lucastealer | hxxp://youtube[.]com

Analysis

max time kernel
497s
max time network
501s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
24-03-2024 14:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://youtube.com

Score

10^/10

lucastealer njrat hacked evasion spyware stealer trojan upx

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

HacKed

dllsys.duckdns.org:3202

Mutex

3b570ffeeb3d34249b9a5ce0ee58a328

Attributes

reg_key
3b570ffeeb3d34249b9a5ce0ee58a328
splitter
svchost

Signatures

Luca Stealer
Info stealer written in Rust first seen in July 2022.
stealer lucastealer
njRAT/Bladabindi
Widely used RAT written in .NET.
trojan njrat
Modifies Windows Firewall 2 TTPs 1 IoCs
evasion

Windows Service
T1543.003

Disable or Modify System Firewall
T1562.004

Processes:

netsh.exe

pid process

5084 netsh.exe

pid	process
5084	netsh.exe

Executes dropped EXE 18 IoCs

Processes:

Remcos Professional Cracked By Alcatraz3222.exetaskhost.exePatch.exePatch.exePatch (1).exePatch (1).exeRemcos-RAT-3.8.0.exeRemcos-RAT-3.8.0.exeRemcos-RAT-3.8.0.exeRemcos-RAT-3.8.0.exeRemcos-RAT-3.8.0.exeRemcos-RAT-3.8.0.exeRemcos-RAT-3.8.0.exeRemcos Professional.exeRemcos Professional.exeRemcos Professional.exeRemcos Professional.exePatch (1).exe

pid	process
1888	Remcos Professional Cracked By Alcatraz3222.exe
3248	taskhost.exe
6844	Patch.exe
3104	Patch.exe
6972	Patch (1).exe
3360	Patch (1).exe
2276	Remcos-RAT-3.8.0.exe
400	Remcos-RAT-3.8.0.exe
6220	Remcos-RAT-3.8.0.exe
4424	Remcos-RAT-3.8.0.exe
2312	Remcos-RAT-3.8.0.exe
4772	Remcos-RAT-3.8.0.exe
3744	Remcos-RAT-3.8.0.exe
5712	Remcos Professional.exe
5512	Remcos Professional.exe
2372	Remcos Professional.exe
4784	Remcos Professional.exe
3436	Patch (1).exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 7 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
C:\Users\Admin\Downloads\Unconfirmed 670434.crdownload	upx
behavioral1/memory/5712-2259-0x00007FF6A07E0000-0x00007FF6A2124000-memory.dmp	upx
behavioral1/memory/5712-2305-0x00007FF6A07E0000-0x00007FF6A2124000-memory.dmp	upx
behavioral1/memory/5512-2367-0x00007FF6A07E0000-0x00007FF6A2124000-memory.dmp	upx
behavioral1/memory/2372-2471-0x00007FF6A07E0000-0x00007FF6A2124000-memory.dmp	upx
behavioral1/memory/2372-2535-0x00007FF6A07E0000-0x00007FF6A2124000-memory.dmp	upx
behavioral1/memory/4784-2762-0x00007FF6A07E0000-0x00007FF6A2124000-memory.dmp	upx

Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials In Files
T1552.001

Enumerates connected drives 3 TTPs 4 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

Remcos Professional.exeRemcos Professional.exeRemcos Professional.exeRemcos Professional.exe

description	ioc	process
File opened (read-only)	\??\F:	Remcos Professional.exe
File opened (read-only)	\??\F:	Remcos Professional.exe
File opened (read-only)	\??\F:	Remcos Professional.exe
File opened (read-only)	\??\F:	Remcos Professional.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 21 IoCs

Web Service

T1102

Processes:

flow	ioc
359	raw.githubusercontent.com
448	raw.githubusercontent.com
532	raw.githubusercontent.com
533	raw.githubusercontent.com
341	camo.githubusercontent.com
337	camo.githubusercontent.com
339	camo.githubusercontent.com
340	camo.githubusercontent.com
446	raw.githubusercontent.com
447	raw.githubusercontent.com
587	discord.com
602	discord.com
334	camo.githubusercontent.com
628	discord.com
531	raw.githubusercontent.com
636	discord.com
361	raw.githubusercontent.com
338	camo.githubusercontent.com
360	raw.githubusercontent.com
588	discord.com
335	camo.githubusercontent.com

Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

581 ip-api.com
623 ip-api.com
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

Processes:

Remcos Professional Cracked By Alcatraz3222.exe

pid process

1888 Remcos Professional Cracked By Alcatraz3222.exe
Suspicious use of SetThreadContext 1 IoCs

Processes:

Remcos Professional Cracked By Alcatraz3222.exe

description pid process target process

PID 4376 set thread context of 3248 4376 Remcos Professional Cracked By Alcatraz3222.exe taskhost.exe

flow	ioc
581	ip-api.com
623	ip-api.com

description	pid	process	target process
PID 4376 set thread context of 3248	4376	Remcos Professional Cracked By Alcatraz3222.exe	taskhost.exe

Program crash 12 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
4668	6844	WerFault.exe	Patch.exe
3956	3104	WerFault.exe	Patch.exe
1468	6972	WerFault.exe	Patch (1).exe
5188	3360	WerFault.exe	Patch (1).exe
4400	400	WerFault.exe	Remcos-RAT-3.8.0.exe
2152	2276	WerFault.exe	Remcos-RAT-3.8.0.exe
4656	4772	WerFault.exe	Remcos-RAT-3.8.0.exe
6972	3744	WerFault.exe	Remcos-RAT-3.8.0.exe
5516	6220	WerFault.exe	Remcos-RAT-3.8.0.exe
3444	2312	WerFault.exe	Remcos-RAT-3.8.0.exe
5620	4424	WerFault.exe	Remcos-RAT-3.8.0.exe
900	3436	WerFault.exe	Patch (1).exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

taskmgr.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe

Checks processor information in registry 2 TTPs 11 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exefirefox.exemsedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Enumerates system info in registry 2 TTPs 14 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exemsedge.exemsedge.exemsedge.exemsedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	msedge.exe

Modifies registry class 12 IoCs

Processes:

firefox.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1904519900-954640453-4250331663-1000\{EEC4DFC1-D276-455B-8139-B382F9514E0E}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1904519900-954640453-4250331663-1000\{DAD0AC42-E5B9-4CF9-AC01-72FC7E9F9517}	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1904519900-954640453-4250331663-1000\{9AEE1CBB-5A2D-4427-901D-5D00F2A9B16E}	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1904519900-954640453-4250331663-1000\{B816C78D-24BD-4CEF-BFA6-ADD69E9E66EC}	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1904519900-954640453-4250331663-1000\{68308DC8-FF7A-454E-B9B2-0333A8003EE1}	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1904519900-954640453-4250331663-1000\{260BADAB-FF94-4B12-93D8-FF37C24F9CAD}	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1904519900-954640453-4250331663-1000\{C3FB0964-237B-4D19-9DC8-AE298A3A6100}	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1904519900-954640453-4250331663-1000\{CF8C7263-A145-4F20-99EB-692C93AE2D52}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

msedge.exeRemcos Professional Cracked By Alcatraz3222.exeRemcos Professional Cracked By Alcatraz3222.exetaskhost.exe

pid	process
7160	msedge.exe
7160	msedge.exe
4376	Remcos Professional Cracked By Alcatraz3222.exe
4376	Remcos Professional Cracked By Alcatraz3222.exe
1888	Remcos Professional Cracked By Alcatraz3222.exe
1888	Remcos Professional Cracked By Alcatraz3222.exe
1888	Remcos Professional Cracked By Alcatraz3222.exe
1888	Remcos Professional Cracked By Alcatraz3222.exe
4376	Remcos Professional Cracked By Alcatraz3222.exe
4376	Remcos Professional Cracked By Alcatraz3222.exe
4376	Remcos Professional Cracked By Alcatraz3222.exe
4376	Remcos Professional Cracked By Alcatraz3222.exe
3248	taskhost.exe
3248	taskhost.exe
3248	taskhost.exe
3248	taskhost.exe
3248	taskhost.exe
3248	taskhost.exe
3248	taskhost.exe
3248	taskhost.exe
3248	taskhost.exe
3248	taskhost.exe
3248	taskhost.exe
3248	taskhost.exe
3248	taskhost.exe
3248	taskhost.exe
3248	taskhost.exe
3248	taskhost.exe
3248	taskhost.exe
3248	taskhost.exe
3248	taskhost.exe
3248	taskhost.exe
3248	taskhost.exe
3248	taskhost.exe
3248	taskhost.exe
3248	taskhost.exe
3248	taskhost.exe
3248	taskhost.exe
3248	taskhost.exe
3248	taskhost.exe
3248	taskhost.exe
3248	taskhost.exe
3248	taskhost.exe
3248	taskhost.exe
3248	taskhost.exe
3248	taskhost.exe
3248	taskhost.exe
3248	taskhost.exe
3248	taskhost.exe
3248	taskhost.exe
3248	taskhost.exe
3248	taskhost.exe
3248	taskhost.exe
3248	taskhost.exe
3248	taskhost.exe
3248	taskhost.exe
3248	taskhost.exe
3248	taskhost.exe
3248	taskhost.exe
3248	taskhost.exe
3248	taskhost.exe
3248	taskhost.exe
3248	taskhost.exe
3248	taskhost.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

Processes:

Remcos Professional Cracked By Alcatraz3222.exetaskhost.exe

pid process

1888 Remcos Professional Cracked By Alcatraz3222.exe
3248 taskhost.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 40 IoCs

Processes:

msedge.exemsedge.exemsedge.exemsedge.exe

pid	process
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
6512	msedge.exe
6512	msedge.exe
6512	msedge.exe
6512	msedge.exe
6512	msedge.exe
6512	msedge.exe
6512	msedge.exe
6512	msedge.exe
6512	msedge.exe
6512	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
2824	msedge.exe
5600	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

AUDIODG.EXEfirefox.exeRemcos Professional Cracked By Alcatraz3222.exetaskhost.exePatch.exePatch.exePatch (1).exePatch (1).exeRemcos-RAT-3.8.0.exeRemcos-RAT-3.8.0.exeRemcos-RAT-3.8.0.exeRemcos-RAT-3.8.0.exeRemcos-RAT-3.8.0.exeRemcos-RAT-3.8.0.exeRemcos-RAT-3.8.0.exe

description	pid	process
Token: 33	3768	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3768	AUDIODG.EXE
Token: SeDebugPrivilege	5516	firefox.exe
Token: SeDebugPrivilege	5516	firefox.exe
Token: SeDebugPrivilege	4376	Remcos Professional Cracked By Alcatraz3222.exe
Token: SeDebugPrivilege	3248	taskhost.exe
Token: 33	3248	taskhost.exe
Token: SeIncBasePriorityPrivilege	3248	taskhost.exe
Token: 33	3248	taskhost.exe
Token: SeIncBasePriorityPrivilege	3248	taskhost.exe
Token: 33	3248	taskhost.exe
Token: SeIncBasePriorityPrivilege	3248	taskhost.exe
Token: 33	3248	taskhost.exe
Token: SeIncBasePriorityPrivilege	3248	taskhost.exe
Token: 33	3248	taskhost.exe
Token: SeIncBasePriorityPrivilege	3248	taskhost.exe
Token: SeDebugPrivilege	6844	Patch.exe
Token: 33	3248	taskhost.exe
Token: SeIncBasePriorityPrivilege	3248	taskhost.exe
Token: 33	3248	taskhost.exe
Token: SeIncBasePriorityPrivilege	3248	taskhost.exe
Token: 33	3248	taskhost.exe
Token: SeIncBasePriorityPrivilege	3248	taskhost.exe
Token: SeDebugPrivilege	3104	Patch.exe
Token: 33	3248	taskhost.exe
Token: SeIncBasePriorityPrivilege	3248	taskhost.exe
Token: 33	3248	taskhost.exe
Token: SeIncBasePriorityPrivilege	3248	taskhost.exe
Token: SeDebugPrivilege	6972	Patch (1).exe
Token: 33	3248	taskhost.exe
Token: SeIncBasePriorityPrivilege	3248	taskhost.exe
Token: SeDebugPrivilege	3360	Patch (1).exe
Token: 33	3248	taskhost.exe
Token: SeIncBasePriorityPrivilege	3248	taskhost.exe
Token: 33	3248	taskhost.exe
Token: SeIncBasePriorityPrivilege	3248	taskhost.exe
Token: 33	3248	taskhost.exe
Token: SeIncBasePriorityPrivilege	3248	taskhost.exe
Token: 33	3248	taskhost.exe
Token: SeIncBasePriorityPrivilege	3248	taskhost.exe
Token: 33	3248	taskhost.exe
Token: SeIncBasePriorityPrivilege	3248	taskhost.exe
Token: 33	3248	taskhost.exe
Token: SeIncBasePriorityPrivilege	3248	taskhost.exe
Token: 33	3248	taskhost.exe
Token: SeIncBasePriorityPrivilege	3248	taskhost.exe
Token: SeDebugPrivilege	400	Remcos-RAT-3.8.0.exe
Token: SeDebugPrivilege	2276	Remcos-RAT-3.8.0.exe
Token: 33	3248	taskhost.exe
Token: SeIncBasePriorityPrivilege	3248	taskhost.exe
Token: SeDebugPrivilege	6220	Remcos-RAT-3.8.0.exe
Token: SeDebugPrivilege	4424	Remcos-RAT-3.8.0.exe
Token: SeDebugPrivilege	2312	Remcos-RAT-3.8.0.exe
Token: SeDebugPrivilege	3744	Remcos-RAT-3.8.0.exe
Token: SeDebugPrivilege	4772	Remcos-RAT-3.8.0.exe
Token: 33	3248	taskhost.exe
Token: SeIncBasePriorityPrivilege	3248	taskhost.exe
Token: 33	3248	taskhost.exe
Token: SeIncBasePriorityPrivilege	3248	taskhost.exe
Token: 33	3248	taskhost.exe
Token: SeIncBasePriorityPrivilege	3248	taskhost.exe
Token: 33	3248	taskhost.exe
Token: SeIncBasePriorityPrivilege	3248	taskhost.exe
Token: 33	3248	taskhost.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

firefox.exemsedge.exeRemcos Professional Cracked By Alcatraz3222.exemsedge.exe

pid	process
5516	firefox.exe
5516	firefox.exe
5516	firefox.exe
5516	firefox.exe
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
1888	Remcos Professional Cracked By Alcatraz3222.exe
6512	msedge.exe
6512	msedge.exe
6512	msedge.exe
6512	msedge.exe
6512	msedge.exe
6512	msedge.exe
6512	msedge.exe
6512	msedge.exe
6512	msedge.exe
6512	msedge.exe
6512	msedge.exe
6512	msedge.exe
6512	msedge.exe
6512	msedge.exe
6512	msedge.exe
6512	msedge.exe
6512	msedge.exe
6512	msedge.exe
6512	msedge.exe
6512	msedge.exe
6512	msedge.exe
6512	msedge.exe
6512	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

firefox.exemsedge.exeRemcos Professional Cracked By Alcatraz3222.exemsedge.exetaskmgr.exe

