Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    151s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231127-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231127-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/12/2023, 06:32

General

  • Target

    fec55ead9f9fa50d26502c845fbe561ce059b167be4ed59f7e8aefb724ce7127.exe

  • Size

    2.2MB

  • MD5

    56dc0ad8348ed0cdc53d19e61db98e11

  • SHA1

    8a8124bc6478edd7e04a9604d8642a4ef06175a8

  • SHA256

    fec55ead9f9fa50d26502c845fbe561ce059b167be4ed59f7e8aefb724ce7127

  • SHA512

    4933d6b46eec505bbb9dec32ac0cb72d48a78b005545c6af36b8079f439fc545d20f18011e0b36b3a67aca910fa419208b3daa7d4054591360f87c8d22de3f46

  • SSDEEP

    49152:MvFXnfP3tgkJBAzXmM2Bkm1qFXDlPswSR4CXGyGj3myMsB39jbZP43b/:iFXnfmkTAzWBkm1sBPri2yC3RMkFbk

Malware Config

Extracted

Family

risepro

C2

193.233.132.51

Extracted

Family

smokeloader

Version

2022

C2

http://81.19.131.34/fks/index.php

rc4.i32
rc4.i32

Signatures

  • PrivateLoader

    PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

  • SmokeLoader

    Modular backdoor trojan in use since 2014.

  • Executes dropped EXE 6 IoCs
  • Adds Run key to start application 2 TTPs 3 IoCs
  • AutoIT Executable 1 IoCs

