Analysis

  • max time kernel
    151s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231127-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231127-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-12-2023 16:46

General

  • Target

    efadd59c698c9d2b98307f0a472257ce7311e5c5680bfc185b3bedf022603128.exe

  • Size

    2.7MB

  • MD5

    cb62f324601c0fdb809b6c17a97f9f2a

  • SHA1

    d89c9ced9ed90007865b4c2edd7b8781505bbd18

  • SHA256

    efadd59c698c9d2b98307f0a472257ce7311e5c5680bfc185b3bedf022603128

  • SHA512

    688fa598a3902122c1459414cd5d56499c96c6f25f4da98bceabd4dd13604302abf79a349da35da88b33320a48bea004c85a7b33638598f4fc72f03c8269e401

  • SSDEEP

    49152:1Qsn3nVbVsPxOvsZbzOWHdBAkIrU04O5O14DwvtVZMru3UG1dv0IrUakP7:GsDExOvsZbz1+rUv4Dwvtv6u3UcGIrE7

Malware Config

Extracted

Family

smokeloader

Version

2022

C2

http://81.19.131.34/fks/index.php

rc4.i32
rc4.i32

Extracted

Family

risepro

C2

193.233.132.51

Signatures

  • PrivateLoader

    PrivateLoader is a downloader sold as a pay-per-install malware distribution service.

  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

  • SmokeLoader

    Modular backdoor trojan in use since 2014.

  • Downloads MZ/PE file
  • Executes dropped EXE 4 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • AutoIT Executable 1 IoCs

    AutoIT scripts compiled to PE executables.

