hxxps://codesandbox[.]io/p/github/Noob961/Discord-Token-Grabber-V2/main?file=%2Ftoken_grabber[.]py

Analysis

max time kernel
1728s
max time network
1179s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
23/04/2024, 16:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://codesandbox.io/p/github/Noob961/Discord-Token-Grabber-V2/main?file=%2Ftoken_grabber.py

Score

1^/10

Malware Config

Signatures

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	WinStore.App.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	WinStore.App.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	WinStore.App.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	WinStore.App.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 33 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windowsstore_8wekyb3d8bbwe\Internet Settings\Cache\Extensible Cache	WinStore.App.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windowsstore_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CacheVersion = "1"	WinStore.App.exe
Key created	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\md_auto_file\shell\edit	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\md_auto_file\shell\open\command\ = "%SystemRoot%\\system32\\NOTEPAD.EXE %1"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\MuiCache	WinStore.App.exe
Key created	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windowsstore_8wekyb3d8bbwe\Internet Settings\Cache\Content	WinStore.App.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windowsstore_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix	WinStore.App.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windowsstore_8wekyb3d8bbwe\Internet Settings\Cache\History\CachePrefix = "Visited:"	WinStore.App.exe
Key created	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windowsstore_8wekyb3d8bbwe\Internet Settings\Cache\History	WinStore.App.exe
Key created	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\.md\ = "md_auto_file"	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\md_auto_file\shell\edit\command\ = "%SystemRoot%\\system32\\NOTEPAD.EXE %1"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\md_auto_file\shell\open	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windowsstore_8wekyb3d8bbwe\Internet Settings\Cache\Content\CacheLimit = "51200"	WinStore.App.exe
Key created	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windowsstore_8wekyb3d8bbwe\Internet Settings\Cache\Cookies	WinStore.App.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windowsstore_8wekyb3d8bbwe\Internet Settings\Cache\History\CacheLimit = "1"	WinStore.App.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\鍣殓㡰耀\ = "md_auto_file"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\md_auto_file\shell	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\md_auto_file\shell\edit\command	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windowsstore_8wekyb3d8bbwe\Internet Settings\Cache\Content\CacheVersion = "1"	WinStore.App.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windowsstore_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	WinStore.App.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windowsstore_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CacheLimit = "1"	WinStore.App.exe
Key created	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4084619521-2220719027-1909462854-1000\{78E53611-F681-47C3-83A2-09A6AAC1BB8B}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windowsstore_8wekyb3d8bbwe\Internet Settings	WinStore.App.exe
Key created	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\md_auto_file	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\鍣殓㡰耀	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\md_auto_file\shell\open\command	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windowsstore_8wekyb3d8bbwe\Internet Settings\Cache	WinStore.App.exe
Key created	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windowsstore_8wekyb3d8bbwe\Internet Settings\Cache\History\CacheVersion = "1"	WinStore.App.exe
Key created	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\.md	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 19 IoCs

pid	Process
4924	msedge.exe
4924	msedge.exe
3268	msedge.exe
3268	msedge.exe
2560	identity_helper.exe
2560	identity_helper.exe
5912	msedge.exe
5912	msedge.exe
5928	msedge.exe
5928	msedge.exe
3736	powershell.exe
3736	powershell.exe
3736	powershell.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
2600	msedge.exe
4560	msedge.exe
4560	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
508	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 36 IoCs

pid	Process
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeDebugPrivilege	3736	powershell.exe
Token: SeDebugPrivilege	2996	WinStore.App.exe
Token: SeDebugPrivilege	2996	WinStore.App.exe
Token: SeDebugPrivilege	2996	WinStore.App.exe
Token: SeRestorePrivilege	1980	7zG.exe
Token: 35	1980	7zG.exe
Token: SeSecurityPrivilege	1980	7zG.exe
Token: SeSecurityPrivilege	1980	7zG.exe

Suspicious use of FindShellTrayWindow 47 IoCs

pid	Process
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
1980	7zG.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe
3268	msedge.exe