pid	process
5516	firefox.exe
5516	firefox.exe
5516	firefox.exe
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
5312	msedge.exe
1888	Remcos Professional Cracked By Alcatraz3222.exe
6512	msedge.exe
6512	msedge.exe
6512	msedge.exe
6512	msedge.exe
6512	msedge.exe
6512	msedge.exe
6512	msedge.exe
6512	msedge.exe
6512	msedge.exe
6512	msedge.exe
6512	msedge.exe
6512	msedge.exe
6512	msedge.exe
6512	msedge.exe
6512	msedge.exe
6512	msedge.exe
6512	msedge.exe
6512	msedge.exe
6512	msedge.exe
6512	msedge.exe
6512	msedge.exe
6512	msedge.exe
6512	msedge.exe
6512	msedge.exe
1888	Remcos Professional Cracked By Alcatraz3222.exe
6512	msedge.exe
6512	msedge.exe
6512	msedge.exe
6512	msedge.exe
6512	msedge.exe
6512	msedge.exe
6512	msedge.exe
6512	msedge.exe
6316	taskmgr.exe
6316	taskmgr.exe
6316	taskmgr.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

firefox.exeRemcos Professional Cracked By Alcatraz3222.exe

pid process

5516 firefox.exe
1888 Remcos Professional Cracked By Alcatraz3222.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

firefox.exefirefox.exe

description	pid	process	target process
PID 5380 wrote to memory of 5516	5380	firefox.exe	firefox.exe
PID 5380 wrote to memory of 5516	5380	firefox.exe	firefox.exe
PID 5380 wrote to memory of 5516	5380	firefox.exe	firefox.exe
PID 5380 wrote to memory of 5516	5380	firefox.exe	firefox.exe
PID 5380 wrote to memory of 5516	5380	firefox.exe	firefox.exe
PID 5380 wrote to memory of 5516	5380	firefox.exe	firefox.exe
PID 5380 wrote to memory of 5516	5380	firefox.exe	firefox.exe
PID 5380 wrote to memory of 5516	5380	firefox.exe	firefox.exe
PID 5380 wrote to memory of 5516	5380	firefox.exe	firefox.exe
PID 5380 wrote to memory of 5516	5380	firefox.exe	firefox.exe
PID 5380 wrote to memory of 5516	5380	firefox.exe	firefox.exe
PID 5516 wrote to memory of 5732	5516	firefox.exe	firefox.exe
PID 5516 wrote to memory of 5732	5516	firefox.exe	firefox.exe
PID 5516 wrote to memory of 5808	5516	firefox.exe	firefox.exe
PID 5516 wrote to memory of 5808	5516	firefox.exe	firefox.exe
PID 5516 wrote to memory of 5808	5516	firefox.exe	firefox.exe
PID 5516 wrote to memory of 5808	5516	firefox.exe	firefox.exe
PID 5516 wrote to memory of 5808	5516	firefox.exe	firefox.exe
PID 5516 wrote to memory of 5808	5516	firefox.exe	firefox.exe
PID 5516 wrote to memory of 5808	5516	firefox.exe	firefox.exe
PID 5516 wrote to memory of 5808	5516	firefox.exe	firefox.exe
PID 5516 wrote to memory of 5808	5516	firefox.exe	firefox.exe
PID 5516 wrote to memory of 5808	5516	firefox.exe	firefox.exe
PID 5516 wrote to memory of 5808	5516	firefox.exe	firefox.exe
PID 5516 wrote to memory of 5808	5516	firefox.exe	firefox.exe
PID 5516 wrote to memory of 5808	5516	firefox.exe	firefox.exe
PID 5516 wrote to memory of 5808	5516	firefox.exe	firefox.exe
PID 5516 wrote to memory of 5808	5516	firefox.exe	firefox.exe
PID 5516 wrote to memory of 5808	5516	firefox.exe	firefox.exe
PID 5516 wrote to memory of 5808	5516	firefox.exe	firefox.exe
PID 5516 wrote to memory of 5808	5516	firefox.exe	firefox.exe
PID 5516 wrote to memory of 5808	5516	firefox.exe	firefox.exe
PID 5516 wrote to memory of 5808	5516	firefox.exe	firefox.exe
PID 5516 wrote to memory of 5808	5516	firefox.exe	firefox.exe
PID 5516 wrote to memory of 5808	5516	firefox.exe	firefox.exe
PID 5516 wrote to memory of 5808	5516	firefox.exe	firefox.exe
PID 5516 wrote to memory of 5808	5516	firefox.exe	firefox.exe
PID 5516 wrote to memory of 5808	5516	firefox.exe	firefox.exe
PID 5516 wrote to memory of 5808	5516	firefox.exe	firefox.exe
PID 5516 wrote to memory of 5808	5516	firefox.exe	firefox.exe
PID 5516 wrote to memory of 5808	5516	firefox.exe	firefox.exe
PID 5516 wrote to memory of 5808	5516	firefox.exe	firefox.exe
PID 5516 wrote to memory of 5808	5516	firefox.exe	firefox.exe
PID 5516 wrote to memory of 5808	5516	firefox.exe	firefox.exe
PID 5516 wrote to memory of 5808	5516	firefox.exe	firefox.exe
PID 5516 wrote to memory of 5808	5516	firefox.exe	firefox.exe
PID 5516 wrote to memory of 5808	5516	firefox.exe	firefox.exe
PID 5516 wrote to memory of 5808	5516	firefox.exe	firefox.exe
PID 5516 wrote to memory of 5808	5516	firefox.exe	firefox.exe
PID 5516 wrote to memory of 5808	5516	firefox.exe	firefox.exe
PID 5516 wrote to memory of 5808	5516	firefox.exe	firefox.exe
PID 5516 wrote to memory of 5808	5516	firefox.exe	firefox.exe
PID 5516 wrote to memory of 5808	5516	firefox.exe	firefox.exe
PID 5516 wrote to memory of 5808	5516	firefox.exe	firefox.exe
PID 5516 wrote to memory of 5808	5516	firefox.exe	firefox.exe
PID 5516 wrote to memory of 5808	5516	firefox.exe	firefox.exe
PID 5516 wrote to memory of 5808	5516	firefox.exe	firefox.exe
PID 5516 wrote to memory of 5808	5516	firefox.exe	firefox.exe
PID 5516 wrote to memory of 5808	5516	firefox.exe	firefox.exe
PID 5516 wrote to memory of 5808	5516	firefox.exe	firefox.exe
PID 5516 wrote to memory of 5808	5516	firefox.exe	firefox.exe
PID 5516 wrote to memory of 4928	5516	firefox.exe	firefox.exe
PID 5516 wrote to memory of 4928	5516	firefox.exe	firefox.exe
PID 5516 wrote to memory of 4928	5516	firefox.exe	firefox.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://youtube.com
1⤵
PID:5060

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=3604 --field-trial-handle=3084,i,14217130992253490921,11543335378077656547,262144 --variations-seed-version /prefetch:1
1⤵
PID:2304

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=5296 --field-trial-handle=3084,i,14217130992253490921,11543335378077656547,262144 --variations-seed-version /prefetch:1
1⤵
PID:3268

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5268 --field-trial-handle=3084,i,14217130992253490921,11543335378077656547,262144 --variations-seed-version /prefetch:8
1⤵
PID:3080

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=4348 --field-trial-handle=3084,i,14217130992253490921,11543335378077656547,262144 --variations-seed-version /prefetch:1
1⤵
PID:3488

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=6048 --field-trial-handle=3084,i,14217130992253490921,11543335378077656547,262144 --variations-seed-version /prefetch:1
1⤵
PID:1556

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --mojo-platform-channel-handle=6228 --field-trial-handle=3084,i,14217130992253490921,11543335378077656547,262144 --variations-seed-version /prefetch:1
1⤵
PID:2060

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --mojo-platform-channel-handle=5348 --field-trial-handle=3084,i,14217130992253490921,11543335378077656547,262144 --variations-seed-version /prefetch:8
1⤵
PID:1920

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x398 0x494
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3768

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6344 --field-trial-handle=3084,i,14217130992253490921,11543335378077656547,262144 --variations-seed-version /prefetch:8
1⤵
PID:3388

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\e85ad146fa9f4e118209b5a12e3761da /t 1856 /p 4404
1⤵
PID:5312

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:5380
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:5516
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5516.0.2095145004\1272610866" -parentBuildID 20221007134813 -prefsHandle 1884 -prefMapHandle 1864 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b260fcd5-f515-4c6e-9b05-ea29d0d3708c} 5516 "\\.\pipe\gecko-crash-server-pipe.5516" 1964 2c2dd0cee58 gpu
    3⤵
    PID:5732
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5516.1.370830358\1312316884" -parentBuildID 20221007134813 -prefsHandle 2352 -prefMapHandle 2340 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2fa82bde-dab0-45e6-925c-dc8856fa2e0a} 5516 "\\.\pipe\gecko-crash-server-pipe.5516" 2364 2c2d096fe58 socket
    3⤵
    - Checks processor information in registry
    PID:5808
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5516.2.53366067\1092202296" -childID 1 -isForBrowser -prefsHandle 2888 -prefMapHandle 2948 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {175bbe48-5f24-4d3b-9d3e-3f33f11187ba} 5516 "\\.\pipe\gecko-crash-server-pipe.5516" 2940 2c2e12f6258 tab
    3⤵
    PID:4928
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5516.3.1866190236\1864821131" -childID 2 -isForBrowser -prefsHandle 3104 -prefMapHandle 3224 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2175432d-0f7f-4379-bf14-5dc875d29a38} 5516 "\\.\pipe\gecko-crash-server-pipe.5516" 1316 2c2d096d658 tab
    3⤵
    PID:5964
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5516.4.398754755\1948505039" -childID 3 -isForBrowser -prefsHandle 1332 -prefMapHandle 3628 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {616430af-2fca-446c-b3a0-1f7b224f6b10} 5516 "\\.\pipe\gecko-crash-server-pipe.5516" 3740 2c2d0930858 tab
    3⤵
    PID:5996
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5516.5.1524309904\2031558435" -childID 4 -isForBrowser -prefsHandle 4604 -prefMapHandle 3856 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {99d191aa-12d7-4827-8efa-555be4abde78} 5516 "\\.\pipe\gecko-crash-server-pipe.5516" 4648 2c2e324c758 tab
    3⤵
    PID:6232
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5516.6.982548209\1989558933" -childID 5 -isForBrowser -prefsHandle 5020 -prefMapHandle 5016 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9ec91d37-5826-44aa-9bff-57fe0df7c8ce} 5516 "\\.\pipe\gecko-crash-server-pipe.5516" 3856 2c2e2aefa58 tab
    3⤵
    PID:6368
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5516.7.154378962\1652345292" -childID 6 -isForBrowser -prefsHandle 5036 -prefMapHandle 5032 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {466b21d7-f94c-40b4-9466-0b169cfc300b} 5516 "\\.\pipe\gecko-crash-server-pipe.5516" 4928 2c2e360e058 tab
    3⤵
    PID:6376
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5516.8.490702515\1358864598" -childID 7 -isForBrowser -prefsHandle 2824 -prefMapHandle 4508 -prefsLen 26285 -prefMapSize 233444 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0898fa59-9fbc-4afd-89bf-9627c1fa4fe0} 5516 "\\.\pipe\gecko-crash-server-pipe.5516" 3576 2c2dd598858 tab
    3⤵
    PID:6732

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5328 --field-trial-handle=3084,i,14217130992253490921,11543335378077656547,262144 --variations-seed-version /prefetch:8
1⤵
PID:7092

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=6496 --field-trial-handle=3084,i,14217130992253490921,11543335378077656547,262144 --variations-seed-version /prefetch:8
1⤵
- Modifies registry class
PID:6264