  • Detected potential entity reuse from brand paypal.
  • Suspicious use of SetThreadContext 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs
  • Suspicious use of AdjustPrivilegeToken 31 IoCs
  • Suspicious use of FindShellTrayWindow 35 IoCs
  • Suspicious use of SendNotifyMessage 34 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\efadd59c698c9d2b98307f0a472257ce7311e5c5680bfc185b3bedf022603128.exe
    "C:\Users\Admin\AppData\Local\Temp\efadd59c698c9d2b98307f0a472257ce7311e5c5680bfc185b3bedf022603128.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:1472
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\kg0JC50.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\kg0JC50.exe
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious use of WriteProcessMemory
      PID:3400
      • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1oa99Vk3.exe
        C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1oa99Vk3.exe
        3⤵
        • Executes dropped EXE
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of WriteProcessMemory
        PID:1984
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
          4⤵
          • Enumerates system info in registry
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          • Suspicious use of WriteProcessMemory
          PID:860
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffe797c46f8,0x7ffe797c4708,0x7ffe797c4718
            5⤵
              PID:4904
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,15872664654651073774,2535195657642556029,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
              5⤵
              • Suspicious behavior: EnumeratesProcesses
              PID:5488
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,15872664654651073774,2535195657642556029,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
              5⤵
                PID:5480
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,15872664654651073774,2535195657642556029,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:8
                5⤵
                  PID:5880
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15872664654651073774,2535195657642556029,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
                  5⤵
                    PID:6376
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15872664654651073774,2535195657642556029,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
                    5⤵
                      PID:6344
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15872664654651073774,2535195657642556029,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3856 /prefetch:1
                      5⤵
                        PID:6480
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15872664654651073774,2535195657642556029,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4008 /prefetch:1
                        5⤵
                          PID:7260
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15872664654651073774,2535195657642556029,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4176 /prefetch:1
                          5⤵
                            PID:7440
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15872664654651073774,2535195657642556029,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4448 /prefetch:1
                            5⤵
                              PID:7664
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15872664654651073774,2535195657642556029,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4652 /prefetch:1
                              5⤵
                                PID:7928
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15872664654651073774,2535195657642556029,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
                                5⤵
                                  PID:8096
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15872664654651073774,2535195657642556029,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
                                  5⤵
                                    PID:7116
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15872664654651073774,2535195657642556029,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
                                    5⤵
                                      PID:5396
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15872664654651073774,2535195657642556029,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
                                      5⤵
                                        PID:6988
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15872664654651073774,2535195657642556029,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:1
                                        5⤵
                                          PID:5900
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15872664654651073774,2535195657642556029,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6732 /prefetch:1
                                          5⤵
                                            PID:7888
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15872664654651073774,2535195657642556029,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6388 /prefetch:1
                                            5⤵
                                              PID:8020
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15872664654651073774,2535195657642556029,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6416 /prefetch:1
                                              5⤵
                                                PID:6092
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15872664654651073774,2535195657642556029,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7360 /prefetch:1
                                                5⤵
                                                  PID:7076
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15872664654651073774,2535195657642556029,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
                                                  5⤵
                                                    PID:6584
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,15872664654651073774,2535195657642556029,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7712 /prefetch:8
                                                    5⤵
                                                      PID:7120
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,15872664654651073774,2535195657642556029,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7712 /prefetch:8
                                                      5⤵
                                                        PID:6936
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15872664654651073774,2535195657642556029,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6640 /prefetch:1
                                                        5⤵
                                                          PID:7564
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15872664654651073774,2535195657642556029,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8088 /prefetch:1
                                                          5⤵
                                                            PID:1140
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2120,15872664654651073774,2535195657642556029,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7956 /prefetch:8
                                                            5⤵
                                                              PID:2292
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,15872664654651073774,2535195657642556029,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6352 /prefetch:1
                                                              5⤵
                                                                PID:5792
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,15872664654651073774,2535195657642556029,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4424 /prefetch:2
                                                                5⤵
                                                                  PID:5464
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login
                                                                4⤵
                                                                • Suspicious use of WriteProcessMemory
                                                                PID:224
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ffe797c46f8,0x7ffe797c4708,0x7ffe797c4718
                                                                  5⤵
                                                                    PID:3868
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,12281500895455762758,10857196986472704303,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
                                                                    5⤵
                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                    PID:5240
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,12281500895455762758,10857196986472704303,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
                                                                    5⤵
                                                                      PID:5144
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
                                                                    4⤵
                                                                    • Suspicious use of WriteProcessMemory
                                                                    PID:220
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffe797c46f8,0x7ffe797c4708,0x7ffe797c4718
                                                                      5⤵
                                                                        PID:5000
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,5944124014444416537,4505677437953565138,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
                                                                        5⤵
                                                                        • Suspicious behavior: EnumeratesProcesses
                                                                        PID:3364
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,5944124014444416537,4505677437953565138,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
                                                                        5⤵
                                                                          PID:4612
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://store.steampowered.com/login
                                                                        4⤵
                                                                        • Suspicious use of WriteProcessMemory
                                                                        PID:1176
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffe797c46f8,0x7ffe797c4708,0x7ffe797c4718
                                                                          5⤵
                                                                            PID:1868
                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,2497515496352309270,2321993284764651827,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
                                                                            5⤵
                                                                            • Suspicious behavior: EnumeratesProcesses
                                                                            PID:5548
                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,2497515496352309270,2321993284764651827,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
                                                                            5⤵
                                                                              PID:5532
                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitter.com/i/flow/login
                                                                            4⤵
                                                                            • Suspicious use of WriteProcessMemory
                                                                            PID:1700
                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x174,0x178,0x17c,0x150,0x180,0x7ffe797c46f8,0x7ffe797c4708,0x7ffe797c4718
                                                                              5⤵
                                                                                PID:4976
                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,69007717456115131,7059454615542194353,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3
                                                                                5⤵
                                                                                • Suspicious behavior: EnumeratesProcesses
                                                                                PID:6024
                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,69007717456115131,7059454615542194353,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
                                                                                5⤵
                                                                                  PID:6016
                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/openid/loginform
                                                                                4⤵
                                                                                • Suspicious use of WriteProcessMemory
                                                                                PID:2504
                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffe797c46f8,0x7ffe797c4708,0x7ffe797c4718
                                                                                  5⤵
                                                                                    PID:2500
                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,1728437107765765505,114923436124345173,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
                                                                                    5⤵
                                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                                    PID:5540
                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,1728437107765765505,114923436124345173,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
                                                                                    5⤵
                                                                                      PID:5524
                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.epicgames.com/id/login
                                                                                    4⤵
                                                                                    • Suspicious use of WriteProcessMemory
                                                                                    PID:5048
                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffe797c46f8,0x7ffe797c4708,0x7ffe797c4718
                                                                                      5⤵
                                                                                        PID:4012
                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,6113223728393273627,15211570410047025294,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
                                                                                        5⤵
                                                                                        • Suspicious behavior: EnumeratesProcesses
                                                                                        PID:5504
                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,6113223728393273627,15211570410047025294,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
                                                                                        5⤵
                                                                                          PID:5496
                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.paypal.com/signin
                                                                                        4⤵
                                                                                        • Suspicious use of WriteProcessMemory
                                                                                        PID:4812
                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x160,0x170,0x7ffe797c46f8,0x7ffe797c4708,0x7ffe797c4718
                                                                                          5⤵
                                                                                            PID:3592
                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1860,95814793707727186,16039243557925733476,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
                                                                                            5⤵
                                                                                            • Suspicious behavior: EnumeratesProcesses
                                                                                            PID:6708
                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1860,95814793707727186,16039243557925733476,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
                                                                                            5⤵
                                                                                              PID:6700
                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/
                                                                                            4⤵
                                                                                            • Suspicious use of WriteProcessMemory
                                                                                            PID:1444
                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x70,0x16c,0x7ffe797c46f8,0x7ffe797c4708,0x7ffe797c4718
                                                                                              5⤵
                                                                                                PID:3060
                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1468,3761348751223052224,6326486271316845854,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 /prefetch:3
                                                                                                5⤵
                                                                                                • Suspicious behavior: EnumeratesProcesses
                                                                                                PID:6968
                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
                                                                                              4⤵
                                                                                              • Suspicious use of WriteProcessMemory
                                                                                              PID:3404
                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x168,0x16c,0x170,0x144,0x174,0x7ffe797c46f8,0x7ffe797c4708,0x7ffe797c4718
                                                                                                5⤵
                                                                                                  PID:2120
                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,13687397279060190538,16647913889022422593,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
                                                                                                  5⤵
                                                                                                    PID:7780
                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,13687397279060190538,16647913889022422593,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
                                                                                                    5⤵
                                                                                                      PID:7772
                                                                                                • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\4IM139lg.exe
                                                                                                  C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\4IM139lg.exe
                                                                                                  3⤵
                                                                                                  • Executes dropped EXE
                                                                                                  • Checks SCSI registry key(s)
                                                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                                                  • Suspicious behavior: MapViewOfSection
                                                                                                  PID:5416
                                                                                              • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7ZH2vm61.exe
                                                                                                C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\7ZH2vm61.exe
                                                                                                2⤵
                                                                                                • Executes dropped EXE
                                                                                                • Suspicious use of SetThreadContext
                                                                                                • Suspicious use of AdjustPrivilegeToken
                                                                                                PID:7300
                                                                                                • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                                                                                  3⤵
                                                                                                    PID:7096
                                                                                                    • C:\Windows\SysWOW64\WerFault.exe
                                                                                                      C:\Windows\SysWOW64\WerFault.exe -u -p 7096 -s 604
                                                                                                      4⤵
                                                                                                      • Program crash
                                                                                                      PID:3164
                                                                                              • C:\Windows\System32\CompPkgSrv.exe
                                                                                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                1⤵
                                                                                                  PID:7044
                                                                                                • C:\Windows\System32\CompPkgSrv.exe
                                                                                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                  1⤵
                                                                                                    PID:7524
                                                                                                  • C:\Windows\SysWOW64\WerFault.exe
                                                                                                    C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 7096 -ip 7096
                                                                                                    1⤵
                                                                                                      PID:3700

                                                                                                    Network

                                                                                                    MITRE ATT&CK Enterprise v15

                                                                                                    Replay Monitor

                                                                                                    Loading Replay Monitor...