Suspicious use of SetWindowsHookEx 23 IoCs

pid	Process
2996	WinStore.App.exe
2404	OpenWith.exe
2404	OpenWith.exe
2404	OpenWith.exe
6012	OpenWith.exe
6012	OpenWith.exe
6012	OpenWith.exe
4168	OpenWith.exe
508	OpenWith.exe
508	OpenWith.exe
508	OpenWith.exe
508	OpenWith.exe
508	OpenWith.exe
508	OpenWith.exe
508	OpenWith.exe
508	OpenWith.exe
508	OpenWith.exe
508	OpenWith.exe
508	OpenWith.exe
508	OpenWith.exe
508	OpenWith.exe
508	OpenWith.exe
508	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3268 wrote to memory of 2880	3268	msedge.exe	84
PID 3268 wrote to memory of 2880	3268	msedge.exe	84
PID 3268 wrote to memory of 4548	3268	msedge.exe	85
PID 3268 wrote to memory of 4548	3268	msedge.exe	85
PID 3268 wrote to memory of 4548	3268	msedge.exe	85
PID 3268 wrote to memory of 4548	3268	msedge.exe	85
PID 3268 wrote to memory of 4548	3268	msedge.exe	85
PID 3268 wrote to memory of 4548	3268	msedge.exe	85
PID 3268 wrote to memory of 4548	3268	msedge.exe	85
PID 3268 wrote to memory of 4548	3268	msedge.exe	85
PID 3268 wrote to memory of 4548	3268	msedge.exe	85
PID 3268 wrote to memory of 4548	3268	msedge.exe	85
PID 3268 wrote to memory of 4548	3268	msedge.exe	85
PID 3268 wrote to memory of 4548	3268	msedge.exe	85
PID 3268 wrote to memory of 4548	3268	msedge.exe	85
PID 3268 wrote to memory of 4548	3268	msedge.exe	85
PID 3268 wrote to memory of 4548	3268	msedge.exe	85
PID 3268 wrote to memory of 4548	3268	msedge.exe	85
PID 3268 wrote to memory of 4548	3268	msedge.exe	85
PID 3268 wrote to memory of 4548	3268	msedge.exe	85
PID 3268 wrote to memory of 4548	3268	msedge.exe	85
PID 3268 wrote to memory of 4548	3268	msedge.exe	85
PID 3268 wrote to memory of 4548	3268	msedge.exe	85
PID 3268 wrote to memory of 4548	3268	msedge.exe	85
PID 3268 wrote to memory of 4548	3268	msedge.exe	85
PID 3268 wrote to memory of 4548	3268	msedge.exe	85
PID 3268 wrote to memory of 4548	3268	msedge.exe	85
PID 3268 wrote to memory of 4548	3268	msedge.exe	85
PID 3268 wrote to memory of 4548	3268	msedge.exe	85
PID 3268 wrote to memory of 4548	3268	msedge.exe	85
PID 3268 wrote to memory of 4548	3268	msedge.exe	85
PID 3268 wrote to memory of 4548	3268	msedge.exe	85
PID 3268 wrote to memory of 4548	3268	msedge.exe	85
PID 3268 wrote to memory of 4548	3268	msedge.exe	85
PID 3268 wrote to memory of 4548	3268	msedge.exe	85
PID 3268 wrote to memory of 4548	3268	msedge.exe	85
PID 3268 wrote to memory of 4548	3268	msedge.exe	85
PID 3268 wrote to memory of 4548	3268	msedge.exe	85
PID 3268 wrote to memory of 4548	3268	msedge.exe	85
PID 3268 wrote to memory of 4548	3268	msedge.exe	85
PID 3268 wrote to memory of 4548	3268	msedge.exe	85
PID 3268 wrote to memory of 4548	3268	msedge.exe	85
PID 3268 wrote to memory of 4924	3268	msedge.exe	86
PID 3268 wrote to memory of 4924	3268	msedge.exe	86
PID 3268 wrote to memory of 4844	3268	msedge.exe	87
PID 3268 wrote to memory of 4844	3268	msedge.exe	87
PID 3268 wrote to memory of 4844	3268	msedge.exe	87
PID 3268 wrote to memory of 4844	3268	msedge.exe	87
PID 3268 wrote to memory of 4844	3268	msedge.exe	87
PID 3268 wrote to memory of 4844	3268	msedge.exe	87
PID 3268 wrote to memory of 4844	3268	msedge.exe	87
PID 3268 wrote to memory of 4844	3268	msedge.exe	87
PID 3268 wrote to memory of 4844	3268	msedge.exe	87
PID 3268 wrote to memory of 4844	3268	msedge.exe	87
PID 3268 wrote to memory of 4844	3268	msedge.exe	87
PID 3268 wrote to memory of 4844	3268	msedge.exe	87
PID 3268 wrote to memory of 4844	3268	msedge.exe	87
PID 3268 wrote to memory of 4844	3268	msedge.exe	87
PID 3268 wrote to memory of 4844	3268	msedge.exe	87
PID 3268 wrote to memory of 4844	3268	msedge.exe	87
PID 3268 wrote to memory of 4844	3268	msedge.exe	87
PID 3268 wrote to memory of 4844	3268	msedge.exe	87
PID 3268 wrote to memory of 4844	3268	msedge.exe	87
PID 3268 wrote to memory of 4844	3268	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://codesandbox.io/p/github/Noob961/Discord-Token-Grabber-V2/main?file=%2Ftoken_grabber.py
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa7dbe46f8,0x7ffa7dbe4708,0x7ffa7dbe4718
  2⤵
  PID:2880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,18406707246172447754,14325312639434686981,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
  2⤵
  PID:4548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,18406707246172447754,14325312639434686981,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2400 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,18406707246172447754,14325312639434686981,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
  2⤵
  PID:4844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18406707246172447754,14325312639434686981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:1136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18406707246172447754,14325312639434686981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:1852
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,18406707246172447754,14325312639434686981,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5604 /prefetch:8
  2⤵
  PID:3600
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,18406707246172447754,14325312639434686981,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5604 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2096,18406707246172447754,14325312639434686981,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6096 /prefetch:8
  2⤵
  PID:5280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18406707246172447754,14325312639434686981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1
  2⤵
  PID:5276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18406707246172447754,14325312639434686981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1
  2⤵
  PID:5432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18406707246172447754,14325312639434686981,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
  2⤵
  PID:5448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18406707246172447754,14325312639434686981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6300 /prefetch:1
  2⤵
  PID:5672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18406707246172447754,14325312639434686981,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6276 /prefetch:1
  2⤵
  PID:5680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2096,18406707246172447754,14325312639434686981,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4536 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18406707246172447754,14325312639434686981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
  2⤵
  PID:5276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18406707246172447754,14325312639434686981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
  2⤵
  PID:1876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2096,18406707246172447754,14325312639434686981,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6348 /prefetch:8
  2⤵
  PID:6040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2096,18406707246172447754,14325312639434686981,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6060 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:5928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18406707246172447754,14325312639434686981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6216 /prefetch:1
  2⤵
  PID:2424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18406707246172447754,14325312639434686981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
  2⤵
  PID:5372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18406707246172447754,14325312639434686981,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:1
  2⤵
  PID:5384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18406707246172447754,14325312639434686981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6160 /prefetch:1
  2⤵
  PID:4160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18406707246172447754,14325312639434686981,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6840 /prefetch:1
  2⤵
  PID:4596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18406707246172447754,14325312639434686981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4656 /prefetch:1
  2⤵
  PID:5668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18406707246172447754,14325312639434686981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7080 /prefetch:1
  2⤵
  PID:4284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18406707246172447754,14325312639434686981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7060 /prefetch:1
  2⤵
  PID:1932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18406707246172447754,14325312639434686981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6800 /prefetch:1
  2⤵
  PID:1988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18406707246172447754,14325312639434686981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6716 /prefetch:1
  2⤵
  PID:5848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18406707246172447754,14325312639434686981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7104 /prefetch:1
  2⤵
  PID:5492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18406707246172447754,14325312639434686981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6336 /prefetch:1
  2⤵
  PID:3196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18406707246172447754,14325312639434686981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6632 /prefetch:1
  2⤵
  PID:964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18406707246172447754,14325312639434686981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6440 /prefetch:1
  2⤵
  PID:5864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18406707246172447754,14325312639434686981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6232 /prefetch:1
  2⤵
  PID:4180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18406707246172447754,14325312639434686981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1
  2⤵
  PID:3068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18406707246172447754,14325312639434686981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6224 /prefetch:1
  2⤵
  PID:1484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18406707246172447754,14325312639434686981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6280 /prefetch:1
  2⤵
  PID:5512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18406707246172447754,14325312639434686981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1
  2⤵
  PID:5464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18406707246172447754,14325312639434686981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2384 /prefetch:1
  2⤵
  PID:4276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,18406707246172447754,14325312639434686981,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4728 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18406707246172447754,14325312639434686981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6452 /prefetch:1
  2⤵
  PID:5508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18406707246172447754,14325312639434686981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
  2⤵
  PID:5416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18406707246172447754,14325312639434686981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3500 /prefetch:1
  2⤵
  PID:4960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18406707246172447754,14325312639434686981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
  2⤵
  PID:6032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18406707246172447754,14325312639434686981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
  2⤵
  PID:2900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18406707246172447754,14325312639434686981,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6428 /prefetch:1
  2⤵
  PID:1332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2096,18406707246172447754,14325312639434686981,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3144 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,18406707246172447754,14325312639434686981,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6656 /prefetch:1
  2⤵
  PID:2452

