eternity | hxxp://linktr[.]ee/murderis

Analysis

max time kernel
2635s
max time network
2710s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
08-04-2024 17:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://linktr.ee/murderis

Score

10^/10

eternity evasion stealer trojan

Malware Config

Signatures

Contains code to disable Windows Defender 1 IoCs

A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

resource	yara_rule
behavioral1/memory/2316-0-0x0000000000770000-0x0000000000866000-memory.dmp	disable_win_def

Detects Eternity stealer 1 IoCs

stealer

resource	yara_rule
behavioral1/memory/2316-0-0x0000000000770000-0x0000000000866000-memory.dmp	eternity_stealer

Eternity
Eternity Project is a malware kit offering an info stealer, clipper, worm, coin miner, ransomware, and DDoS bot.
eternity

Modifies Windows Defender Real-time Protection settings 3 TTPs 43 IoCs

evasion trojan

Modify Registry

T1112

Windows Service

T1543.003

Disable or Modify Tools

T1562.001

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableScanOnRealtimeEnable = "1"	GrowHack.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableOnAccessProtection = "1"	GrowHack.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableScanOnRealtimeEnable = "1"	GrowHack.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableBehaviorMonitoring = "1"	GrowHack.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableOnAccessProtection = "1"	GrowHack.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableBehaviorMonitoring = "1"	GrowHack.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableScanOnRealtimeEnable = "1"	GrowHack.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableOnAccessProtection = "1"	GrowHack.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableScanOnRealtimeEnable = "1"	GrowHack.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableBehaviorMonitoring = "1"	GrowHack.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableBehaviorMonitoring = "1"	GrowHack.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableScanOnRealtimeEnable = "1"	GrowHack.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableOnAccessProtection = "1"	GrowHack.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableBehaviorMonitoring = "1"	GrowHack.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableScanOnRealtimeEnable = "1"	GrowHack.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableBehaviorMonitoring = "1"	GrowHack.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableOnAccessProtection = "1"	GrowHack.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection	GrowHack.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableBehaviorMonitoring = "1"	GrowHack.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableOnAccessProtection = "1"	GrowHack.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableBehaviorMonitoring = "1"	GrowHack.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableScanOnRealtimeEnable = "1"	GrowHack.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableScanOnRealtimeEnable = "1"	GrowHack.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableOnAccessProtection = "1"	GrowHack.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableOnAccessProtection = "1"	GrowHack.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableOnAccessProtection = "1"	GrowHack.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableBehaviorMonitoring = "1"	GrowHack.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableOnAccessProtection = "1"	GrowHack.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableOnAccessProtection = "1"	GrowHack.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableOnAccessProtection = "1"	GrowHack.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableBehaviorMonitoring = "1"	GrowHack.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableScanOnRealtimeEnable = "1"	GrowHack.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableBehaviorMonitoring = "1"	GrowHack.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableOnAccessProtection = "1"	GrowHack.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableScanOnRealtimeEnable = "1"	GrowHack.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableOnAccessProtection = "1"	GrowHack.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableScanOnRealtimeEnable = "1"	GrowHack.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableBehaviorMonitoring = "1"	GrowHack.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableScanOnRealtimeEnable = "1"	GrowHack.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableBehaviorMonitoring = "1"	GrowHack.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableBehaviorMonitoring = "1"	GrowHack.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableScanOnRealtimeEnable = "1"	GrowHack.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableScanOnRealtimeEnable = "1"	GrowHack.exe

Executes dropped EXE 14 IoCs

pid	Process
2300	dcd.exe
5952	dcd.exe
1144	dcd.exe
5752	dcd.exe
2152	dcd.exe
5580	dcd.exe
5612	dcd.exe
4568	dcd.exe
5900	dcd.exe
5288	dcd.exe
3528	dcd.exe
4220	dcd.exe
1600	dcd.exe
3568	dcd.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 20 IoCs

Web Service

T1102

flow	ioc
756	discord.com
818	discord.com
1494	discord.com
1659	discord.com
1771	discord.com
1796	discord.com
1783	discord.com
755	discord.com
1495	discord.com
1647	discord.com
1666	discord.com
1667	discord.com
1681	discord.com
784	discord.com
786	discord.com
1795	discord.com
757	discord.com
817	discord.com
1661	discord.com
1781	discord.com

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe

Modifies registry class 6 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	explorer.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1904519900-954640453-4250331663-1000\{58FBF557-79F1-4776-BA00-A37894902421}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000_Classes\Local Settings	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	explorer.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
628	powershell.exe
628	powershell.exe
628	powershell.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2996	taskmgr.exe

