banload | hxxps://google[.]com

Resubmissions

26-04-2024 15:27

240426-sv7emaed95 1

26-04-2024 14:16

240426-rldwaadd47 1

26-04-2024 14:11

240426-rhjmcsea2t 10

Analysis

max time kernel
121s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
26-04-2024 14:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://google.com

Score

10^/10

banload vidar e2fbe3ae2d0b282d162bb6c860980518 downloader dropper evasion persistence stealer trojan

Malware Config

Extracted

Family

vidar

Botnet

e2fbe3ae2d0b282d162bb6c860980518

https://hypaton.xyz

https://steamcommunity.com/profiles/76561199677575543

https://t.me/snsb82

Attributes

profile_id_v2
e2fbe3ae2d0b282d162bb6c860980518
user_agent
Mozilla/5.0 (Windows NT; Windows NT 10.0; en-US) AppleWebKit/534.6 (KHTML, like Gecko) Chrome/8.0.500.0 Safari/534.6

Signatures

Banload
Banload variants download malicious files, then install and execute the files.
trojan dropper downloader banload

Detect Vidar Stealer 3 IoCs

stealer

resource	yara_rule
behavioral1/memory/4896-919-0x0000000000E00000-0x0000000001553000-memory.dmp	family_vidar_v7
behavioral1/memory/4896-939-0x0000000000E00000-0x0000000001553000-memory.dmp	family_vidar_v7
behavioral1/memory/4896-1052-0x0000000000E00000-0x0000000001553000-memory.dmp	family_vidar_v7

Vidar
Vidar is an infostealer based on Arkei stealer.
stealer vidar

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Setup.exe

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	Setup.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	Setup.exe

Executes dropped EXE 1 IoCs

pid	Process
4032	Setup.exe

Loads dropped DLL 3 IoCs

pid	Process
4032	Setup.exe
4032	Setup.exe
4032	Setup.exe

Registers COM server for autorun 1 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\InProcServer32\ = "C:\\Windows\\System32\\twinapi.appcore.dll"	Setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\InProcServer32\ThreadingModel = "Both"	Setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\InProcServer32	Setup.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4032 set thread context of 2896	4032	Setup.exe	123

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4716	4896	WerFault.exe	128

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 7 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1162180587-977231257-2194346871-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}	Setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\InProcServer32	Setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\InProcServer32\ = "C:\\Windows\\System32\\twinapi.appcore.dll"	Setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\InProcServer32\ThreadingModel = "Both"	Setup.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1162180587-977231257-2194346871-1000\{82010AB6-2FC1-4140-A836-41377BF3BB0F}	msedge.exe

Suspicious behavior: EnumeratesProcesses 23 IoCs

pid	Process
3196	msedge.exe
3196	msedge.exe
3540	msedge.exe
3540	msedge.exe
3468	identity_helper.exe
3468	identity_helper.exe
3600	msedge.exe
3600	msedge.exe
776	msedge.exe
776	msedge.exe
4032	Setup.exe
4032	Setup.exe
4032	Setup.exe
2896	netsh.exe
2896	netsh.exe
2896	netsh.exe
2896	netsh.exe
1820	msedge.exe
1820	msedge.exe
5232	msedge.exe
5232	msedge.exe
5232	msedge.exe
5232	msedge.exe

Suspicious behavior: MapViewOfSection 2 IoCs

pid	Process
4032	Setup.exe
2896	netsh.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 44 IoCs