    AutoIT scripts compiled to PE executables.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 2 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs
  • Suspicious use of AdjustPrivilegeToken 52 IoCs
  • Suspicious use of FindShellTrayWindow 39 IoCs
  • Suspicious use of SendNotifyMessage 34 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fec55ead9f9fa50d26502c845fbe561ce059b167be4ed59f7e8aefb724ce7127.exe
    "C:\Users\Admin\AppData\Local\Temp\fec55ead9f9fa50d26502c845fbe561ce059b167be4ed59f7e8aefb724ce7127.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:2456
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\hy6ra22.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\hy6ra22.exe
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious use of WriteProcessMemory
      PID:4144
      • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\EI6oi19.exe
        C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\EI6oi19.exe
        3⤵
        • Executes dropped EXE
        • Adds Run key to start application
        • Suspicious use of WriteProcessMemory
        PID:4084
        • C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1cR07pW9.exe
          C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1cR07pW9.exe
          4⤵
          • Executes dropped EXE
          PID:3540
          • C:\Windows\SysWOW64\WerFault.exe
            C:\Windows\SysWOW64\WerFault.exe -u -p 3540 -s 624
            5⤵
            • Program crash
            PID:3276
        • C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Qx90OR.exe
          C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Qx90OR.exe
          4⤵
          • Executes dropped EXE
          • Checks SCSI registry key(s)
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious behavior: MapViewOfSection
          PID:8
      • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\4Fk431BV.exe
        C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\4Fk431BV.exe
        3⤵
        • Executes dropped EXE
        PID:1724
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 608
          4⤵
          • Program crash
          PID:4424
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6oH9YH9.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6oH9YH9.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:2156
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:1440
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ffe08e646f8,0x7ffe08e64708,0x7ffe08e64718
          4⤵
            PID:3276
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,14281724989825474282,7034788401297360971,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
            4⤵
              PID:5200
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,14281724989825474282,7034788401297360971,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
              4⤵
                PID:548
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login
              3⤵
              • Enumerates system info in registry
              • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
              • Suspicious use of FindShellTrayWindow
              • Suspicious use of SendNotifyMessage
              • Suspicious use of WriteProcessMemory
              PID:220
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffe08e646f8,0x7ffe08e64708,0x7ffe08e64718
                4⤵
                  PID:4088
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,10473239258785314955,3252086222106734045,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
                  4⤵
                    PID:5220
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2016,10473239258785314955,3252086222106734045,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
                    4⤵
                      PID:5980
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2016,10473239258785314955,3252086222106734045,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2732 /prefetch:8
                      4⤵
                        PID:6220
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,10473239258785314955,3252086222106734045,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
                        4⤵
                          PID:6724
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,10473239258785314955,3252086222106734045,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
                          4⤵
                            PID:6716
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,10473239258785314955,3252086222106734045,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3808 /prefetch:1
                            4⤵
                              PID:7848
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,10473239258785314955,3252086222106734045,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4180 /prefetch:1
                              4⤵
                                PID:8112
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,10473239258785314955,3252086222106734045,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4420 /prefetch:1
                                4⤵
                                  PID:6732
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,10473239258785314955,3252086222106734045,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1
                                  4⤵
                                    PID:7408
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,10473239258785314955,3252086222106734045,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1
                                    4⤵
                                      PID:6512
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,10473239258785314955,3252086222106734045,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
                                      4⤵
                                        PID:5920
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,10473239258785314955,3252086222106734045,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
                                        4⤵
                                          PID:5996
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,10473239258785314955,3252086222106734045,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
                                          4⤵
                                            PID:7828
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,10473239258785314955,3252086222106734045,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
                                            4⤵
                                              PID:8188
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,10473239258785314955,3252086222106734045,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6504 /prefetch:1
                                              4⤵
                                                PID:7212
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,10473239258785314955,3252086222106734045,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6396 /prefetch:1
                                                4⤵
                                                  PID:5360
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2016,10473239258785314955,3252086222106734045,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6328 /prefetch:8
                                                  4⤵
                                                    PID:8640
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2016,10473239258785314955,3252086222106734045,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7660 /prefetch:8
                                                    4⤵
                                                      PID:8308
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,10473239258785314955,3252086222106734045,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8660 /prefetch:1
                                                      4⤵
                                                        PID:8948
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,10473239258785314955,3252086222106734045,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8752 /prefetch:1
                                                        4⤵
                                                          PID:5160
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,10473239258785314955,3252086222106734045,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9160 /prefetch:8
                                                          4⤵
                                                            PID:9144
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,10473239258785314955,3252086222106734045,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9160 /prefetch:8
                                                            4⤵
                                                              PID:9164
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,10473239258785314955,3252086222106734045,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8444 /prefetch:1
                                                              4⤵
                                                                PID:8404
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,10473239258785314955,3252086222106734045,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7948 /prefetch:1
                                                                4⤵
                                                                  PID:8420
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,10473239258785314955,3252086222106734045,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8288 /prefetch:1
                                                                  4⤵
                                                                    PID:8788
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,10473239258785314955,3252086222106734045,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7700 /prefetch:1
                                                                    4⤵
                                                                      PID:5344
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,10473239258785314955,3252086222106734045,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7428 /prefetch:1
                                                                      4⤵
                                                                        PID:7628
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,10473239258785314955,3252086222106734045,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1756 /prefetch:2
                                                                        4⤵
                                                                          PID:7352
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
                                                                        3⤵
                                                                        • Suspicious use of WriteProcessMemory
                                                                        PID:1772
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x80,0x170,0x7ffe08e646f8,0x7ffe08e64708,0x7ffe08e64718
                                                                          4⤵
                                                                            PID:2540
                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,10721170972674501279,5978166826198437820,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
                                                                            4⤵
                                                                              PID:5208
                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,10721170972674501279,5978166826198437820,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
                                                                              4⤵
                                                                                PID:4112
                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login
                                                                              3⤵
                                                                              • Suspicious use of WriteProcessMemory
                                                                              PID:4016
                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffe08e646f8,0x7ffe08e64708,0x7ffe08e64718
                                                                                4⤵
                                                                                  PID:3044
                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,234467302602161705,16768991019031809570,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
                                                                                  4⤵
                                                                                    PID:4172
                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,234467302602161705,16768991019031809570,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
                                                                                    4⤵
                                                                                      PID:5784
                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login
                                                                                    3⤵
                                                                                    • Suspicious use of WriteProcessMemory
                                                                                    PID:5000
                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffe08e646f8,0x7ffe08e64708,0x7ffe08e64718
                                                                                      4⤵
                                                                                        PID:4376
                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,8654359001474364167,4288708633671495859,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
                                                                                        4⤵
                                                                                          PID:6004
                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,8654359001474364167,4288708633671495859,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
                                                                                          4⤵
                                                                                            PID:6016
                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform
                                                                                          3⤵
                                                                                          • Suspicious use of WriteProcessMemory
                                                                                          PID:2592
                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffe08e646f8,0x7ffe08e64708,0x7ffe08e64718
                                                                                            4⤵
                                                                                              PID:2640
                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,17716761142737219790,3248483838818122543,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
                                                                                              4⤵
                                                                                                PID:6060
                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,17716761142737219790,3248483838818122543,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
                                                                                                4⤵
                                                                                                  PID:5928
                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login
                                                                                                3⤵
                                                                                                • Suspicious use of WriteProcessMemory
                                                                                                PID:4508
                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x16c,0x170,0x174,0x148,0x178,0x7ffe08e646f8,0x7ffe08e64708,0x7ffe08e64718
                                                                                                  4⤵
                                                                                                    PID:448
                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,11611130308463957949,17296975146739324810,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
                                                                                                    4⤵
                                                                                                      PID:5884
                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,11611130308463957949,17296975146739324810,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
                                                                                                      4⤵
                                                                                                        PID:2456
                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin
                                                                                                      3⤵
                                                                                                      • Suspicious use of WriteProcessMemory
                                                                                                      PID:1092
                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x170,0x174,0x178,0x14c,0x17c,0x7ffe08e646f8,0x7ffe08e64708,0x7ffe08e64718
                                                                                                        4⤵
                                                                                                          PID:2572
                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,8130926260176517392,10108245041191292974,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
                                                                                                          4⤵
                                                                                                            PID:6624
                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,8130926260176517392,10108245041191292974,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
                                                                                                            4⤵
                                                                                                              PID:6736
                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/
                                                                                                            3⤵
                                                                                                            • Suspicious use of WriteProcessMemory
                                                                                                            PID:5228
                                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffe08e646f8,0x7ffe08e64708,0x7ffe08e64718
                                                                                                              4⤵
                                                                                                                PID:5284
                                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,4960582019677575252,18333622516629831300,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
                                                                                                                4⤵
                                                                                                                  PID:6744
                                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,4960582019677575252,18333622516629831300,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
                                                                                                                  4⤵
                                                                                                                    PID:6768
                                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
                                                                                                                  3⤵
                                                                                                                  • Suspicious use of WriteProcessMemory
                                                                                                                  PID:5432
                                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffe08e646f8,0x7ffe08e64708,0x7ffe08e64718
                                                                                                                    4⤵
                                                                                                                      PID:5608
                                                                                                              • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 3540 -ip 3540
                                                                                                                1⤵
                                                                                                                  PID:2376
                                                                                                                • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                  C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 1724 -ip 1724
                                                                                                                  1⤵
                                                                                                                    PID:1360
                                                                                                                  • C:\Windows\System32\CompPkgSrv.exe
                                                                                                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                                    1⤵
                                                                                                                      PID:7612
                                                                                                                    • C:\Windows\System32\CompPkgSrv.exe
                                                                                                                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                                      1⤵
                                                                                                                        PID:8096
                                                                                                                      • C:\Windows\system32\AUDIODG.EXE
                                                                                                                        C:\Windows\system32\AUDIODG.EXE 0x518 0x504
                                                                                                                        1⤵
                                                                                                                        • Suspicious use of AdjustPrivilegeToken
                                                                                                                        PID:8692
                                                                                                                      • C:\Windows\System32\CompPkgSrv.exe
                                                                                                                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                                        1⤵
                                                                                                                          PID:9152

                                                                                                                        Network

                                                                                                                        MITRE ATT&CK Enterprise v15

                                                                                                                        Replay Monitor

                                                                                                                        Loading Replay Monitor...

                                                                                                                        Downloads

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\1d91881e-40e4-481e-9cf9-aa4b926de3cb.tmp

                                                                                                                          Filesize

                                                                                                                          2KB

                                                                                                                          MD5

                                                                                                                          790934bed8f43225aa5fc6bb0f2edf8e

                                                                                                                          SHA1

                                                                                                                          1048fa4d5ec8023e54c94ad53720a4bda86e0d14

                                                                                                                          SHA256

                                                                                                                          2df69988a77544af2212e01774141eb02f488ce956c422c5045324e32e531966

                                                                                                                          SHA512

                                                                                                                          7905fbb6d5577d4bdcd5d2f595fbd8270cfca128cb992a402ad7dd5e98440024614cc9bc7d52fb248e60f40c88bdca17ce8ea219b8fbc8cf15093d474f66ced1

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\2698ebc9-1dbb-4d9b-a756-1d38714b514b.tmp