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.52 --initial-client-data=0x238,0x23c,0x240,0x234,0x24c,0x7ffbaeee2e98,0x7ffbaeee2ea4,0x7ffbaeee2eb0
  2⤵
  PID:7148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2260 --field-trial-handle=2264,i,8313407470154124161,2117769311625889981,262144 --variations-seed-version /prefetch:2
  2⤵
  PID:4684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=3120 --field-trial-handle=2264,i,8313407470154124161,2117769311625889981,262144 --variations-seed-version /prefetch:3
  2⤵
  PID:6584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=3224 --field-trial-handle=2264,i,8313407470154124161,2117769311625889981,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:6588
- C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4368 --field-trial-handle=2264,i,8313407470154124161,2117769311625889981,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:2836
- C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4368 --field-trial-handle=2264,i,8313407470154124161,2117769311625889981,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:2272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4812 --field-trial-handle=2264,i,8313407470154124161,2117769311625889981,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:2884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --pdf-upsell-enabled --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=4832 --field-trial-handle=2264,i,8313407470154124161,2117769311625889981,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:4008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5360 --field-trial-handle=2264,i,8313407470154124161,2117769311625889981,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:1360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --mojo-platform-channel-handle=5540 --field-trial-handle=2264,i,8313407470154124161,2117769311625889981,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5932 --field-trial-handle=2264,i,8313407470154124161,2117769311625889981,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:2724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --pdf-upsell-enabled --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5976 --field-trial-handle=2264,i,8313407470154124161,2117769311625889981,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=5096 --field-trial-handle=2264,i,8313407470154124161,2117769311625889981,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:5788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=5732 --field-trial-handle=2264,i,8313407470154124161,2117769311625889981,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:5796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4860 --field-trial-handle=2264,i,8313407470154124161,2117769311625889981,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:2240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6268 --field-trial-handle=2264,i,8313407470154124161,2117769311625889981,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=6260 --field-trial-handle=2264,i,8313407470154124161,2117769311625889981,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:5892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6052 --field-trial-handle=2264,i,8313407470154124161,2117769311625889981,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:6100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=6392 --field-trial-handle=2264,i,8313407470154124161,2117769311625889981,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:6364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --mojo-platform-channel-handle=5728 --field-trial-handle=2264,i,8313407470154124161,2117769311625889981,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:6680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=5068 --field-trial-handle=2264,i,8313407470154124161,2117769311625889981,262144 --variations-seed-version /prefetch:8
  2⤵
  - Modifies registry class
  PID:6688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=6800 --field-trial-handle=2264,i,8313407470154124161,2117769311625889981,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:6816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=6512 --field-trial-handle=2264,i,8313407470154124161,2117769311625889981,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:5780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5660 --field-trial-handle=2264,i,8313407470154124161,2117769311625889981,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:2816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=4032 --field-trial-handle=2264,i,8313407470154124161,2117769311625889981,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:4784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --no-appcompat-clear --mojo-platform-channel-handle=6120 --field-trial-handle=2264,i,8313407470154124161,2117769311625889981,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5808 --field-trial-handle=2264,i,8313407470154124161,2117769311625889981,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:3200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=7416 --field-trial-handle=2264,i,8313407470154124161,2117769311625889981,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:6592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=7276 --field-trial-handle=2264,i,8313407470154124161,2117769311625889981,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:3996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=7332 --field-trial-handle=2264,i,8313407470154124161,2117769311625889981,262144 --variations-seed-version /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:7160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
  2⤵
  - Enumerates system info in registry
  - Modifies registry class
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:6512
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.52 --initial-client-data=0x238,0x23c,0x240,0x234,0x2bc,0x7ffbaeee2e98,0x7ffbaeee2ea4,0x7ffbaeee2eb0
    3⤵
    PID:6668
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=3084 --field-trial-handle=3088,i,6001357595271912888,17882373202064939531,262144 --variations-seed-version /prefetch:2
    3⤵
    PID:6280
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=3120 --field-trial-handle=3088,i,6001357595271912888,17882373202064939531,262144 --variations-seed-version /prefetch:3
    3⤵
    PID:1660
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=3240 --field-trial-handle=3088,i,6001357595271912888,17882373202064939531,262144 --variations-seed-version /prefetch:8
    3⤵
    PID:1212
- - C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4360 --field-trial-handle=3088,i,6001357595271912888,17882373202064939531,262144 --variations-seed-version /prefetch:8
    3⤵
    PID:5612
- - C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4360 --field-trial-handle=3088,i,6001357595271912888,17882373202064939531,262144 --variations-seed-version /prefetch:8
    3⤵
    PID:4404
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --pdf-upsell-enabled --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4648 --field-trial-handle=3088,i,6001357595271912888,17882373202064939531,262144 --variations-seed-version /prefetch:1
    3⤵
    PID:6988
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --mojo-platform-channel-handle=4656 --field-trial-handle=3088,i,6001357595271912888,17882373202064939531,262144 --variations-seed-version /prefetch:8
    3⤵
    PID:3920
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4944 --field-trial-handle=3088,i,6001357595271912888,17882373202064939531,262144 --variations-seed-version /prefetch:8
    3⤵
    PID:2364
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5340 --field-trial-handle=3088,i,6001357595271912888,17882373202064939531,262144 --variations-seed-version /prefetch:1
    3⤵
    PID:4616
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --pdf-upsell-enabled --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5160 --field-trial-handle=3088,i,6001357595271912888,17882373202064939531,262144 --variations-seed-version /prefetch:1
    3⤵
    PID:3784
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5592 --field-trial-handle=3088,i,6001357595271912888,17882373202064939531,262144 --variations-seed-version /prefetch:1
    3⤵
    PID:2552
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4740 --field-trial-handle=3088,i,6001357595271912888,17882373202064939531,262144 --variations-seed-version /prefetch:8
    3⤵
    PID:3876
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4684 --field-trial-handle=3088,i,6001357595271912888,17882373202064939531,262144 --variations-seed-version /prefetch:8
    3⤵
    PID:5800
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4724 --field-trial-handle=3088,i,6001357595271912888,17882373202064939531,262144 --variations-seed-version /prefetch:8
    3⤵
    PID:3548
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5880 --field-trial-handle=3088,i,6001357595271912888,17882373202064939531,262144 --variations-seed-version /prefetch:8
    3⤵
    PID:5592
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5952 --field-trial-handle=3088,i,6001357595271912888,17882373202064939531,262144 --variations-seed-version /prefetch:1
    3⤵
    PID:3724
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5332 --field-trial-handle=3088,i,6001357595271912888,17882373202064939531,262144 --variations-seed-version /prefetch:8
    3⤵
    PID:6636
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --mojo-platform-channel-handle=5544 --field-trial-handle=3088,i,6001357595271912888,17882373202064939531,262144 --variations-seed-version /prefetch:8
    3⤵
    PID:4500
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=5472 --field-trial-handle=3088,i,6001357595271912888,17882373202064939531,262144 --variations-seed-version /prefetch:8
    3⤵
    - Modifies registry class
    PID:5824
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4612 --field-trial-handle=3088,i,6001357595271912888,17882373202064939531,262144 --variations-seed-version /prefetch:1
    3⤵
    PID:7068
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6252 --field-trial-handle=3088,i,6001357595271912888,17882373202064939531,262144 --variations-seed-version /prefetch:1
    3⤵
    PID:6588
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --no-appcompat-clear --mojo-platform-channel-handle=6440 --field-trial-handle=3088,i,6001357595271912888,17882373202064939531,262144 --variations-seed-version /prefetch:8
    3⤵
    PID:5656
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=6716 --field-trial-handle=3088,i,6001357595271912888,17882373202064939531,262144 --variations-seed-version /prefetch:1
    3⤵
    PID:2324
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=7148 --field-trial-handle=3088,i,6001357595271912888,17882373202064939531,262144 --variations-seed-version /prefetch:8
    3⤵
    PID:4284
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --mojo-platform-channel-handle=7308 --field-trial-handle=3088,i,6001357595271912888,17882373202064939531,262144 --variations-seed-version /prefetch:8
    3⤵
    PID:4404
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=7116 --field-trial-handle=3088,i,6001357595271912888,17882373202064939531,262144 --variations-seed-version /prefetch:8
    3⤵
    PID:4908
- - C:\Users\Admin\Downloads\Patch.exe
    "C:\Users\Admin\Downloads\Patch.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of AdjustPrivilegeToken
    PID:6844
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 6844 -s 1956
      4⤵
      Program crash
      PID:4668
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=7044 --field-trial-handle=3088,i,6001357595271912888,17882373202064939531,262144 --variations-seed-version /prefetch:1
    3⤵
    PID:3512
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=5536 --field-trial-handle=3088,i,6001357595271912888,17882373202064939531,262144 --variations-seed-version /prefetch:8
    3⤵
    PID:2896
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --mojo-platform-channel-handle=6248 --field-trial-handle=3088,i,6001357595271912888,17882373202064939531,262144 --variations-seed-version /prefetch:8
    3⤵
    PID:956
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
    3⤵
    - Enumerates system info in registry
    - Modifies registry class
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    PID:2824
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.52 --initial-client-data=0x238,0x23c,0x240,0x234,0x27c,0x7ffbaeee2e98,0x7ffbaeee2ea4,0x7ffbaeee2eb0
      4⤵
      Checks processor information in registry
      Enumerates system info in registry
      PID:5552
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2224 --field-trial-handle=2228,i,7445537914640044717,2521559683536185308,262144 --variations-seed-version /prefetch:2
      4⤵
      PID:4924
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2268 --field-trial-handle=2228,i,7445537914640044717,2521559683536185308,262144 --variations-seed-version /prefetch:3
      4⤵
      PID:6436
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=2456 --field-trial-handle=2228,i,7445537914640044717,2521559683536185308,262144 --variations-seed-version /prefetch:8
      4⤵
      PID:6628
  - - C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4356 --field-trial-handle=2228,i,7445537914640044717,2521559683536185308,262144 --variations-seed-version /prefetch:8
      4⤵
      PID:620
  - - C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4356 --field-trial-handle=2228,i,7445537914640044717,2521559683536185308,262144 --variations-seed-version /prefetch:8
      4⤵
      PID:2152
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4728 --field-trial-handle=2228,i,7445537914640044717,2521559683536185308,262144 --variations-seed-version /prefetch:1
      4⤵
      PID:6520
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --pdf-upsell-enabled --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=4740 --field-trial-handle=2228,i,7445537914640044717,2521559683536185308,262144 --variations-seed-version /prefetch:1
      4⤵
      PID:4068
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5244 --field-trial-handle=2228,i,7445537914640044717,2521559683536185308,262144 --variations-seed-version /prefetch:8
      4⤵
      PID:1600
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --mojo-platform-channel-handle=5416 --field-trial-handle=2228,i,7445537914640044717,2521559683536185308,262144 --variations-seed-version /prefetch:8
      4⤵
      PID:3364
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5252 --field-trial-handle=2228,i,7445537914640044717,2521559683536185308,262144 --variations-seed-version /prefetch:1
      4⤵
      PID:4868
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --pdf-upsell-enabled --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5740 --field-trial-handle=2228,i,7445537914640044717,2521559683536185308,262144 --variations-seed-version /prefetch:1
      4⤵
      PID:4284
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5076 --field-trial-handle=2228,i,7445537914640044717,2521559683536185308,262144 --variations-seed-version /prefetch:8
      4⤵
      PID:6892
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=6096 --field-trial-handle=2228,i,7445537914640044717,2521559683536185308,262144 --variations-seed-version /prefetch:1
      4⤵
      PID:2192
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5856 --field-trial-handle=2228,i,7445537914640044717,2521559683536185308,262144 --variations-seed-version /prefetch:8
      4⤵
      PID:6064
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --mojo-platform-channel-handle=5656 --field-trial-handle=2228,i,7445537914640044717,2521559683536185308,262144 --variations-seed-version /prefetch:8
      4⤵
      PID:7080
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=6008 --field-trial-handle=2228,i,7445537914640044717,2521559683536185308,262144 --variations-seed-version /prefetch:8
      4⤵
      Modifies registry class
      PID:2864
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=6000 --field-trial-handle=2228,i,7445537914640044717,2521559683536185308,262144 --variations-seed-version /prefetch:1
      4⤵
      PID:1920
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=6468 --field-trial-handle=2228,i,7445537914640044717,2521559683536185308,262144 --variations-seed-version /prefetch:8
      4⤵
      PID:3432
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=6500 --field-trial-handle=2228,i,7445537914640044717,2521559683536185308,262144 --variations-seed-version /prefetch:8
      4⤵
      PID:3300
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=6648 --field-trial-handle=2228,i,7445537914640044717,2521559683536185308,262144 --variations-seed-version /prefetch:1
      4⤵
      PID:5208
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6820 --field-trial-handle=2228,i,7445537914640044717,2521559683536185308,262144 --variations-seed-version /prefetch:8
      4⤵
      PID:6548
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --no-appcompat-clear --mojo-platform-channel-handle=6784 --field-trial-handle=2228,i,7445537914640044717,2521559683536185308,262144 --variations-seed-version /prefetch:8
      4⤵
      PID:4540
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6948 --field-trial-handle=2228,i,7445537914640044717,2521559683536185308,262144 --variations-seed-version /prefetch:1
      4⤵
      PID:1504
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=6864 --field-trial-handle=2228,i,7445537914640044717,2521559683536185308,262144 --variations-seed-version /prefetch:8
      4⤵
      PID:3708
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --mojo-platform-channel-handle=7188 --field-trial-handle=2228,i,7445537914640044717,2521559683536185308,262144 --variations-seed-version /prefetch:8
      4⤵
      PID:7072
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5212 --field-trial-handle=2228,i,7445537914640044717,2521559683536185308,262144 --variations-seed-version /prefetch:1
      4⤵
      PID:4436
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=4264 --field-trial-handle=2228,i,7445537914640044717,2521559683536185308,262144 --variations-seed-version /prefetch:8
      4⤵
      PID:5640
  - - C:\Users\Admin\Downloads\Remcos-RAT-3.8.0.exe
      "C:\Users\Admin\Downloads\Remcos-RAT-3.8.0.exe"
      4⤵
      Executes dropped EXE
      Suspicious use of AdjustPrivilegeToken
      PID:2276
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2276 -s 1728
        5⤵
        Program crash
        
        PID:2152
  - - C:\Users\Admin\Downloads\Remcos-RAT-3.8.0.exe
      "C:\Users\Admin\Downloads\Remcos-RAT-3.8.0.exe"
      4⤵
      Executes dropped EXE
      Suspicious use of AdjustPrivilegeToken
      PID:400
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 400 -s 1012
        5⤵
        Program crash
        
        PID:4400
  - - C:\Users\Admin\Downloads\Remcos-RAT-3.8.0.exe
      "C:\Users\Admin\Downloads\Remcos-RAT-3.8.0.exe"
      4⤵
      Executes dropped EXE
      Suspicious use of AdjustPrivilegeToken
      PID:6220
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6220 -s 1128
        5⤵
        Program crash
        
        PID:5516
  - - C:\Users\Admin\Downloads\Remcos-RAT-3.8.0.exe
      "C:\Users\Admin\Downloads\Remcos-RAT-3.8.0.exe"
      4⤵
      Executes dropped EXE
      Suspicious use of AdjustPrivilegeToken
      PID:4424
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4424 -s 1124
        5⤵
        Program crash
        
        PID:5620
  - - C:\Users\Admin\Downloads\Remcos-RAT-3.8.0.exe
      "C:\Users\Admin\Downloads\Remcos-RAT-3.8.0.exe"
      4⤵
      Executes dropped EXE
      Suspicious use of AdjustPrivilegeToken
      PID:2312
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2312 -s 1132
        5⤵
        Program crash
        
        PID:3444
  - - C:\Users\Admin\Downloads\Remcos-RAT-3.8.0.exe
      "C:\Users\Admin\Downloads\Remcos-RAT-3.8.0.exe"
      4⤵
      Executes dropped EXE
      Suspicious use of AdjustPrivilegeToken
      PID:4772
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4772 -s 1168
        5⤵
        Program crash
        
        PID:4656
  - - C:\Users\Admin\Downloads\Remcos-RAT-3.8.0.exe
      "C:\Users\Admin\Downloads\Remcos-RAT-3.8.0.exe"
      4⤵
      Executes dropped EXE
      Suspicious use of AdjustPrivilegeToken
      PID:3744
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3744 -s 1168
        5⤵
        Program crash
        
        PID:6972
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=7172 --field-trial-handle=2228,i,7445537914640044717,2521559683536185308,262144 --variations-seed-version /prefetch:1
      4⤵
      PID:5292
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=7028 --field-trial-handle=2228,i,7445537914640044717,2521559683536185308,262144 --variations-seed-version /prefetch:1
      4⤵
      PID:4604
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=6824 --field-trial-handle=2228,i,7445537914640044717,2521559683536185308,262144 --variations-seed-version /prefetch:1
      4⤵
      PID:6308
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=7004 --field-trial-handle=2228,i,7445537914640044717,2521559683536185308,262144 --variations-seed-version /prefetch:1
      4⤵
      PID:5260
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=6180 --field-trial-handle=2228,i,7445537914640044717,2521559683536185308,262144 --variations-seed-version /prefetch:8
      4⤵
      PID:2336
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --mojo-platform-channel-handle=6200 --field-trial-handle=2228,i,7445537914640044717,2521559683536185308,262144 --variations-seed-version /prefetch:8
      4⤵
      PID:620
  - - C:\Users\Admin\Downloads\Remcos Professional.exe
      "C:\Users\Admin\Downloads\Remcos Professional.exe"
      4⤵
      Executes dropped EXE
      Enumerates connected drives
      PID:5712
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=6840 --field-trial-handle=2228,i,7445537914640044717,2521559683536185308,262144 --variations-seed-version /prefetch:8
      4⤵
      PID:1352
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=6052 --field-trial-handle=2228,i,7445537914640044717,2521559683536185308,262144 --variations-seed-version /prefetch:1
      4⤵
      PID:1888
  - - C:\Users\Admin\Downloads\Remcos Professional.exe
      "C:\Users\Admin\Downloads\Remcos Professional.exe"
      4⤵
      Executes dropped EXE
      Enumerates connected drives
      PID:5512
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=7116 --field-trial-handle=2228,i,7445537914640044717,2521559683536185308,262144 --variations-seed-version /prefetch:1
      4⤵
      PID:1560
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=6828 --field-trial-handle=2228,i,7445537914640044717,2521559683536185308,262144 --variations-seed-version /prefetch:1
      4⤵
      PID:1120
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=5468 --field-trial-handle=2228,i,7445537914640044717,2521559683536185308,262144 --variations-seed-version /prefetch:1
      4⤵
      PID:6152
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=6544 --field-trial-handle=2228,i,7445537914640044717,2521559683536185308,262144 --variations-seed-version /prefetch:8
      4⤵
      PID:6304
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
      4⤵
      Enumerates system info in registry
      Modifies registry class
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      PID:5600
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.52 --initial-client-data=0x23c,0x240,0x244,0x238,0x214,0x7ffbaeee2e98,0x7ffbaeee2ea4,0x7ffbaeee2eb0
        5⤵
        
        PID:3128
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2136 --field-trial-handle=2140,i,14847976098334520976,17199621062757978608,262144 --variations-seed-version /prefetch:2
        5⤵
        
        PID:3720
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2172 --field-trial-handle=2140,i,14847976098334520976,17199621062757978608,262144 --variations-seed-version /prefetch:3
        5⤵
        
        PID:6680
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=2504 --field-trial-handle=2140,i,14847976098334520976,17199621062757978608,262144 --variations-seed-version /prefetch:8
        5⤵
        
        PID:2700
    - - C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4428 --field-trial-handle=2140,i,14847976098334520976,17199621062757978608,262144 --variations-seed-version /prefetch:8
        5⤵
        