pid	Process
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeRestorePrivilege	4436	7zG.exe
Token: 35	4436	7zG.exe
Token: SeSecurityPrivilege	4436	7zG.exe
Token: SeSecurityPrivilege	4436	7zG.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe
3540	msedge.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
4392	OpenWith.exe
4392	OpenWith.exe
4392	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3540 wrote to memory of 1504	3540	msedge.exe	81
PID 3540 wrote to memory of 1504	3540	msedge.exe	81
PID 3540 wrote to memory of 436	3540	msedge.exe	82
PID 3540 wrote to memory of 436	3540	msedge.exe	82
PID 3540 wrote to memory of 436	3540	msedge.exe	82
PID 3540 wrote to memory of 436	3540	msedge.exe	82
PID 3540 wrote to memory of 436	3540	msedge.exe	82
PID 3540 wrote to memory of 436	3540	msedge.exe	82
PID 3540 wrote to memory of 436	3540	msedge.exe	82
PID 3540 wrote to memory of 436	3540	msedge.exe	82
PID 3540 wrote to memory of 436	3540	msedge.exe	82
PID 3540 wrote to memory of 436	3540	msedge.exe	82
PID 3540 wrote to memory of 436	3540	msedge.exe	82
PID 3540 wrote to memory of 436	3540	msedge.exe	82
PID 3540 wrote to memory of 436	3540	msedge.exe	82
PID 3540 wrote to memory of 436	3540	msedge.exe	82
PID 3540 wrote to memory of 436	3540	msedge.exe	82
PID 3540 wrote to memory of 436	3540	msedge.exe	82
PID 3540 wrote to memory of 436	3540	msedge.exe	82
PID 3540 wrote to memory of 436	3540	msedge.exe	82
PID 3540 wrote to memory of 436	3540	msedge.exe	82
PID 3540 wrote to memory of 436	3540	msedge.exe	82
PID 3540 wrote to memory of 436	3540	msedge.exe	82
PID 3540 wrote to memory of 436	3540	msedge.exe	82
PID 3540 wrote to memory of 436	3540	msedge.exe	82
PID 3540 wrote to memory of 436	3540	msedge.exe	82
PID 3540 wrote to memory of 436	3540	msedge.exe	82
PID 3540 wrote to memory of 436	3540	msedge.exe	82
PID 3540 wrote to memory of 436	3540	msedge.exe	82
PID 3540 wrote to memory of 436	3540	msedge.exe	82
PID 3540 wrote to memory of 436	3540	msedge.exe	82
PID 3540 wrote to memory of 436	3540	msedge.exe	82
PID 3540 wrote to memory of 436	3540	msedge.exe	82
PID 3540 wrote to memory of 436	3540	msedge.exe	82
PID 3540 wrote to memory of 436	3540	msedge.exe	82
PID 3540 wrote to memory of 436	3540	msedge.exe	82
PID 3540 wrote to memory of 436	3540	msedge.exe	82
PID 3540 wrote to memory of 436	3540	msedge.exe	82
PID 3540 wrote to memory of 436	3540	msedge.exe	82
PID 3540 wrote to memory of 436	3540	msedge.exe	82
PID 3540 wrote to memory of 436	3540	msedge.exe	82
PID 3540 wrote to memory of 436	3540	msedge.exe	82
PID 3540 wrote to memory of 3196	3540	msedge.exe	83
PID 3540 wrote to memory of 3196	3540	msedge.exe	83
PID 3540 wrote to memory of 5060	3540	msedge.exe	84
PID 3540 wrote to memory of 5060	3540	msedge.exe	84
PID 3540 wrote to memory of 5060	3540	msedge.exe	84
PID 3540 wrote to memory of 5060	3540	msedge.exe	84
PID 3540 wrote to memory of 5060	3540	msedge.exe	84
PID 3540 wrote to memory of 5060	3540	msedge.exe	84
PID 3540 wrote to memory of 5060	3540	msedge.exe	84
PID 3540 wrote to memory of 5060	3540	msedge.exe	84
PID 3540 wrote to memory of 5060	3540	msedge.exe	84
PID 3540 wrote to memory of 5060	3540	msedge.exe	84
PID 3540 wrote to memory of 5060	3540	msedge.exe	84
PID 3540 wrote to memory of 5060	3540	msedge.exe	84
PID 3540 wrote to memory of 5060	3540	msedge.exe	84
PID 3540 wrote to memory of 5060	3540	msedge.exe	84
PID 3540 wrote to memory of 5060	3540	msedge.exe	84
PID 3540 wrote to memory of 5060	3540	msedge.exe	84
PID 3540 wrote to memory of 5060	3540	msedge.exe	84
PID 3540 wrote to memory of 5060	3540	msedge.exe	84
PID 3540 wrote to memory of 5060	3540	msedge.exe	84
PID 3540 wrote to memory of 5060	3540	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.com
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9103946f8,0x7ff910394708,0x7ff910394718
  2⤵
  PID:1504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,13354788877033808762,11105516978314978970,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,13354788877033808762,11105516978314978970,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,13354788877033808762,11105516978314978970,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8
  2⤵
  PID:5060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13354788877033808762,11105516978314978970,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:2704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13354788877033808762,11105516978314978970,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:3408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13354788877033808762,11105516978314978970,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
  2⤵
  PID:2184
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,13354788877033808762,11105516978314978970,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 /prefetch:8
  2⤵
  PID:2952
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,13354788877033808762,11105516978314978970,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13354788877033808762,11105516978314978970,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
  2⤵
  PID:3732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13354788877033808762,11105516978314978970,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
  2⤵
  PID:4464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13354788877033808762,11105516978314978970,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
  2⤵
  PID:4416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13354788877033808762,11105516978314978970,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
  2⤵
  PID:4760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13354788877033808762,11105516978314978970,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
  2⤵
  PID:1080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13354788877033808762,11105516978314978970,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3912 /prefetch:1
  2⤵
  PID:1932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13354788877033808762,11105516978314978970,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
  2⤵
  PID:1776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13354788877033808762,11105516978314978970,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
  2⤵
  PID:4708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13354788877033808762,11105516978314978970,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1
  2⤵
  PID:1200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13354788877033808762,11105516978314978970,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1
