                          SHA512

                                                                                                                          8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

                                                                                                                          Filesize

                                                                                                                          96B

                                                                                                                          MD5

                                                                                                                          7b018b889613bcbd9c8b51b2872bbf9a

                                                                                                                          SHA1

                                                                                                                          bad37d95932602aec979ebb622c2d090d1298d6a

                                                                                                                          SHA256

                                                                                                                          8fffd54879cd35a5305e339d6bf76aba45211a0d92f8a6eb20bc7be8c0383df5

                                                                                                                          SHA512

                                                                                                                          87761f5db3684caa8526f35f8a3aec8b9a485373433837cb173ad5ba01acae45740fe4f635f862262ac861f0130724de3e7b08b24f1a5e0f63e104c4b7cc8a2d

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

                                                                                                                          Filesize

                                                                                                                          120B

                                                                                                                          MD5

                                                                                                                          c07405d203bbc58275aa2ae2527405f9

                                                                                                                          SHA1

                                                                                                                          f2608df48d7d8a1c3fc82fd14337386712252d45

                                                                                                                          SHA256

                                                                                                                          efeb153e38cb9033fd51abc50ba0752b2b83ff67a8585e0168d38a592f58953a

                                                                                                                          SHA512

                                                                                                                          2d1edb68bf77521a2fe70e74fedd880ba02cb16f4cffeb8815da90d15b234dcc5e14a778350c6fce3fae1773f414a1b3f938ca492dc0a208b21473ce8303f250

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe59555a.TMP

                                                                                                                          Filesize

                                                                                                                          48B

                                                                                                                          MD5

                                                                                                                          4d225b6ab2e2d89e00981860ac58fd57

                                                                                                                          SHA1

                                                                                                                          d659ccbdd63a1ef46acea9eb127a665925a60cc6

                                                                                                                          SHA256

                                                                                                                          29981af3e0cb6eb26a584687c048b3481c7a16be0a6f8f48f272c2f30aa32438

                                                                                                                          SHA512

                                                                                                                          af5389a501f629cd98681bdc59697e692d38d09652b20f2079b610cd7c2cb071c52a777c28dcc10229697092c63866f8ea31798174f86017f7d6d1b41fc6f4fa

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                                          Filesize

                                                                                                                          4KB

                                                                                                                          MD5

                                                                                                                          8bb12c5e3b41f936ed70a963cbf4dd78

                                                                                                                          SHA1

                                                                                                                          a1beddd301b38f11575bcbb759db3029dd3e9af1

                                                                                                                          SHA256

                                                                                                                          33a24dc79f2a709c6fbf571743a1d74b2a37594026425092e3e941751c487f3c

                                                                                                                          SHA512

                                                                                                                          b40331f4c986d72dda5f169559bcf928160b1ef3038ddc529bf9dbdbe372dfcb73d7c456cad5fd5be8937c97cc8e6331436256076177e77d9c233fc1bd989a25

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                                          Filesize

                                                                                                                          2KB

                                                                                                                          MD5

                                                                                                                          ca1b151bac2216a792e92cf131f0f1d5

                                                                                                                          SHA1

                                                                                                                          996c7d367ee6575dcb9ab387b5df0dc842627575

                                                                                                                          SHA256

                                                                                                                          ca58736d4123f823814e3575b65ede6bb73049b9e5fac33d557a48e63ec98538

                                                                                                                          SHA512

                                                                                                                          21bfc0732ed5d635a179371fca67c467bfe16b818d011ce19af046590e96f3e1341d930b9581116e71bab8f0b9fea6584646dbdc394973bdd86f05fe051d7468

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                                          Filesize

                                                                                                                          2KB

                                                                                                                          MD5

                                                                                                                          23c77d6cdde16ac37f26bc243eb08d21

                                                                                                                          SHA1

                                                                                                                          1d6d185f47a1fd9ab7e2e1da25465fc6b6fd9fec

                                                                                                                          SHA256

                                                                                                                          f85b27fccf01689c63d42124f88ca54aae3a2a9a5ec11fe69e6d8be54636e0f6

                                                                                                                          SHA512

                                                                                                                          a7e1770439d7a0f8aae5a535474efd1bc4e77655353d89f67d3cc7d071299a63828f5ecdef7bb3d64592c51e9fba9d8ba20aeca04155e3fd599562671c8fc2e7

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                                          Filesize

                                                                                                                          3KB

                                                                                                                          MD5

                                                                                                                          750d5fb7eed736fe78fe91023dd98a46

                                                                                                                          SHA1

                                                                                                                          92a389f6ccde6654dc16573980579f156bd7e21f

                                                                                                                          SHA256

                                                                                                                          8c2794d8ff0b7b1893a1b701c5a31197c9443d49c3376f9523876e22a186f1ae

                                                                                                                          SHA512

                                                                                                                          e8edb3048748dcffff0f93bee6690e4d6274185893fa2016e36ef2ef3eea0cd413ed8b812c285ae095225114dd1d2140f3d200b1bf38bd16d02ff64d5125aa8e