                                                                                                    Downloads

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\97566006-c2e9-4db8-bcc9-11355855e201.tmp

                                                                                                      Filesize

                                                                                                      2KB

                                                                                                      MD5

                                                                                                      a00215754773eadad6d7e42f9e01e2d9

                                                                                                      SHA1

                                                                                                      0f7bbd9f8f9acc81ea6c11d2699f00394f969442

                                                                                                      SHA256

                                                                                                      50c74469eb809985cc2e60ad71ebf79706683e9dc32c07cefa6a2316cd93c5bf

                                                                                                      SHA512

                                                                                                      d1ecb62f09033c47ceac93d3259c0822ff420dc25bc3303f2a2ebf7a6fa7fe80deaa46452d31ed0b88fc0f59288e0a011f6f057f3a36560d5e1edb7c07b7d58f

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                      Filesize

                                                                                                      152B

                                                                                                      MD5

                                                                                                      5990c020b2d5158c9e2f12f42d296465

                                                                                                      SHA1

                                                                                                      dcb52612d301824d3a7fdfd0ea20c3fcfbb7a1b4

                                                                                                      SHA256

                                                                                                      2f33956ce5a0bb01abb3c0fee9a321c8f8f7abcf1d7535800bf25f1dc44b1643

                                                                                                      SHA512

                                                                                                      9efb70c4922365967c5fa7e89967e21eede96979a149e027099da786cd8b198d4e81bb3bf2b39c8d65a8796c5d72ca79241e66fc69e2502fdec8a0c5f230412c

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                      Filesize

                                                                                                      152B

                                                                                                      MD5

                                                                                                      208a234643c411e1b919e904ee20115e

                                                                                                      SHA1

                                                                                                      400b6e6860953f981bfe4716c345b797ed5b2b5b

                                                                                                      SHA256

                                                                                                      af80020ae43388bbd3db31c75aade369d489a30a933574dea19163e094d5f458

                                                                                                      SHA512

                                                                                                      2779b96325234c836cbb91820ee332ed56c15b534ec0c7770b322a5c03849ec3ee67b0ec7978e1fab563eeed1cea96f5155d7b942702555d9352ff6711a548d2

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\2d5945b7-61ee-43f6-8c3e-3b43025ce7ef.tmp

                                                                                                      Filesize

                                                                                                      3KB

                                                                                                      MD5

                                                                                                      706f67128b9fadedc97480b90d06b344

                                                                                                      SHA1

                                                                                                      12a183cba274c8fd40ba2666fabc1a236143686a

                                                                                                      SHA256

                                                                                                      cf3f2d0045bf0d70de96dd167762a329a078d05d2f94c687d9a2e3426f7239d0

                                                                                                      SHA512

                                                                                                      64b7ef868cf42f80c7fbcf855456529d6acf18b2a0a29b61481cfb6ee023ebb4b45639177680b3ed5b1c530a6a654d00e25f78e50c8ea9b74d3539a836a02461

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

                                                                                                      Filesize

                                                                                                      20KB

                                                                                                      MD5

                                                                                                      923a543cc619ea568f91b723d9fb1ef0

                                                                                                      SHA1

                                                                                                      6f4ade25559645c741d7327c6e16521e43d7e1f9

                                                                                                      SHA256

                                                                                                      bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd

                                                                                                      SHA512

                                                                                                      a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

                                                                                                      Filesize

                                                                                                      21KB

                                                                                                      MD5

                                                                                                      7d75a9eb3b38b5dd04b8a7ce4f1b87cc

                                                                                                      SHA1

                                                                                                      68f598c84936c9720c5ffd6685294f5c94000dff

                                                                                                      SHA256

                                                                                                      6c24799e77b963b00401713a1dbd9cba3a00249b9363e2c194d01b13b8cdb3d7

                                                                                                      SHA512

                                                                                                      cf0488c34a1af36b1bb854dea2decfc8394f47831b1670cab3eed8291b61188484cc8ab0a726a524ecdd20b71d291bcccbc2ce999fd91662aca63d2d22ed0d9f

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

                                                                                                      Filesize

                                                                                                      190KB

                                                                                                      MD5

                                                                                                      d55250dc737ef207ba326220fff903d1

                                                                                                      SHA1

                                                                                                      cbdc4af13a2ca8219d5c0b13d2c091a4234347c6

                                                                                                      SHA256

                                                                                                      d3e913618a52fe57ab4320e62a5ace58a699d6bce8187164e198abe3279726fd

                                                                                                      SHA512

                                                                                                      13adff61e2cfa25dc535eba9d63209b7e7e9bd29fc4d6c868b057df7f680aa66ef5783a0e82a8367185debf7f6fe5bae89adc0770daff5317d2e16db5ad3ab39

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

                                                                                                      Filesize

                                                                                                      33KB

                                                                                                      MD5

                                                                                                      909324d9c20060e3e73a7b5ff1f19dd8

                                                                                                      SHA1

                                                                                                      feea7790740db1e87419c8f5920859ea0234b76b

                                                                                                      SHA256

                                                                                                      dfc749d2afefe484d9aa9f8f06d461ad104a0ca9b75b46abfaaddda64a5e9278

                                                                                                      SHA512

                                                                                                      b64d2dce1f9a185fbb8a32adc1ff402d8045d379600bf3f9154bbde18303610f18af9fce258442db1e621ecf10b77aafe99cffedfcbe2a1490056c50cc42d0f9

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000037

                                                                                                      Filesize

                                                                                                      200KB

                                                                                                      MD5

                                                                                                      b3ba9decc3bb52ed5cca8158e05928a9

                                                                                                      SHA1

                                                                                                      19d045a3fbccbf788a29a4dba443d9ccf5a12fb0

                                                                                                      SHA256

                                                                                                      8bd1b2afcbe2fa046b0937197f1b2f393ef821ff89331f99754b9006f0114df4

                                                                                                      SHA512

                                                                                                      86a86d370e96fa29c0c1d12991c2287936b400830869ff7b5abe4de6f32db2df782b626d724496cd6de27f8cbd32101ba34cbcd4c650ef11afa26bc048d68529

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                      Filesize