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4212

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4996

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5160

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3736

C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\WinStore.App.exe
"C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\WinStore.App.exe" -ServerName:App.AppXc75wvwned5vhz4xyxxecvgdjhdkgsdza.mca
1⤵
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2996

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5328

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2404

C:\Program Files\WindowsApps\PythonSoftwareFoundation.Python.3.12_3.12.1008.0_x64__qbz5n2kfra8p0\python3.12.exe
"C:\Program Files\WindowsApps\PythonSoftwareFoundation.Python.3.12_3.12.1008.0_x64__qbz5n2kfra8p0\python3.12.exe" "C:\Users\Admin\Downloads\token_grabber.py"
1⤵
PID:1160

C:\Program Files\WindowsApps\PythonSoftwareFoundation.Python.3.12_3.12.1008.0_x64__qbz5n2kfra8p0\python3.12.exe
"C:\Program Files\WindowsApps\PythonSoftwareFoundation.Python.3.12_3.12.1008.0_x64__qbz5n2kfra8p0\python3.12.exe" "C:\Users\Admin\Downloads\token_grabber.py"
1⤵
PID:3976

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\advanced-server-nuker-main\" -ad -an -ai#7zMap31452:114:7zEvent3636
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1980

C:\Program Files\WindowsApps\PythonSoftwareFoundation.Python.3.12_3.12.1008.0_x64__qbz5n2kfra8p0\python3.12.exe
"C:\Program Files\WindowsApps\PythonSoftwareFoundation.Python.3.12_3.12.1008.0_x64__qbz5n2kfra8p0\python3.12.exe" "C:\Users\Admin\Downloads\advanced-server-nuker-main\advanced-server-nuker-main\main.py"
1⤵
PID:3100

C:\Program Files\WindowsApps\PythonSoftwareFoundation.Python.3.12_3.12.1008.0_x64__qbz5n2kfra8p0\python3.12.exe
"C:\Program Files\WindowsApps\PythonSoftwareFoundation.Python.3.12_3.12.1008.0_x64__qbz5n2kfra8p0\python3.12.exe" "C:\Users\Admin\Downloads\advanced-server-nuker-main\advanced-server-nuker-main\main.py"
1⤵
PID:5580

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:6012

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4168

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:508
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\advanced-server-nuker-main\advanced-server-nuker-main\README.md
  2⤵
  PID:5280

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a9519bc058003dbea34765176083739e

SHA1
ef49b8790219eaddbdacb7fc97d3d05433b8575c

SHA256
e034683bc434a09f5d0293cb786e6a3943b902614f9211d42bed47759164d38b

SHA512
a1b67ccf313173c560ead25671c64de65e3e2599251926e33ce8399fde682fce5cb20f36ee330fcd8bb8f7a9c00ef432da56c9b02dfd7d3f02865f390c342b53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cb138796dbfb37877fcae3430bb1e2a7