  2⤵
  PID:3276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13354788877033808762,11105516978314978970,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:3368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13354788877033808762,11105516978314978970,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
  2⤵
  PID:1020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2100,13354788877033808762,11105516978314978970,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5524 /prefetch:8
  2⤵
  PID:4492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13354788877033808762,11105516978314978970,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3528 /prefetch:1
  2⤵
  PID:920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13354788877033808762,11105516978314978970,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6332 /prefetch:1
  2⤵
  PID:1984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2100,13354788877033808762,11105516978314978970,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6032 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13354788877033808762,11105516978314978970,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6592 /prefetch:1
  2⤵
  PID:4540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2100,13354788877033808762,11105516978314978970,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6596 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13354788877033808762,11105516978314978970,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2208 /prefetch:1
  2⤵
  PID:4704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13354788877033808762,11105516978314978970,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
  2⤵
  PID:4036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13354788877033808762,11105516978314978970,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7120 /prefetch:1
  2⤵
  PID:4744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13354788877033808762,11105516978314978970,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3980 /prefetch:1
  2⤵
  PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13354788877033808762,11105516978314978970,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7076 /prefetch:1
  2⤵
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13354788877033808762,11105516978314978970,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3900 /prefetch:1
  2⤵
  PID:656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13354788877033808762,11105516978314978970,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6608 /prefetch:1
  2⤵
  PID:4576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13354788877033808762,11105516978314978970,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:1
  2⤵
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13354788877033808762,11105516978314978970,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
  2⤵
  PID:3212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13354788877033808762,11105516978314978970,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3900 /prefetch:1
  2⤵
  PID:4184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2100,13354788877033808762,11105516978314978970,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6128 /prefetch:8
  2⤵
  PID:4072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2100,13354788877033808762,11105516978314978970,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5828 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13354788877033808762,11105516978314978970,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6812 /prefetch:1
  2⤵
  PID:4584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13354788877033808762,11105516978314978970,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6748 /prefetch:1
  2⤵
  PID:3496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13354788877033808762,11105516978314978970,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6624 /prefetch:1
  2⤵
  PID:4552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13354788877033808762,11105516978314978970,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6260 /prefetch:1
  2⤵
  PID:4540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13354788877033808762,11105516978314978970,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
  2⤵
  PID:4120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13354788877033808762,11105516978314978970,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
  2⤵
  PID:3576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13354788877033808762,11105516978314978970,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7212 /prefetch:1
  2⤵
  PID:4548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13354788877033808762,11105516978314978970,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7760 /prefetch:1
  2⤵
  PID:4448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13354788877033808762,11105516978314978970,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7924 /prefetch:1
  2⤵
  PID:4996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13354788877033808762,11105516978314978970,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7800 /prefetch:1
  2⤵
  PID:4392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13354788877033808762,11105516978314978970,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3688 /prefetch:1
  2⤵
  PID:4188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13354788877033808762,11105516978314978970,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6912 /prefetch:1
  2⤵
  PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13354788877033808762,11105516978314978970,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8708 /prefetch:1
  2⤵
  PID:2304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13354788877033808762,11105516978314978970,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8920 /prefetch:1
  2⤵
  PID:1384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13354788877033808762,11105516978314978970,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9220 /prefetch:1
  2⤵
  PID:5632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,13354788877033808762,11105516978314978970,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8656 /prefetch:1
  2⤵
  PID:5892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,13354788877033808762,11105516978314978970,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7960 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5232