Suspicious use of AdjustPrivilegeToken 35 IoCs

description	pid	Process
Token: 33	4712	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4712	AUDIODG.EXE
Token: SeDebugPrivilege	2316	GrowHack.exe
Token: SeDebugPrivilege	628	powershell.exe
Token: SeDebugPrivilege	2996	taskmgr.exe
Token: SeSystemProfilePrivilege	2996	taskmgr.exe
Token: SeCreateGlobalPrivilege	2996	taskmgr.exe
Token: SeDebugPrivilege	5432	GrowHack.exe
Token: SeDebugPrivilege	4220	powershell.exe
Token: SeDebugPrivilege	5600	GrowHack.exe
Token: SeDebugPrivilege	4740	powershell.exe
Token: 33	2996	taskmgr.exe
Token: SeIncBasePriorityPrivilege	2996	taskmgr.exe
Token: SeDebugPrivilege	5480	GrowHack.exe
Token: SeDebugPrivilege	3688	powershell.exe
Token: SeDebugPrivilege	5728	GrowHack.exe
Token: SeDebugPrivilege	392	GrowHack.exe
Token: SeDebugPrivilege	2004	GrowHack.exe
Token: SeDebugPrivilege	5076	GrowHack.exe
Token: SeDebugPrivilege	1972	GrowHack.exe
Token: SeDebugPrivilege	5016	GrowHack.exe
Token: SeDebugPrivilege	4320	GrowHack.exe
Token: SeDebugPrivilege	4976	GrowHack.exe
Token: SeDebugPrivilege	2124	powershell.exe
Token: SeDebugPrivilege	2632	GrowHack.exe
Token: SeDebugPrivilege	5804	GrowHack.exe
Token: SeDebugPrivilege	5932	powershell.exe
Token: SeDebugPrivilege	5720	powershell.exe
Token: SeDebugPrivilege	5384	powershell.exe
Token: SeDebugPrivilege	5772	powershell.exe
Token: SeDebugPrivilege	1164	powershell.exe
Token: SeDebugPrivilege	5532	powershell.exe
Token: SeDebugPrivilege	5284	powershell.exe
Token: SeDebugPrivilege	1600	powershell.exe
Token: SeDebugPrivilege	6228	powershell.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe
2996	taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2316 wrote to memory of 2300	2316	GrowHack.exe	136
PID 2316 wrote to memory of 2300	2316	GrowHack.exe	136
PID 2316 wrote to memory of 2300	2316	GrowHack.exe	136
PID 2316 wrote to memory of 628	2316	GrowHack.exe	137
PID 2316 wrote to memory of 628	2316	GrowHack.exe	137
PID 5432 wrote to memory of 5952	5432	GrowHack.exe	174
PID 5432 wrote to memory of 5952	5432	GrowHack.exe	174
PID 5432 wrote to memory of 5952	5432	GrowHack.exe	174
PID 5432 wrote to memory of 4220	5432	GrowHack.exe	175
PID 5432 wrote to memory of 4220	5432	GrowHack.exe	175
PID 5600 wrote to memory of 1144	5600	GrowHack.exe	180
PID 5600 wrote to memory of 1144	5600	GrowHack.exe	180
PID 5600 wrote to memory of 1144	5600	GrowHack.exe	180
PID 5600 wrote to memory of 4740	5600	GrowHack.exe	181
PID 5600 wrote to memory of 4740	5600	GrowHack.exe	181
PID 5480 wrote to memory of 5752	5480	GrowHack.exe	188
PID 5480 wrote to memory of 5752	5480	GrowHack.exe	188
PID 5480 wrote to memory of 5752	5480	GrowHack.exe	188
PID 5480 wrote to memory of 3688	5480	GrowHack.exe	189
PID 5480 wrote to memory of 3688	5480	GrowHack.exe	189
PID 5728 wrote to memory of 2152	5728	GrowHack.exe	198
PID 5728 wrote to memory of 2152	5728	GrowHack.exe	198
PID 5728 wrote to memory of 2152	5728	GrowHack.exe	198
PID 392 wrote to memory of 5580	392	GrowHack.exe	203
PID 392 wrote to memory of 5580	392	GrowHack.exe	203
PID 392 wrote to memory of 5580	392	GrowHack.exe	203
PID 5728 wrote to memory of 2124	5728	GrowHack.exe	205
PID 5728 wrote to memory of 2124	5728	GrowHack.exe	205
PID 2004 wrote to memory of 4568	2004	GrowHack.exe	207
PID 2004 wrote to memory of 4568	2004	GrowHack.exe	207
PID 2004 wrote to memory of 4568	2004	GrowHack.exe	207
PID 5076 wrote to memory of 5612	5076	GrowHack.exe	208
PID 5076 wrote to memory of 5612	5076	GrowHack.exe	208
PID 5076 wrote to memory of 5612	5076	GrowHack.exe	208
PID 1972 wrote to memory of 5900	1972	GrowHack.exe	209
PID 1972 wrote to memory of 5900	1972	GrowHack.exe	209
PID 1972 wrote to memory of 5900	1972	GrowHack.exe	209
PID 392 wrote to memory of 5932	392	GrowHack.exe	210
PID 392 wrote to memory of 5932	392	GrowHack.exe	210
PID 5016 wrote to memory of 5288	5016	GrowHack.exe	212
PID 5016 wrote to memory of 5288	5016	GrowHack.exe	212
PID 5016 wrote to memory of 5288	5016	GrowHack.exe	212
PID 4320 wrote to memory of 3528	4320	GrowHack.exe	213
PID 4320 wrote to memory of 3528	4320	GrowHack.exe	213
PID 4320 wrote to memory of 3528	4320	GrowHack.exe	213
PID 5076 wrote to memory of 5720	5076	GrowHack.exe	215
PID 5076 wrote to memory of 5720	5076	GrowHack.exe	215
PID 2632 wrote to memory of 4220	2632	GrowHack.exe	214
PID 2632 wrote to memory of 4220	2632	GrowHack.exe	214
PID 2632 wrote to memory of 4220	2632	GrowHack.exe	214
PID 2004 wrote to memory of 5384	2004	GrowHack.exe	216
PID 2004 wrote to memory of 5384	2004	GrowHack.exe	216
PID 4976 wrote to memory of 1600	4976	GrowHack.exe	228
PID 4976 wrote to memory of 1600	4976	GrowHack.exe	228
PID 4976 wrote to memory of 1600	4976	GrowHack.exe	228
PID 1972 wrote to memory of 5772	1972	GrowHack.exe	220
PID 1972 wrote to memory of 5772	1972	GrowHack.exe	220
PID 5804 wrote to memory of 3568	5804	GrowHack.exe	222
PID 5804 wrote to memory of 3568	5804	GrowHack.exe	222
PID 5804 wrote to memory of 3568	5804	GrowHack.exe	222
PID 5016 wrote to memory of 1164	5016	GrowHack.exe	223
PID 5016 wrote to memory of 1164	5016	GrowHack.exe	223
PID 4320 wrote to memory of 5284	4320	GrowHack.exe	225
PID 4320 wrote to memory of 5284	4320	GrowHack.exe	225