SHA1
82bb82178c07530e42eca6caf3178d66527558bc

SHA256
50c55ba7baeebe1fa4573118edbca59010d659ea42761148618fb3af8a1c9bdd

SHA512
287471cccbe33e08015d6fc35e0bcdca0ec79bebc3a58f6a340b7747b5b2257b33651574bc83ed529aef2ba94be6e68968e59d2a8ef5f733dce9df6404ad7cc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\917cb9b9-873a-4e3b-abfc-07edc50f7428.tmp

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000055

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000057

Filesize
67KB

MD5
d2d55f8057f8b03c94a81f3839b348b9

SHA1
37c399584539734ff679e3c66309498c8b2dd4d9

SHA256
6e273f3491917d37f4dbb6c3f4d3f862cada25c20a36b245ea7c6bd860fb400c

SHA512
7bcdbb9e8d005a532ec12485a9c4b777ddec4aee66333757cdae3f84811099a574e719d45eb4487072d0162fa4654349dd73705a8d1913834535b1a3e2247dc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000058

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000059

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005a

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005b

Filesize
1.1MB

MD5
798e76073abe579251a34ee1dacf9b3e

SHA1
7e9294eec6545c8e1bbdb7849a73820cdca2fbd2

SHA256
8657f6d3867c20699a230df7939c02ca5fe065db2efcfecf5d8d864ca4873666

SHA512
cf5d69395e47fd4da4de0019a77162736c38f88ef0dd803d114388fbfb139a66083f51bbedd8ab205ab5d41f8464a685f4e0f6b5d3a13f7b91cbb211de14c7fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
b6bb4c8bbd7f528c6aac8962d478f155

SHA1
62de492e8d335cebbaff2da272026d579c88c49f

SHA256
c07b394de93d3680d58315e77c31d4c8937b660008b14ca0a7e9f23780c01189

SHA512
557f7da9ccc073c96408a0dc9edd99d9a5bc565188d6fd1a32a43b7d8f01fe5fe6488cf605188a820d002b0ae03656ebcbf5149d5bc39f9003fa96a1e18c1525

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
792B

MD5
4c4ff8d183a699cdd0c4617b8ed6e6ac

SHA1
1556b09b0f1461bd218d31b4da92157a8d465318

SHA256
45b05c75dcd5e7bc20f4cf2201b8416c62b889ef721fd3f2f074cab9066304e1

SHA512
9b1d64bfc316f566c669a89bacb34e449a0bbf415b7287291269d0b0554d36c9e6b0dab6a93618455e61eea519b0d590f2b59f3fac7cddc71db48dd3fb2e0057

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
be7b2a25616367068a85bd72e1ab7ec0

SHA1
eecb9431a432ff2d4eaa1a36901d2608fdbe0caf

SHA256
b35ead0a24d2e30d0b6dc6c12364fbe590d276e9ce4244cdecf9c0b19b54e7c6

SHA512
9ebf29e11b45ccdb26b747491f0ae0ddfaa8fdaeef29c9b247fc3017b4661dc88bdc6ef067216d9e896ae1d229d9ad99ef519da41eecc26f9524b528fcb677f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
fb7f4b3821ed35da52da6f55c949a485

SHA1
4d03cfc6795a5a88baf643b96a0bae730e2cf2fa

SHA256
f0798f34e7debc893ebf15c8b8d60e60d8d77537a49b816ccaaf5e5baf614026

SHA512
3d3b82388ccbcc2dbb4910ee771f824eff14969cf217afcd5a617a78144e836c2352bf697d4a08b17b25c6fef03789c5578eb0ac8a57f4b96c2890a33e627a79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
5bce4d79c90b759662ca5ea351c8cec7

SHA1
a3db2cbcc0db2903a74f01e86067e7b943a089ff

SHA256
f7d54122cfaec72f21f35fd4539d294aa9a28dc68e5b52804592de857d447ad7

SHA512
4e19a8f3276e738b3d28d1951e2edd4f882bd75394e66839e914d948c3624a41601694fb45519dca4b71d15dc6692d50b39b6d8ec4f7ab9b8132957ac8609c75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
8585db772f818a5589c24a482ec8961c

SHA1
185975f79e94a91e81187da542ca3849e5e364fb

SHA256
f8103ba09d1c34ce414ae0aa8e7bc7150a4f25a03c6ea937f3f7e745d1e15a77

SHA512
52d4b0af5d9819f1cf5544f1b64244c4b756be5b04df724900fa537b3f2761c3f6b59dc56891d5d2ece319ffcbf966f7b2173108d769c220c65dee3c17760cb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
0fbd87e89fb94b0265cd4b829fa28cf0

SHA1
1f5715a6b7fddb3720492f635af32d0ddebd7156

SHA256
0c9029596c37411d2e805a144ca1f8075d36a7ed3a7c9aad370be41d74a464d9

SHA512
792b732092448dfd6c54bd20605289ec7a98cd943a7f188af617b73ece6e8d41fb9e598244f83f665382c00719b1f27f7568f5661066dc9e5af80c4a97c48962

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4b967758717876b717789056cc981133