                                                                                                                          Filesize

                                                                                                                          2KB

                                                                                                                          MD5

                                                                                                                          65af89d9e8f068336ae23d8765917984

                                                                                                                          SHA1

                                                                                                                          0f407f70c21da82aa8e20c29ddc6241300aef4d1

                                                                                                                          SHA256

                                                                                                                          627a1c54685f9454afd89b1ce4c9f7699393208fedf03a601e1f6c778ea1b07a

                                                                                                                          SHA512

                                                                                                                          02001b2dc0acff59f30067423c33c02796c367add1dd7117c46d2c1266a91a56f800403d7c52245d8989cb97989d9d37ab79355429f05a02a23afb9fbfe074a6

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                          Filesize

                                                                                                                          152B

                                                                                                                          MD5

                                                                                                                          5990c020b2d5158c9e2f12f42d296465

                                                                                                                          SHA1

                                                                                                                          dcb52612d301824d3a7fdfd0ea20c3fcfbb7a1b4

                                                                                                                          SHA256

                                                                                                                          2f33956ce5a0bb01abb3c0fee9a321c8f8f7abcf1d7535800bf25f1dc44b1643

                                                                                                                          SHA512

                                                                                                                          9efb70c4922365967c5fa7e89967e21eede96979a149e027099da786cd8b198d4e81bb3bf2b39c8d65a8796c5d72ca79241e66fc69e2502fdec8a0c5f230412c

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                          Filesize

                                                                                                                          152B

                                                                                                                          MD5

                                                                                                                          208a234643c411e1b919e904ee20115e

                                                                                                                          SHA1

                                                                                                                          400b6e6860953f981bfe4716c345b797ed5b2b5b

                                                                                                                          SHA256

                                                                                                                          af80020ae43388bbd3db31c75aade369d489a30a933574dea19163e094d5f458

                                                                                                                          SHA512

                                                                                                                          2779b96325234c836cbb91820ee332ed56c15b534ec0c7770b322a5c03849ec3ee67b0ec7978e1fab563eeed1cea96f5155d7b942702555d9352ff6711a548d2

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\7e2db858-f8e8-4a6e-8a12-e6d45fb0244a.tmp

                                                                                                                          Filesize

                                                                                                                          2KB

                                                                                                                          MD5

                                                                                                                          dae7fc2957d1adec50b9628b7e2d34e5

                                                                                                                          SHA1

                                                                                                                          61a02c4ae3f4c5df7df1e51d2e226a7fbec9b1e7

                                                                                                                          SHA256

                                                                                                                          7fdc558a4a15aa6dfa2dff07f131ca1f0b02738ca9e29cad965fef6239e27c32

                                                                                                                          SHA512

                                                                                                                          d70412b9f86bcaa138ac0528cef7946b6c80389f65e4c151ef295d0c02454a8ab795b73545a0084a70ed54263fa235b1e72192e264720787d30d7af87a5b4081

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c

                                                                                                                          Filesize

                                                                                                                          20KB

                                                                                                                          MD5

                                                                                                                          923a543cc619ea568f91b723d9fb1ef0

                                                                                                                          SHA1

                                                                                                                          6f4ade25559645c741d7327c6e16521e43d7e1f9

                                                                                                                          SHA256

                                                                                                                          bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd

                                                                                                                          SHA512

                                                                                                                          a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031

                                                                                                                          Filesize

                                                                                                                          33KB

                                                                                                                          MD5

                                                                                                                          909324d9c20060e3e73a7b5ff1f19dd8

                                                                                                                          SHA1

                                                                                                                          feea7790740db1e87419c8f5920859ea0234b76b

                                                                                                                          SHA256

                                                                                                                          dfc749d2afefe484d9aa9f8f06d461ad104a0ca9b75b46abfaaddda64a5e9278

                                                                                                                          SHA512

                                                                                                                          b64d2dce1f9a185fbb8a32adc1ff402d8045d379600bf3f9154bbde18303610f18af9fce258442db1e621ecf10b77aafe99cffedfcbe2a1490056c50cc42d0f9

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032

                                                                                                                          Filesize

                                                                                                                          21KB

                                                                                                                          MD5

                                                                                                                          7d75a9eb3b38b5dd04b8a7ce4f1b87cc

                                                                                                                          SHA1

                                                                                                                          68f598c84936c9720c5ffd6685294f5c94000dff

                                                                                                                          SHA256

                                                                                                                          6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7

                                                                                                                          SHA512

                                                                                                                          cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033

                                                                                                                          Filesize

                                                                                                                          190KB

                                                                                                                          MD5

                                                                                                                          d55250dc737ef207ba326220fff903d1

                                                                                                                          SHA1

                                                                                                                          cbdc4af13a2ca8219d5c0b13d2c091a4234347c6

                                                                                                                          SHA256

                                                                                                                          d3e913618a52fe57ab4320e62a5ace58a699d6bce8187164e198abe3279726fd

                                                                                                                          SHA512

                                                                                                                          13adff61e2cfa25dc535eba9d63209b7e7e9bd29fc4d6c868b057df7f680aa66ef5783a0e82a8367185debf7f6fe5bae89adc0770daff5317d2e16db5ad3ab39

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003f

                                                                                                                          Filesize

                                                                                                                          200KB

                                                                                                                          MD5

                                                                                                                          b3ba9decc3bb52ed5cca8158e05928a9

                                                                                                                          SHA1

                                                                                                                          19d045a3fbccbf788a29a4dba443d9ccf5a12fb0

                                                                                                                          SHA256

                                                                                                                          8bd1b2afcbe2fa046b0937197f1b2f393ef821ff89331f99754b9006f0114df4

                                                                                                                          SHA512

                                                                                                                          86a86d370e96fa29c0c1d12991c2287936b400830869ff7b5abe4de6f32db2df782b626d724496cd6de27f8cbd32101ba34cbcd4c650ef11afa26bc048d68529

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                                          Filesize

                                                                                                                          5KB

                                                                                                                          MD5

                                                                                                                          da9fdb50f3b3a429f9b404e3b54d552e

                                                                                                                          SHA1

                                                                                                                          1728a1840982fc9eff52a73687960ad7ece3fbf3

                                                                                                                          SHA256

                                                                                                                          f7fd019a6fe990cf2e0e4e2b99200dc1503425f5abd701bd8c9842a5f63b0821

                                                                                                                          SHA512

                                                                                                                          a55dfe5ec1fddc7758827fdaf8dbaa917b57423394f8981f3365c0b557a5b91b7c256a34b88093ce8eea9c93e772b815c0aaf4d7783af03c5afadd50404c6344