        PID:5108
    - - C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4428 --field-trial-handle=2140,i,14847976098334520976,17199621062757978608,262144 --variations-seed-version /prefetch:8
        5⤵
        
        PID:6300
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4424 --field-trial-handle=2140,i,14847976098334520976,17199621062757978608,262144 --variations-seed-version /prefetch:8
        5⤵
        
        PID:2320
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4636 --field-trial-handle=2140,i,14847976098334520976,17199621062757978608,262144 --variations-seed-version /prefetch:8
        5⤵
        
        PID:1032
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4676 --field-trial-handle=2140,i,14847976098334520976,17199621062757978608,262144 --variations-seed-version /prefetch:8
        5⤵
        
        PID:4456
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --pdf-upsell-enabled --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4724 --field-trial-handle=2140,i,14847976098334520976,17199621062757978608,262144 --variations-seed-version /prefetch:1
        5⤵
        
        PID:1984
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --mojo-platform-channel-handle=4676 --field-trial-handle=2140,i,14847976098334520976,17199621062757978608,262144 --variations-seed-version /prefetch:8
        5⤵
        
        PID:5584
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5008 --field-trial-handle=2140,i,14847976098334520976,17199621062757978608,262144 --variations-seed-version /prefetch:8
        5⤵
        
        PID:1108

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
PID:2588

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2864

C:\Users\Admin\Downloads\Remcos Professional Cracked By Alcatraz3222\Remcos Professional Cracked By Alcatraz3222\Remcos Professional Cracked By Alcatraz3222.exe
"C:\Users\Admin\Downloads\Remcos Professional Cracked By Alcatraz3222\Remcos Professional Cracked By Alcatraz3222\Remcos Professional Cracked By Alcatraz3222.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4376
- C:\Users\Admin\AppData\Local\Temp\Remcos Professional Cracked By Alcatraz3222.exe
  "C:\Users\Admin\AppData\Local\Temp\Remcos Professional Cracked By Alcatraz3222.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:1888
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c copy "C:/Users/Admin/Downloads/Remcos Professional Cracked By Alcatraz3222/Remcos Professional Cracked By Alcatraz3222/Remcos Professional Cracked By Alcatraz3222.exe" "%temp%\Profile Remcos\Update_Lock_Remcos.exe" /Y
  2⤵
  PID:6432
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c reg add "HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows" /v Load /t REG_SZ /d "%temp%\Profile Remcos\Update_Lock_Remcos.exe.lnk" /f
  2⤵
  PID:2448
- - C:\Windows\SysWOW64\reg.exe
    reg add "HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows" /v Load /t REG_SZ /d "C:\Users\Admin\AppData\Local\Temp\Profile Remcos\Update_Lock_Remcos.exe.lnk" /f
    3⤵
    PID:752
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c echo [zoneTransfer]ZoneID = 2 > %temp%\Profile Remcos\Update_Lock_Remcos.exe:Zone.Identifier
  2⤵
  PID:2160
- C:\Users\Admin\AppData\Local\Temp\taskhost.exe
  "C:\Users\Admin\AppData\Local\Temp\taskhost.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of AdjustPrivilegeToken
  PID:3248
- - C:\Windows\SysWOW64\netsh.exe
    netsh firewall add allowedprogram "C:\Users\Admin\AppData\Local\Temp\taskhost.exe" "taskhost.exe" ENABLE
    3⤵
    - Modifies Windows Firewall
    PID:5084

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
PID:5180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 6844 -ip 6844
1⤵
PID:7080

C:\Users\Admin\Downloads\Patch.exe
"C:\Users\Admin\Downloads\Patch.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:3104
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3104 -s 1928
  2⤵
  - Program crash
  PID:3956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 3104 -ip 3104
1⤵
PID:5104

C:\Users\Admin\Downloads\Patch (1).exe
"C:\Users\Admin\Downloads\Patch (1).exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:6972
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 6972 -s 1964
  2⤵
  - Program crash
  PID:1468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 6972 -ip 6972
1⤵
PID:7108

C:\Users\Admin\Downloads\Patch (1).exe
"C:\Users\Admin\Downloads\Patch (1).exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:3360
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3360 -s 1928
  2⤵
  - Program crash
  PID:5188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 568 -p 3360 -ip 3360
1⤵
PID:4248

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
PID:5596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 400 -ip 400
1⤵
PID:5584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 392 -p 2276 -ip 2276
1⤵
PID:5668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 572 -p 4772 -ip 4772
1⤵
PID:4068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 600 -p 3744 -ip 3744
1⤵
PID:6332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 596 -p 6220 -ip 6220
1⤵
PID:4788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 4424 -ip 4424
1⤵
PID:2996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 2312 -ip 2312
1⤵
PID:6136

C:\Users\Admin\Downloads\Remcos Professional.exe
"C:\Users\Admin\Downloads\Remcos Professional.exe"
1⤵
- Executes dropped EXE
- Enumerates connected drives
PID:2372

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
1⤵
- Checks SCSI registry key(s)
- Suspicious use of SendNotifyMessage
PID:6316

C:\Users\Admin\Downloads\Remcos Professional.exe
"C:\Users\Admin\Downloads\Remcos Professional.exe"
1⤵
- Executes dropped EXE
- Enumerates connected drives
PID:4784

C:\Users\Admin\Downloads\Patch (1).exe
"C:\Users\Admin\Downloads\Patch (1).exe"
1⤵
- Executes dropped EXE
PID:3436
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3436 -s 1936
  2⤵
  - Program crash
  PID:900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 3436 -ip 3436
1⤵
PID:6000

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\2aed1336-f1ca-4868-a906-4ec3f694ab59.tmp

Filesize
74KB

MD5
2e887d7d27ce81bd63e5a47c0b7d4cd8

SHA1
ee494ae692a499b21433f99f51e72ea57686c9b1

SHA256
1ba2b058730c542214456da535939a4df1a8e61a7cf5e52b0538fdfea46c1231

SHA512
0babfe5a353bf709fe6005ed1514150bc5a5782127d9690d3b05baa5ff0bf6a56e2e725b8ed526baaa4face9dace9754a8ee81f0965d726e2dddbce2485aca3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\reports\ffa2f81d-b8a9-4499-a887-06e8f8fd8478.dmp

Filesize
11.8MB

MD5
0cd7351be295958353260d7267fd216e

SHA1
ebfe3f4cc6b9a1d64f4d6950145f98017121218b

SHA256
a7bbc931fb9197df7637a19ed75a32e5919df7bba9e91acb31bafc620b34366a

SHA512
3120123f02af7d4837b62ad549ca24c157b23a86af270c8eec4232ef971090c030fd4401b9b1ee37ce878ee89504f137528c65c493c8214b46e2367cb0d3ecf3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
0a8fa74a21f48ceeced32d2896cdb31a

SHA1
08905da1cffb94a317be335b625a34c25ad252a0

SHA256
fbfa816528a4b2a807cb2ad21fc33bdd8d508c94adbea6b9a4dd4adc557eb31e

SHA512
f265a993f33ce4d1a16f6b25b5391f6fc8d5e1574225a8e5543075105b85f99847540459fd6f7ecfaa05caa2ac58d0bcf00a63f13ae18c259202586e59af1395

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
44924c2530a2a04af4c6bf6549ca98da

SHA1
798ebc99aeb4d5ae04c7ae5d72deaf516b2d5659

SHA256
48c261b0b29499d821229e411aa6479289edcd7e225493e230a8edefb20438a8

SHA512
513efcdd3a47c638d5684c5cce6f13e0964ce907cc9e324e7bac3c059f8816041d7122d659e773eb4c71406c8d70ba9f9d74e7d01017c9f5fa2be4fcfacffd6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
fd8adf0ea7028ec0ddf36815d6f32eb0

SHA1
5e5847c61b9c3096ae7853fedc3eaedfd9ad4264

SHA256
a7e30ad515fd9d152119e9c8393721543ebbef7112a784910694679bb0f80538

SHA512
0b4f57f5e05e48f442a494648576d1d4acb87cf0682077e2a4c64059e1bf7744204a0dacdabcef5bc90619f81ba12bed297289d733cb25220362f021552b32ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
7c65c60bf14ca96e6646ff40b254cb95

SHA1
a35348c5a10b63a2a9bba67594a65b94f0ed5d2e

SHA256
fe585c3eb179dbaef10a9fc96cc904f323c0e7dc43fa15c41729014014edc1c7

SHA512
99eadfe3f6ffa4879b90d069be72aa1a0e16b11920a999611d0454d71a0f1b3f2497e0ca7b7327c6e59e13333aa1849d6f5ec9d084993eb5f622d4b11f58e568

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
57213047a8013c59f7358ef4167ccf49

SHA1
98ec5a49a28e6858d26e776383741590533e9f8b

SHA256
abb37d625436d7e52563d437da57d4a7792be2801487ad7825891e2305d00037

SHA512
f7ea91bfb5d2ff3155ebf6c994e88bf4f8d2c07f175ff37a6783979472ef79d32c5f75ee9da168b2c2df227844c6a708c903538b615959b1307c12b2e841ac44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
2cd24ccd972c7c787710cecf77087be1

SHA1
baae50e801f77a72ec801099af8aa0554ae5c8c6

SHA256
cd6ef9a93d9a5f02434d43eb0d3e93f58bc2b49003f5babeedf821deffa791e9

SHA512
d9eed2cce9f796522d164af45b745433b417736dd703d0b39ad7cd8653c1d08229d8dd485da2b03ad898d9a18e8aebefbda8ee6b4c5468e1761904ac03af37a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
70a4670caf9f3caeef620179f854f01b

SHA1
3bff53ca51fd78cd7d3d5ed3728a5d171b2be574

SHA256
40afb8d3b81ca5873084302d447a375f713d4cc3690eac8c71766740008d788b

SHA512
f9105ec4c8bb6ee0d6350220f433f2cd2fb6578a03d4431731d4e2fded2dba98e2676f941f2674b546a99a64ad30f0c530bd36c394244a81b0cf20dcd86e025e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_1

Filesize
520KB

MD5
009a6c6c6a127119c386a65fcd53ac95

SHA1
3d3ba9ea38d502ab6b2a64c6575e124285ea4db9

SHA256
655526fb937d31111fa7455cd984af4ab8b9457c665af0f2b96083e272d7ed99

SHA512
bec38a16c1dcf4e1ce745bca9b1f3ae9af11a522b7501a5f7557367d434e4659ddf04ed00ddd869e7f70963cd9ee6aec3ccc8ec2c0ac9a2d05b44769d03a62da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
e081f854e2b564d3efb7e2eb29354794

SHA1
6c52335391eca9d5a3836aef693b1f6f4abffab0

SHA256
7ffc912a72fd2926e78670b02d967aff3eef51af1824aa8cfc97267f73a99358

SHA512
80e3a87454881eef52c3dd53ca500e4d303909ffd5775f91acf8ac61c42f40d9d67a5ccded4e667056e9102a845837a42992ca5237a02e0ca22c4300f58ea458

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_3

Filesize
2.8MB

MD5
af30da3673a779d28508f7713a9fad46

SHA1
c17f8367ac621b4eea65693745f7074ba9d5df92

SHA256
ea7ca88ae15b2f2644a759aca2a78baf3d47a52feed33ae49d898dc56c546bca

SHA512
88f66828a33cfe04b0272dd227d8e27307ed1b5fab9d5ee711170655836e1afb268f7be26dd7655cafbb4cd641bfbc3d73e0b399e23b08d24b50b9df66092def

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00001c

Filesize
163KB

MD5
2d3f0984ee6a8cf100128d68db48eb89

SHA1
a3c9b13b9c3090b25ea9b29d7a0b535981eef9d8

SHA256
0775b733c1a7382f65650f1d18a51313228a842944809f9b44939cc5a966ffff

SHA512
a7a0f6f999b8edd09cf9d25612d8f670e65a55573051d390f80dbdf0ce73306f73daba0137116d70c812c6558c5a0854abf43cc95943382635cf603dbc7a4400

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00001d

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00001e

Filesize
69KB

MD5
a127a49f49671771565e01d883a5e4fa

SHA1
09ec098e238b34c09406628c6bee1b81472fc003

SHA256
3f208f049ffaf4a7ed808bf0ff759ce7986c177f476b380d0076fd1f5482fca6

SHA512
61b54222e54e7ab8743a2d6ca3c36768a7b2cf22d5689a3309dee9974b1f804533720ea9de2d3beab44853d565a94f1bc0e60b9382997abcf03945219f98d734

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00001f

Filesize
34KB

MD5
02214b097305a8302b21e630fa201576

SHA1
90c2a31521803b73e847f7a3e0cfceec84df9fa5

SHA256
1d98076cfae6a0a8f0b0b1c654270b900de83e633cc01d98ef63e6a8e485a3f4

SHA512
553c81eb51880f83b9918aef766ff0f41170895b1cda2589f0b69c3d1362de8e8decf14a413f6b5df1fb7ce07fc939211407b29046188b37c290133c9d5e1cd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000020

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000021

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000022

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000023

Filesize
1.1MB

MD5
fcb3b79b4ee2a97d69020a59b8d5caee

SHA1
4c8c8dc00b8c71694cdadbfd1fe70358d34a0883

SHA256
36b4ec7a0ae8d3b2f907b88735287ffc68c0c35e472b3c8cc30f49f4387c9f8b

SHA512
7874b3e78d0c0ef2f1f2e417a989550208c20aab398ef9ec800104dc047ec3866863dbbeab379fdbda7643210b03e20d7305a5fb776df88bef72ad89023cb558

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000024

Filesize
33KB

MD5
3cd0f2f60ab620c7be0c2c3dbf2cda97

SHA1
47fad82bfa9a32d578c0c84aed2840c55bd27bfb

SHA256
29a3b99e23b07099e1d2a3c0b4cff458a2eba2519f4654c26cf22d03f149e36b

SHA512
ef6e3bbd7e03be8e514936bcb0b5a59b4cf4e677ad24d6d2dfca8c1ec95f134ae37f2042d8bf9a0e343b68bff98a0fd748503f35d5e9d42cdaa1dc283dec89fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000025

Filesize
74KB

MD5
bc9faa8bb6aae687766b2db2e055a494

SHA1
34b2395d1b6908afcd60f92cdd8e7153939191e4

SHA256
4a725d21a3c98f0b9c5763b0a0796818d341579817af762448e1be522bc574ed

SHA512
621386935230595c3a00b9c53ea25daa78c2823d32085e22363dc438150f1cb6b3d50be5c58665886fac2286ae63bf1f62c8803cb38a0cac201c82ee2db975c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000026

Filesize
404KB

MD5
1e900ce6bbcdfe146b94c28a98909de2

SHA1
36eb4a53c61a67a05cbdf40c235dc0ec1ead4d24

SHA256
236f84fcdc67fa78f596489549db69e566b76f47c1fa724699200433ff88bf0f

SHA512
a0381476475733deca084d047aa24f5f0d872f0d22a25cc8e15c92a556b9b087607c7967f15e812762fe97b223f542989791bdc060062a01503619e8950c18a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000027

Filesize
49KB

MD5
341c3c24031ac4f0535328a28eaf88d2

SHA1
56b409c3c18f569b2266f5430316cc19cc979136

SHA256
f7ceb840909ee3a9cf03c0b07e29fd1852dc903d390647d8c9c80e65e6325bf6

SHA512
6e734adee9121f46ab50b1a54c6d8dfc8fd72ac97b4fa58864995fc7a2f11c0cfb8d9046c19788a704baa6cfb9dbd7fb12b8f324f3c1f83fbce4b5201dd35fa4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000028