SHA1
639db1b5401953cf108b3e1cf063753834aadbe6

SHA256
86189afaac74b30cd038888682e42e2ed24f7c7616aee7b1fbf53b6e4987849e

SHA512
7705f934d896de547e45194285002a338abc2d8534973269e8f17a038dd5b016e8e4b6fd4ec96d80c7b5e9fb2f27946c960fb074f2b8cd5d74ed1733f81c0fcb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
72dedd72b957e69b3a3b70a56eaae429

SHA1
a25ac387b6302d40cff134467110c93467dedabe

SHA256
5f580f1bd1acd0a9e55b0cc9429284c7522b8cb009564998ce7e659d4705b70b

SHA512
3cba28fda418cc994a192044bb86e3c32ad2be55c8fb677b2c3b71c96d46a5668bfcd588f0cf165ba086b348f85578c295fcf844e2bfa774ab2d561cbf340cbf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5b8937e221d3cb5a9112758d35bcaed4

SHA1
b20850aa884f7e4191735ecdbffcce15e03da94a

SHA256
fe2aba374a33861ea872b69bcc0163ee9092c0943e7490707de11460f035d2e5

SHA512
5069486b802d20ce1b6d9c4f957a7c480b0e9b64eb42c58c777dfe21dd2b64638eb377a179210a13d7d6480c35dab6f77c44cd599762b523048eecd9b5a30da1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
60e739fd3d41821715b6d61a38c3c010

SHA1
d10585f8a76b0e59d853ba84ec66a0489c8a6138

SHA256
1b2a386bef69ad461e64e7acb01162c058518b2aee430215ec100eacbebf39bb

SHA512
2bd23744c63a384b284ebe8e099e35689112e12d95b4d459082b853ef2b0a42ce7b76658563ff7c8bc5bd87aa336658f7045453ba1b3587bd6e48c67ed872aa4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
9aa8a5aed3facf1868a4b7eb2e0a0a58

SHA1
74cc96b33c6a3ebf22ac7911b2f651a3873a0148

SHA256
83fd5ca4986ad6e8bdc975da7f4476dff10de1bfc197ffeac5edc10ee0e9f0b3

SHA512
438c067922b9a6bcc3cf5ff640e88f6ce8531ebb9e2698931065bd7a14ba7a5e00b1d0dd0c260644e03aeac92c71327a7ad54f676051b762a90e88b05f344839

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
c7a3f78c8b92893556f8a6e4e7b27263

SHA1
ef14ba1dabf280e5a79424c660c8c1cedf2e67b9

SHA256
a6d6c0022381e8d6301e928b9442bae892defdebe44cd58eb92cbb681b64f0e1

SHA512
94e0b48bef0e9585015afc07bb70b887d8f217f4c0622645beed77aff142f0b8b752c9664256a76479f268d82c0615c07305044ec6bc53557f8cef5277767f7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
a1d060f9901f79486a9a20b2976d5ac7

SHA1
ce34fcd2e8ac22a7426cb9572004d62c930d24f1

SHA256
73e3aa3a98431fb9bd59bb3467d913134ff1ce50255d3be7c7efbbafc3b200fb

SHA512
b019f9086bacd3555cbd23ae81c3326bb8b894a199beb57c4260ea84dd940b00239d3a6ddf16343152b3be69550a97e2223300becf383183258ab7352770df54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ef04c42648e732001479e93778661034

SHA1
63f00068814ea60feecd61a7a74f83e0cfa94bb6

SHA256
f395a44dc71edb055ae36083ed376e2193faff52eac7296da58539a8a9bf6963

SHA512
42dfd20e3abcf27dce3e4532cc59b7a3deb6caf50bd9f0b86e34f3d1b876872eafcdf7a74b897187bed829f010baea1217b6f9a8572c90533008a3a871d9b78e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c1c02d9749dec04e7cd3a14098b74dc3

SHA1
049604fe2d9fc67e90c47a8dd4a11ef54ca4265a

SHA256
17c5868e4af8a4c1a2e4bad6b145f0ec0b2e0836ff7c33cef3218dc4ad5ae1e1

SHA512
d9ab6bb7bbeb0b9210d5b3993bcaa3e37738bc0de2de54604fdd849d25baf3e7698f858a16b5ef5ed2a2c7111fb9271cc27cd42f6515638a95d6c3b86f69ab8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bfc57a09c300ca55598e4460a98bda50

SHA1
857c4ab7ad876ea4540fcf04433bd4c273ed0719

SHA256
3467f23498b670ecdd555113aea936721f62923174a2841b44ba72518d53caaf

SHA512
35de5f01be0749e338b34cd16a24b211ff353dd7bc915216e7c81ffdca7c9a67a13c9f130e5a3ee2ad8f022746c202590ef11eb095fce74953b2aa94523cca54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c11ae81d57afa0385d189aac5b8586f0785f3105\4938226d-93ca-49a8-a1c7-b510700cad2c\index-dir\the-real-index

Filesize
4KB

MD5
643d6ec70d6f8fbf7c2f857e73a7a772

SHA1
b94d5b7c5c0fa300b41193d8d9c21a1bb42863e0

SHA256
0d561de79be61275b2195d7f68c5e1afac99d3c46aac5f428f9c959890d9ea6b

SHA512
5d1cec9e113410d741cd79611a126ee0a9d3d52a1fe9761f515d947d41fb02cc94070ca00ad2108328346069ca93c28fb5b74d3fdc402d1b48c55971e6a7b488