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                                                                          Filesize

                                                                                                                          111B

                                                                                                                          MD5

                                                                                                                          285252a2f6327d41eab203dc2f402c67

                                                                                                                          SHA1

                                                                                                                          acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

                                                                                                                          SHA256

                                                                                                                          5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

                                                                                                                          SHA512

                                                                                                                          11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                                                                          Filesize

                                                                                                                          3KB

                                                                                                                          MD5

                                                                                                                          85081234d2aa626cf90365d6412601d0

                                                                                                                          SHA1

                                                                                                                          1a3c373b1525ea7c6a9f0634d9e7c23bab7bc4b3

                                                                                                                          SHA256

                                                                                                                          a752f13babf061bfa63db5f6ba2b5d54d73691a820aacd2ea27da08e83935784

                                                                                                                          SHA512

                                                                                                                          685bc1fe6b5c8b26c71d8a374cabafe101358c1b0962e8c0b566aab697d96ff35b50d2af5af591606377305243e80babb83810d406717b4a0590beca03fb5bde

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                          Filesize

                                                                                                                          8KB

                                                                                                                          MD5

                                                                                                                          dc0c2cf067370d4f0b45c5e5a28b435e

                                                                                                                          SHA1

                                                                                                                          fb1e37371812393923f4d36e0acb280d5e0e4b61

                                                                                                                          SHA256

                                                                                                                          fbe2887be513bb11ab16b075612d122074ea6da1e5b8f373068052b07c2bdc58

                                                                                                                          SHA512

                                                                                                                          c8d863bcfa45e58ff8c09636e3fae8f22b85db630c824abcec7b9bd2aa19ee805928df306654f0ec3f4bca93a5d8b7f87d0d2ed5c5f0aa7427036ca86af1b486

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                          Filesize

                                                                                                                          8KB

                                                                                                                          MD5

                                                                                                                          5162ea8177a3fce8b3d01fbc3548adb5

                                                                                                                          SHA1

                                                                                                                          412401275fb4ba1f647bbfa3a983c0e8cdf2c3ee

                                                                                                                          SHA256

                                                                                                                          d9055ba350e683dce8266d9b9810da29a3bd1a5d05bde5ac189e80c6b20024a7

                                                                                                                          SHA512

                                                                                                                          17dbc982b9dee526d8531d165fd1c2a96e6854b1f229b9f4587e438730c4e8385de0d39462dd7728562d0cd1e9c0da4905398397fbd155b8223bb3f3161f3706

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                          Filesize

                                                                                                                          8KB

                                                                                                                          MD5

                                                                                                                          4ea2f5bad9600c468c2c9fa67f761fec

                                                                                                                          SHA1

                                                                                                                          518af67080a5813ceed4568686719b241b6fbaef

                                                                                                                          SHA256

                                                                                                                          e912c440b3d2b3ef9f8f74eecccc59b3b94cc4b1adc3d0a6f929608ef7adeafc

                                                                                                                          SHA512

                                                                                                                          66b31eaf7c9bf16f124a01013c7503afb27ffc5980b5a3b0d98be5d26f5e60cb35a3894b6697b5278d9026a8a7a2cec3f4ed20a09e57871d4b211ae95007120c

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                          Filesize

                                                                                                                          8KB

                                                                                                                          MD5

                                                                                                                          ea47fc3129d921b676a4a0bfcad829b5

                                                                                                                          SHA1

                                                                                                                          4a8945258c221e1c71472bd7a218b8a87e1dacac

                                                                                                                          SHA256

                                                                                                                          a1eebbce1da863dd3b54b5677d57ec860199db308ac69aba62eff9367f2a8484

                                                                                                                          SHA512

                                                                                                                          784dba328d999b69abb96bacc739a7abfff478ef5124b66e043ef7e02bd8660b7622b7604243cc7b1d139e2c727e5f2198131bd360a964bbbabdc4347e832785

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                          Filesize

                                                                                                                          5KB

                                                                                                                          MD5

                                                                                                                          7dc3e6af2d9d54da07322eadb47da676

                                                                                                                          SHA1

                                                                                                                          ea32c5e159324c163d6e42024c8efb425bc9b330

                                                                                                                          SHA256

                                                                                                                          0c7d235035151b89097dbd0d608ea4a8f57cb9f3fec7305064807f13bce62409

                                                                                                                          SHA512

                                                                                                                          2a7f1d28055f8db90c4073cbe4b6a84de92d0e144554b30d97e2d42867450570f2ebcda35a72af0ebb0c92923f5f5e7da858b488bdd187e1c8675e40ac8484dc

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                          Filesize

                                                                                                                          7KB

                                                                                                                          MD5

                                                                                                                          861efe00a89eb584da9fb5d27c9eb10b

                                                                                                                          SHA1

                                                                                                                          9ae6af8e1c2b24e8c571afac19125638668ae9fd

                                                                                                                          SHA256

                                                                                                                          a10c83ea2a643d3e279486ef88449c4246b1288ba11378145b4adb472edeca1a

                                                                                                                          SHA512

                                                                                                                          855cbb1c4af4e9967110b6e2736f6d67ce5b1eeb066e3cf0c182a0a45456bd765dad37e33d37701f08e0a72980016472b955cac640cb70aede22b1151f4bcb8e

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

                                                                                                                          Filesize

                                                                                                                          24KB

                                                                                                                          MD5

                                                                                                                          5a6206a3489650bf4a9c3ce44a428126

                                                                                                                          SHA1

                                                                                                                          3137a909ef8b098687ec536c57caa1bacc77224b

                                                                                                                          SHA256

                                                                                                                          0a9e623c6df237c02a585539bffb8249de48949c6d074fe0aaf43063731a3e28

                                                                                                                          SHA512

                                                                                                                          980da83c3142bf08433ec1770a2ec5f5560daf3ee680466f89beae8290e921c0db677489daad055fbc1f196388f8bc4f60e050600381f860b06d330062440a78

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\7ed69c0f-d761-42ac-905a-b7382a3cd1a2\index-dir\the-real-index