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://linktr.ee/murderis
1⤵
PID:216

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=5424 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:1
1⤵
PID:3396

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=5780 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:1
1⤵
PID:3696

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5940 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:8
1⤵
PID:740

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5524 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:1
1⤵
PID:4976

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=5580 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:1
1⤵
PID:880

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5672 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:8
1⤵
PID:3560

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --mojo-platform-channel-handle=5620 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:1
1⤵
PID:1972

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_xpay_wallet.mojom.EdgeXPayWalletService --lang=en-US --service-sandbox-type=utility --no-appcompat-clear --mojo-platform-channel-handle=6008 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:8
1⤵
PID:3848

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --mojo-platform-channel-handle=5244 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:8
1⤵
PID:2296

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x314 0x4fc
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4712

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --no-appcompat-clear --mojo-platform-channel-handle=6236 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:8
1⤵
PID:4224

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --mojo-platform-channel-handle=6308 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:1
1⤵
PID:3700

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=6772 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:8
1⤵
PID:4572

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=29 --mojo-platform-channel-handle=6988 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:1
1⤵
PID:4244

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=7068 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:8
1⤵
PID:60

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=31 --mojo-platform-channel-handle=6556 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:1
1⤵
PID:4020

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=32 --mojo-platform-channel-handle=5760 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:1
1⤵
PID:4452

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=33 --mojo-platform-channel-handle=7404 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:1
1⤵
PID:4960

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=34 --mojo-platform-channel-handle=6648 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:1
1⤵
PID:2848

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=3876 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:8
1⤵
- Modifies registry class
PID:3180

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=36 --mojo-platform-channel-handle=7588 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:1
1⤵
PID:2020

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=37 --mojo-platform-channel-handle=7524 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:1
1⤵
PID:4952

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=38 --mojo-platform-channel-handle=7688 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:1
1⤵
PID:3216

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=39 --mojo-platform-channel-handle=6288 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:1
1⤵
PID:2756

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=41 --mojo-platform-channel-handle=7812 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:1
1⤵
PID:5008

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=42 --mojo-platform-channel-handle=7024 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:1
1⤵
PID:1972

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=43 --mojo-platform-channel-handle=7924 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:1
1⤵
PID:4636

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=44 --mojo-platform-channel-handle=7176 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:1
1⤵
PID:2336

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=6356 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:8
1⤵
PID:3632

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --mojo-platform-channel-handle=7776 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:8
1⤵
PID:3536

C:\Users\Admin\Downloads\GrowHack.exe
"C:\Users\Admin\Downloads\GrowHack.exe"
1⤵
- Modifies Windows Defender Real-time Protection settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2316
- C:\Users\Admin\AppData\Local\Temp\dcd.exe
  "C:\Users\Admin\AppData\Local\Temp\dcd.exe" -path=""
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "powershell" Get-MpPreference -verbose
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:628

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2996

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaulta3664699he08eh464fhb489hcc134d858bb4
1⤵
PID:5588

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
1⤵
PID:5808

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault21e4f25fh0bcdh4675h8c70h2fc4554fddc0
1⤵
PID:6012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaultf5d4896eh968bh4c8fhbce5h08c33ce86d4f
1⤵
PID:5544

C:\Windows\system32\SystemSettingsAdminFlows.exe
"C:\Windows\system32\SystemSettingsAdminFlows.exe" TurnOffDevicePortal
1⤵
PID:1084

C:\Windows\system32\SystemSettingsAdminFlows.exe
"C:\Windows\system32\SystemSettingsAdminFlows.exe" TurnOffDevicePortal
1⤵
PID:5980

C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=6384 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:8
1⤵
PID:5736

C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=6384 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:8
1⤵
PID:5392

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:6120

C:\Users\Admin\Desktop\GrowHack.exe
"C:\Users\Admin\Desktop\GrowHack.exe"
1⤵
- Modifies Windows Defender Real-time Protection settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:5432
- C:\Users\Admin\AppData\Local\Temp\dcd.exe
  "C:\Users\Admin\AppData\Local\Temp\dcd.exe" -path=""
  2⤵
  - Executes dropped EXE
  PID:5952
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "powershell" Get-MpPreference -verbose
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:4220

C:\Users\Admin\Desktop\GrowHack.exe
"C:\Users\Admin\Desktop\GrowHack.exe"
1⤵
- Modifies Windows Defender Real-time Protection settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:5600
- C:\Users\Admin\AppData\Local\Temp\dcd.exe
  "C:\Users\Admin\AppData\Local\Temp\dcd.exe" -path=""
  2⤵
  - Executes dropped EXE
  PID:1144
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "powershell" Get-MpPreference -verbose
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:4740