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3592

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1400

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3576

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4500

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\filе_hеrе\use_7788_tо_оpen\" -spe -an -ai#7zMap21847:110:7zEvent10186
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4436

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4392

C:\Users\Admin\Desktop\filе_hеrе\use_7788_tо_оpen\Setup.exe
"C:\Users\Admin\Desktop\filе_hеrе\use_7788_tо_оpen\Setup.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Loads dropped DLL
- Registers COM server for autorun
- Suspicious use of SetThreadContext
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
PID:4032
- C:\Windows\SysWOW64\netsh.exe
  C:\Windows\SysWOW64\netsh.exe
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: MapViewOfSection
  PID:2896
- - C:\Windows\SysWOW64\explorer.exe
    C:\Windows\SysWOW64\explorer.exe
    3⤵
    PID:4896
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4896 -s 1636
      4⤵
      Program crash
      PID:4716

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4896 -ip 4896
1⤵
PID:2704

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
069d0310ee29b489c012daa53bbb802d

SHA1
4d1a5fa55d576282b7f308cc8c1fe1ad07ffbc2b

SHA256
8dfae75ff4c447e989ab690b07a4eff686c15a190fdcfe10a4b774eacd029a1f

SHA512
941a3257318a76ac1a939a2c64a9a93764a4f745fecab2ae5b9a7481c85f22f115cccc016917f94ff6e8beef62a6ce23b862bc7507bfe6355649f1baac2a0972

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

Filesize
724B

MD5
8202a1cd02e7d69597995cabbe881a12

SHA1
8858d9d934b7aa9330ee73de6c476acf19929ff6

SHA256
58f381c3a0a0ace6321da22e40bd44a597bd98b9c9390ab9258426b5cf75a7a5

SHA512
97ba9fceab995d4bef706f8deef99e06862999734ebe6a05832c710104479c6337cbf0a76e1c1e0f91566a61334dc100d837dfd049e20da765fe49def684f9c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
f58c8a3b6960ea05212f6ea8684e811d

SHA1
0353b6f85730b40a9fc98ac6fa98e593555169b3

SHA256
c6588827db8fbe896712e6452b8ece060aceb529ea2eb1ae76a9f1f0851d4929

SHA512
089e859289f0f306900d32d602d94eb09e42edad3b7e863691ed672ae76f905459c38a4956fd2b5565896b4ed1cbda706d06379d797371e63c6f30431e2af000