                                                                                                                          Filesize

                                                                                                                          2KB

                                                                                                                          MD5

                                                                                                                          c9a1457ef7fc4388112e1379e3af6cc4

                                                                                                                          SHA1

                                                                                                                          18cb01560859378cd405c20403209bd2a8209346

                                                                                                                          SHA256

                                                                                                                          9f3284c2c5e4b3483e0def1989a4f69e6ca2a825e591e95220490e8156490ee8

                                                                                                                          SHA512

                                                                                                                          472006b50d014cd9cf749603cb9dd174c903bf0d1e8065ba0a525e43a192c7ec8277a9985e40637b56afed7b7ac02afcb04d90ef131a3678ad09dc0793b66e51

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\7ed69c0f-d761-42ac-905a-b7382a3cd1a2\index-dir\the-real-index~RFe5916da.TMP

                                                                                                                          Filesize

                                                                                                                          48B

                                                                                                                          MD5

                                                                                                                          049f3e76334fdc6b52368f3a9d3f383b

                                                                                                                          SHA1

                                                                                                                          5e105590aa6865948459e2d8cbdf68f06f69a2b8

                                                                                                                          SHA256

                                                                                                                          646479947569c3abca3f24bf08a9f5096be8cbd2f752af606825575ce457e7fe

                                                                                                                          SHA512

                                                                                                                          9e7821d16aa190a443c45db0f85634c2ca6fd2d8fb6ff3dbe6b37c54611b582db7416c96824baa4251ba1b8ac4aba94f1d47127c9eba2bcfce034a9d0676e980

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

                                                                                                                          Filesize

                                                                                                                          84B

                                                                                                                          MD5

                                                                                                                          9ec9c8c4e035b4a64fb3d74936b249d0

                                                                                                                          SHA1

                                                                                                                          25cff75ea1a65615ded20ca572462a3ab91cfadd

                                                                                                                          SHA256

                                                                                                                          ce0181c953ae5c831a151f3de147bd74e1e290ed19e7bdeac34c03b8be7a8ed1

                                                                                                                          SHA512

                                                                                                                          a6cb989532376ccf7a3fda1acd8ba39a7e8274ffaae1ae40d314c1bd271db854199904b79eb125b653f4d747eed1c4fd751b332f29ee6b19ab861e05d467602c

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

                                                                                                                          Filesize

                                                                                                                          89B

                                                                                                                          MD5

                                                                                                                          764472e2c445719c1c75e55a0cc9b449

                                                                                                                          SHA1

                                                                                                                          105c49293b7706565dae380c36dce1f1c7a5d441

                                                                                                                          SHA256

                                                                                                                          dd3925751add34ddf394fd6fb91573e4aa9243ad690f609221c6ff06701821ef

                                                                                                                          SHA512

                                                                                                                          b67e3ab1f64404eacc0ec5bffb4537a9b8589d63adef4da9575c64b74725e2551520c2b1fcebab9e34f4418077977239fb72bd251e09c2e5abc062042ab94c8b

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

                                                                                                                          Filesize

                                                                                                                          146B

                                                                                                                          MD5

                                                                                                                          dbd9bea0b47b97dfe11b9ff45014a8fa

                                                                                                                          SHA1

                                                                                                                          b5e9e0cf1f11e1a7b1882d8a70c5ba76d700f92f

                                                                                                                          SHA256

                                                                                                                          e6bb072d34d69084a05ccaee8ef5d4e7eb8314d7fb3f8daf8457fb230aa8f74b

                                                                                                                          SHA512

                                                                                                                          b4576d173779f811d71998457a138002f8dd03fab54f59e1171ca8bd51d87c6f1821e4d596d119a7c06533e422b4ae3134650156a949eb9628da7a99940b1b8c

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

                                                                                                                          Filesize

                                                                                                                          82B

                                                                                                                          MD5

                                                                                                                          47e6c7d5dab1c6edde38426e27213f53

                                                                                                                          SHA1

                                                                                                                          bc708eee07a78a58cec1abadf5540ca0e85d7742

                                                                                                                          SHA256

                                                                                                                          0be8637a149886b34865961d1a96b4e124a0eb97513fa7af63739e1931b0cdc6

                                                                                                                          SHA512

                                                                                                                          64a78f4c5f63e10ed7bc13cea9f48bb5e5e87ec56e80313a59bebdb6fb4641f2204cfcddeb0a3185c62a5c554d45f7a97d3e4c650158f3b9dd54eff5181a6a14

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\804e6d0d-bd71-486c-91d4-414ab706e84d\index-dir\the-real-index

                                                                                                                          Filesize

                                                                                                                          6KB

                                                                                                                          MD5

                                                                                                                          410241e7b58772f92683c3e558e6eedc

                                                                                                                          SHA1

                                                                                                                          e8cf559ac789f497910aa98c6564365d086ba16d

                                                                                                                          SHA256

                                                                                                                          9ebf407dbed1c7bf6f20d39d343101d01dfd953696b3a85d42053b15af8fd861

                                                                                                                          SHA512

                                                                                                                          840c3836fa278d0df1bfaf449b9d720350061fe1e14f27018e171967a8878ffce6a20dab6fb9862c6c9bd0ee130033fce3477b9e7dda171bfdce8222a36e0428

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\804e6d0d-bd71-486c-91d4-414ab706e84d\index-dir\the-real-index~RFe5a16e5.TMP

                                                                                                                          Filesize

                                                                                                                          48B

                                                                                                                          MD5

                                                                                                                          b0854cc8e28381b46673a32703a24498

                                                                                                                          SHA1

                                                                                                                          f7648a04e51f4c854ed18da6ab574dc24687b887

                                                                                                                          SHA256

                                                                                                                          3631159c2d10278d200e26432e6371a8074c2d46779ff2e795c5adf32e14d5d1

                                                                                                                          SHA512

                                                                                                                          66471162f851784c0fbc9b81a229b059888db47d3e874c8858c7145d8ed831cfaa8dce483981736be8dec8fcc217efeed0a76b10da60ccdd42738e5c2b3def4f

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

                                                                                                                          Filesize

                                                                                                                          83B

                                                                                                                          MD5

                                                                                                                          428b7cd69d11700d8becf68c624fffda

                                                                                                                          SHA1

                                                                                                                          dd6ef65e5bbddf1a404943c068f13c9a32be5111

                                                                                                                          SHA256

                                                                                                                          a920e7b406dd45bb9e6f7223462282abda979ba57978340a68a208bc127ca3ba

                                                                                                                          SHA512

                                                                                                                          3695a2656194aeeaa0db66e399cc4c7b53dc5d13787c1cb6ee77776b71da10c1d8f29871aaf165405a83e32a83a1faecabf11979667a503d56465144c5e4bec6