                                                                                                      5KB

                                                                                                      MD5

                                                                                                      69674e9391c518e268b5a2a4f5f24095

                                                                                                      SHA1

                                                                                                      a6f569d76ab6222d5b498b71f334906c3793716c

                                                                                                      SHA256

                                                                                                      5387c016ae75372179cbebd70efef74cb929df8e2741b8be8ce85fe75a023d35

                                                                                                      SHA512

                                                                                                      f636da5a370d9e56ed9ab6d65e7d06a6b9e2919a3fb6a69aa1cd7a81801a9936b58be0432785948b92bfef20e30221db6292280abfdfdc817743ca41d264b459

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                                                                      Filesize

                                                                                                      5KB

                                                                                                      MD5

                                                                                                      d19a00bbca4289ce819c20085a1db4ae

                                                                                                      SHA1

                                                                                                      f439e7f0d77964a6ca356a3d711b879d678f9302

                                                                                                      SHA256

                                                                                                      938096cfba797cf73afeb92ecb506bff71a5d938d2a3587d8b0899c260073792

                                                                                                      SHA512

                                                                                                      c822a5748595461a6e0ff18b8f17be0abc6d91bf22e26a96d7da2d4a95c1e081c4a9cd9edd9f6321eb868c357248ba93c87d0cc691d14705e0d739c466f46725

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                                                      Filesize

                                                                                                      111B

                                                                                                      MD5

                                                                                                      285252a2f6327d41eab203dc2f402c67

                                                                                                      SHA1

                                                                                                      acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

                                                                                                      SHA256

                                                                                                      5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

                                                                                                      SHA512

                                                                                                      11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                                                                                      Filesize

                                                                                                      3KB

                                                                                                      MD5

                                                                                                      34c69e90ade320205d63225b2be919b1

                                                                                                      SHA1

                                                                                                      a1de7c2de6966489a06084c6d534e3920597f8fb

                                                                                                      SHA256

                                                                                                      bcce3f4f58a91795fe670d8ddcf6c05611e72cc55a4aa9e4a8e28d2fb146edd3

                                                                                                      SHA512

                                                                                                      b08f24d8db04edfa29b1b7a84dcdf254b68196fdd14b6279dd9e63ed12b38c1a9874d07e45010e72d7279d27514b584aa318604cd527d868a2b54741b132ff2e

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                      Filesize

                                                                                                      5KB

                                                                                                      MD5

                                                                                                      adddc1979a712fb69c77373747807149

                                                                                                      SHA1

                                                                                                      160804aa36fb1da70ca4910677b21266c70a3578

                                                                                                      SHA256

                                                                                                      70ed8f9896ef820f8f94f39a9d326283efce3fd1262696dc95cff338f8efd3a3

                                                                                                      SHA512

                                                                                                      8f7cf03fccd98d4d0ad1af2e5e9e0f19ee0f8bb4afce9fd258a400a5b8bebf15ef4651dc40db4c96557704a690482cda7282dc9dd445d76b4da9fba313af8115

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                      Filesize

                                                                                                      7KB

                                                                                                      MD5

                                                                                                      ba78d1ad2108c06ee728e2c965df7dd8

                                                                                                      SHA1

                                                                                                      bb4e14b830c0e43987452a8b56f62e156ffec05c

                                                                                                      SHA256

                                                                                                      5f3f5298862b7a878cba6c8b8414f7e1244bd06fc59e3a7bd59a1e695c53b544

                                                                                                      SHA512

                                                                                                      75e64ebaa6c5bd659a51abb629318ee971825cb2e65381bafeaa84324b1a71bd0aa10d5d440d3fc5aaab75ed44d2899f292bd4820f2fb6e32833f3e1c832e63f

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                      Filesize

                                                                                                      8KB

                                                                                                      MD5

                                                                                                      62be9465db532059ca0704e05d517bbd

                                                                                                      SHA1

                                                                                                      c4dc3489d26732ffd7d7009c7098a215f5b1c910

                                                                                                      SHA256

                                                                                                      658d397930aab86afd26d4b80ee7ac5fb1088de5198d8faa5775297013ea5f2f

                                                                                                      SHA512

                                                                                                      3cf79aba0a87296968c019cd6ad72938410fccffc9976c7c2623a4c03237653d04bec174272673a59812a910e0fbca13308dc579af387e16243e574af223cbbd

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                      Filesize

                                                                                                      8KB

                                                                                                      MD5

                                                                                                      77b2ec14921b6a23a80b1e4f16035c16

                                                                                                      SHA1

                                                                                                      9f5433aa71f072337788f5d7d5a36b7cfdb3c8d9

                                                                                                      SHA256

                                                                                                      56d303cc09019f2ab4a6f79c350184553298dd948c31632c728456afbae0071c

                                                                                                      SHA512

                                                                                                      6edd26ea0e8a498185fceb810b09ec90d9d887e02cb662fa5998469600e6a5d6d4ced6c574b57c0afaf5ce58e4097e63102fda0418b90cfdd59b92053917a287

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

                                                                                                      Filesize

                                                                                                      24KB

                                                                                                      MD5

                                                                                                      5a6206a3489650bf4a9c3ce44a428126

                                                                                                      SHA1

                                                                                                      3137a909ef8b098687ec536c57caa1bacc77224b

                                                                                                      SHA256

                                                                                                      0a9e623c6df237c02a585539bffb8249de48949c6d074fe0aaf43063731a3e28

                                                                                                      SHA512

                                                                                                      980da83c3142bf08433ec1770a2ec5f5560daf3ee680466f89beae8290e921c0db677489daad055fbc1f196388f8bc4f60e050600381f860b06d330062440a78

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

                                                                                                      Filesize

                                                                                                      89B

                                                                                                      MD5

                                                                                                      dae8941dd5e57970078d1b2c67942436

                                                                                                      SHA1

                                                                                                      b6ee220ed39d7a1404f8a088e4b87fa6462f256f

                                                                                                      SHA256

                                                                                                      d8ec9d23cac6b53865b6e77a90a4ae26d0e08da4f924a7400a62b507b3671381

                                                                                                      SHA512

                                                                                                      e600354fbdf3a328550dc5b7ffc8f32e6394ffc8dc132916f44482e9ecedeba4d55c13c1076252dfa3903e9a424db6cc5c3ce18aeb35aec65050e672b4bdff70