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:6132

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
PID:5004

C:\Users\Admin\Desktop\GrowHack.exe
"C:\Users\Admin\Desktop\GrowHack.exe"
1⤵
- Modifies Windows Defender Real-time Protection settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:5480
- C:\Users\Admin\AppData\Local\Temp\dcd.exe
  "C:\Users\Admin\AppData\Local\Temp\dcd.exe" -path=""
  2⤵
  - Executes dropped EXE
  PID:5752
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "powershell" Get-MpPreference -verbose
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:3688

C:\Users\Admin\Desktop\GrowHack.exe
"C:\Users\Admin\Desktop\GrowHack.exe"
1⤵
- Modifies Windows Defender Real-time Protection settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:5728
- C:\Users\Admin\AppData\Local\Temp\dcd.exe
  "C:\Users\Admin\AppData\Local\Temp\dcd.exe" -path=""
  2⤵
  - Executes dropped EXE
  PID:2152
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "powershell" Get-MpPreference -verbose
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:2124

C:\Users\Admin\Desktop\GrowHack.exe
"C:\Users\Admin\Desktop\GrowHack.exe"
1⤵
- Modifies Windows Defender Real-time Protection settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:392
- C:\Users\Admin\AppData\Local\Temp\dcd.exe
  "C:\Users\Admin\AppData\Local\Temp\dcd.exe" -path=""
  2⤵
  - Executes dropped EXE
  PID:5580
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "powershell" Get-MpPreference -verbose
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:5932

C:\Users\Admin\Desktop\GrowHack.exe
"C:\Users\Admin\Desktop\GrowHack.exe"
1⤵
- Modifies Windows Defender Real-time Protection settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2004
- C:\Users\Admin\AppData\Local\Temp\dcd.exe
  "C:\Users\Admin\AppData\Local\Temp\dcd.exe" -path=""
  2⤵
  - Executes dropped EXE
  PID:4568
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "powershell" Get-MpPreference -verbose
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:5384

C:\Users\Admin\Desktop\GrowHack.exe
"C:\Users\Admin\Desktop\GrowHack.exe"
1⤵
- Modifies Windows Defender Real-time Protection settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:5076
- C:\Users\Admin\AppData\Local\Temp\dcd.exe
  "C:\Users\Admin\AppData\Local\Temp\dcd.exe" -path=""
  2⤵
  - Executes dropped EXE
  PID:5612
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "powershell" Get-MpPreference -verbose
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:5720

C:\Users\Admin\Desktop\GrowHack.exe
"C:\Users\Admin\Desktop\GrowHack.exe"
1⤵
- Modifies Windows Defender Real-time Protection settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1972
- C:\Users\Admin\AppData\Local\Temp\dcd.exe
  "C:\Users\Admin\AppData\Local\Temp\dcd.exe" -path=""
  2⤵
  - Executes dropped EXE
  PID:5900
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "powershell" Get-MpPreference -verbose
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:5772

C:\Users\Admin\Desktop\GrowHack.exe
"C:\Users\Admin\Desktop\GrowHack.exe"
1⤵
- Modifies Windows Defender Real-time Protection settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:5016
- C:\Users\Admin\AppData\Local\Temp\dcd.exe
  "C:\Users\Admin\AppData\Local\Temp\dcd.exe" -path=""
  2⤵
  - Executes dropped EXE
  PID:5288
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "powershell" Get-MpPreference -verbose
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:1164

C:\Users\Admin\Desktop\GrowHack.exe
"C:\Users\Admin\Desktop\GrowHack.exe"
1⤵
- Modifies Windows Defender Real-time Protection settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4976
- C:\Users\Admin\AppData\Local\Temp\dcd.exe
  "C:\Users\Admin\AppData\Local\Temp\dcd.exe" -path=""
  2⤵
  - Executes dropped EXE
  PID:1600
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "powershell" Get-MpPreference -verbose
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:1600

C:\Users\Admin\Desktop\GrowHack.exe
"C:\Users\Admin\Desktop\GrowHack.exe"
1⤵
- Modifies Windows Defender Real-time Protection settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4320
- C:\Users\Admin\AppData\Local\Temp\dcd.exe
  "C:\Users\Admin\AppData\Local\Temp\dcd.exe" -path=""
  2⤵
  - Executes dropped EXE
  PID:3528
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "powershell" Get-MpPreference -verbose
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:5284

C:\Users\Admin\Desktop\GrowHack.exe
"C:\Users\Admin\Desktop\GrowHack.exe"
1⤵
- Modifies Windows Defender Real-time Protection settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2632
- C:\Users\Admin\AppData\Local\Temp\dcd.exe
  "C:\Users\Admin\AppData\Local\Temp\dcd.exe" -path=""
  2⤵
  - Executes dropped EXE
  PID:4220
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "powershell" Get-MpPreference -verbose
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:5532

C:\Users\Admin\Desktop\GrowHack.exe
"C:\Users\Admin\Desktop\GrowHack.exe"
1⤵
- Modifies Windows Defender Real-time Protection settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:5804
- C:\Users\Admin\AppData\Local\Temp\dcd.exe
  "C:\Users\Admin\AppData\Local\Temp\dcd.exe" -path=""
  2⤵
  - Executes dropped EXE
  PID:3568
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "powershell" Get-MpPreference -verbose
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:6228

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=48 --mojo-platform-channel-handle=5772 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:1
1⤵
PID:5560

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=49 --mojo-platform-channel-handle=8096 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:1
1⤵
PID:5872

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=50 --mojo-platform-channel-handle=6372 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:1
1⤵
PID:452

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=51 --mojo-platform-channel-handle=7932 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:1
1⤵
PID:4088