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c11ae81d57afa0385d189aac5b8586f0785f3105\4938226d-93ca-49a8-a1c7-b510700cad2c\index-dir\the-real-index~RFe579d1b.TMP

Filesize
48B

MD5
f6b1f4b8568ac5c0b539e36eb19a935a

SHA1
437f8b4837b9f85d9fdbb0e6c904e34bc0e673d5

SHA256
ba147452df0b3f97da80d1d53c6eaead1c38bf6d5550ebffaeb99c860d02ed40

SHA512
5145fb3354536c5ec5b738f9715e205bdba7d4434d708efe0d4695e2cb5bf59a4c0fb7b224ef1fb42c4af4d998d38fdedda1500247285e0f56ae28126a0da4c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c11ae81d57afa0385d189aac5b8586f0785f3105\index.txt

Filesize
90B

MD5
614958550f86330559d9fb1229ac793b

SHA1
3a56cc6e04c0e138c56b657a5a7785b948cf0ea8

SHA256
b35aae68ca66caa7f94f25991960abb4046d032ac65463d27bd54024f32e0f3a

SHA512
492078b2eda747599efc35d4ea5b04bb4b5051692c22595803f85e1472febd649766b3de8b344f8a0d5a574a5f4ec089a4187bd98bc1201f4f34ad0162d71fad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c11ae81d57afa0385d189aac5b8586f0785f3105\index.txt~RFe579d49.TMP

Filesize
94B

MD5
63f6b14a22db54d931e6a986f80cb7e7

SHA1
2c2873f6da877cdfeebbc97d18c714eebc7732aa

SHA256
ce0a356ccf427bd4a0aec0e6ec4f435b1944e79ca78a5856880510020e7cfd49

SHA512
062c334f2e826ee40eacd58ca1b0f9327a30b5235f19faa860e873984720ef110b3454cd0ac387f09fdb3e43e26d48af27f84e943364ca5bda04531b44f89c07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
d0e26fb24b288565fec52624985416a5

SHA1
acecf56e08951f41d4705569a219e56f66c48f06

SHA256
f6ac5bf9e1ecf1d33ac19286a49b945336558d4b928d72ee1842b07c9190a7f4

SHA512
5cb3d29869c259541c53404dfca208328b7107cb7bd81e912a5ee6b499d9417865d966eedc41f96740704db8a4e92146556c2508011ce86b90c7ac0c6f787189

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5794dd.TMP

Filesize
48B

MD5
005413f1b23e74998df394ca25212720

SHA1
ecf421c92697e2f7df8e89dc790ccfd824b9d732

SHA256
c455eb2d2a12c1613c558b0b86378aa4b30c26ee56564c8cf91985a25e90563f

SHA512
ad4f6f23d8353d53cacfa0cea14eb30d2e282b9fe03513981699b1d71a3ed03b1e6be6688885adc37ca147845f7f76f563fb28cad7121c77ecb5493732c17e3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
83c306e92725355e701d5ed393cf8cc6

SHA1
92ca3e3e8cc959cb4b3860d2f6825122dd5b0b51

SHA256
7a4e0620729559589180e224d1e53f2990a0f0528dcf00743f0a6edf0e8abd15

SHA512
a9357fa58daf73a7d4c8b75dd17bec1b57b291e1422b0be3c031b44a909d378b051796fa6d96665a206c6629fc9a74056304b32552ab46c8f9ea4752230dcc1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ccfeefb0a8b6ada50df266c7498b25e2

SHA1
7011ebade0b8c2d7f31c0ad40d88c095ab8e79cf

SHA256
cb4719a75a7e2c8905c6bd94f8d64c12bb34b2956dbb5f390515f1519dbeedad

SHA512
33b53dda3a8d036305e9c6632b3077064491eaba345e72703a485c6800efaeb4636f44ee72e4bce94a3f2092c1eee3160c082a372592f382431226d04927ee51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7b53877aac1f4608cd8401cbf29f662a

SHA1
59463fc1cb3ef88d20fb2bee13d42eb709e5e0b5

SHA256
105977743a5a4847c3a92591450c27a9157cb144f1a6390e4717cd596afc75cc

SHA512
41da2d08bc12d29fd1eea2f7afbe4dd9f3153044c1510d2dc83208105a4d20c7290cff6b7b34beb6146de976333741041110002343cbe3e9d32c86727a64b6cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
d1dbd8fba0eb5496dee10fced73997ff

SHA1
14a3084c70c7eb6f81a02d955a6a1deff56d027d

SHA256
9c74cf6b18a81a76ef68e83c7e6f0ef36c25a007c8b2de202a939a42a7dfb35c

SHA512
487bea7e2ab74c27618431bb2d2e031c1f07e08226df1223773fb1d272d736a715121780435b85152b0ef9e868e6329d26a314a0e6de7aed1985641afbdd64d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
39085bfa0b056ed3ba9346ec5a581077

SHA1
e0b4e9ed297bce042df6bb6b694cade6740fa5f3

SHA256
37e4a8a4a7c175624d0ac3de1a8fcb1a6246949065595ad3c15c842fc2a48f03

SHA512
627f88513ebf947c4af8ebaa1721fc53c55e2e8cbb787a04ddee2946b8c7aa71b528093b50fab03d6c54a0da71c851cc2bf5e4debff848a32001b50f887b2464

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
07e99c6f5d1400e9259d88b9af82df64