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

                                                                                                                          Filesize

                                                                                                                          79B

                                                                                                                          MD5

                                                                                                                          e1a868d30c9a0a1022be812f197ae433

                                                                                                                          SHA1

                                                                                                                          c173b95a9ad9e097f4d4a52b4055039cfd3cca43

                                                                                                                          SHA256

                                                                                                                          61bb8c8ad032a536742f14e3a8a1b8e9d3468b52cb7cecebe206ff683ed5226c

                                                                                                                          SHA512

                                                                                                                          33d4766f61c4b0c90982e0c7bfd24076a228aec4efcc6e22cdcb400744ee249aae2b783f186d71c0175b84312b980f0528c3d01030150c7c1984006c5d4a230d

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

                                                                                                                          Filesize

                                                                                                                          16B

                                                                                                                          MD5

                                                                                                                          46295cac801e5d4857d09837238a6394

                                                                                                                          SHA1

                                                                                                                          44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                                                                                          SHA256

                                                                                                                          0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                                                                                          SHA512

                                                                                                                          8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

                                                                                                                          Filesize

                                                                                                                          120B

                                                                                                                          MD5

                                                                                                                          468d6ea2d4e72c91d2d518301b69016e

                                                                                                                          SHA1

                                                                                                                          5cfe821399eee6ff7a652664b1a0b1b2e6cef80b

                                                                                                                          SHA256

                                                                                                                          2ecffa3d6c2bf2aa4addb18cc0539ba4307da18e93d55c00aded5e6e0a786637

                                                                                                                          SHA512

                                                                                                                          78729f71fcaf23af50a52b7d4e733bb7326d5b373ee36285cbafd77103548e7fb47c82514dd803af862eefcee2e8f45f8f899c9e4d3f97415929c08b127adbae

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

                                                                                                                          Filesize

                                                                                                                          72B

                                                                                                                          MD5

                                                                                                                          33788b27f68291cd4400aa4dff484377

                                                                                                                          SHA1

                                                                                                                          46dd97a1f159c940d501b129a74d5578516cf6c9

                                                                                                                          SHA256

                                                                                                                          a9b9aad7c0770bd088692b062538677ce36aab5a516a601e1c3f52c4aa4fe2f8

                                                                                                                          SHA512

                                                                                                                          b22a595d507de7abd0046e68d5a4ab05e64870ba1e0f5d4dd48617bbda98ab8a6a2f58be74b57e3b062498602feadbbf58d515c4b15a9a256a2e462c4d5f44e9

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58f7f7.TMP

                                                                                                                          Filesize

                                                                                                                          48B

                                                                                                                          MD5

                                                                                                                          79852b1cc1850b71629bfac3df767b5d

                                                                                                                          SHA1

                                                                                                                          952dfdc97825ba058a721791cb8cb6bdde14bab3

                                                                                                                          SHA256

                                                                                                                          1029081dce599f853c882bb9b8276e96a1c2bbaf5d3f91ca42bf4f59b44ccf50

                                                                                                                          SHA512

                                                                                                                          999f99662c44e80b64d6979ee358a8ee85a97f54671142c45a37581183245266fd40793b3a4eed4f43e579fec80b0ee946a9c8d2a8a753efbf3bd8ef43bfffe2

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                                          Filesize

                                                                                                                          2KB

                                                                                                                          MD5

                                                                                                                          49ab2ae4a008fadd6fd472a4dfeb48b7

                                                                                                                          SHA1

                                                                                                                          d27aff1186671dc3e1b451047464ee850983207f

                                                                                                                          SHA256

                                                                                                                          3f7f720a0bc525c6fd29e64185f09a48d0a47f7033fbb56fc391a4469dda0dec

                                                                                                                          SHA512

                                                                                                                          fc29193bd70c436cda67d05ded5ef933ff66876968c6b2e943b29c92378812e419b898d1f1a87d2033c80b597d0a692f21a89ba07354c3ca994104a79bdd9c8e

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                                          Filesize

                                                                                                                          2KB

                                                                                                                          MD5

                                                                                                                          87ab3f58f8b6819b0545b2422bb22ce4

                                                                                                                          SHA1

                                                                                                                          5ba542c9bf2e050057fa190ab62846f338ddaf4f

                                                                                                                          SHA256

                                                                                                                          8dff18b1432eb29c503022e99e3e8df866a25fb8c37236b597830541f3d313b2

                                                                                                                          SHA512

                                                                                                                          3b46dde5024f0520c128b81d0e03eb2656800e935c54cc419423c662033624fcfcaa2ee8ed260cac546f6e5e7fbf6079c827969cae3ea6f1872346222f9f8a36

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                                          Filesize

                                                                                                                          3KB

                                                                                                                          MD5

                                                                                                                          e3cde6a541fa77aeaecef10ba4484b1f

                                                                                                                          SHA1

                                                                                                                          c859297cf1d8156551ccda91512c3c00234983fe

                                                                                                                          SHA256

                                                                                                                          7679d4ce6898ff4440fb77e5b47ff29d6f3765a86df332b7d8d91d368938544e

                                                                                                                          SHA512

                                                                                                                          9180efd400effec9ad15cadd83c8fee5946cbe2edda61646a4c6b8c5ecca00193c80ca5e8447dde914e7d0edade7f43661f5fa80be128afcf227bc897e80aa5f

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                                          Filesize

                                                                                                                          4KB

                                                                                                                          MD5

                                                                                                                          e4ac7f1f33fa1ff01757a5fb2babc3e0

                                                                                                                          SHA1

                                                                                                                          b5b8fecd6200068a76f815433b6d87cc4b664998

                                                                                                                          SHA256

                                                                                                                          91e9949addd5ed168f84819946cee1d9f334f5489a0026034a7f61b96e1bfbb9

                                                                                                                          SHA512

                                                                                                                          9575ccc8efbfc4dac73a8bc1d64299a5723e4bfde803672aab3c08e5039562d1465d6784b1fd356cf9c7216898a5ccc1f45cf3608b63f3df19b6bcdf73275b33

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                                          Filesize

                                                                                                                          4KB

                                                                                                                          MD5

                                                                                                                          e36a085c86de34f093b9072956824c70

                                                                                                                          SHA1

                                                                                                                          7e21df2bf4bc8e96faeb7e193474743af82c340f

                                                                                                                          SHA256

                                                                                                                          3ab4cabdba90fb84d637b732a5e8e68644b9370ec7e8cb8c6d366abe8ef15472

                                                                                                                          SHA512

                                                                                                                          df91e0b496b4f2752cd8c985aa36c8ab9731f003e825732dc57dbf98565a9b618b234f2d21337bee6b29c859604807f64c6c41c155b2b23c834b69dbd7e6cf14