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_F2DAF19C1F776537105D08FC8D978464

Filesize
392B

MD5
b5b78d934fbe05ed975c39e42bd2a841

SHA1
522d7ad46e3a6d352bb0671436552b2b8d8f89fa

SHA256
e896f2ea72c85e0652903788163481a976ba08e3af907092a373611f7e9b9613

SHA512
2b12213dd3329abd9194db6d51f0eedccd7420f8bb2e52c8826fa028be1153b9285e4e0b4acc9a166788d5592d7bfc548767efc9d77ecd909aa907273da32e84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
537815e7cc5c694912ac0308147852e4

SHA1
2ccdd9d9dc637db5462fe8119c0df261146c363c

SHA256
b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f

SHA512
63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b167567021ccb1a9fdf073fa9112ef0

SHA1
3baf293fbfaa7c1e7cdacb5f2975737f4ef69898

SHA256
26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513

SHA512
726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000067

Filesize
200KB

MD5
a484f2f3418f65b8214cbcd3e4a31057

SHA1
5c002c51b67db40f88b6895a5d5caa67608a65ce

SHA256
79cbe928773386d07f0127f256f383debed5ccea5ff230465bf46ec7c87319d6

SHA512
0be1bb8db08f6e6041a85cfee90cd36a5b595afbca34d52a125465454fc806b4bb7ae569eaf4c882922fb1b962b6060534e597791cd0ad23483be5981d9be85c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0f004cd9f10fc90a_0

Filesize
262B

MD5
a34a5ecf24c5eb88191ca449573999f9

SHA1
30ebd68fc35328ffbd07d1b58b6aebfb5125bf79

SHA256
7bf11e0eb9a8a1b0e226e36590d6e3e406f0cc03b87a2b0d75e531deb44ef6ee

SHA512
ebc0e8d720ca4c190d2ebadf7436cbbd0ba12c67cce059a2da34ded7be2f58e181e732b726ceb9c1002ad57a2f903291d9b00a2ce5355d8df2457d26ffeedb85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0f004cd9f10fc90a_0

Filesize
30KB

MD5
98f941fe79c27f9ae1ed85c79100b903

SHA1
37928e2cc3d2f72630ad12c4cd335afec5fca13d

SHA256
b86ff078d2b48722b4c5899ef66af01ba69e3c8b521ebfd8d36e68a371a08af8

SHA512
7f2f47cdb8e220d6161ea52f3f432910d662be385cf025974863aab8dafadca1a7464393a8a00a45580ce3a96654455ebd29743aae2801475e486f198f225012

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\56b8b5234371b4ce_0

Filesize
269B

MD5
582d52aa7771609bf604a256aa7c8ecf

SHA1
ad19f85d7e876da04d367c3c3e070bd6de465f9d

SHA256
f7c4bccf80a41673beab63c2cfcfbdfadbbb77f60f4f4317e8e9d615da4699ac

SHA512
4806909b7f5f5301aa31555b0a06cbdb8f31ac026e3a4bb604088de0cf1e7ae9e532214718f3a6f8eae3b81a58c90ddbd63b5f1ccdc03a1bbcf09557cdd1920d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\56b8b5234371b4ce_0

Filesize
54KB

MD5
f930ec6b866aeea35ec96384fe803431

SHA1
4ad1d85aad53787b3becb17487759ed40e110a62

SHA256
9e84181e08989254ee65f0e106c039dbd601ab5a73f62d3485f1412cb1d3480f

SHA512
f06b21eb15fb97598d060b042577adc111e8c11dedd779f5b6c08bacd7fb071b083f92fb3c9a6aaca9a5dbca1794fc944d3e79c554a100386eee855139719b51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a82dd88894208818_0