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                                          Filesize

                                                                                                                          3KB

                                                                                                                          MD5

                                                                                                                          269545f3384d8518d6021d2bcd9d952b

                                                                                                                          SHA1

                                                                                                                          aec0ad8dbc0801c546aafe694cef77b013918a2d

                                                                                                                          SHA256

                                                                                                                          9a20b75305e73997c4daddfa043d1c757836286a2e515a60c2b972c6bd286d20

                                                                                                                          SHA512

                                                                                                                          7f99a0cef282faa4e5aa11aee61fc5372849b0e7847f50a9b3d8205653cbac3ac6abcf6882dbe5ae823e9a618c395abcb756b7c50bc6416723fd10a7c89d2480

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                                          Filesize

                                                                                                                          4KB

                                                                                                                          MD5

                                                                                                                          4227b7a686c964dc9618e4823520d952

                                                                                                                          SHA1

                                                                                                                          0f53001b4af25f46206c471c305aed410dfa1422

                                                                                                                          SHA256

                                                                                                                          311f274457fcab190a2c8b0a84b8d97986c372c9e67e0dab0045c9edf6356fba

                                                                                                                          SHA512

                                                                                                                          19b9f5132fe637b9478960568696c8e2e24c68d86fa9a8357722601897f43fa0ed142c44f23845e7fc510bd09f0470b934eb33e8ed43f222991436db2b580480

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                                          Filesize

                                                                                                                          4KB

                                                                                                                          MD5

                                                                                                                          c355b166b57548c838aae9d369e2c25d

                                                                                                                          SHA1

                                                                                                                          894fe112e6714f0b685bec08feb5c8e4fc3d17f7

                                                                                                                          SHA256

                                                                                                                          85d7d253e65d1beeb55e7847e1ba87f186f5e1755363c22a242317e0ee8e6501

                                                                                                                          SHA512

                                                                                                                          9dd37ee0079472fd4c51a504dd3478d428ff06c1fe1ccd3848ab91bae128db6077558172e65ea8a66d24d2df49bdbac496848fb69756f193a397d46baa06a669

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe594ba5.TMP

                                                                                                                          Filesize

                                                                                                                          1KB

                                                                                                                          MD5

                                                                                                                          7ce30a4cb6530f9dd9c8365d8d338528

                                                                                                                          SHA1

                                                                                                                          9f5b53b18567542b073cfd08a606554b6dad9801

                                                                                                                          SHA256

                                                                                                                          18c5e1484d991bb7e85f17b45b97ff848feeedc4a5956b7ae83c5b11734e366c

                                                                                                                          SHA512

                                                                                                                          74d7eb1ec2cbc8db7be57f50ef022ed7991c7cec9984393dd1f76a16b338d1920553463e3b86d043029453d5584ea665c0650519cac873e9469472bad18deb85

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                                                                                          Filesize

                                                                                                                          16B

                                                                                                                          MD5

                                                                                                                          6752a1d65b201c13b62ea44016eb221f

                                                                                                                          SHA1

                                                                                                                          58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                                                                                          SHA256

                                                                                                                          0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                                                                                          SHA512

                                                                                                                          9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                                          Filesize

                                                                                                                          2KB

                                                                                                                          MD5

                                                                                                                          5e68de194b76c113339e8c02b4676379

                                                                                                                          SHA1

                                                                                                                          0eeb021c17f1f61eda78c65267762fbe37b19315

                                                                                                                          SHA256

                                                                                                                          1c091b18bc8644a42205f178a76f6149ec2cd5706f188a7cc6be2aa386584c0d

                                                                                                                          SHA512

                                                                                                                          9866b75d88896c6f3fc840afa774bd9d991a78b871cc0aacdd062a507af9f724dcec7023175bc76a7508e763f76fed13571a8d479914ba9d90562d9fa796a8ff

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                                          Filesize

                                                                                                                          2KB

                                                                                                                          MD5

                                                                                                                          89a56ff011844d8d62505e9246755e0b

                                                                                                                          SHA1

                                                                                                                          d463b77241b99382903d5516bcd51ee48fc9ee85

                                                                                                                          SHA256

                                                                                                                          64cffd20f5a887866bbb8ef12146593f65ab4e317c2ca3e588cc1c1e4718ca00

                                                                                                                          SHA512

                                                                                                                          5ad082cc878670b0dbc64823e37ef941dff0bfbd32b78f230dd19368e76d583bd7c62761d38d47361bdb75bce18a28aba68d07808e0776b205d6ccb567d7b55d