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                                          Filesize

                                                                                                                          4KB

                                                                                                                          MD5

                                                                                                                          0c8f89ce71ceb6a5221a30cb24652bb7

                                                                                                                          SHA1

                                                                                                                          baf281eb033e81be25402938312930178500c382

                                                                                                                          SHA256

                                                                                                                          a8929ecbe25120441896ab4f150534b80d1c58c0ebfb65c60f25466a3f6e87d5

                                                                                                                          SHA512

                                                                                                                          b4994964821d1205470166f03f20f2d907b65c066ca7b39db13d49e66d505dda4712a0c55dfe4d96177f5a63f56d73e98f46be31064ecd98c2338b7d5f174ab0

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58e606.TMP

                                                                                                                          Filesize

                                                                                                                          1KB

                                                                                                                          MD5

                                                                                                                          11118e7b5597be8a5e02990e924fc711

                                                                                                                          SHA1

                                                                                                                          8254dc709a5c3fced0d1135002a1db17d7c3e6eb

                                                                                                                          SHA256

                                                                                                                          8e7a35f3ae9c48d5cfea5822bcef6ce89bcade9a1f45198d0e70735923000994

                                                                                                                          SHA512

                                                                                                                          498ec3cb02d0e35506cc9d8f99522efef8de2bcb70d1893b06fba5e93c7fb3397eabd972bb9560910dde4ca16f518537a5fe5097df34edac58bb5a508425df4d

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                                                                                          Filesize

                                                                                                                          16B

                                                                                                                          MD5

                                                                                                                          6752a1d65b201c13b62ea44016eb221f

                                                                                                                          SHA1

                                                                                                                          58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                                                                                          SHA256

                                                                                                                          0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                                                                                          SHA512

                                                                                                                          9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                                          Filesize

                                                                                                                          10KB

                                                                                                                          MD5

                                                                                                                          d29998e6ab075f56044693c226909b9b

                                                                                                                          SHA1

                                                                                                                          58fa2fef509f0df1e3f5fec56958d85e7a080077

                                                                                                                          SHA256

                                                                                                                          689aceabcb32cf84cc43fdeef2128cda4a5226ae37b82986ed02c2616bdaaab4

                                                                                                                          SHA512

                                                                                                                          94a4ec04408aa81490ddccc3c38e3efe6739afbf45354e6e4ad709fd18b3ff7b408d7aecf1bbbad178ee99764cda2ce0c78dc119d1b0bcdd94eaa4404d4147d2

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                                          Filesize

                                                                                                                          10KB

                                                                                                                          MD5

                                                                                                                          b0a5e12179a5e48003307ffce6eae38a

                                                                                                                          SHA1

                                                                                                                          536b79ae50f3f9e1d8ed6ab251d93d0f08e03ce9

                                                                                                                          SHA256

                                                                                                                          8e75b600913d14fb831cb82e350b54a30b4da009d3ad298621241a0d7a881d59

                                                                                                                          SHA512

                                                                                                                          992a41bfe2a8efe4889b46da181e07b600f19fde166002fdbc29c1059902a5c013ee5b37a1852065d6331e300d3cd7d741bdf935ed120bcae303a8f9f225bba7

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                                          Filesize

                                                                                                                          2KB

                                                                                                                          MD5

                                                                                                                          c79af38cbc9b1458136c292edd40f634

                                                                                                                          SHA1

                                                                                                                          92ebfff1059148e687aa2896a9df06cbf36a1383

                                                                                                                          SHA256

                                                                                                                          bbbaa5add0c6fc01fa148e8fc20f363df14ffdd3783196d09b362fe6344bf2ad

                                                                                                                          SHA512

                                                                                                                          c4ed0cbdb10ca809cf648b8b75facc23270c05f43f5a27c5a39bbb15a6630673b911aaadcc25ee0b27112aa9347a9096e7d5a9ff78b7bd41c8200993d520d30a

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                                          Filesize

                                                                                                                          2KB

                                                                                                                          MD5

                                                                                                                          f79fa3645a9a820f037b7d09c3834355

                                                                                                                          SHA1

                                                                                                                          a2967667dccea5a3e049ee03a6944663964bc744

                                                                                                                          SHA256

                                                                                                                          d82772c58e6efdd3043fdf23a50be143485871d36cd0ab85c5c28674269873ad

                                                                                                                          SHA512

                                                                                                                          9262a890bb51c081ccd9c6e4801a1baf11c1e2f1876a44ddf8d34a6539f8d4a653193ab2e8da342285fbc4df50cc49e93aa89b7eb365f81a6d30d665c0520454

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                                          Filesize

                                                                                                                          2KB

                                                                                                                          MD5

                                                                                                                          05b521e0a9fb855318bde60a9d3e57a6

                                                                                                                          SHA1

                                                                                                                          41cb3783b95280204d7d163b38e0a65ae3c44c55

                                                                                                                          SHA256

                                                                                                                          3a3f34ff5fb2d2d838c013f8a99a6aeb4f68bc21b6d158c11327ca60ce029795

                                                                                                                          SHA512

                                                                                                                          debca263064b76577e3b3bac24a32c67367eb465f3d9fc33b138a98c897d91febda2eb55416fdf812f82bb87babdf8f0c84504d1def72981f2b56cf59a4e8bfd

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                                          Filesize

                                                                                                                          2KB

                                                                                                                          MD5

                                                                                                                          e3fc68193a4e3292dae6a8a45525b9c4

                                                                                                                          SHA1

                                                                                                                          5cf023f01d2ae68939143eacbc2970f3ed9009ca

                                                                                                                          SHA256

                                                                                                                          7ee72117a2a78528c9da0c5c175d5a81b38c08503a34dc1ef31bb018f60df28f

                                                                                                                          SHA512

                                                                                                                          58d3686224e5ff0ed4a2934c8774d864fe5241bdcb6097bae1344b513bf90aba489ecaeb3edac7f05b71eb0fd8053073706f9866d0d04d13d1d4108990d659bb

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                                          Filesize