Filesize
55KB

MD5
4b1e11af7ba1a7cc70514beaf480c300

SHA1
4cd08ef6382c26c10e1c56ff98427a645eb93836

SHA256
8590b7a7ce1283faa773ecc71ef4c504f4743f65be3e1822037f398f3e46daa1

SHA512
40e324538cd33ad4d0393a1de99dab269dddd467331f4bf6b66036d8a7b4aaed2b2767d46544ce2cb058b876aaa9c309206e70f8ebaa8134041c45ee7e12959d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000029

Filesize
56KB

MD5
aa840deaa11cf2b5afbdbb5f569e0fbd

SHA1
85d8e9f8bc3d262c2facc12efcd76f06321b7442

SHA256
de31b406991f484cce5dae523745ccda15157ba581f8a1666f9da4e21d310480

SHA512
cde138ba7460e420875ea04d4836a6664ca396d215646d798b15047b1ce6455146edca8ded7965fde95efba181adb940817cd0137c53b06961682e3be6715b86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00002a

Filesize
24KB

MD5
dc0ad025509c966716f971b6e0d36ee9

SHA1
64c5b5b0bc022961bcff062467df6cde579a7d5a

SHA256
ff30c58cbd4693a19a964c528b653c80ce1968b7db93a92a5ee9f3788efe4103

SHA512
3580ddfded853f05ce10d96292ae23ac2593079cb2bcedd1e5081d99e8aa54c7ec985cbbf29e5961425192a00ef639cc3969e5bc1f6450bcbbf855e3f161ea83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00002b

Filesize
32KB

MD5
dd48890367f2d8cc05e42dc85343cbdd

SHA1
a93d1ee3d0f6a7b4d5c78a7d58f51cb6b949eba1

SHA256
b33fe569c7240b7db37736999012ea0161f840b784279c4bcd152a0ff7505692

SHA512
eaa6b58a1e70f23c4cbabf9fb70871f24b432c97933a19a29109864752ec59763bed2db5b8311f0a550d82e8219862982d3f780134dcdd1b10ded6974342cc14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00002c

Filesize
22KB

MD5
3c5e701c6e24e90c51d996acad2b8581

SHA1
c5a0aecc80c3ab4894816792ea426217c1719ccf

SHA256
e7a95257d581a17eb6ea2a3576a89cc10183dbbe2810e4d0cad40d1d2164ccc5

SHA512
e7be50489b13908195d78392e18b4fad8096ccfdde1bbc4b282e0232f37406eb3fb41922827a963f86d924274e1f086133f15712a51cd23b8c5d3fc556537cb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00002d

Filesize
20KB

MD5
8b2813296f6e3577e9ac2eb518ac437e

SHA1
6c8066353b4d463018aa1e4e9bb9bf2e9a7d9a86

SHA256
befb3b0471067ac66b93fcdba75c11d743f70a02bb9f5eef7501fa874686319d

SHA512
a1ed4d23dfbe981bf749c2008ab55a3d76e8f41801a09475e7e0109600f288aa20036273940e8ba70a172dec57eec56fe7c567cb941ba71edae080f2fdcc1e0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00002e

Filesize
44KB

MD5
39ceaf4aec6adbc7ec30a99e8f256ced

SHA1
65a6b5cdf7a63cf9e4da6c83dcd09c5f3bc767f4

SHA256
49f0c650e3f74c4803a2d9f390fd5ab19e082a99bfe7a64c30be767fcd9b77e9

SHA512
945b61af2ae0aee54da5db49de4f56c68436037936e7513347521ab207a94e98c9427f772d0da2cc85ed578194affec689c8f84516e6c303c334e091d46bcb72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00002f

Filesize
49KB

MD5
1538b116ac1d82b34723c14506c116da

SHA1
915f43aa05de689aa64f33b842d1b5df7c62d7bf

SHA256
05337bfc960a7786bb8af2c8a19d203c099ca83fea11c1056612ef7d37d89b3d

SHA512
afcc85d5e84e87433f21acb5c6efb7851389ca65f208a1d86914846b0a90bfc14992218fa3b77c3235021ffd6fc2f184a0b730be8c47a3336191996210179f6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000030

Filesize
19KB

MD5
68628ceb90da59674fcb837277749b28

SHA1
b5564ba800acaa03dfceb0f4a23c088dc1cb508a

SHA256
077f88f8fbe31024d74e53d7e46e26f60ab6de38affbdb3152672977609ad1f9

SHA512
c12a9f70ffe39e03d99f42bac8ab857017cb50dd256fc1ec9634a899d2b33b9909a57a64be5031d1e9e3dac94ff3fa809fe9971418186f138e707765d0ecc3a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
2d80f7505b3f7c0496b6ee494f96a70a

SHA1
3a8499440f78bb984c5c15f05c7a59903234ab7b

SHA256
a26565f00342b1845cbc42581528d0f9111236a8ca16acf8fa16c9e4bf1f0c1d

SHA512
7c5c55232e883e804e495ff433483a8e6d27d8abd569a11587a37b5ad7de513638c693ae58f4b5a253077c74e5d030fd798d44eb71755c24aa9ed4bd5b087555

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
eb642e22dc0c3c5d56932475ead8a071

SHA1
f8ccd678973b381fa6d73ae76305b9a812830331

SHA256
9a5e6b39fc28a32e1d0f2d5bac51d20910d5e0a0e0e6aa79f5c219e331126207

SHA512
fd5f4e04637a2c81f6f707ef16426c59eae9a25ab3f0cd5f7638022267176c0a8e6b72c9ba6f125118ac70d70247ab0926ec0f65a57cd8a2f8e76636f0d55e21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
93304a5fea2ef8fee8966df57525aaf3

SHA1
9752efd35d31e01544824eb289194235ea5fbed4

SHA256
9d68acfdfd0e8da49aa22718aa565e781084c70b00b6ce06351473c84bd586c5

SHA512
61580eba6bec9e4248e2196662b824d17de3368e58dccdefd455bd0d003d24bc5df935616bafa98cf570319babe38ee02ac8a4ee17a677ec21d0a9f21e34f130

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
cae2b5fa3caf0694117d5985671176be

SHA1
1c91059f19e40f37e532ca095bf52378b985ceda

SHA256
db86c3fe6d93467522a3cffbb6623c51f708b3387fa570817031248c35864591

SHA512
36dca752ebb96eaf7c428296dba60733a8947c74cdf82b220c6a090ddbfede874d73890916ddf7d8e4400c2d060863158d375baa1677b94632cdf305f595327d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
a3b6fc926e3b1ec37434cd2fee730461

SHA1
1a9451e372784a75b1802e1bb7cbde0755504655

SHA256
06a0d20eaffc929c962a043ee6bb5450dd2a4c026c89dbbf0e0ee295861b1d5f

SHA512
b06eaee9b4f5db644749da0661cb3083c11f246fdf6390a1c3e99331f74fae67ab0da364a2ca0a69d1e017672c73800145f3a79145b9cf8118b7a962fa6b79ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
a0fdce0bea6123d4a3b18a9ff341f951

SHA1
a42c42f8fdf34ec963a2325fd22bf9a7b05a11f6

SHA256
13922cf25ef72124dbb503539ec9658c9e908e583d82315443ff42a294ecf39e

SHA512
196cfe204b7c09180c0b695ff9f9d5539a73b0fc0e234569c1100376e8e2a7054137a394159163b4851ddb2635d72d03dec368245d4bfc436923009ad281721d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
1aab3f1973a1a9c7440c102bb5ffecd4

SHA1
74ff5aa86ad18ebd3a899ce07305eda636899ee7

SHA256
c26b245397558e5931d00e6c323d17528de4373fc2c3e1c9c154ec21bedd9a4e

SHA512
66f2ae7f1b97cda736f2ee9fe37ad463180eb8cb883934e03681bc7d44723337734702db860767ff3e6ccb1f9055533168dd88ec468be8dbb764593a3d93825f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\000013.ldb

Filesize
807KB

MD5
4f5dfb5e9758757ce466446fc947a992

SHA1
13818836bc6061c865ccc9dbd084b82df7cb8f78

SHA256
d3ba30078e704e98d19d665e458577e463d59644cb9d3fc14e8d450b4dfa850d

SHA512
4a55b2b7787e4f2f946aaad6e0edd3eb22ec2e81ebd92a4af249cfba39023d56e5a34f95add57faee07804b4071afe39085c0c32d1a375259f8e477c3f7b5eea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
32KB

MD5
70d63a160e006b9bccc38802f1a8cad4

SHA1
8e60a697f52598816c7053cde43b1cc1b2b7df24

SHA256
6febffabd5f3e982c0996fb1c200675c1b68553df3ae58ef90acd1e7a1f7311c

SHA512
e38f5c82e59fded6f1b6f26a4e9655586fea2b814afa31919444d370e7c5d6a04c27887248a2afa68b1f9afe18755751ee06d7c45c316aaeac4cd87993fde4c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
192KB

MD5
caa6269c5ed576995cd617b6f6a179ba

SHA1
d8206f20f7b4d5da71c56761d96bfdb48bdce27b

SHA256
ff1efbf23503d7ee561e4e6a2223c8b96fdf5119e5bbd4505fb2e08ab46bbf4b

SHA512
cfba1a2fd71c38ecc9e9d0bef0964bcc665d3dbc7f0a44c625a71e9d33be2eae60c3c99e39f90e047d4a3089d905ec0231a44fb870f556ceb389291065040490

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\3f855f50-5183-433d-92a9-f6bb23a27d84.tmp

Filesize
2KB

MD5
0e9c52822e64758576c7610274ca9dc9

SHA1
1c629e005e6b10bff27da6b08a3aa6a3c36f0c09

SHA256
6f93e23908c9d2bd34e2c7c50540bbbde9c0d70b09c5f298cb09a204f0e4913a

SHA512
4cf89d08174435fb4c95d476593dddb9d6c8d8c96602afc1b13369f3ea9332583dbbf4b9848ad90834f6a19c2e7798910d7c254a722ad1c9daf8908e03a5ca6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
87925aa669f6f25424d94b28e452f2ba

SHA1
452e72abbc5aa163cdf708fc81e206a7d9996cc2

SHA256
d7c32f539524903b0b95ba442b913ba2e62b87dee8386f3c8028988acea13f18

SHA512
4d14de068298f5273b5d5bbae03dd4be9abe5c27f44d64dd2736e582fa1c880f4fe7399fa2ed099d6eca591916b98e2f2cada4966b0aed138c3ccfa0b9664b21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
6b684f3b978f7cf27f4ac4d5c6700308

SHA1
814db4c3f7a00b1b0f4a76bba38fc7581f162806

SHA256
8086281afbfde55e686b2fa4448db8726012db569b36125067403c1739ac2ce6

SHA512
adb752fded948f9b97e36b5f96b4c0682aaa37489ab20bad6032437044d5520f953d4b7eb4560782e3e0a09700f4cfba9606bbd9180b3a9d372099f37f707f99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
6fd60ea4d0b925e58cc705c8ba4555ff

SHA1
04234c8dd6398865df05edd4ed598496ab1f7bec

SHA256
7cf251f23266b4bbac7aacb831d26d0fbc9e2bf98c94f30f1ccc268f6646977d

SHA512
0cd10c491c9fe4fd5d533d5c42fd449c14fd7882eb7bf401e8f4d956e0ded89e35e042fbaf6d23ac2ca030d30b7575cae4b94fc99df646b3e53c377120b28eed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
211B

MD5
c62d744908246288623f8ed674543a57

SHA1
d21dd0a7ce82ea4752591fa574a7f109f86377ab

SHA256
5e2a23651235f67f5c4e993e8ea1986a76c8f50fa05feaffe8d65f8caf7b3d74

SHA512
4349f8a5a62bec1da78a58f33e1794c149768d9f4461c4cb5727dcf519b5d060a002e8be2aefd4e98a54aee322fdf91766759b8a0555231a99d34f12d3b17a87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
211B

MD5
cea8e94da17915901e3aea34f00ffcee

SHA1
a2b5ec9b7bbb2d14a7e366e731277a0f14124cf2

SHA256
0a54d0b80cd69d07da5874553b7db5e5d6690d3d205a4696a226377850b4f33c

SHA512
af1c078670ca3dfd267742f72512a6c29e860edccbbfb09b6fa71869f3eabd62c696885ab50c162c9c8f315a57d5f978ef9d4e88bdff1560a7627b4ba8ecf33e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
211B

MD5
452a672d75e4f0572ef0a66659bebd72

SHA1
804c70f68892e68c1e8d85fbf58075c8e8379bad

SHA256
db71d6ff0fff1ffd295e46e1f1106191ba0cb72d88f1a50181ba1ff487a3129f

SHA512
52bdb11cc7aeb4a2c9aae4050d418f252c9b96e5b8e9592b16728bd7edbeabacce2da8fbff88f169fccafca95e353e973cd5f961315b4b924f7776ef66d839e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
072b5e0b032b1be4081b724d57c212b7

SHA1
231c91698fc232dda9378313488c315bdcc3bac0

SHA256
560285ad1f962eea4b6e1b234bcaff0b578f05b98c4c6fdc925e80fe62c89032

SHA512
e0cdb188ee0058a94e9d8e326fec5be8d584d05325c630d6905adf799a13706e0844d1196ce083196e7838270eb77277e69ca5df1fd7fe33da9f6cbf5de16e93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
33facbbefdd0e901ba525d20dfc4133e

SHA1
0083b7af88ffdaf6f8760a6500cc13e064f8da60

SHA256
0d50d4f8da875b7d4c9956964a7da145ee11332d568f560cbb780b7e951c11aa

SHA512
23843aa7d7c543c594b5e3e16dc098899d99cb32c56d39e85fec078a95119acea150b65f779b972ce9bc3230bc8a29b8f8e01c25d7a686e15667d21cb716c2d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
8574dfaafca214d1a562540dbace593d

SHA1
6ac83b838b64f457ad4969d71e69e0549eb2eb6b

SHA256
5926afa1add225177737db172f1750c8803c53e1487d820bfc2157e90f0c3ed5

SHA512
969aaba4ade23b1adfcc57d1fde2a9056bac30a187ef8aedb490c99baeae31adc2974e3f20ad93eeebece2f64120b8e83f59f9c13320a22d35c6d184f7da7273

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d23a7dc1dc92255fb7456ee54c232aad

SHA1
d6b504ca7332e3d1cf0ee04a02d4b3c7c7103699

SHA256
5b180501f434d0d04e9deaa999338de8f57b4eaedcbcf2761c2e4c17f8e2c65d

SHA512
ae001fd962f768edad1704ef861bceda57b5907d98efe1e8fedcd219a134436a7d5de8b1f8966bd6cbf8d259b7cebe0ba482c7ca099e14a3c473aa71bb2b2d01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
e58483042ea6d7d1fcc70977d7bfe0a2

SHA1
3337dcf7935aaec06e7e2aa48ef11977298fc9b4

SHA256
f7a53c0dc57e894aca692d5ece370c372b24efbe4e2620b3f11f56e0cbf1262f

SHA512
6eb19fb3b2d30cf2fc7e00296e09fae5be1d9df785e8a4456e25e37795f2c2b3300a51390535388f542cb0cde96d9cd27ecb61de4ab669db113526ce77882cd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8209e4a6b9fdc168a6dd594409b35e91