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                                          Filesize

                                                                                                                          2KB

                                                                                                                          MD5

                                                                                                                          f12f6be85f9ad2689c797e6b056e91a2

                                                                                                                          SHA1

                                                                                                                          f52403a98d0f1ad9fe711ecd8fa40218972a548a

                                                                                                                          SHA256

                                                                                                                          b78636c4057c21c01e0985b71e8e7e783770968e6799d861ae68bcf909c56881

                                                                                                                          SHA512

                                                                                                                          d1588305f3f45771282ce21523599b18ab14736446f695946cda5fc656bf62d6503c44d2ac1ed778900e368369dd2a4b84896251a411d5a06008e652546a2f05

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                                          Filesize

                                                                                                                          2KB

                                                                                                                          MD5

                                                                                                                          b55b14e265b51b70e726b1a00d23d69a

                                                                                                                          SHA1

                                                                                                                          ca756fa52ff2c439dcb77dcfe8390e4b8b9bde8f

                                                                                                                          SHA256

                                                                                                                          0d0238eb297c7312ca460eb4a20bcc8914eca1d2f2bd458872c884f339cd319c

                                                                                                                          SHA512

                                                                                                                          2f5a7d03a387b910abe51b165a554f2f7ee79bd0c69875ceeee69dac14f29ff1165994a0f82c4d465709c884d715a5e8a9b5e7b948692903faccf6d467d51d76

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                                          Filesize

                                                                                                                          2KB

                                                                                                                          MD5

                                                                                                                          eef31444bac398929ffc605b1258b70a

                                                                                                                          SHA1

                                                                                                                          0ff3115010a1a81ad3302de790996259ab3019dc

                                                                                                                          SHA256

                                                                                                                          87e4c310568288d3aefec165d8a4bc0db1bbca9ba911a1c5f70eec62fa68c568

                                                                                                                          SHA512

                                                                                                                          73bc85b8093e453a2a2c149cd9124350e87aaecbd9208d4025c7842c873b00dbcebe3f59a53aef6a203a588303b47ec5c4c0e2cf781f679c49c14b4275f89942

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                                          Filesize

                                                                                                                          2KB

                                                                                                                          MD5

                                                                                                                          b45e4070df3e1f5a8fa6277e84030b25

                                                                                                                          SHA1

                                                                                                                          19dbcc4f8e69fc9dc76bdeb5e451df7ad5d1222f

                                                                                                                          SHA256

                                                                                                                          ae040f89ffc2c21259453d9ad404920dc0afc851bbc963a4bffb47889f5e5af0

                                                                                                                          SHA512

                                                                                                                          f4371d28c150a5b4d7cb21ce739470407dab10ce4e34e21657d7a2c6e5ec68619e8b1ecd22e27dc52975276f5406f84729c17992ddea5e334ab7d7413fd7f5fb

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                                          Filesize

                                                                                                                          2KB

                                                                                                                          MD5

                                                                                                                          470949a02f0956ed1fa78d9db7e2bfed

                                                                                                                          SHA1

                                                                                                                          a043a220480e033dd179a1c5416c815dd1ed54d7

                                                                                                                          SHA256

                                                                                                                          6d1913926bc30facbb8d9602396d0c8f5cb7492b495734073edd45cb9be9037f

                                                                                                                          SHA512

                                                                                                                          89ad839e452f27a6d5e17e6475131d7777d0c54502a7b7f559ba085177be53d2113218bc2f432c0506b419543f24baba3dbc1509c626b0061cf941986369517b

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                                          Filesize

                                                                                                                          10KB

                                                                                                                          MD5

                                                                                                                          85f9590dce11032aa729808073fb7af3

                                                                                                                          SHA1

                                                                                                                          287f0b09f38fbe9afce24242d7b200b4ed151464

                                                                                                                          SHA256

                                                                                                                          2d58612b3b011f013396afd1163059d5207da408532610196f753a74cff367d6

                                                                                                                          SHA512

                                                                                                                          9ee58003e8734f316aee57e7736b4f341399b9dc1edab28c09b9a800e3a6b7f3d4e41c8353a9f640ec3616935f83befc6baa5ab3e3c830bdd5faae13dfe5a97d

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6Uu3ED7.exe

                                                                                                                          Filesize

                                                                                                                          898KB

                                                                                                                          MD5

                                                                                                                          0f51534e350d66ab72f4a32471d28bee

                                                                                                                          SHA1

                                                                                                                          54e47499538c6843dcb7a7e275daa3ccc8a97b6d

                                                                                                                          SHA256

                                                                                                                          5a067b8e370db1819b466087c0af8eec66747a1937c1a331fb929bab5e99532d

                                                                                                                          SHA512

                                                                                                                          7bfe9f2158d2d13eaee3e505aaf2ad9306527c70aa0af25ab60e81f29591d8a62f9c4cf79ae2ebf2606466fe4dcd4940b7dafb9c0a96be8f4499b562b1467a23