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

                                                                                                      Filesize

                                                                                                      146B

                                                                                                      MD5

                                                                                                      a3851ed517b166a29430e3f571e295cd

                                                                                                      SHA1

                                                                                                      006ccdbb1f9f4c538d1e59f427d3f73d9c01b3be

                                                                                                      SHA256

                                                                                                      33ed56348d5230e2f734fcf20c62f3fb8fc510a77b9296aa8a87d5b36bdb5207

                                                                                                      SHA512

                                                                                                      b68e44b3057fa8f0795d8850aa865f679b4de171e4a3e18ea8df5eeb903ddf1bb22473595fa6070b13e67e690167aab6c8e984ec1b8d29c48b3a9d02fb5a3225

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

                                                                                                      Filesize

                                                                                                      82B

                                                                                                      MD5

                                                                                                      778cbdebef5b11bc62297ca9e5156b2c

                                                                                                      SHA1

                                                                                                      77f769ed2ca33923217bdf7bf25dffc0bcea9473

                                                                                                      SHA256

                                                                                                      a3e19da4289ed70e0973b0abdfd7882c5d7bbaf75a109fe3f6da2a66b1b49ed2

                                                                                                      SHA512

                                                                                                      606b6f7e39011af69beefe1d909182768dd00c99d1c2c2128d79bd5d0b6ba42d2ba922740d85ad44922322c8d5d3d2063c1e420791a5c59941d89de905211bc9

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\2a0ca565-bc70-437b-a888-7e3e8e286fe9\index-dir\the-real-index

                                                                                                      Filesize

                                                                                                      6KB

                                                                                                      MD5

                                                                                                      79c9c7ee2ba91ba9d8d5feda5ca4f97a

                                                                                                      SHA1

                                                                                                      608a23a92db0e472a8bf5e86630a459aedc5b45a

                                                                                                      SHA256

                                                                                                      5be09ca6abec8774e92dba5d1e3a79d88ce0445947cf6467ba859c353987eac0

                                                                                                      SHA512

                                                                                                      78be18bc6ae6d4ebc4de7ebe47eb2e8ab16c13ef34f2034d9437eb98574731de0154c97f20aff9a6b384e93854662da35ef911633774d679b91842f8f2123362

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\2a0ca565-bc70-437b-a888-7e3e8e286fe9\index-dir\the-real-index~RFe59f91c.TMP

                                                                                                      Filesize

                                                                                                      48B

                                                                                                      MD5

                                                                                                      040309a1039c4ee92c70e09a9c474c8a

                                                                                                      SHA1

                                                                                                      66246f9e929761719c150ca23c5a57051225f145

                                                                                                      SHA256

                                                                                                      8203838ba9f4de21674ec365fcf51fe4dd5d817334924b21eeb5c6db886a6f5d

                                                                                                      SHA512

                                                                                                      ff46b03bbe20b302e38a778aa02cff6716c333f019bfd4b9e606314037814e7eab0f3f65818cfdefe362d2db87fdfbf0c15cd6493d2c248a38df629d3d590ba3

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

                                                                                                      Filesize

                                                                                                      79B

                                                                                                      MD5

                                                                                                      5c18728ecb421fe7d3fd2b2761548b17

                                                                                                      SHA1

                                                                                                      1f6febceb9bc4ee855bae1df86a802f91d44d2a5

                                                                                                      SHA256

                                                                                                      b6708db3afe01b92b6e50a5f63987ee855f1b751f58a0dac12008d8d60dc8dc6

                                                                                                      SHA512

                                                                                                      688fd0adddabf349bfc06ce4eed1412b6765982a4e6564562a4b0999a9a965ee840e19e39ec7910279a0ba4fdc63ef40628c6b65640ec7e06c5c62f0d562f871

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\8f7abdeb3486c1b8780fede76afc20e044eff1b5\index.txt

                                                                                                      Filesize

                                                                                                      83B

                                                                                                      MD5

                                                                                                      66627e4ea55821d7af4764e50ac59ee8

                                                                                                      SHA1

                                                                                                      23a60342965103756a41625eb7e1f8cc554960f5

                                                                                                      SHA256

                                                                                                      d801e8ba7aae5c855ead9f1843fbf9a3fd91761753e1cdd27777b3bf33681503

                                                                                                      SHA512

                                                                                                      4e4ab8d5a402d15c1495cc9096d220014016ea0a874116715634d8a7b001fdf1a6a17ba26472a1529d8b12237d12768cd2db7c2bbf80880c1547fc68b6c81b15

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

                                                                                                      Filesize

                                                                                                      16B

                                                                                                      MD5

                                                                                                      46295cac801e5d4857d09837238a6394

                                                                                                      SHA1

                                                                                                      44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                                                                      SHA256

                                                                                                      0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                                                                      SHA512

                                                                                                      8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

                                                                                                      Filesize

                                                                                                      96B

                                                                                                      MD5

                                                                                                      3b054850451e9273f73a5e7f4f8142e2

                                                                                                      SHA1

                                                                                                      75a6c8b93a6d01fc9b898e645b87dfabc092ac5b

                                                                                                      SHA256

                                                                                                      dc829e9630b3a88a247204962563524562b4caccf73d3ad194ae36355cb18d7e

                                                                                                      SHA512

                                                                                                      cd10115fb166020ca50cf57dfccee45a03d0dbe8cfa2df03623218d0f5cbe7fa028629a1749c588315956aab3c1c0edd6b0bf82ceca1f7961f1c6b9bc1bfd412

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

                                                                                                      Filesize

                                                                                                      120B

                                                                                                      MD5

                                                                                                      f4cae513ab25f68d54f9f39dec2c4020

                                                                                                      SHA1

                                                                                                      fb8fa9cf6be4a2b8c5930482302ee1de6a84b4dc

                                                                                                      SHA256

                                                                                                      0ada66ff3e01d30cd8d7b9c5c7632079f7d02820715f7d0e525bf224003a923b

                                                                                                      SHA512

                                                                                                      f31514a1660729aa0c47eca60150c0779869daade893ee48d3bbf90660d278e777d9cc2fd26ec84ce157946dffbbc7bf1b53d5c9d165ed9eb2d9dd6c7ebd182d