                                                                                                                          2KB

                                                                                                                          MD5

                                                                                                                          7b1b713884e60d26e0bb110ad7b3f043

                                                                                                                          SHA1

                                                                                                                          a32f62cff69c8dbfe346c58fb9790f6fd35a8acc

                                                                                                                          SHA256

                                                                                                                          33878e7d7d7c1efb4da3867a9603551c5aa6f689c4cde0199b0de394cc37721d

                                                                                                                          SHA512

                                                                                                                          0385fb769feb2b65ae74f1cd42c94af9274d4f1b4458e10f3c0bcfcc70853f57a3b60b8ae6dfe500fd7894c8d8e1036d5bdb3c5ceede54948af899f1b7e090e5

                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\b1ae3b74-5066-4f0b-8c2d-68db34550667.tmp

                                                                                                                          Filesize

                                                                                                                          2KB

                                                                                                                          MD5

                                                                                                                          7a91a39d9917ee0ba5c829bfbbc8641a

                                                                                                                          SHA1

                                                                                                                          61195be3656e6653184a261da201cd0d091caa30

                                                                                                                          SHA256

                                                                                                                          47a7ce7071915122dcbdbb2e41c7ed95228bc671fdaad5ba5058f231bbe97106

                                                                                                                          SHA512

                                                                                                                          fdbbba0ebc92f183a8368ab74dc68d9d1f52d80fc05fe4f05c5f043fe91c7c00087be0b77848c345853b248e8e28443d1ab024bcbbb144fcb7dde2f5fd4f1d0b

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\6oH9YH9.exe

                                                                                                                          Filesize

                                                                                                                          898KB

                                                                                                                          MD5

                                                                                                                          cfe152d93ec1812da83f93e22b913100

                                                                                                                          SHA1

                                                                                                                          9498a3db64c876b2869bec319112a912eb8bcf7d

                                                                                                                          SHA256

                                                                                                                          becc495e2432bc5135fff9912a112648c8710c4bb4c52dfe9003ee6261c85201

                                                                                                                          SHA512

                                                                                                                          c5089da2000cf2343479e06c76108e9409a977cbde60edf502960339c31a960989a9324468812c644e5cddcf7bf3c4a12d1c7f41da79d473bdf1c8c28a5d7532

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\hy6ra22.exe

                                                                                                                          Filesize

                                                                                                                          1.7MB

                                                                                                                          MD5

                                                                                                                          9fdb6b2df466b99fa35b1e98ea32510d

                                                                                                                          SHA1

                                                                                                                          2b45b2b121d80527fde4cd173afdb9f192786f05

                                                                                                                          SHA256

                                                                                                                          bd8d0103b94fbd2ede771ed7536a8b644ace0b7cb0dc290552975da610f42926

                                                                                                                          SHA512

                                                                                                                          4fdc57756d490006408d11dee04a740abb46c0b3731e00d2c5770eaad73739c5b2cfb57c5b7358bb4ad3799012ed8e68ac1207ddd7a2083c7a259797eff63197

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\4Fk431BV.exe

                                                                                                                          Filesize

                                                                                                                          1.6MB

                                                                                                                          MD5

                                                                                                                          a578068f622b94c0182ee84f90289fef

                                                                                                                          SHA1

                                                                                                                          14171533e79b104e184bfeb4a71ca27851a0168b

                                                                                                                          SHA256

                                                                                                                          cfc5ed1d45367ff731ebce7a011c418007926841501177e90d6073615de63b2f

                                                                                                                          SHA512

                                                                                                                          4d39abd0d1ca03e3b1934a2f5cd19c142c26099966353460e4a1005dc094d9e065619224d0123be8217ff2ee2de5a5b18b3f0ab0ca72f3a705349b475c84557f

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\EI6oi19.exe

                                                                                                                          Filesize

                                                                                                                          1022KB

                                                                                                                          MD5

                                                                                                                          e60f3a167e69899fd11b77aa075328bb

                                                                                                                          SHA1

                                                                                                                          3d8b97f11830e7720991f28664f736d50c8ea00e

                                                                                                                          SHA256

                                                                                                                          9b31ad984a8415b03455a9a943a9d1c4594ae5cc439db7bcd60f8e28c80e6863

                                                                                                                          SHA512

                                                                                                                          09b8ee82e619f9b45f7d742f26c049c6ed291aa79507c67464f4b19fd492f219a1fedbd4853dca4eec05867ba1a4bedf8ac7ba38da2275f34df27c885bdccd07

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\1cR07pW9.exe

                                                                                                                          Filesize

                                                                                                                          918KB

                                                                                                                          MD5

                                                                                                                          d4e2f84c30682ddfa1e24848d23f4a08

                                                                                                                          SHA1

                                                                                                                          7693c53b73c37dbe87b6b88d17470b3648f185fe

                                                                                                                          SHA256

                                                                                                                          e96419ef282114c31ecbd484c3ba5973c2698ea5ad150c03fb012f855668d219

                                                                                                                          SHA512

                                                                                                                          fdd13067d22243a3fbf56a256f9a0e7d10931f3d50499c275b0344e2ec1e0d77c1af8933c832f583797fd36b9dcec3b3df551598eb3ae501069bf67d7ba1405f

                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\IXP002.TMP\3Qx90OR.exe

                                                                                                                          Filesize

                                                                                                                          38KB

                                                                                                                          MD5

                                                                                                                          b39ccc2bc3438cba75cdc67608f89f03

                                                                                                                          SHA1

                                                                                                                          e248dd80405faf80f47653f2f0bcac8f3c477d47

                                                                                                                          SHA256

                                                                                                                          968241e4b31e0d0ca91a013e397f0250b930d8a3f5bcb988f1ba4568129efe1b

                                                                                                                          SHA512

                                                                                                                          2c31b8143e84de2aaaa7c8272af98846d3769d2f64c84676a16932178656420df0852da1f477e7f80799aebccf6babc304c0b5bb5fa9051f9b19888abfc0f08b

                                                                                                                        • memory/8-29-0x0000000000400000-0x000000000040B000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          44KB

                                                                                                                        • memory/8-32-0x0000000000400000-0x000000000040B000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          44KB

                                                                                                                        • memory/3408-31-0x0000000002730000-0x0000000002746000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          88KB

                                                                                                                        • memory/3540-23-0x00000000026F0000-0x0000000002885000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          1.6MB

                                                                                                                        • memory/3540-24-0x0000000000400000-0x0000000000908000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          5.0MB

                                                                                                                        • memory/3540-26-0x00000000026F0000-0x0000000002885000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          1.6MB

                                                                                                                        • memory/3540-22-0x0000000002610000-0x00000000026E4000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          848KB