SHA1
492119aa470a8240361744dbd09738e9751d143b

SHA256
5556eaaaf4491481fbb734ba89eb5aaec7f49cb124f022a3ab48327b635d0b21

SHA512
b3b185c7b866767a58daf371adea63cee4ea8575ee77db9804142bbdaac5b7bd95692536896881e8badfec14d24867685f207f2c1d7887317a6c9a4ef59f7fd7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
a86a20d83ab3d6a1bcfd29aa63a903f0

SHA1
e24147f33f8f20cf4ce99bec52b02a3c05566f0e

SHA256
3d34cba9c0fb5982e0776b7800625210d269de65683ebcd8ad9acb3d0f3ef1ac

SHA512
9dc8c1188c1f228eb8321d454b4ada28570e0fc4a58f17c75cb0f0078ff856ef04e5394a4477fe18f582c064b744d9bf9979c7ad8c4a6ec688787344dfe09dd2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
8232b8c6e02187775ca1f320752ae91d

SHA1
199163c9ba09a080f9c50bbd655ed1b5ccf2626d

SHA256
6de6494e70ce733e1ffdf8a194df35d02f9189416464d64f829697596cf61bd4

SHA512
b3bc082669882a3893bfad34fc715e9052221608b15309594d2fe435d111a3cc56ddcd543b81120e46383ed8e4cb744b60896ab9efd496c588b50fdd55f9f8d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
dc938103498a81831f95252c7d5c3cf5

SHA1
32304b94bbca0a2c105bea3e05cc2bce3401ef33

SHA256
1a4490f388ce55588944962da0f5b49c3ba971fa921f4f29ad1e288e56e4b537

SHA512
8c5917b8f41e44738eea67cb247437ab76bba05c5b309ba51e3a7911542ba34e3b2a403fcc8d89bf13ee92b1af32642c809437e033f185d9d8a4b74a31db69d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
876a579dfa43e14d650b80a257b33dc0

SHA1
e19787239bb01de1a2f77fa2dad12b5780e0427c

SHA256
22f4c27dbdd6f9fbf24dcb33a1170ee288b5b9ebb1c2f793d2e09112fa12f4a3

SHA512
9f81339e54c007efe01aa2f887974fc67edfcd50b08b92bd2be3fa0c0123f75c8e793db014229e8086a0aa4ffbf199ae031cb94f6dd7960e02aed29ffcb64015

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
91a16cc3c413ab9e53b1eff0fc567dd8

SHA1
d3abc7aabf2efc61e682c939c60deec469dce786

SHA256
1833626595aa1c7ab2713346dfb27cb7809981c5b743324206bf8900bfd98b10

SHA512
0f432c7427adc9c6193a630a3f612c17a21c9bbab8e92c4749349edaa5949d673b0b4ac6f45e39719acb75ec4317cddec21c47c2f40c4c034e62d7487fb360c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
5154f2918b22c1084faede2d2581696b

SHA1
bf6d275e7a1d0a56eed645779f661d62eb9bcab7

SHA256
d6d7d72d6fc4f34791227fcb62c182053275b89c0aec023dcfb319b3cb864f5b

SHA512
d855c660fdbad8bf450b78eb46bafa689de203c9a780dea38cc373870eabc78878e0365db5330de13fec4c4c1a73ef3a847e79788972a8f03f6ef5fc2b78b527

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
94b8f0a2e7787b3eaf18e1339f638153

SHA1
3b511be5783710ab648ee243b942751454d73416

SHA256
7ec90fb159e77ccd00bfd6373b46f777b703fe9b54e3a968a09804db1621cdca

SHA512
9d7d38db5db356641ab77e17d4b0dacdf062c35f99f0b04dec666eee51bd51d06c755a436cd5844f6ad5bfb7202a54c8e32d25a83cfdcbf2bb42bee82185a132

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
138b87c5e5b8abc3675818ca09b2faab

SHA1
2261005c2fed2fbe46d0fa1dfcc4d10904005920

SHA256
0a6aa6123976c4890a6a4c952a88c0c3c98a97d47b26ed52f8185bda78a669b1

SHA512
cc35b0b5faa7b2ed166a8073bd6c329f14828c55cfc2eebf53d1c1e4c22376ff858f8abf23388805b39c01476dbc24fd273ff5c91326a9820048e8357bf77d0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
a16ffe299ba3007ea37469075e402ce7

SHA1
c4ab5d51fdd2b5c22d4768cd132b073049e1f943

SHA256
5389c4623ce245ade796c17ba096792d03c4907054bf13137c150a596bdac12b

SHA512
caf1c24f8f8d41f1774a8061767dcf096969941f6eb007bff48196fb1b42b6d60981c0579a750e9af6a8394ae3f31dc13e5f3e86912ae47e7ba3c46b9d18c143

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
57706afd4643209f292e285c8a1fdb0a

SHA1
59d68b20b960f35dad30aa54aefd63768fdc4b12

SHA256
fc15db230c92b50a49052913b177782b0b18a70a6a82fab46fbc04bd11fa4bba

SHA512
cc6422437f77934688faf8d84effd974214acc45eaeba73a9a89b0e9bb7d5e17fadd328986d879229c1770d309fd345cfd66dd15b38ae124497eaf4f143a0882

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
95429ac5364cf3c564df790a710590bb

SHA1
06df56a99ac6e08717c1ef57b1b69c77d24e7b84

SHA256
a46170baa2f9caef3dd5eff12dbdcd4a19a1735cfbd60e09a5870fb2d6681810

SHA512
e4ae15779c5b5fcf769fb6268dd43da18f2cc3d9adcc9559dc7dadf9cb4b45d3a8ae8fb49252a03c0007ae08ade8029728bb46e8bfd38ffbac262b2f2bbe100c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
a6ad72a30144c3117f507486f2b991b2

SHA1
377c7463bb6e0d50394eac085287187f0b5508a9

SHA256
9bb0fe308940249bbb94e57898e8a9b3fbaadd350f606f7b98bc63e2261ee3c2

SHA512
6d52a9ea6f0d57cb36a571507c133c624398207e66f0c11bd729152d2a6f391a404fd498e4560cdbea9597b30a75f8f541aac65a4645327b7a8e2216d1446176

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
7aae853eb0d256ca6cce812d8c1d7719

SHA1
74025896e7a4f424e0a511a331d86217fa5fe1c4

SHA256
15c5db2fffebb93543cad6cb17a39c4531d74e1585ebb73c61949e01c2f6e892

SHA512
5c104ef43851bf9c1c1b3fad890fb20f9c6c50829ec16448aace67f6097fe481c264bdda6ca362a55323cb6e2d8996d191b6e666b7695c16b36b489cefdea1cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
3f363544ff85c3ac7f65419e227cf2e2

SHA1
0bfa96c0c3444f3f7078dd0d70815dd7565fd576

SHA256
f79974c28cc245744fa968a794707fdb4381594e1d969080996f4389e6368231

SHA512
afbc239d077ef1809a5d618e2cf34b3796fe132b83123e2bbead93783bcb9c85e9b68b081e4cb637c25f581392909b4d061c8f0656c3e5a671611de725047c91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
440b1b6897ae1eb2c8fb69a156cc4030

SHA1
8864fff6679205eeadbce1a47237453ff8db80ca

SHA256
2f4d4db211b4b7c7642571490168dfcbf15b78fd67a753ebb0820190281eddeb

SHA512
46a1206b46006209facdb8d7267e945d18beec41c85efe9356933a78ae3a4c51db2ded218d9496bce377938bf7844defaee849c3e182c1604797d6a3921b641c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
888775f90784c11d74e7667f6b2aedc2

SHA1
b30ff8e438f481b1da746a74346823acd488df4b

SHA256
b1c7f797fae2de25186b547ed50058233c11d60e657a94ffbb65d2f690ce24ae

SHA512
42d3be377fda21d05b972926c24d4a990a6b9cf2b954665c181daf34871385de94ea80a7d386ddc62d38de9fa066d34e881b29c76f057b2430faa4bb76cd7bf3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
9ae654a39cb9d2ba704132bd37ac3a16

SHA1
c4e85562a6727dbb9ffce8a9b7d0b45281329326

SHA256
acbc260d567da3cc497c6255f97c600ea41928ceb7ecaa892693cabfead0ff20

SHA512
a009b04650bf4d7b3682ac73ae5f5ee60afab52ec5a834491bfb6a31e374cb25a45bd02db623049ba93b8e8b1de13cb3af65655bf141351b0e570a058a1e5f13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
ee28061c9f4d0004ee82ca3ea8296bfb

SHA1
6d67a9b787cf19b2f5815833b154210c97b5ed0c

SHA256
11cd6c5effc58d06b94de1f60f541cbdbc204636c79d8a0093a09642de865cc7

SHA512
52c61ff22b1aa463b5b8fa8c55cae81ee30647b62b0fc8e3eb99ddfd7d0ed6b178580332940c54f90f073ec6eed32b5a828af8ddc4a39d4378c1de5c1afb5970

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
8c3dedd4bb18c50bdbcb89c7759b5a11

SHA1
ffbb88b8d783ffdd23426a192d5df88778e1e996

SHA256
e8978987cb378ca842c32b9fd7f847787dc7223d81bafd834432fd96f7ebaae9

SHA512
edba175a1f1c9f070aa785a6ea49b07c91d63db0f5d0d3a6a04fff124f6d28f5e1078df71bf22d61e69d16f28db2043e57f37c9623d85bff4e1f3590fd349019

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
8cadf764538c4eba0b521374c6cc4116

SHA1
5e8c9073ec97fef601ad82f7fd07cfcec9d0c2be

SHA256
609344e229cd343fe128ad9d38af015f83ef9ac4343cd1351ce3ce6447b31316

SHA512
cc9524881dfa80c39f3da8617dae6554d2682d266100f0f5bfcf642f1308fccfb9a000e61613d76b39dc47691b3c825511c96eda3cd2bc147c31b6045ba6b644

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
d4e3f98c0771cfe0973e2d58190b0171

SHA1
c016d496896204a891405d45b35f5a0385ce96dc

SHA256
03e2d3b7c775817e72f379d3ba4f01fef44da34318c7919072efa4ebaa45717a

SHA512
9c2bfb189daa65378790baaabaf6285f342ab8c9037d4224484f9f8e5fc4414b1b8ca58f3495af52c009e6846e5f5036088abe643de6d5205088524122bf26d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
b0873070d042a01c149bebd86cb0e352

SHA1
4a7ff6cd83dcb10a5b88a675f3841c6f93b3477f

SHA256
9af3f7bd9ebb2f9b26b3eb9d5a8c7a7b188e9a12ead27323e23d112cdaa6c060

SHA512
278b1c93c43e19966ccdb6ecbc345a50b36869dffab5268780a295b7d44864db729b4986455a3e97c700647fba5a11712be32553260e833e60e4152c5f11d572

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
37a605cb54a2b0953a9e095984e84929

SHA1
db8fb858627823337126d8bd468150eab2704414

SHA256
9132584e46f7033dd539505510ac08765c99ca21df8d7ad83e0766579964476f

SHA512
803d6a45a3d8d01a4d69a5075c987fc0de9995e42b69bdcc93bee8309997ff5bb60e192eb2ed0c7c529b2a920e17271d381ba31ab696734e997b2b9e62783f37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
891b76bd6d5a3c4731cbc5bb077ac708

SHA1
1b76314b2f1dbdafe73a91b1642e5d7919e5169f

SHA256
04e8f41471aad88f0b5fa711faa0b60df893d308fbfb42652730fa626a755586

SHA512
2745a37d0378c19c9f6b2456b6c24be2cf5ebb81387719e76c212f54bf00cc4db18433107374721ddfe6417203b564a06402a2bc9dd87c21e562d133c83a3eeb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
ce4be13976629fcb3bbcb8301bbc1dd6

SHA1
6da09b8a3616a0dd3b4b164e7ef15fe02008c534

SHA256
9197cf688ac7b1ba705b1d2b02730e588b1027d80963b4ca1cb1cfce33acb998

SHA512
12f4207ea36bf5a53d89c07fb841e6da5cc54f49759da230cef7d0279e1d92642d0b0a460591b682f4e30d686fc7d7b5e0b33913e634864dc00ff5e1f7cfe6b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
30KB

MD5
ebff5f535d380f5f88c7af6c737c1cd5

SHA1
5bd4d91cd69c026d009d7d7bbbd582428b4080be

SHA256
bc9e0506e35178ae6fd052a0fd38d80d4c2d1ff24c23411870396b11b1c82ee4

SHA512
e10194ba276f844afcb7de50f30f2afd89e1bf67398b455c381e7255e7b6c5d4224b4ed240a231c1694a1d82af9690bd9871037ee683853a58fc96570f8e2ed1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
f704a521e91aaf615450b4def4d7a4ec

SHA1
2948c15d25df6763fa01f65fc9d2bca01bfe8fba

SHA256
7050da1f315c515d426e60aa8c62c9c4fd91c346f5c156ad16afc0a7b04faa1b

SHA512
9056ac11d65c5c0f7fd978f2c735f464872496efedde217737b557997c88772c6653f582fbf29301a6198c410d657d365b2e662a9a56950c6315bf4ad541e6d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\ab146774-3a9c-4538-8349-8f8cef9af868.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
13B

MD5
9f0786e66f4c80870bd874b7aba0a394

SHA1
74d461c9049086ea0301b956203e7cb59438160d

SHA256
da3e73d31020d249d320f01fc40220043e34ebc99fccaec56c5a97f671a8f227

SHA512
f766b4ee7c28886c1901cf76c1c917e296ddfd3cf843f4f27d7a73db37247ae0dfb8c3f343c4ba124d20f4475e0fb4cf60860215480341715bb907d73630cc6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
69KB

MD5
b5ad7c74d707d909b052942975ace0c9

SHA1
231c52915234d761a25551dcf8ca4673c4232aaf

SHA256
09f1c5672b1979b37ec206d6bdf04137f74184f09ba7db594ba62e0e5724e418

SHA512
02835d547e3de9b75edf46d132bdbbdcf10557fab3df86439dfbb8bc10a57a50c07a4d04488cc7ea9a02c649146480a3b2eb8e703029c62f1d9b8cf88b7894bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
69KB

MD5
ed836c302b112357ff99e4d153af038a

SHA1
e5206f801b63bf008b74d284ffc4d33755610714

SHA256
d1078792ab41f70529ab4fe68f204694f9d05606e54f9720552e5e6153319276

SHA512
087fff8ffea29fa061b9868c416519465ef471312889539ea8e7e2514fcba2ca07fec0d9536e8c1b93ce5a3a928369919cfc6c92f36c5d479ea1dc983f28e175

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
69KB

MD5
06f6cc1e3032f286f8a1402edb1bb49b

SHA1
a65c99ced26302ced54002a13f1682e710f93dc4

SHA256
e801eb8b357ae6cf78d1db4fc9687f447c3e2dbc69e10f582e6d0021972d218c

SHA512
8927f4755a5b3791a659a10edb00dc839c098230c227d779d2741561d351e7036cc74d9a0d0a6323ba51fe1b2062193d8c3e133bcdc58e9061b0d54a01ebc108

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
73KB

MD5
7e77bbfddefff4244121166dcc6b9c7c

SHA1
7f16eff1c2db9106c46df99b7c7e7bcf1bd24f1e

SHA256
ad193d29f90ee7323bbf946670c7b276ba8860a07e1f45fdbd8a825b960be420

SHA512
3f1a46a33b39776ca0d6839b1da5db0b01129f2b36fa60d81c325e24568b8b8b8e50d8fdd148e8f2f99d673782554707e095ebfef32f55339595f90c480d736a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
69KB