Filesize
244B

MD5
dd0b25923b7ff4cbced5c79869f72585

SHA1
ff641385511614a6c9e2bbc0ca64eb657e82e997

SHA256
d1d19264b4cc93f78f5e02c3c716a33899169b68d76203c0737f4b65df49d9bb

SHA512
cdf3fa88b24b1e3117ebe29e8884082ba15b3c569d450def0718abd11c451ff9834c818fad499264b0cbb5dfe57210e7394c216dff7e949feaa7249230d097d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a82dd88894208818_0

Filesize
244B

MD5
6b826656bfa7b749bd873375897f5ed1

SHA1
59ae928a284524545a89f16808a45fb20747c0b3

SHA256
51a86eca9292ee69359d600e76372d0f6b9fcbbefd94a196ceadbd5848aa9683

SHA512
306334b007212f0ce7e11b4ca6afb590e56bd8578a7a95bb52899d5a65d0165d95df5db45ac6087ef72863030da2d01651e6b4bf044da20b780cb02bf248e87e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a82dd88894208818_0

Filesize
33KB

MD5
66278e2128816bd0f7560eb196e4a3e9

SHA1
5f99e4b819bf49edd0b6f91e047935ce86a17604

SHA256
9d88b10729ed8a6519f66ef448c183998614eaa64e69a783d90656f17646ea04

SHA512
ce0b998b434d1732b2de75ff44382fbafa2503e9dae9aadae7cd83c792cad1bd4cee2242285c801c60240c19a8602f540eac63f07baa9e9681985f9b054f41f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ae34db388b870f91_0

Filesize
255B

MD5
ed49605ed7fe1fe52633c4af40b1ef94

SHA1
693a84fce2d8a0bdd4db8899e5d84601ad3da199

SHA256
325b0486739ac992e9e5a8c67c34449e368bed9f6437a761d4dcc7c76156c02e

SHA512
2e30f5dd4e17a2ea7b69373f641e109b1725fe41213000b63c9c5465b845a743d725950576289f08b60e9b60c2f7e2c924a29efe2440d312598efeb57d2c70f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ae34db388b870f91_0

Filesize
255B

MD5
a83666dd0f6dcc798d52daa1f9c05092

SHA1
d64434cdf79efbe8be60b90c639ff73ed9b57b4f

SHA256
43d835d160a53412aa11087a8950f3a7bc1002119db9999fa70846cdc800568c

SHA512
6cd1c139af343fd1624138a25ebf32cee78ee72ae5eca977fea6be96605ecf4387aef6defb9e0eb0f19949fa23e766cfbb1b38a55fc03465213cbe356d0bab3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ae34db388b870f91_0

Filesize
3KB

MD5
f88e1800e8a5b7bc7962d31e02c1525a

SHA1
783c44866652b95685ebdd4decb048a071c3210f

SHA256
222b85085d72df9165c45a0aef9b8ad4a806c03776925a926f3083710c8b9b86

SHA512
9020b6188756ce3b0671fd0159675e59e400eb3708676a851f34c2f2c09bbbb243b712c69d376e651b8ec9368b1cb1444ab8116765dd1d054ce62dce6e339b5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
89453f10aa0c5a80700b813bc28de6b0

SHA1
7a0401ff34f65a69f0742493833a8a56b4dce306

SHA256
e22c90e8bcbb7c89f7269a7bdf135bfab7adc6938392a109d73b1cf9ec8c2873

SHA512
78e378beb2ad14ab57fe23555dd88bb7de68577c6ec9550ac9d72f0dc4fb70e3bb4b23d34e097d2019756fbec94b1c8733c2175202030d1710924b4e5f646b0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\000001.dbtmp

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.linkedin.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
2df672f39638ad05389b97cea2e20417

SHA1
afd10da168ea2de4a78bf76ecf772b3ecdee1f56

SHA256
11c5bc03ce5c67cec40f2267659e630202deb0e6a940df6514f1f748afdc037d

SHA512
8cf489dc7c0acec285499c592b6f180aead79d360c9e22de97d79458013c7d1330830b1cafe0240a2ebdef5eed319b169a4cd18b6941b6155fe9eff6f0f1cf0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
caa16251bb66c698b789efdb08d01046