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\oR3ny00.exe

                                                                                                                          Filesize

                                                                                                                          1.7MB

                                                                                                                          MD5

                                                                                                                          aa0463911372af33b434c9d204b15f64

                                                                                                                          SHA1

                                                                                                                          35c55555c532c2bf7c9759eef5203ef997fc2605

                                                                                                                          SHA256

                                                                                                                          37242cde1eaddbce780c119e10d981a32bb545213368219e1d92c06bef9aaaa7

                                                                                                                          SHA512

                                                                                                                          6871d81fcef63a406feed362d56efd24ee638d9a84d0242d6665a63d63234cdd164c50878d76f41623917302a54818f9a8aa722f5e5087bd201dd701b2cbf790

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\4Yg507bR.exe

                                                                                                                          Filesize

                                                                                                                          1.6MB

                                                                                                                          MD5

                                                                                                                          93e5f80d3c5c8c59b4edd1198db1c727

                                                                                                                          SHA1

                                                                                                                          9a428a07f42071c2346dfbb4cd6535a6bc2372d1

                                                                                                                          SHA256

                                                                                                                          cd57cce8ebb63ac29ef9da088cf530d325a662b6208df0b67df57c4baebb49fb

                                                                                                                          SHA512

                                                                                                                          462e81fd3c12e3c87db4f3a0d25509780c2d593340307d0a0586eb3b075e2834c00f642840e1a1b47742033c50d270d80d22ba17882886c163d51fff3462d7e1

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\kj3qv78.exe

                                                                                                                          Filesize

                                                                                                                          1022KB

                                                                                                                          MD5

                                                                                                                          1f11da83022d54f32498aa927af66f9e

                                                                                                                          SHA1

                                                                                                                          96ddd2101b82d98b63d83e8b22709571a5ce6814

                                                                                                                          SHA256

                                                                                                                          7c0aed8b9c8d11a93ec16b198d2d3ec7de5b143173e1a66a27c412070fdd0e3c

                                                                                                                          SHA512

                                                                                                                          618516734c69fc2cae1270a923993795943667c26b19c6730a2aa6c932de66e0787352926a8e3ec203864d3a630c81576703a5bdcf72dfc9997b2d86fe7c197c

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1TY31zg9.exe

                                                                                                                          Filesize

                                                                                                                          919KB

                                                                                                                          MD5

                                                                                                                          34ed5c1d6025faea6589b6ffe8a6cbfe

                                                                                                                          SHA1

                                                                                                                          dc4ce914fde07e1498baa71b22641262fdfd75d1

                                                                                                                          SHA256

                                                                                                                          f940673a1d027ad343e8532b4215a4de8ada801bcd9d3ac2f449c8d9ff8d889e

                                                                                                                          SHA512

                                                                                                                          3bd237fe5538c4b7183d025a4d9433a80627dc887fb9117a0a5bbe755e8cec38d85435d67e8b02de21bfba217eae518614bb46eb3bb0fa8ddfc9b137164c4c57

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3nC48Vv.exe

                                                                                                                          Filesize

                                                                                                                          38KB

                                                                                                                          MD5

                                                                                                                          3d225e1e30b7ac1a3c50a43a2f015320

                                                                                                                          SHA1

                                                                                                                          4635f54030341a9077ef1b37409b226a86cc1af1

                                                                                                                          SHA256

                                                                                                                          c7dab0b1f7e3b6114fa016cbf4f4cae3e752cccbd1bc1f0fce734805b20ea753

                                                                                                                          SHA512

                                                                                                                          f7cea178c797284e29dd3b6d72600c9e818d2963dcc7c5cf6e7e38fd13dbfc9cbf65990173216141759fca13b63e236b89d2025dcfceab2602608528cc1411ba

                                                                                                                        • memory/1592-22-0x00000000025D0000-0x00000000026A5000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          852KB

                                                                                                                        • memory/1592-23-0x00000000026B0000-0x0000000002845000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          1.6MB

                                                                                                                        • memory/1592-24-0x0000000000400000-0x0000000000908000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          5.0MB

                                                                                                                        • memory/1592-26-0x00000000026B0000-0x0000000002845000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          1.6MB

                                                                                                                        • memory/2944-30-0x0000000000400000-0x000000000040B000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          44KB

                                                                                                                        • memory/2944-33-0x0000000000400000-0x000000000040B000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          44KB

                                                                                                                        • memory/3364-31-0x0000000000CA0000-0x0000000000CB6000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          88KB