MD5
decfdb0e8b3f7d0fa9945c0ae76ea84e

SHA1
0b7bf5ba2c295b78a0ad3a261d43dadf3e411371

SHA256
df1aa795d24d6eb31d5a50626069fd26bd45127209b1b44ef7dba6445d9a4369

SHA512
4f546a706a9dab5b42a3867026d60f2f76f39cdbbb5ed56ff79dbbfd646296540f3fa159fd6c1da5a60c8f91fd44ca87333c5c85a4398d727fb8ea0d4192260e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
69KB

MD5
7fab7ac82a51177218918c477e112f33

SHA1
6c483db650d7c80dbce4c57c9c143d345f4e7d96

SHA256
ccbac73fe529f57ee182fc68416492f19b28d50ca3a4b671cc74b3a12b0eae10

SHA512
4b31fd1cd061e5ef1dd37eb43f61b9603eb75d88891f18022d79dbba2362089aaa6047799e2b6f9b7f43fafd581b2cf3d5afc0fda17ae2eb24e0b94b1d7a2690

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
69KB

MD5
3541f0f23f010e095d18df36954ecb07

SHA1
8b8f3a8cb871f5f1aeae72c5b96a4e2f39b669f1

SHA256
11972e7a5fa79dbec9485a4a0d0822b86870fec635222369f9e8a592cde74fd9

SHA512
7ec1c583348290c86f802ec236677500d3b692f1acf4422c4981a7823167d339f6843c6ccbd204dd981670d747fc551f74e34535881ef0001cfb3814bc040b3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
69KB

MD5
37a97a24173320af4caecff3e339f03b

SHA1
d112a71cdb1387f561cda1dd623f2e89b970c7b0

SHA256
2566f82906c81d5d8127ed9ffb5675e8ce69907518498d0b8d92b24cd182873f

SHA512
31451583ca9369215cccb951a992e47cd5c6d3004f98c5c0b74f384640084aeadddfb90fe95b629d8d21e4fa66e085d0efcf7365293a43a98624396b062478eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
69KB

MD5
017a92467cb982fd40359d7251593c3f

SHA1
a5b7b77bb1e6de28bbabdaf4cd15b78b8ce438df

SHA256
8fc63bcc614a07949494eaffb8cc775fea86c7f3a84b1a2ff82f1302c4d0391b

SHA512
711fa0eccec5a5d312783d2232c5f053254f96287206f80146132c413dcd36704e5ea4f721524a83ea9f1a08662a520c23b88853834a0441c3e7b3169da240b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
69KB

MD5
a647393be6ae54e3e158ff806d89c6ff

SHA1
f904dad1f2183524a8aac1674756c2063892a159

SHA256
5eec2a0701b95301d67f255b9440f9bd0e91687c2a0d2967b13fb1631eeb0003

SHA512
67407f6d348f4c2399c5a03fff6da07f63f06ca9f69897de1376eb67f31f6463ee6bc50e22cd1745d6bdfed64e4c87ae18182954b1312bc4ec4e109963dfecb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
69KB

MD5
252cf38349622050c948cfa8d03371f2

SHA1
a0a7854c85aa32ceb1e8fb8c9d743b4feaf337a8

SHA256
8711cbbf93c7178851815e82fc9ff4e05f25ac6d0b24090b939946bdd366c7ec

SHA512
4167f249141b4bb84543f6fc2073c93ef505353a46e6641f27ac1c0e291453094ccd1afed2644e85985fe097b994f048287fa2551d2895e2a07e4ea805fbaa5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
59KB

MD5
ede178e3a602e804bf80a657f39ed3f9

SHA1
caf95d44d334696bcd2d76c772e124285d40da3e

SHA256
45aab783d64abb1b03b4ae4ca1966064f0adbf3b7d7ff9505801db35befb8a96

SHA512
cc0d7f30b6bb40a3f8417dd5d75a82196cf3c8b5027124118fe050eb248632be8e696adb6ffdf657c1d8704d6239213987b8ad0039499b08ff864f13b4c1bea7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
69KB

MD5
c237804a0d47199dc42a9e5fd5020a71

SHA1
59f9f51d560abfb8b08963550319986165e98e66

SHA256
0cee1895c3d80f16d75375cb9ccf2eb3d40818dd51f24cedd5b09c63541f74bc

SHA512
3f7f080453a03065cfca2879630dc510be276f586dfc36f117854a73fa6c2c341dbb629251d154596f615953e2d71d99bf7090ea5f552d34c70670db2b4c3b9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\downloadCache

Filesize
14B

MD5
df741b3f19d9dc2621eaf973c8c9fa9d

SHA1
f45f1d9791c05366a8a23322d497c89957e75e61

SHA256
6e5ddba6d7aa3b287ea364034e1f843e4146ff92c07d8426f4a7c4b0e6435006

SHA512
650de3f99038bffbfef41a9acc0a06e15803550c6456d0bdeac9ebe18aea94ab3a0bb7d85b7a0230ce6f510f5e26fa739fe58924f355d7e3714ec37daa4c70d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\downloadCache_

Filesize
210B

MD5
8c895a5277bd677a960c5674f5645807

SHA1
51d69e3285fab5ece58d7ad8595695bcdd17fc44

SHA256
7a7167c4aa5bf7f974756dfaad7ae4eff294efc97abf1a08e40dd4d427f0c66b

SHA512
b84b3ff992ad018d524bd4f247e4904b4991aa1eb558fec7c98b06b197a92680c6f88e5df6ac367195d5daa5eb762dbbe2705eb600698e7936be4605842b2ac0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache

Filesize
9B

MD5
b6f7a6b03164d4bf8e3531a5cf721d30

SHA1
a2134120d4712c7c629cdceef9de6d6e48ca13fa

SHA256
3d6f3f8f1456d7ce78dd9dfa8187318b38e731a658e513f561ee178766e74d39

SHA512
4b473f45a5d45d420483ea1d9e93047794884f26781bbfe5370a554d260e80ad462e7eeb74d16025774935c3a80cbb2fd1293941ee3d7b64045b791b365f2b63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Temp\Google_cookies

Filesize
20KB

MD5
c9ff7748d8fcef4cf84a5501e996a641

SHA1
02867e5010f62f97ebb0cfb32cb3ede9449fe0c9

SHA256
4d3f3194cb1133437aa69bb880c8cbb55ddf06ff61a88ca6c3f1bbfbfd35d988

SHA512
d36054499869a8f56ac8547ccd5455f1252c24e17d2b185955390b32da7e2a732ace4e0f30f9493fcc61425a2e31ed623465f998f41af69423ee0e3ed1483a73

Download Submit
C:\Users\Admin\AppData\Local\Temp\Google_login_data

Filesize
46KB

MD5
02d2c46697e3714e49f46b680b9a6b83

SHA1
84f98b56d49f01e9b6b76a4e21accf64fd319140

SHA256
522cad95d3fa6ebb3274709b8d09bbb1ca37389d0a924cd29e934a75aa04c6c9

SHA512
60348a145bfc71b1e07cb35fa79ab5ff472a3d0a557741ea2d39b3772bc395b86e261bd616f65307ae0d997294e49b5548d32f11e86ef3e2704959ca63da8aac

Download Submit
C:\Users\Admin\AppData\Local\Temp\Google_webdata

Filesize
92KB

MD5
fbe4c51ee21cb3ec2e3c7698c9f7bdb0

SHA1
22f78716f3ab309bb89a86dc7f2f4f71f05e5aae

SHA256
fd94eefb6e43f441bc8daafd21b51612016a8baecf93a088e91e4e3b6c0b36d0

SHA512
6185afbbb674c2dad6a737fff3e7283633595bb8aea200b1312a98967060f3e3bd93c2f51116ce5350de6d9abd78c0de8aeb31706b85e793e00e104a08353278

Download Submit
C:\Users\Admin\AppData\Local\Temp\Microsoft_login_data

Filesize
56KB

MD5
d444c807029c83b8a892ac0c4971f955

SHA1
fa58ce7588513519dc8fed939b26b05dc25e53b5

SHA256
8297a7698f19bb81539a18363db100c55e357fa73f773c2b883d2c4161f6a259

SHA512
b7958b843639d4223bef65cdc6c664d7d15b76ac4e0a8b1575201dd47a32899feff32389dcc047314f47944ebe7b774cd59e51d49202f49541bbd70ecbb31a2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Remcos Professional Cracked By Alcatraz3222.exe

Filesize
16.5MB

MD5
cf3071fde81aa76eabacd1a1d79a3681

SHA1
86a1004ad26c5c58eba5a8007c00bb50b1e9c0b7

SHA256
9954571f29476961eb37b29a18a32e495869897fbad25a53689475160ee28e70

SHA512
cd4407ad2b281136659377b9de1b9869f2bc0482a08866b62b759c4ec3757d82ed3e97de1f3bb4a6d1eaa124566aa3d8ade74f02892066cef96e161c9cda4142

Download Submit
C:\Users\Admin\AppData\Local\Temp\d575e16f-98a3-402e-9c42-80062b15c459.tmp

Filesize
1KB

MD5
51541cec0c7da0308e08f3c27052fa0b

SHA1
7c2d8a683140ccf267f7fcf78ced10f5264b4e98

SHA256
8c706bf3a40b2d609d88a43e36a9e931e3c562790df0ccb121970714197c2286

SHA512
01e5e3cc3384388e12f762bd2663e7bc0ca4b20cce377661c1137de45abeafc2647199894d01a5efe4455d5553dc26c2d3b7ddb693f84109de979593f18e8675

Download Submit
C:\Users\Admin\AppData\Local\logscx\cookies_firefox.txt

Filesize
518B

MD5
0698bcf2ed9740174c8a2c5dbed0fcbd

SHA1
2b95488435e45eb5341059f0dc87e86c8b2dc285

SHA256
b7d1c5c1a11e7313dbe4f10b0755f737b2647652b3df3183113efe80cf4a5d4a

SHA512
df9915e6972af5f61ceee17a34bc72cd4a997711dd0ac71636f8ae16f06a8aad5d26825e17a3a6c22c5486a34e496b616724240b6ea212dc41c75d51832af05f

Download Submit
C:\Users\Admin\AppData\Local\logscx\info.txt

Filesize
333B

MD5
ce13a29d9ba8e5161f0ebf2c7cf200de

SHA1
bc8244ad0774f11e9ab85b61ab44bba4ba219bce

SHA256
8648416eb19a84e3dd7ec1aac547c2258bd4acc122a4bdb1d2b3338a5bac7aaf

SHA512
0e4d71255e4b4bd4fe34c6a949ee83d261bb1451be32f5fa66c12a2ec183b47d1a1388ca0a9e250fb04149774473921192dd34033339190937eb08a20a98678f

Download Submit
C:\Users\Admin\AppData\Local\logscx\sensfiles.zip

Filesize
2.5MB

MD5
51b76c8979980c0b2fbf5a8a40f668f8

SHA1
1c4573b66b1e9ef06d5609e883ee416751ae4aae

SHA256
c725f9d8fcfd9bf8c867d843c2160e0ff8def3d6e0cd584bbd879cfd9e024ec1

SHA512
bc05cf702ce1b87a483e1dfaa69f8a1b988b7f6f04aecff5599981d709872657f33a314648d07c0928ea8d1b45f34197dd00b1b674b4f249dc20d7ba7b57dcf8

Download Submit
C:\Users\Admin\AppData\Local\logscx\sensfiles.zip

Filesize
964KB

MD5
f30d577a5b5a7e176b1edec809caf1b2

SHA1
1005646361a7c88d13388a44dea16f9daadfd014

SHA256
6318880756d5321047d39bcd19143e5eb47c0fe5db525c94ecde191c185e0ae5

SHA512
f13fc18d71175f92b48427cd5717bd26650b23721be55283d11fca0615b31ad276e233a389b3137c0d4c5fa947b1eab246f9ad92dba5dc2d3b0a6e58799b2d80

Download Submit
C:\Users\Admin\AppData\Local\logscx\sensfiles.zip

Filesize
2.5MB

MD5
530daf0058a1ff76f5841d0916f0bba3

SHA1
c2ffd1e6f376b2b19132c0de1f8fdbe363d35c5b

SHA256
4f21d41b0908ae1f7e5e620a618ca929e493cdbbd7b88c9b2c11722ce629f9e6

SHA512
15a83fdb89ec46bb788b979bc59c8ddc8a5dbb719d1226785a74429dc70fb9dbe982c7f4e71d12b9a4f4734c65242c6b1baf500face368956f8eca6047d6f696

Download Submit
C:\Users\Admin\AppData\Local\logscx\sensfiles.zip

Filesize
2.5MB

MD5
5455d97ff3cc7eb632fa6322fc35d5ff

SHA1
ebd83b2fcb03cd9c8be34f6be22144fd328a75c7

SHA256
f728352d56c2c3bb2b21d83335448851d0e25140a225a2f78212129b108aa2a3

SHA512
0b08c2a0082e5918a42b5f8f4eb0d8a6881d4067fc2ec73e3ec1f7153426c73125ca6fffb9950f8687d935337b65d58c762aed0293e3a6d9370c7c190d13b50b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
ff296a07eba26b733b4f54f4b021fc8b

SHA1
ddb99663e81c35b559cc5e5b8dab755ba83e3ae1

SHA256
b29bbda0294e42d3f0748d9eec9af11e7a8a0552bda09eb39543cb3681c39843

SHA512
41bc23e65716cd8334c262e218cc85674ca1417969293773342dd8a5d28d70c789b3a8db2842cc21a5ebea2c051bf74fdf8839e37d6506add76c6484990b1aa0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f97d9gc7.default-release\datareporting\glean\db\data.safe.bin

Filesize
3KB

MD5
26c53e63b47cbf8653e68e3e49908405

SHA1
54aa3c1373baedee57e804ce04d9addb7c0d7926

SHA256
590805d7316e45cae5329be1975421f16ce4cb1e7df93a857174922008acbf44

SHA512
a9cc50089da3994d4fda6e4f418b8425395fabb25800aad0bcaeafe264a87c8954e66f0197d357e548034f08b96c7f16ac33cd6f0fea303d32d475e86fa4d691

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f97d9gc7.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
06fa3659b59788fdd15fd56734b7e873

SHA1
3fc449050cde8d34a44bfd91f33aaa0b1c3c25d1

SHA256
59a08b3185f9d6d37f229f9dca3891c4f6ee453a74c0a41b154ba898ddfc2b78

SHA512
b533f24851d68e1af4875020d686c683cc9c284bbe59a142279d2e3c7b5802d6555487c168733c74aa9a47d20be7f8147a47f360fb000ecd203e3fb3abf68519

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f97d9gc7.default-release\datareporting\glean\pending_pings\0af4ffc5-e92b-4358-bcec-586dc270b852

Filesize
11KB

MD5
db12e13d0f5d2163d60739b659e597cf

SHA1
5ca42b4ec6acfe72082fdc4cb60a72b0287c90e6

SHA256
0b6fd18b6689b760fdffe19d6d19536dcbd9ed7a14733a0ede4d38cac0ca18be

SHA512
f56484612f84a51660bde8d966e65633a52792bba67ef021736ac57d83f8c6f4a9df05164993f34e5e0786f3cf8d9ca17e9da3906e6bfce3afe2799735db14bd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f97d9gc7.default-release\datareporting\glean\pending_pings\6380b054-96c5-4522-80f2-284c5299dfc3