SHA1
3dfca17aed9f7cd5ec6ab911f08fb23cc7200a09

SHA256
b4f92d4a602ba5c53284451ba6c4ffde3700f46966325198ce8f59e3cd18b1ee

SHA512
962da7ff9d3bb11fd4e1c81aa9a9b57032fad8c33f29eaf04aea2708c82367ca9515944ff868bfdf924f21d5e29b9b60359acb53835ecf142ad4e9177540ad8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
9b0d27044f78878bd22851379bda51e1

SHA1
88f534bd082006226330f694842b86e7fc045511

SHA256
144872471cfc043adab4e4f9a7ce6a486f175b07a2b776088222effec2fdd9e5

SHA512
dfc0ab26033ae0f285fa628727a04f063b7a9810d2b5943cd224f6d02b6a04fe41347786b7f4ff5864967d5a5dac37f91882200bdd3d33267b339dc74832a047

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
51fc0bcc4b1cff95b79ea32ee90499d6

SHA1
68af0ce8b516db25bfbb4c62e6830c2525ee3641

SHA256
ed05e74ee1fc5e87cd6f206aa0ce2bda68bef7a6fc091f2d9ef26eda38ac1f3f

SHA512
2afc4fd139b26f997ac8122dd456793e14e579e694acf7eeb7d040a9deff5964972153cd54041bc03b3cbb362c6421313605e06a41403eef5b5cd20626e7a160

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
26263bf64a5416de0bcaf9047235ed59

SHA1
ecf8e784f3e0c63575e5cc1d3db9832ddfc971a2

SHA256
0ca76cbcd2c5f038e1005b5a6334c48f3b4fbda82cf1ccb7e4d464d0fe5f9160

SHA512
1d237b0653bca40988160a7adef49ede6717e9eeeff8850584052a26bbc93ebafb18e749f67d884260320cc956b3e6f63a1aa3fda17164131be1324af6fbe195

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
48ebd5cb5eec1376aa7d2824c44a7585

SHA1
1e9451e17db1450e2b46b21104db4a6a0df8c0de

SHA256
4750b1a18aac8eb42f5797c89375c38f2e37a2a323ec121f317f34d6772ac480

SHA512
d38b3b9ef5928e858dd290b9eefe93824d2027dff27203b7bbe2015816aa37860af77ea7b14bac282220ce392f7a85967a9e51e17f12dc65a49f4b1fb95a4b4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57dec7.TMP

Filesize
537B

MD5
c8c1fb111164503607116ea8809219e8

SHA1
cadcf36348631239bf659c0b5c7618e8a62aef4a

SHA256
58c7475dcf8f7254c07b890ae76bcc2ee706c04f13e00c22ea23ccfbbb8517ab

SHA512
148d670ded5398598f0ca8df686729b50dca8adac73c980d03a980e4729cfd88719cae663e3766ba41db8385c5fa67c6657f4d8e7aaac9cde2f0c0f5d586480c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d72b451d745eb36ae7cf9623a4c2f636

SHA1
9f49880b81f88999839ce8bb3ba6ca830636d0b7

SHA256
7b22d52a536a34be56a3380e75fd403a29a96752855d709b7f216d9252f38917

SHA512
43fc250266e88686ae99bd52373a1ad4e0278ba01f34295e1df70db38c01452ea358ceff6e02220acc04134b9daeaf67632a5e587e7f5cab7eaa2b03b53fdad6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
f18136de5bbcf2a0f41628cb3a191620

SHA1
7cd6d8840a6618ff81f76fe98ceb8fee63f79f15

SHA256
68629b91c11c45655b312a198a9ba1ed984fab8cef573958a6913b0e4c417468

SHA512
795da35300b64c4b474a5bfa7e1b10183e7cabc2385fe8a4d304c5870d9adc8e3f4a5030ed7efe0c7df0a7f8cec6066d536350469ee928f465300316b0f27906

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
eb39b39b67dc0e8a2d2e2397df0e78f3

SHA1
b8ae0aedb2d9341a462884b54e2f61dae22daae8

SHA256
2ba4c94346f9f959e9aa04eb8b49bb7b96cad525a024cd60c4083b52c54e688a

SHA512
d1bc918e89650ceaf90c33ce0121c6cbd3ab58387fa85469cb64397a9cb104810f74d80e6b3f332464fcb671bb3b6858f4a27c20d5003a4d8cf53f746aeefa08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
ff4a4202e83dceaaf7c5f7560125b595

SHA1
ae0364342b6aab5b9bbc0718c26b85962cab8998

SHA256
1af4010619b72032ed51bc69af496f0d220496a4c2bdef448d188e54c0546ee8

SHA512
50f6131195e91edc31c831b5c8d359b157caf675275718f18cb61df3d10e80c8452153389cb02c1e3a24dfa6f3cf176b4b701fddb86da35819d37e36a1e287d0

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\AC\INetCache\F2LRDUNH\apps.23372.13556584579794122.0a955bdd-bdfb-420d-8cdd-c884a83675b2[1].png

Filesize
5KB

MD5
642670b91379e3e884478791c3724580

SHA1
00719447789586330ddc2466c0bec8ec25c8d36c

SHA256
e9ca77a447d1122b0e193c5182111920a6c9959ca5d3bb45da8179723a84f16c

SHA512
f7689ed980a2f4b8666aff3ea4415f402b86c0ddd31240641034fd5d338819472860307e642a7a9795a8e26907710eba2dcebe53ac8433df1638c04e5d3f38a9

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.WindowsStore_8wekyb3d8bbwe\LocalCache\perUserCache_0\index