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe598795.TMP

                                                                                                      Filesize

                                                                                                      48B

                                                                                                      MD5

                                                                                                      3f1fed5002f787799543751a395702fe

                                                                                                      SHA1

                                                                                                      4a629f93348b1c5341c8cbd17c9caebc663b86f8

                                                                                                      SHA256

                                                                                                      475865635009255ab351d48e811231cb06ca88b4342caf53563e0ceee19ae03d

                                                                                                      SHA512

                                                                                                      24c88fc694ca6d7fb1184b77b41c98892f8d329a733a0873fb9c1d0f9b06d5d1f0eb2cb335f2df76fc4ca1716a6a1c059ab9be007b6a86edbf54de9de2598670

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                      Filesize

                                                                                                      2KB

                                                                                                      MD5

                                                                                                      405e540dbc9a3ae96fb8d135287ca9bf

                                                                                                      SHA1

                                                                                                      e50c743a296b804c67ea408a811353211cf3815d

                                                                                                      SHA256

                                                                                                      811d29bbf00420f061c3da58abbc3556ed2cef7ed4974fd4f6067d5c868253b5

                                                                                                      SHA512

                                                                                                      dc1034d1000e43f963ccccc30ff589cad400d4c34e5799ae669bd849da7708771cb063b1ca8939a3e11e4e44a8d2ee6241f6f5bce390191c18687b49bfe4e72d

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                      Filesize

                                                                                                      2KB

                                                                                                      MD5

                                                                                                      91aafb6015e643f61057866ea22245d5

                                                                                                      SHA1

                                                                                                      f95ab8c03261029d45c6f82370babb81189f43b3

                                                                                                      SHA256

                                                                                                      1b522816bd00e13b5f418d89f755b0ce6e5b20313ba5408b8804c06fde439d45

                                                                                                      SHA512

                                                                                                      834827ff64aa8beb27ec57d72c7592992f1d478ee6d8fecab9d53b3aeffc426e8fae43662ebcbdb6bc8f6182d58762dbb31e7dcb6ccb85ac2ce4fd21f48cf6aa

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                      Filesize

                                                                                                      4KB

                                                                                                      MD5

                                                                                                      76b927366b06518e382722c1906118b0

                                                                                                      SHA1

                                                                                                      659c6e6f93ec2e64d4985b07bfe34087444feef4

                                                                                                      SHA256

                                                                                                      c3951d48cb7367b0b8c7b31c9ef123fd82ba32b5395fb0a284a2e943c1c2e04c

                                                                                                      SHA512

                                                                                                      3c70a3f993fe887e0d1901e60c513196ffe70f7784fe916ee2b610c4141d5439abbd0254763f98f12479cfb22ae2036c402fcaa4ed82abf99853d92ba111f4fc

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                      Filesize

                                                                                                      4KB

                                                                                                      MD5

                                                                                                      e117ac3fa8b2b66952cc2ad8d03f416a

                                                                                                      SHA1

                                                                                                      45e64753e396f235dae4db5ec97d3ef01d4fdef3

                                                                                                      SHA256

                                                                                                      9c226fea43d94f8052c3e9fe4972ad7d502140a1c164eea395a28053d785c4e3

                                                                                                      SHA512

                                                                                                      b02270089be078b8d3ab6d667b3fb1b6f87d6c02c5589a967347e1ad078126acd32970e3286511870709fc7ab146c35898d9a0271c8123e81213febcf90577a3

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                      Filesize

                                                                                                      4KB

                                                                                                      MD5

                                                                                                      ff5f5a8f5eb49c9bd9f9690402a3b048

                                                                                                      SHA1

                                                                                                      b812ebb420eec80fa880c2345a696205d07893a3

                                                                                                      SHA256

                                                                                                      d4716a01cf93274a030f300e94728f61d3e490edf5cdfc1ca47db75d0a8520a4

                                                                                                      SHA512

                                                                                                      13f986049f8b3a9cb10e4776240a9b0e9c033e4b02d61fcfcd785d7379136bf45c7fe93c3ea58206d66712345d6aedd4d5d7591424be979806c60e72170b665d

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                      Filesize

                                                                                                      4KB

                                                                                                      MD5

                                                                                                      352a24a4c58980aeee18b40da1d6cada

                                                                                                      SHA1

                                                                                                      35ebf40e8d9dc2bf905c07af0fa303e1f321e6c0

                                                                                                      SHA256

                                                                                                      38c6eaf3e1b3924aea060aaad9cb80a7e71a36717c2fd6b4b764f443f52da391

                                                                                                      SHA512

                                                                                                      ac139f06f8e4ad1c9fd19f7a6c05699da3f9bc20165a2625c62defc33236ef55eb35a52464d1e192ce326544763e0e9f7ecfa67c92fec07ab412d73b3106d5e6

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                                                                                      Filesize

                                                                                                      1KB

                                                                                                      MD5

                                                                                                      c965c9ad8ae8c0e9fb5b6e33fd837360

                                                                                                      SHA1

                                                                                                      9b6436719ba0fc36c618a06369217311aa78edbb

                                                                                                      SHA256

                                                                                                      baf2b497e83744142d9c7e6448f315b01d62350f92e254cfb3c26f5ae77f746e

                                                                                                      SHA512

                                                                                                      b04bbfc9dfd850471aa34f056571d4178d05a915dd85e53435697d8a801fc19057e3c83dd0c43e1638b8237fc7d02271c842f2c401b193483a47912a2b347e44