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=52 --mojo-platform-channel-handle=7844 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:1
1⤵
PID:6108

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=54 --mojo-platform-channel-handle=8100 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:1
1⤵
PID:4696

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=55 --mojo-platform-channel-handle=8068 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:1
1⤵
PID:2804

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=56 --mojo-platform-channel-handle=8212 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:1
1⤵
PID:6928

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=57 --mojo-platform-channel-handle=8088 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:1
1⤵
PID:6080

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=58 --mojo-platform-channel-handle=7844 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:1
1⤵
PID:4648

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6400 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:8
1⤵
PID:3608

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=8524 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:8
1⤵
PID:1576

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=61 --mojo-platform-channel-handle=8168 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:1
1⤵
PID:5856

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=62 --mojo-platform-channel-handle=8820 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:1
1⤵
PID:6188

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=63 --mojo-platform-channel-handle=8212 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:1
1⤵
PID:220

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=64 --mojo-platform-channel-handle=7788 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:1
1⤵
PID:5132

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=66 --mojo-platform-channel-handle=8108 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:1
1⤵
PID:6428

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=67 --mojo-platform-channel-handle=6456 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:1
1⤵
PID:6568

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=68 --mojo-platform-channel-handle=9104 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:1
1⤵
PID:6336

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=69 --mojo-platform-channel-handle=4452 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:1
1⤵
PID:4420

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=70 --mojo-platform-channel-handle=8152 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:1
1⤵
PID:1148

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=71 --mojo-platform-channel-handle=5464 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:1
1⤵
PID:5240

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=72 --mojo-platform-channel-handle=5888 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:1
1⤵
PID:5220

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=73 --mojo-platform-channel-handle=9064 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:1
1⤵
PID:6664

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=74 --mojo-platform-channel-handle=5616 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:1
1⤵
PID:1896

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=75 --mojo-platform-channel-handle=8344 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:1
1⤵
PID:5392

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=76 --mojo-platform-channel-handle=7704 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:1
1⤵
PID:1704

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=77 --mojo-platform-channel-handle=6440 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:1
1⤵
PID:2244

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=78 --mojo-platform-channel-handle=8448 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:1
1⤵
PID:6672

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=79 --mojo-platform-channel-handle=9324 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:1
1⤵
PID:6456

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=80 --mojo-platform-channel-handle=9340 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:1
1⤵
PID:4220

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=81 --mojo-platform-channel-handle=9452 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:1
1⤵
PID:6728

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=82 --mojo-platform-channel-handle=9456 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:1
1⤵
PID:4808

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=83 --mojo-platform-channel-handle=9868 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:1
1⤵
PID:4108

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=84 --mojo-platform-channel-handle=10024 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:1
1⤵
PID:4624

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=85 --mojo-platform-channel-handle=10244 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:1
1⤵
PID:7028

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=86 --mojo-platform-channel-handle=10400 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:1
1⤵
PID:5016

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=87 --mojo-platform-channel-handle=10568 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:1
1⤵
PID:5164

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=88 --mojo-platform-channel-handle=10684 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:1
1⤵
PID:7044

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=89 --mojo-platform-channel-handle=10820 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:1
1⤵
PID:6016

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=90 --mojo-platform-channel-handle=10952 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:1
1⤵
PID:6444

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=91 --mojo-platform-channel-handle=11104 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:1
1⤵
PID:6500

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=92 --mojo-platform-channel-handle=11260 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:1
1⤵
PID:6688

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=93 --mojo-platform-channel-handle=11392 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:1
1⤵
PID:1624

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=94 --mojo-platform-channel-handle=11548 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:1
1⤵
PID:2024

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=95 --mojo-platform-channel-handle=11436 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:1
1⤵
PID:1372

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=96 --mojo-platform-channel-handle=11840 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:1
1⤵
PID:5984

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=98 --mojo-platform-channel-handle=11952 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:1
1⤵
PID:6572

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=99 --mojo-platform-channel-handle=12032 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:1
1⤵
PID:1988

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=100 --mojo-platform-channel-handle=12248 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:1
1⤵
PID:2560

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=101 --mojo-platform-channel-handle=12400 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:1
1⤵
PID:5440

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=102 --mojo-platform-channel-handle=12572 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:1
1⤵
PID:6592

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=103 --mojo-platform-channel-handle=12304 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:1
1⤵
PID:4316

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=104 --mojo-platform-channel-handle=12344 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:1
1⤵
PID:4228

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=105 --mojo-platform-channel-handle=11524 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:1
1⤵
PID:4236

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=106 --mojo-platform-channel-handle=9472 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:1
1⤵
PID:4968

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=107 --mojo-platform-channel-handle=9460 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:1
1⤵
PID:3044

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=108 --mojo-platform-channel-handle=9768 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:1
1⤵
PID:724

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=109 --mojo-platform-channel-handle=9576 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:1
1⤵
PID:6576

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=110 --mojo-platform-channel-handle=9528 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:1
1⤵
PID:5520

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=111 --mojo-platform-channel-handle=10120 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:1
1⤵
PID:1968

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=112 --mojo-platform-channel-handle=9420 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:1
1⤵
PID:5576

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=113 --mojo-platform-channel-handle=9424 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:1
1⤵
PID:2496

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=114 --mojo-platform-channel-handle=11732 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:1
1⤵
PID:7016

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=115 --mojo-platform-channel-handle=3904 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:1
1⤵
PID:1092

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=116 --mojo-platform-channel-handle=9300 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:1
1⤵
PID:1600

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=117 --mojo-platform-channel-handle=9496 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:1
1⤵
PID:6620