Filesize
12KB

MD5
16c1e6a56e072ecd5fdf2bff2c8f1e71

SHA1
0709249996a34f16ccee0c8add37235da9ec0496

SHA256
dbd7670fe2edc680ce65c65ecd3da8c6219c647c7380e82fa88f891d2614e43a

SHA512
af56144c954dbb03d1db433038f17e3935d121393fe45f5bc0e90565c8b39cb641c233df0d720d7d55f978208fbcd8511f8f31a5f6b801637566e6a2c8639931

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_vurs1c1f.ugo.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
f2dbaf7c851dafeb11eb6981ff58450c

SHA1
86cd8d4d12233aff670081b951c4a858d663761a

SHA256
5d4b645bdefae30882811c7dd6c1c787cb5ac78efb7f3da861e94790620211fc

SHA512
dba2e400920961960a33694383c7f5d551e0b50626cb625016e8ad75e5bf7f0cc7386390bc29bdfb2aa114ba4fed63d80040f471aac2153558751983d85a97d7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
11KB

MD5
ff738ba4733633e09abd393f51991066

SHA1
38fd2e3abb18940e9dfed4bcc4bec764d71db7cd

SHA256
ecaf407013f743d02765f392874e7f60f01dfb5bd853190192e7268d68f7c10b

SHA512
e9d3b7c36bafbf64954b103eb213fdd9ef5950f3f290b5cbecf886944892547bb39c9f9ec3d3906a6d9f15e015eab786feae284890991694321c095036ce5e32

Download Submit
C:\Users\Admin\Downloads\advanced-server-nuker-main.zip

Filesize
11KB

MD5
0606cbbb39f4a2de272dd1912d53aa66

SHA1
da1488724973e2d5e2f15abfed59ebb9064304e3

SHA256
49ed73abc8b36c046b604f78e0c681b7d96803208c5c224db8eaefceb860a030

SHA512
bc1e5bc8b76bb1524c724ae595071dbbdd302f7c8ba6d47a0341959b8565e21f26487c94df6aa8e577935aae9d547e315bf75ab1e2c1c84b4164b36594e132f7

Download Submit
C:\Users\Admin\Downloads\advanced-server-nuker-main\advanced-server-nuker-main\README.md

Filesize
2KB

MD5
fd3a9ac5d5c4b34717e517b3d7f722d9

SHA1
893bd2809971e7ded258a1d1a506befc94b50f0f

SHA256
163670991592b611109d654f0cbf6d1e687eb802b07d3e5c2414dd9224b17b4f

SHA512
7be836ad93315bf36c31157dcffbb975ece8068eae0c52686198c1f184eb896303b1c08f93f06f5cce57193a78f4c4be03ca3efa18a76cdcd28effef8e2129ca

Download Submit
C:\Users\Admin\Downloads\advanced-server-nuker-main\advanced-server-nuker-main\main.py

Filesize
4KB

MD5
ea5ae2e48d5a0fb223cd319ec2d30804

SHA1
39a49710372606e000eb8478b238ea67f11c4b80

SHA256
27f3571cb82804f288c4b2052a06e4bfc1107d0ae9fe9445bbb0dcf6009d8162

SHA512
d36f36d7376f15db75281f7fe09b20b099781e72401da3a765b936ed0a95a9f14a5eb12a6c45883406e2ba579ea826ab63b974cf7b945fc5a8ef2fb8e16b0804

Download Submit
C:\Users\Admin\Downloads\token_grabber.py

Filesize
6KB

MD5
05e9f1d2ea97fc88ade6bda8262df718

SHA1
8360c167faab1a0b6a48e37a2f7590610a34dc91

SHA256
eba665e46c0a7a7c1d63a7870621b3aec4a096ad7d6e5351084e8c861811aadc

SHA512
b7b2571951ae8b9244ab1c63e8cebbc48da3505c63d75e9aebb65b8e87bffab99acb686b26f978765d6ce011c59c5846f483c44d3b6328e4cf370e512798c759

Download Submit
memory/3736-1111-0x000001ECAB8B0000-0x000001ECAB8C0000-memory.dmp

Filesize
64KB

Download
memory/3736-1104-0x000001ECAB8B0000-0x000001ECAB8C0000-memory.dmp

Filesize
64KB

Download
memory/3736-1103-0x000001ECAB8B0000-0x000001ECAB8C0000-memory.dmp

Filesize
64KB

Download
memory/3736-1102-0x00007FFA685C0000-0x00007FFA69081000-memory.dmp

Filesize
10.8MB

Download
memory/3736-1105-0x000001ECABD50000-0x000001ECABD94000-memory.dmp

Filesize
272KB

Download
memory/3736-1092-0x000001ECAB840000-0x000001ECAB862000-memory.dmp

Filesize
136KB

Download
memory/3736-1106-0x000001ECABE20000-0x000001ECABE96000-memory.dmp

Filesize
472KB

Download
memory/3736-1108-0x000001ECABD20000-0x000001ECABD36000-memory.dmp

Filesize
88KB

Download
memory/3736-1109-0x000001ECABD40000-0x000001ECABD4A000-memory.dmp

Filesize
40KB

Download
memory/3736-1110-0x000001ECABEA0000-0x000001ECABEC6000-memory.dmp

Filesize
152KB

Download
memory/3736-1123-0x00007FFA685C0000-0x00007FFA69081000-memory.dmp

Filesize
10.8MB

Download