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58bdcd.TMP

                                                                                                      Filesize

                                                                                                      1KB

                                                                                                      MD5

                                                                                                      2f35f66b95ecf4cf017e1d758a435d2b

                                                                                                      SHA1

                                                                                                      1354d528b606ca7b1991a58864b56cbcb4553110

                                                                                                      SHA256

                                                                                                      0d3ca6a98d6b4760fd2d713dab60c4b706e8eb7e784740e4146302b5092b4bb7

                                                                                                      SHA512

                                                                                                      4035563185285e098ee2a8fc873f42c460fa0c061e02d1d63bf07a363dc02ced1ae6b7114a92820f1d70432f5130da2e02a1c243cb305df6bb59efbb0777526d

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                                                                                      Filesize

                                                                                                      16B

                                                                                                      MD5

                                                                                                      6752a1d65b201c13b62ea44016eb221f

                                                                                                      SHA1

                                                                                                      58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                                                                      SHA256

                                                                                                      0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                                                                      SHA512

                                                                                                      9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                      Filesize

                                                                                                      2KB

                                                                                                      MD5

                                                                                                      b0bb778edb3ca3544e8423757dd95fdd

                                                                                                      SHA1

                                                                                                      37b2343e5363dd24176abca8956efb9e6a0f82de

                                                                                                      SHA256

                                                                                                      97b4a9785822245fb010ba182f9ba93874328c340638ec981e18269ee2378b6d

                                                                                                      SHA512

                                                                                                      5fbbf9b1240f63365319140775282c2af3f8a63823c291ba91edc747975752f9acb08a0d8a9b69ee938605ba1abf9d9fa30205eac766e9d9e8c2a70132a2e62b

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                      Filesize

                                                                                                      2KB

                                                                                                      MD5

                                                                                                      41a6d49bf8d4544a6009210c4d69b208

                                                                                                      SHA1

                                                                                                      0246fdf46f63324661cfe58d3a6ab2a2a72105cc

                                                                                                      SHA256

                                                                                                      3bf48a32e24659df03bb549361322c749ea517db521bfa32ca591d1bb9b47437

                                                                                                      SHA512

                                                                                                      d720cdd54595d39ae9adbcfd0341b6f7c5f80c5dd95ef0e76f21e82626ca8360926123443638596fc5b6cb95ad3429d7d7226e898b24329e40f872b931f9b1c3

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                      Filesize

                                                                                                      2KB

                                                                                                      MD5

                                                                                                      9a494742ad166fb532f3f1a1daa459b3

                                                                                                      SHA1

                                                                                                      b52d8898a45d0a5547b90a4e94d87086b48d0c9a

                                                                                                      SHA256

                                                                                                      31c7220535b8d016ab808c3993aab9518f14f86f44932cabf03b59a4849c9a76

                                                                                                      SHA512

                                                                                                      e007ddef666f67f6fd13ba5af5fd0114314a302172d06eca6b1f42643de8431666f7a69f2a700f5924283b96fe767415c94b80d3f4fc4d40a875263898ed5387

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                      Filesize

                                                                                                      2KB

                                                                                                      MD5

                                                                                                      5eec6533816976a7fa673e3f968664ea

                                                                                                      SHA1

                                                                                                      f3e9a311d8fd72feb433f767aed126137f4190d1

                                                                                                      SHA256

                                                                                                      19147952749b78bbc31cf157eccac6bed76f1f0c1c7052a3068b6745f15601b9

                                                                                                      SHA512

                                                                                                      be2f891f07e5a76048004bfe33aa099475ca9ef5db4fcad07a3d5ce6ce06ddaf040e20e708fc89dcd2fd16be177de5168c3bcaf0eaaa40308ff0da1147151356

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                      Filesize

                                                                                                      2KB

                                                                                                      MD5

                                                                                                      d25814344b836e839d6aaef2a126be22

                                                                                                      SHA1

                                                                                                      34d6902aa471a010803e05258a3dd91266c12007

                                                                                                      SHA256

                                                                                                      50f9b49ac38332cc52d2380ef627fc0e5c6c102a105bb57a3378b64bb04e877b

                                                                                                      SHA512

                                                                                                      71f756e3247ff4cc987ff86270649a04f0c18de67e2d0e04794d909065d7815cd3ea631681817b1293e93705ee4c0fa976273736ae03e8f1bad5359ecb74836f

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                      Filesize

                                                                                                      2KB

                                                                                                      MD5

                                                                                                      2ee5971c478e551f3c4bd30bb135982c

                                                                                                      SHA1

                                                                                                      a3c4968dded26006a06923ae701fea71ad1ffdbc

                                                                                                      SHA256

                                                                                                      11f4660a123addfb12c520992a94d7c64cab86e5f65e48bae347475028e527ab

                                                                                                      SHA512

                                                                                                      2d5492a8119c3e57237c4cf25ec74a721bb6ea641e29d03a7bb2f963c9f1cb8c2b7a50582a9a9bb677fbadbc443e8de383d1f7f000e404f9eceaa7e118770356

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                      Filesize

                                                                                                      10KB

                                                                                                      MD5

                                                                                                      9f4cf64c1a84078387c9b116f037d6bf

                                                                                                      SHA1

                                                                                                      08e901849ff881e6e9be906079ea1c6687e8e911

                                                                                                      SHA256

                                                                                                      4d00247549b2f7e067d37d4c5c2be4aa0c9de7e75000198c9c068946a323decc

                                                                                                      SHA512

                                                                                                      7f1933a2c28c107c8b7c99f9dfcedc7aab261436396da8836e9bd7b8b269a504704963bb0752ab5cd29656a0aad1209e5c548b4ab7cecb8d4d81b0d7e581bc36

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                      Filesize

                                                                                                      10KB

                                                                                                      MD5

                                                                                                      d3ceab79beb05b23cf46ad255adfc21f

                                                                                                      SHA1

                                                                                                      449561861940a72df2b5431675815bf067cd2191

                                                                                                      SHA256

                                                                                                      151cd159c2bcddbcf39fc0c4c1c9059bc7cbbcb7df882921529bd3aa11d8d985

                                                                                                      SHA512

                                                                                                      e47d9d4d223ab6244f198c98b6e04e17b09edb8aa82b38c29b6d61a35280e4010e18dacb6e6d5ae1fd780ee6af23530714f4f3fc45dbb10402fc24b21e911491

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                      Filesize