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=118 --mojo-platform-channel-handle=10416 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:1
1⤵
PID:6360

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=119 --mojo-platform-channel-handle=12256 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:1
1⤵
PID:6524

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=120 --mojo-platform-channel-handle=11256 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:1
1⤵
PID:3800

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=121 --mojo-platform-channel-handle=11680 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:1
1⤵
PID:5288

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=122 --mojo-platform-channel-handle=11668 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:1
1⤵
PID:5528

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=123 --mojo-platform-channel-handle=11200 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:1
1⤵
PID:2696

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=124 --mojo-platform-channel-handle=11144 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:1
1⤵
PID:5044

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=125 --mojo-platform-channel-handle=11320 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:1
1⤵
PID:4956

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=126 --mojo-platform-channel-handle=10928 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:1
1⤵
PID:5188

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=127 --mojo-platform-channel-handle=11920 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:1
1⤵
PID:3236

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=128 --mojo-platform-channel-handle=10612 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:1
1⤵
PID:2408

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=129 --mojo-platform-channel-handle=11864 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:1
1⤵
PID:4528

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=130 --mojo-platform-channel-handle=11828 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:1
1⤵
PID:5184

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=131 --mojo-platform-channel-handle=9324 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:1
1⤵
PID:4152

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=132 --mojo-platform-channel-handle=7472 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:1
1⤵
PID:3848

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=133 --mojo-platform-channel-handle=10380 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:1
1⤵
PID:2172

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=134 --mojo-platform-channel-handle=7448 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:1
1⤵
PID:2188

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=135 --mojo-platform-channel-handle=10592 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:1
1⤵
PID:2912

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=136 --mojo-platform-channel-handle=12840 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:1
1⤵
PID:6232

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --no-appcompat-clear --mojo-platform-channel-handle=9892 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:8
1⤵
PID:4500

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=138 --mojo-platform-channel-handle=9324 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:1
1⤵
PID:5696

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=139 --mojo-platform-channel-handle=7776 --field-trial-handle=2268,i,8796662530135712346,11409037572378858775,262144 --variations-seed-version /prefetch:1
1⤵
PID:5796

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Impair Defenses

T1562

Disable or Modify Tools

T1562.001

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
2KB

MD5
d85ba6ff808d9e5444a4b369f5bc2730

SHA1
31aa9d96590fff6981b315e0b391b575e4c0804a

SHA256
84739c608a73509419748e4e20e6cc4e1846056c3fe1929a8300d5a1a488202f

SHA512
8c414eb55b45212af385accc16d9d562adba2123583ce70d22b91161fe878683845512a78f04dedd4ea98ed9b174dbfa98cf696370598ad8e6fbd1e714f1f249

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
944B

MD5
3b444d3f0ddea49d84cc7b3972abe0e6

SHA1
0a896b3808e68d5d72c2655621f43b0b2c65ae02

SHA256
ab075b491d20c6f66c7bd40b57538c1cfdaab5aac4715bfe3bbc7f4745860a74

SHA512
eb0ab5d68472ec42de4c9b6d84306d7bca3874be1d0ac572030a070f21a698432418068e1a6006ff88480be8c8f54c769dee74b2def403f734109dba7261f36b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
944B

MD5
5cfe303e798d1cc6c1dab341e7265c15

SHA1
cd2834e05191a24e28a100f3f8114d5a7708dc7c

SHA256
c4d16552769ca1762f6867bce85589c645ac3dc490b650083d74f853f898cfab

SHA512
ef151bbe0033a2caf2d40aff74855a3f42c8171e05a11c8ce93c7039d9430482c43fe93d9164ee94839aff253cad774dbf619dde9a8af38773ca66d59ac3400e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
944B

MD5
b740f7616c3c3d006afd7e1586758eeb

SHA1
c465af4c07ecb9e3de239c410d3b2ed5de93cdde

SHA256
c11b84252afa74e4f323fcbae853cb45217a65d70ac44dea182f9ec872bd9872

SHA512
d4dd7531d48a9f6d6432fe0d55cefc76139566c54514ba722d76e5bd4371bfca0e491939795883de21901eac98b1af7236ea83281a7dde8befe16719993f185e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
944B

MD5
4a40b6dc9559e70af09a5466cba5abc6

SHA1
d4cfd42fe9afe6c43489950849d9cd38302cb4d6

SHA256
743601e30b004830c766fe094f50404ab1e82eefb07f113417c11c1b70fbf861

SHA512
70387883cfdbc3ebbf46d73cc0bd9039db5fc02f48bdafb20f0f50c4c4368ddf834e2675a061e1feb3c7865d0187554e0656f5962327f28a3538b29e994f8519

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
944B

MD5
fe9b96bc4e29457b2d225a5412322a52

SHA1
551e29903e926b5d6c52a8f57cf10475ba790bd0

SHA256
e81b9bfd38a5199813d703d5caf75baa6f62847b2b9632302b5d6f10dd6cf997

SHA512
ff912526647f6266f37749dfdc3ed5fd37c35042ba481331434168704c827d128c22093ba73d7ad0cecde10365f0978fcd3f3e2af1a1c280cd2e592a62d5fa80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
944B

MD5
ec28c65997d5e7e11bf9ebe94ab13877

SHA1
2eb97f0ed8fc9098e5a5f9b22cc663b0614fe3c5

SHA256
b46bf3b17b6aaba2d1912ad952aa93f203aef41df2353c2a9b11493feb7416ca

SHA512
5a4768e37c2e9ef3b28042b2f0c1c43e648d623a31ac3e2188c9f05a15ee1c80b623fdaa1c9c29753d7d14286b8cf973dfc59c74006ece379a5e3f4ab6e12963