SHA1
17e7415b6d8a71425c8475c8250054f1a8cea3ac

SHA256
3331c40c1f028966ebde2fb99b76b3e55f2d2a5f5e5d15738e3093b0cfcc1254

SHA512
dabece2a5fbc85c6c703ad144141849330a43912262c8916297713428593ffa00028ddb2073aedd7de6295f8c883dcb2019de3eaa361b555ed4a9b5a2b17a2b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
3afa179f5462971e1a2ac6e4db2be754

SHA1
73f9ab25e70bda14376185bfc4dff85303521469

SHA256
cfa169d459f57c9153e194846854fc7f04e28496b9b77a7a4aed024cb401189a

SHA512
20b467d4dd5767daa009b0c090bb66fe361b4dd6f83e18c35386cef897092956a8f61c46d28156f6ebc2d96521cdb8c4cd7eedc08c9555b49a950bd9eca98a00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
af06738ef76028f74559c3af9ad24631

SHA1
edd13869def73d9edf483c537c0b1d086ebaf8a3

SHA256
7468c8a147ac6ce56b1ed2abcbd88cf903a0e1c5ba06de476abae25aca96eca0

SHA512
cf025d6da529b2b03836280cb133c593cfaeec2765a9ddf4cde4fdf89ea70fe127eec68582dfe42c1114283799d1b5907695f4992b99647c28bd72e17f2f3370

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
a1fe472f37c6184d7e552896d1a73d28

SHA1
74e443c218d12bb1dcd3623d3977d30a4effb1e3

SHA256
04841a54a719a2b03beb6b8fca2cb7cd71c9235b38417df848987af4bc4610e3

SHA512
7559c1c922f8081abe49a6f124cb2c3c829100c175b2541b954fcd059dd177e17c1aa33256d7c5bd20c5658dcad3fac3190810bbe0d465830f255e5bad0e289b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
d1375ea680958766fd05a887a5a3a191

SHA1
13869a26486364dedc8cb14e0f0cf0310d412b66

SHA256
0dc2b34332940c0c58598c1a28dba9d63e9a73eb601fddf3b5bd4e59379bfbc4

SHA512
5b2a35b34ee2a1eb4d25d4156bf77c254b149041fb6756cb647d8f94540e224133ccaa66e077b54895ec07f990bb2da5b5e7a2afc4d24603db76e3374b61666a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2cae4f4cc4f53f593fa2e2850291c9dd

SHA1
acf365b3509f567340a948a16be12bad394e82bc

SHA256
aa1a0de5f2bab29d04c7a99d5092bccc4ee9d9ef2de702a0c63338b9b314ef9f

SHA512
42babebc1273ad1784c995aff9ad30ec65494ada68129a4322fe5c0bd5480ca36eaf1eda54afa760243054f5f1b1cada3fe922f4bf5b64e0226ed294b871d5dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
02c942d79371fb17b199eacff9afe8b6

SHA1
ee6e398c1da6b2f9df006c2fb71bce396c6e0839

SHA256
130ab861fa89704969790c1b58b5c522b88ad6cc4c44d70ae40b3bf8659d28f2

SHA512
4575ac30a13dcd859ff0a2dc5d5c073beea78c583adf08788f119ffc027e81eb2ad81238eb2c25d7eb20ea832cf7eb2a6d4bbb2508e9a671af88c6dda955515e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
f1ef9d86d283eaf3d80fbe13f6f5a8e8

SHA1
eacde10de1c95855435e3dea2426b4ccec91ae6d

SHA256
e992f25129a00ec30dda58ff4666687950942f230e491d8c09acd25708f5a556

SHA512
7f51f0808dc437cc09f220488cdcb44d753f4d138f554e297c13656cf8c4756e0e4cf1aa4f58e17eda96e13813bdd43522aa198b983211280bf5904e1598553d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
88f15415beb89c8915c22afe5b188b0c