Filesize
746B

MD5
f8a572962d3a1dd45be878463300123c

SHA1
e158d09978427b1feac828999e59af70cbcb8f6e

SHA256
5e769ad64dba83366c44e122360ce280a05eb14325e86aa00f6238c7765a484f

SHA512
8faa6521b137490c50a4a6d8228b3d0f9308795ca71df84d2191e1ea4fff963baf2cbd9d12a0101d1d6a487eccbdd039c023afccfeb1720050b5dafb371f7ab6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f97d9gc7.default-release\prefs-1.js

Filesize
6KB

MD5
14f06f9ea17194ec216954738761d9c7

SHA1
e88a543dc10a4aea34266ac4722c07586c70b59c

SHA256
1cb9eb3135a67555c945b46a243575d28f1bcde6791d1c96bbc8cc2ea1f09f15

SHA512
e66a4e293276c1d0cb00f058e9c800a49413f8d798f6c67a3367c3268b791f920b8df1b37adb1318b7e9a5ef8d1997fb5c9912d49bc67fbc528a822b1386c9ef

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f97d9gc7.default-release\prefs-1.js

Filesize
6KB

MD5
79a0f23fe689994e098e60fca1d59174

SHA1
06fffbdbdfd549221c166dd3d2130dfc277c1705

SHA256
a842d137bbc4fc91003dd7ff6f762256bf71689ec8f888f3c6defe16b28bbe8c

SHA512
21cf7c0f4af79582fbd4ab6e990613fcc73b3c4b83bd1fc3fa943e54f1f230b49b2485137464778ce8fb624b4a12a05f85a6b4651eded98df46bf3b29c711478

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f97d9gc7.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
b89aafb21d42262e21b18056b0ddcb3f

SHA1
b05f8d63681fd0fa327596ec710367f303c4e82e

SHA256
1128ec09928031fede7e45bbdc9c80002b73aa20c7845cd205d9e2d973ac25f9

SHA512
4ee965ad2678bbb1d8cf55522d76ea4d27aad9ecf96f617317c0e34a9f3d251508df2d698c8464e8a4244e154411118ca6db35956d5687ece736e360e6dd7710

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f97d9gc7.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
26fe18e2da822f9c3c54537c2698d271

SHA1
eadd63784f395a99f3224294743cf63a8a7085a9

SHA256
e96eac0e094a19b5fc99462b8bb6419e61035492165acab03571e853321cb274

SHA512
432a34e73cb6c96b72ef888634fe610408b7fb4bc6cdc97f82fec47ad84a8834b8c2db621699679a40e08212818170ff1b844885d6afefe476bff5a7f01c3f85

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f97d9gc7.default-release\sessionstore.jsonlz4

Filesize
4KB

MD5
49b78ee5e4e66fb0f5a5d06348d8c263

SHA1
1a24b5e592d2979b7e22debd01ba479823ea8c1d

SHA256
00f66f4e91c14b2075c20cc86c163bb1f0d641dd73bc64fa156579b5d07fcb5e

SHA512
ace90be83863cd10a36c9ddcca7415dfb98b79d75d56c39d28f3e4dc0b6540e71d35054b8fedb21ffe917c464c1c64ec3325157f40d63410a75f7db5c72867ac

Download Submit
C:\Users\Admin\Downloads\Remcos-RAT-3.8.0.exe

Filesize
7KB

MD5
6166f997b4bb3428ae0d9d4b4e1f0db2

SHA1
d18a89610c4ab5ff73532a608e3ba0038d6146e0

SHA256
3e3ef95e4d20e1cf759021d91f834b6f2c82a1a9dbab3cab1605a55bc85d5be5

SHA512
087be6857f602a648c612c9c849560c8c803182bf08bbdbc41f58eb17e28a1822ded1b1fb45c9a007722b6c6a19754671159a0a3510cc80188d3c145ab5a297c

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 448091.crdownload

Filesize
5.2MB

MD5
2bb069b6a94740e505b52d439635c3d4

SHA1
816d7748f54209f6b4f15eed970cb36b51fc4346

SHA256
a82549a690aa30c2cfba60b5736f2bf8e20b431a600319b6cddac05a48088b6d

SHA512
ee91d7b50d590aaf3ff6384bb7979cbb780a00b88baca351e66caabdb26cebee7ac06cb615a6d2185a958c910a6d076d14a6878d523bcbea6ab787e3dde1e021

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 670434.crdownload

Filesize
1.8MB

MD5
20565190e88ece713ec773262479485c

SHA1
04437bcfcc4528fb352f1effbbb01cf840695b58

SHA256
73257e41f24a9246cc220937ccc2c00c1da27b7c46d25e9be7af28d1d9e2874a

SHA512
a3cf3d52da9f01476e083327c120c6c06d91415e2555e77dee0cca61effd5b03ff5880fdb668168a14ad6f03a2929f34fb701264859d6db69f99c24473d18bdb

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 84101.crdownload

Filesize
60KB

MD5
619644bfbe406d14d4d875e9396a68ea

SHA1
7ae8d0194eb9b281226a1d62b8884810436abd4e

SHA256
4d87eda0985823d7e62c55da7493bf7c28c47a8aa81b469d8d1e13f2deaab61e

SHA512
d1d54d3604b7f17124d4ab19611919e9190d3b3d5679f06c7e26fc8103c717dd7c2549c08ab1c6938553b957325500869d8fedc3080b74112732c3cd470ea004

Download Submit
\??\pipe\crashpad_5312_ZMOFQVLWBYBXCTCY

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/400-2033-0x0000000075210000-0x00000000759C0000-memory.dmp

Filesize
7.7MB

Download
memory/400-2034-0x0000000004CE0000-0x0000000004CF0000-memory.dmp

Filesize
64KB

Download
memory/400-2059-0x0000000075210000-0x00000000759C0000-memory.dmp

Filesize
7.7MB

Download
memory/1888-1241-0x0000000000400000-0x0000000002991000-memory.dmp

Filesize
37.6MB

Download
memory/1888-1219-0x0000000005390000-0x0000000005391000-memory.dmp

Filesize
4KB

Download
memory/1888-1196-0x0000000004B50000-0x0000000004B51000-memory.dmp

Filesize
4KB

Download
memory/1888-1190-0x00000000048A0000-0x00000000048A1000-memory.dmp

Filesize
4KB

Download
memory/1888-1189-0x0000000002FE0000-0x0000000002FE1000-memory.dmp

Filesize
4KB

Download
memory/1888-1240-0x0000000000400000-0x0000000002991000-memory.dmp

Filesize
37.6MB

Download
memory/1888-1544-0x0000000000400000-0x0000000002991000-memory.dmp

Filesize
37.6MB

Download
memory/1888-1186-0x0000000002FC0000-0x0000000002FC1000-memory.dmp

Filesize
4KB

Download
memory/1888-1187-0x0000000000400000-0x0000000002991000-memory.dmp

Filesize
37.6MB

Download
memory/1888-1188-0x0000000002FD0000-0x0000000002FD1000-memory.dmp

Filesize
4KB

Download
memory/1888-1184-0x0000000002F80000-0x0000000002F81000-memory.dmp

Filesize
4KB

Download
memory/1888-1185-0x0000000002FB0000-0x0000000002FB1000-memory.dmp

Filesize
4KB

Download
memory/1888-1183-0x0000000002F70000-0x0000000002F71000-memory.dmp

Filesize
4KB

Download
memory/1888-1250-0x0000000004B50000-0x0000000004B51000-memory.dmp

Filesize
4KB

Download
memory/1888-1252-0x0000000005390000-0x0000000005391000-memory.dmp

Filesize
4KB

Download
memory/1888-1182-0x00000000029B0000-0x00000000029B1000-memory.dmp

Filesize
4KB

Download
memory/1888-1181-0x0000000000400000-0x0000000002991000-memory.dmp

Filesize
37.6MB

Download
memory/2276-2032-0x0000000075210000-0x00000000759C0000-memory.dmp

Filesize
7.7MB

Download
memory/2276-2035-0x0000000005790000-0x00000000057A0000-memory.dmp

Filesize
64KB

Download
memory/2276-2031-0x0000000000D70000-0x0000000000D78000-memory.dmp

Filesize
32KB

Download
memory/2276-2062-0x0000000075210000-0x00000000759C0000-memory.dmp

Filesize
7.7MB

Download
memory/2312-2198-0x0000000075210000-0x00000000759C0000-memory.dmp

Filesize
7.7MB

Download
memory/2312-2319-0x0000000075210000-0x00000000759C0000-memory.dmp

Filesize
7.7MB

Download
memory/2312-2061-0x0000000075210000-0x00000000759C0000-memory.dmp

Filesize
7.7MB

Download
memory/2312-2318-0x0000000005920000-0x0000000005930000-memory.dmp

Filesize
64KB

Download
memory/2372-2471-0x00007FF6A07E0000-0x00007FF6A2124000-memory.dmp

Filesize
25.3MB

Download
memory/2372-2535-0x00007FF6A07E0000-0x00007FF6A2124000-memory.dmp

Filesize
25.3MB

Download
memory/3104-1631-0x0000000075210000-0x00000000759C0000-memory.dmp

Filesize
7.7MB

Download
memory/3104-1609-0x00000000054E0000-0x00000000054F0000-memory.dmp

Filesize
64KB

Download
memory/3104-1608-0x0000000075210000-0x00000000759C0000-memory.dmp

Filesize
7.7MB

Download
memory/3248-1253-0x0000000075210000-0x00000000759C0000-memory.dmp

Filesize
7.7MB

Download
memory/3248-1254-0x0000000005000000-0x0000000005010000-memory.dmp

Filesize
64KB

Download
memory/3248-1220-0x0000000075210000-0x00000000759C0000-memory.dmp

Filesize
7.7MB

Download
memory/3248-1237-0x0000000004F60000-0x0000000004F6A000-memory.dmp

Filesize
40KB

Download
memory/3248-1417-0x0000000005000000-0x0000000005010000-memory.dmp

Filesize
64KB

Download
memory/3248-1495-0x0000000005000000-0x0000000005010000-memory.dmp

Filesize
64KB

Download
memory/3248-1218-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/3248-1236-0x0000000005000000-0x0000000005010000-memory.dmp

Filesize
64KB

Download
memory/3248-1235-0x0000000005010000-0x00000000050A2000-memory.dmp

Filesize
584KB

Download
memory/3248-1223-0x00000000053E0000-0x0000000005984000-memory.dmp

Filesize
5.6MB

Download
memory/3360-1845-0x0000000075210000-0x00000000759C0000-memory.dmp

Filesize
7.7MB

Download
memory/3360-1842-0x0000000075210000-0x00000000759C0000-memory.dmp

Filesize
7.7MB

Download
memory/3360-1843-0x0000000005110000-0x0000000005120000-memory.dmp

Filesize
64KB

Download
memory/3744-2079-0x0000000075210000-0x00000000759C0000-memory.dmp

Filesize
7.7MB

Download
memory/3744-2064-0x0000000075210000-0x00000000759C0000-memory.dmp

Filesize
7.7MB

Download
memory/4376-934-0x0000000000A10000-0x0000000001BBE000-memory.dmp

Filesize
17.7MB

Download
memory/4376-1138-0x000000000DC70000-0x000000000EDF2000-memory.dmp

Filesize
17.5MB

Download
memory/4376-1224-0x0000000075210000-0x00000000759C0000-memory.dmp

Filesize
7.7MB

Download
memory/4376-936-0x0000000006730000-0x0000000006740000-memory.dmp

Filesize
64KB

Download
memory/4376-1234-0x0000000006730000-0x0000000006740000-memory.dmp

Filesize
64KB

Download
memory/4376-935-0x0000000006510000-0x00000000065AC000-memory.dmp

Filesize
624KB

Download
memory/4376-933-0x0000000075210000-0x00000000759C0000-memory.dmp

Filesize
7.7MB

Download
memory/4376-1239-0x0000000075210000-0x00000000759C0000-memory.dmp

Filesize
7.7MB

Download
memory/4424-2320-0x0000000075210000-0x00000000759C0000-memory.dmp

Filesize
7.7MB

Download
memory/4424-2060-0x0000000075210000-0x00000000759C0000-memory.dmp

Filesize
7.7MB

Download
memory/4424-2317-0x00000000051A0000-0x00000000051B0000-memory.dmp

Filesize
64KB

Download
memory/4424-2194-0x0000000075210000-0x00000000759C0000-memory.dmp

Filesize
7.7MB

Download
memory/4772-2063-0x0000000075210000-0x00000000759C0000-memory.dmp

Filesize
7.7MB

Download
memory/4772-2076-0x0000000075210000-0x00000000759C0000-memory.dmp

Filesize
7.7MB

Download
memory/4772-2075-0x0000000005770000-0x0000000005780000-memory.dmp

Filesize
64KB

Download
memory/4784-2762-0x00007FF6A07E0000-0x00007FF6A2124000-memory.dmp

Filesize
25.3MB

Download
memory/5512-2367-0x00007FF6A07E0000-0x00007FF6A2124000-memory.dmp

Filesize
25.3MB

Download
memory/5712-2305-0x00007FF6A07E0000-0x00007FF6A2124000-memory.dmp

Filesize
25.3MB

Download
memory/5712-2259-0x00007FF6A07E0000-0x00007FF6A2124000-memory.dmp

Filesize
25.3MB

Download
memory/6220-2292-0x0000000005A70000-0x0000000005A80000-memory.dmp

Filesize
64KB

Download
memory/6220-2054-0x0000000075210000-0x00000000759C0000-memory.dmp

Filesize
7.7MB

Download
memory/6220-2182-0x0000000075210000-0x00000000759C0000-memory.dmp

Filesize
7.7MB

Download
memory/6220-2298-0x0000000075210000-0x00000000759C0000-memory.dmp

Filesize
7.7MB

Download
memory/6316-2728-0x000001FCC7DC0000-0x000001FCC7DC1000-memory.dmp

Filesize
4KB

Download
memory/6316-2727-0x000001FCC7DC0000-0x000001FCC7DC1000-memory.dmp

Filesize
4KB

Download
memory/6316-2733-0x000001FCC7DC0000-0x000001FCC7DC1000-memory.dmp

Filesize
4KB

Download
memory/6316-2732-0x000001FCC7DC0000-0x000001FCC7DC1000-memory.dmp

Filesize
4KB

Download
memory/6316-2721-0x000001FCC7DC0000-0x000001FCC7DC1000-memory.dmp

Filesize
4KB

Download
memory/6316-2722-0x000001FCC7DC0000-0x000001FCC7DC1000-memory.dmp

Filesize
4KB

Download
memory/6316-2723-0x000001FCC7DC0000-0x000001FCC7DC1000-memory.dmp

Filesize
4KB

Download
memory/6316-2730-0x000001FCC7DC0000-0x000001FCC7DC1000-memory.dmp

Filesize
4KB

Download
memory/6316-2731-0x000001FCC7DC0000-0x000001FCC7DC1000-memory.dmp

Filesize
4KB

Download
memory/6316-2729-0x000001FCC7DC0000-0x000001FCC7DC1000-memory.dmp

Filesize
4KB

Download
memory/6844-1490-0x0000000000180000-0x0000000000194000-memory.dmp

Filesize
80KB

Download
memory/6844-1494-0x0000000075210000-0x00000000759C0000-memory.dmp

Filesize
7.7MB

Download
memory/6844-1491-0x0000000075210000-0x00000000759C0000-memory.dmp

Filesize
7.7MB

Download
memory/6972-1660-0x0000000001070000-0x0000000001080000-memory.dmp

Filesize
64KB

Download
memory/6972-1659-0x0000000075210000-0x00000000759C0000-memory.dmp

Filesize
7.7MB

Download
memory/6972-1661-0x0000000075210000-0x00000000759C0000-memory.dmp

Filesize
7.7MB

Download