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
944B

MD5
bd5940f08d0be56e65e5f2aaf47c538e

SHA1
d7e31b87866e5e383ab5499da64aba50f03e8443

SHA256
2d2f364c75bd2897504249f42cdf1d19374f5230aad68fa9154ea3d03e3031a6

SHA512
c34d10c7e07da44a180fae9889b61f08903aa84e8ddfa80c31c272b1ef9d491b8cec6b8a4c836c3cb1583fe8f4955c6a8db872515de3a9e10eae09610c959406

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
944B

MD5
aba273eeba4876ea41ee0e64b4cbb51d

SHA1
bef5f75b81cf27268dc0d0f30f00b022f9288db9

SHA256
67fc3f5c3407858793c6fac6131b0f340667ffc567fa76b43245ecf2621322c9

SHA512
23dc2f0cfc68194dcbf407a6528cf9f9a8aa89f4821be22413bde036ae5ca44144b568aa3160372b9741f3d0f5baa48dff8a8b582bdedc3ad3fb121af340c0ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_gbgzalq2.eaa.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\dcd.exe

Filesize
227KB

MD5
b5ac46e446cead89892628f30a253a06

SHA1
f4ad1044a7f77a1b02155c3a355a1bb4177076ca

SHA256
def7afcb65126c4b04a7cbf08c693f357a707aa99858cac09a8d5e65f3177669

SHA512
bcabbac6f75c1d41364406db457c62f5135a78f763f6db08c1626f485c64db4d9ba3b3c8bc0b5508d917e445fd220ffa66ebc35221bd06560446c109818e8e87