                                                                                                      2KB

                                                                                                      MD5

                                                                                                      3ac57a3a415292e38b4c653950df2324

                                                                                                      SHA1

                                                                                                      9f6c8f129dc551919b77575db09f9270fd5e9fb0

                                                                                                      SHA256

                                                                                                      ea6564e950c8e7088bf1fda55267f2d957bb3913516053818ef6a0e0d005e83b

                                                                                                      SHA512

                                                                                                      d28c1be7f5e40ee6ae811333e3a4264aa2f9568d61ef1ef7f7c89c3b0ad55f332ae90e24d50d9b86d80308ba902bedcc8cdb4699cb46c87f5e464a0307c399fe

                                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                      Filesize

                                                                                                      2KB

                                                                                                      MD5

                                                                                                      415319d48e87797d4b4b8748cb6b5370

                                                                                                      SHA1

                                                                                                      8efadabd55d0b93ce1a67c6ea1c9f656946ccaff

                                                                                                      SHA256

                                                                                                      bf1bf80cefc61b8c07368ddd512a40ea899e8e02fe9be6d6621710d3518e56b6

                                                                                                      SHA512

                                                                                                      460660818debf41b6325bb28fbb0b1cfb51a1715c94397fe9d3b43f92f6db12ed051b3eba1046d7e915791fd898ac30223caa309b302f3ba5552a9f2bf2031c5

                                                                                                    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\kg0JC50.exe

                                                                                                      Filesize

                                                                                                      551KB

                                                                                                      MD5

                                                                                                      ea4e32d77e1b570ec8c1ef6539c40795

                                                                                                      SHA1

                                                                                                      f44245c41d4a55a7b980a04fbe6be0fb21462c2d

                                                                                                      SHA256

                                                                                                      61610ed184a0a2b5d4280246f8fc40e09e80c03ac93bec2004f95f03031555ef

                                                                                                      SHA512

                                                                                                      2b76f651595bcb9ab9b8673faf13456f9a60ce6fb6febdcbd1d2795eb53c9a96661e6f69da8fec961a8008ea86e0e8370bae832ac5687e57ed6601c0ffb36ec3

                                                                                                    • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\1oa99Vk3.exe

                                                                                                      Filesize

                                                                                                      898KB

                                                                                                      MD5

                                                                                                      35ba032ff600684ec69863f40471b23b

                                                                                                      SHA1

                                                                                                      eb84588ea5e731bafd393f4eac5eb850dc28b803

                                                                                                      SHA256

                                                                                                      afcd8591e73c4df22ea1257d742198e89fbdfbb866194bdb43b4c3ad30fe0ea8

                                                                                                      SHA512

                                                                                                      0ff6ec6e468bb20c1cf2d37c458a149aea37ac53e77a6432173e3989b337f46ce4149578edd4f7b7cb9cd655417626b535af5e90402f1aef6476e344ab6db8d9

                                                                                                    • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\4IM139lg.exe

                                                                                                      Filesize

                                                                                                      38KB

                                                                                                      MD5

                                                                                                      88ddc215fcc0a5eba739eb4fed062a9d

                                                                                                      SHA1

                                                                                                      4d45110d65dab187c909363844ea0a31662c8b62

                                                                                                      SHA256

                                                                                                      d779617cc1ec19e3bff441178d1fb4f96fcde2abfecd19694eeb01d3a47ffc86

                                                                                                      SHA512

                                                                                                      c983b1ef1e96c9c554010aedf54854fb3d15ff71bc9fae227a2b830cdde65ef02a0e8aca8444e71b4fe19ced83458aebc1f031a0680574b578f4c8a48969de43

                                                                                                    • memory/3172-290-0x0000000002BA0000-0x0000000002BB6000-memory.dmp

                                                                                                      Filesize

                                                                                                      88KB

                                                                                                    • memory/5416-296-0x0000000000400000-0x000000000040B000-memory.dmp

                                                                                                      Filesize

                                                                                                      44KB

                                                                                                    • memory/5416-102-0x0000000000400000-0x000000000040B000-memory.dmp

                                                                                                      Filesize

                                                                                                      44KB

                                                                                                    • memory/7096-462-0x0000000000400000-0x000000000059E000-memory.dmp

                                                                                                      Filesize

                                                                                                      1.6MB

                                                                                                    • memory/7096-463-0x0000000000400000-0x000000000059E000-memory.dmp

                                                                                                      Filesize

                                                                                                      1.6MB

                                                                                                    • memory/7096-464-0x0000000000400000-0x000000000059E000-memory.dmp

                                                                                                      Filesize

                                                                                                      1.6MB

                                                                                                    • memory/7096-466-0x0000000000400000-0x000000000059E000-memory.dmp

                                                                                                      Filesize

                                                                                                      1.6MB

                                                                                                    • memory/7300-349-0x0000000005690000-0x00000000056A0000-memory.dmp

                                                                                                      Filesize

                                                                                                      64KB

                                                                                                    • memory/7300-343-0x00000000054E0000-0x0000000005572000-memory.dmp

                                                                                                      Filesize

                                                                                                      584KB

                                                                                                    • memory/7300-334-0x0000000005990000-0x0000000005F34000-memory.dmp

                                                                                                      Filesize

                                                                                                      5.6MB

                                                                                                    • memory/7300-329-0x0000000000550000-0x0000000000C1E000-memory.dmp

                                                                                                      Filesize

                                                                                                      6.8MB

                                                                                                    • memory/7300-327-0x00000000749E0000-0x0000000075190000-memory.dmp

                                                                                                      Filesize

                                                                                                      7.7MB

                                                                                                    • memory/7300-350-0x00000000056F0000-0x00000000056FA000-memory.dmp

                                                                                                      Filesize

                                                                                                      40KB

                                                                                                    • memory/7300-430-0x00000000067B0000-0x0000000006812000-memory.dmp

                                                                                                      Filesize

                                                                                                      392KB

                                                                                                    • memory/7300-472-0x00000000749E0000-0x0000000075190000-memory.dmp

                                                                                                      Filesize

                                                                                                      7.7MB