Download Submit
memory/392-125-0x00007FFCBF040000-0x00007FFCBFB01000-memory.dmp

Filesize
10.8MB

Download
memory/392-128-0x000000001B4D0000-0x000000001B4E0000-memory.dmp

Filesize
64KB

Download
memory/392-138-0x000000001B4D0000-0x000000001B4E0000-memory.dmp

Filesize
64KB

Download
memory/392-129-0x000000001B4D0000-0x000000001B4E0000-memory.dmp

Filesize
64KB

Download
memory/628-22-0x00007FFCC0D80000-0x00007FFCC1841000-memory.dmp

Filesize
10.8MB

Download
memory/628-28-0x00007FFCC0D80000-0x00007FFCC1841000-memory.dmp

Filesize
10.8MB

Download
memory/628-17-0x00000248711B0000-0x00000248711D2000-memory.dmp

Filesize
136KB

Download
memory/628-23-0x0000024870B60000-0x0000024870B70000-memory.dmp

Filesize
64KB

Download
memory/628-24-0x0000024870B60000-0x0000024870B70000-memory.dmp

Filesize
64KB

Download
memory/628-25-0x0000024870B60000-0x0000024870B70000-memory.dmp

Filesize
64KB

Download
memory/1972-144-0x00000000021B0000-0x00000000021C0000-memory.dmp

Filesize
64KB

Download
memory/2004-126-0x00007FFCBF040000-0x00007FFCBFB01000-memory.dmp

Filesize
10.8MB

Download
memory/2004-137-0x0000000000DD0000-0x0000000000DE0000-memory.dmp

Filesize
64KB

Download
memory/2004-135-0x00007FFCBF040000-0x00007FFCBFB01000-memory.dmp

Filesize
10.8MB

Download
memory/2004-136-0x0000000000DD0000-0x0000000000DE0000-memory.dmp

Filesize
64KB

Download
memory/2316-7-0x000000001B3C0000-0x000000001B3FE000-memory.dmp

Filesize
248KB

Download
memory/2316-30-0x00007FFCC0D80000-0x00007FFCC1841000-memory.dmp

Filesize
10.8MB

Download
memory/2316-1-0x00007FFCC0D80000-0x00007FFCC1841000-memory.dmp

Filesize
10.8MB

Download
memory/2316-2-0x000000001B370000-0x000000001B3C0000-memory.dmp

Filesize
320KB

Download
memory/2316-3-0x00007FFCC0D80000-0x00007FFCC1841000-memory.dmp

Filesize
10.8MB

Download
memory/2316-0-0x0000000000770000-0x0000000000866000-memory.dmp

Filesize
984KB

Download
memory/2316-4-0x0000000001000000-0x0000000001001000-memory.dmp

Filesize
4KB

Download
memory/2316-5-0x0000000001030000-0x0000000001040000-memory.dmp

Filesize
64KB

Download
memory/2316-6-0x0000000001030000-0x0000000001040000-memory.dmp

Filesize
64KB

Download
memory/2316-29-0x00007FFCC0D80000-0x00007FFCC1841000-memory.dmp

Filesize
10.8MB

Download
memory/2996-40-0x000001F4FA510000-0x000001F4FA511000-memory.dmp

Filesize
4KB

Download
memory/2996-31-0x000001F4FA510000-0x000001F4FA511000-memory.dmp

Filesize
4KB

Download
memory/2996-39-0x000001F4FA510000-0x000001F4FA511000-memory.dmp

Filesize
4KB

Download
memory/2996-32-0x000001F4FA510000-0x000001F4FA511000-memory.dmp

Filesize
4KB

Download
memory/2996-33-0x000001F4FA510000-0x000001F4FA511000-memory.dmp

Filesize
4KB

Download
memory/2996-38-0x000001F4FA510000-0x000001F4FA511000-memory.dmp

Filesize
4KB

Download
memory/2996-42-0x000001F4FA510000-0x000001F4FA511000-memory.dmp

Filesize
4KB

Download
memory/2996-41-0x000001F4FA510000-0x000001F4FA511000-memory.dmp

Filesize
4KB

Download
memory/2996-37-0x000001F4FA510000-0x000001F4FA511000-memory.dmp

Filesize
4KB

Download
memory/2996-43-0x000001F4FA510000-0x000001F4FA511000-memory.dmp

Filesize
4KB

Download
memory/3688-115-0x00007FFCBF040000-0x00007FFCBFB01000-memory.dmp

Filesize
10.8MB

Download
memory/3688-116-0x0000020C326C0000-0x0000020C326D0000-memory.dmp

Filesize
64KB

Download
memory/3688-119-0x00007FFCBF040000-0x00007FFCBFB01000-memory.dmp

Filesize
10.8MB

Download
memory/3688-117-0x0000020C326C0000-0x0000020C326D0000-memory.dmp

Filesize
64KB

Download
memory/4220-66-0x000001DF8C1D0000-0x000001DF8C1E0000-memory.dmp

Filesize
64KB

Download
memory/4220-65-0x00007FFCBF040000-0x00007FFCBFB01000-memory.dmp

Filesize
10.8MB

Download
memory/4220-67-0x000001DF8C1D0000-0x000001DF8C1E0000-memory.dmp

Filesize
64KB

Download
memory/4220-69-0x00007FFCBF040000-0x00007FFCBFB01000-memory.dmp

Filesize
10.8MB

Download
memory/4320-148-0x00007FFCBF040000-0x00007FFCBFB01000-memory.dmp

Filesize
10.8MB

Download
memory/4740-80-0x000001EDE7A90000-0x000001EDE7AA0000-memory.dmp

Filesize
64KB

Download
memory/4740-79-0x00007FFCBF040000-0x00007FFCBFB01000-memory.dmp

Filesize
10.8MB

Download
memory/4740-95-0x00007FFCBF040000-0x00007FFCBFB01000-memory.dmp

Filesize
10.8MB

Download
memory/4740-93-0x000001EDE7A90000-0x000001EDE7AA0000-memory.dmp

Filesize
64KB

Download
memory/4740-92-0x000001EDE7A90000-0x000001EDE7AA0000-memory.dmp

Filesize
64KB

Download
memory/4740-90-0x000001EDE7A90000-0x000001EDE7AA0000-memory.dmp

Filesize
64KB

Download
memory/4976-147-0x00007FFCBF040000-0x00007FFCBFB01000-memory.dmp

Filesize
10.8MB

Download
memory/5016-139-0x00007FFCBF040000-0x00007FFCBFB01000-memory.dmp

Filesize
10.8MB

Download
memory/5076-141-0x0000000001010000-0x0000000001020000-memory.dmp

Filesize
64KB

Download
memory/5076-130-0x00007FFCBF040000-0x00007FFCBFB01000-memory.dmp

Filesize
10.8MB

Download
memory/5076-140-0x0000000001010000-0x0000000001020000-memory.dmp

Filesize
64KB

Download
memory/5432-70-0x00007FFCBF040000-0x00007FFCBFB01000-memory.dmp

Filesize
10.8MB

Download
memory/5432-49-0x000000001BCD0000-0x000000001BCE0000-memory.dmp

Filesize
64KB

Download
memory/5432-47-0x0000000003140000-0x0000000003141000-memory.dmp

Filesize
4KB

Download
memory/5432-48-0x000000001BCD0000-0x000000001BCE0000-memory.dmp

Filesize
64KB

Download
memory/5432-46-0x00007FFCBF040000-0x00007FFCBFB01000-memory.dmp

Filesize
10.8MB

Download
memory/5432-45-0x00007FFCBF040000-0x00007FFCBFB01000-memory.dmp

Filesize
10.8MB

Download
memory/5480-120-0x00007FFCBF040000-0x00007FFCBFB01000-memory.dmp

Filesize
10.8MB

Download
memory/5480-100-0x00007FFCBF040000-0x00007FFCBFB01000-memory.dmp

Filesize
10.8MB

Download
memory/5480-99-0x00007FFCBF040000-0x00007FFCBFB01000-memory.dmp

Filesize
10.8MB

Download
memory/5600-73-0x0000000002E40000-0x0000000002E50000-memory.dmp

Filesize
64KB

Download
memory/5600-96-0x00007FFCBF040000-0x00007FFCBFB01000-memory.dmp

Filesize
10.8MB

Download
memory/5600-74-0x0000000002E40000-0x0000000002E50000-memory.dmp

Filesize
64KB

Download
memory/5600-72-0x00007FFCBF040000-0x00007FFCBFB01000-memory.dmp

Filesize
10.8MB

Download
memory/5600-71-0x00007FFCBF040000-0x00007FFCBFB01000-memory.dmp

Filesize
10.8MB

Download
memory/5728-127-0x00000000027D0000-0x00000000027E0000-memory.dmp

Filesize
64KB

Download
memory/5728-123-0x00000000027D0000-0x00000000027E0000-memory.dmp

Filesize
64KB

Download
memory/5728-124-0x00000000027D0000-0x00000000027E0000-memory.dmp

Filesize
64KB

Download
memory/5728-122-0x00007FFCBF040000-0x00007FFCBFB01000-memory.dmp

Filesize
10.8MB

Download
memory/5728-121-0x00007FFCBF040000-0x00007FFCBFB01000-memory.dmp

Filesize
10.8MB

Download