SHA1
0f1f16f42ea08a0b2937952b3007b877e5ed9198

SHA256
071eb2a57bcc7cd4c69d847fb492b5eadac2042c1f4583c725b3e53c293f6b56

SHA512
1261aaff11bc583c6f2cd11a512f3896e47b7c29446d3dd50847d1662bc616e8bc3ce2dd84f19b8a6385b19b841198e8d859603c670b3c2236c8d4a471c33fb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
51fd244535432666013c354866237a63

SHA1
3fbb2dad9e2f0c1aaa9b9d475711bcf280d2b909

SHA256
6b89d197e8a5021f4f1a07eab6ae683a7b6f8696a14799feff0eae43c744db26

SHA512
5e318fe36b5007b055c85ce36bd445c2bbe542dbc084970d8ec4f9d782cc9b3f1414f7126dbd5ef854610d50ad542b713d2376674dd5f6f655d8b32827a55bc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
26B

MD5
2892eee3e20e19a9ba77be6913508a54

SHA1
7c4ef82faa28393c739c517d706ac6919a8ffc49

SHA256
4f110831bb434c728a6895190323d159df6d531be8c4bb7109864eeb7c989ff2

SHA512
b13a336db33299ab3405e13811e3ed9e5a18542e5d835f2b7130a6ff4c22f74272002fc43e7d9f94ac3aa6a4d53518f87f25d90c29e0d286b6470667ea9336ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
90B

MD5
094f3183704dc4409ee0965698b9abc9

SHA1
a3019fbd6a776c7919a906ad6d6af2d9dcdec92e

SHA256
d127cbd5c5b4ef3f201ee9cdf2ac01a3ad4eb99f907ce59d0c72a28c8778f00b

SHA512
8a7314be4eb904e510b93134e4160ded3fdc4571e1032dbc647328fcfbab49579887ac241591f53b7defcf087535dee3758f78e65c909a602053491454817799

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe577f90.TMP

Filesize
90B

MD5
e2d53728ea3b2147b11183b640076b09

SHA1
44200f7abdb85619394c04deeb79553653688ae1

SHA256
c7ee4b99f03818efa5c101bbb565e0fb2e24195ef1e2701a9fc7486cf0e7961e

SHA512
a43023c8362cada80572f50855d05b9f053697457e600431cd25f9e4b9137c191ff1d5a0666b5b265809c0055af03d609476d02f6931d202ab498734e9970923

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
98fe369309f7ae05291eb424eb7d5943

SHA1
87a0b388b06219a596a423515365c2a2b51c9e60

SHA256
d1e1961317a865a65be0daa00249a0287079a26f38f0cc1fafaa43fcdb36d449

SHA512
3055a305d00432486d39b14c8d6fc6130174f205e683e14572efc64878558658a9b9472c049d9a8e3378e4701b8fb172206ad34e5ed2abbcd56fca696e7818a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
d48dec64db5f43e59a4bf4c153331247

SHA1
9fc24ebb53279f0af6543193beaf794a643e08ae

SHA256
7ab65dd9999affd2189d29bf42263ebef987206afd47075edc1106436cfc6baf

SHA512
d73f945fd88b7e258da6fee8fc47802c81d2c4701c40ca50443a68033e51ae12978a9b82f4b2c3d0d0740ee1bfcf1007e0179fe4f9a02a33ba9a5c4dd0554038

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d10cf02121d55ebb3547f0ef745d8723

SHA1
40f4a96600499ec6f71971909a9063cb6dd5d2bd

SHA256
5886dcc1c45ed7f46d4e9233e55a93bdf31417c18480f4eecd8a46fc8551a216

SHA512
023f3e263ec9b504336f5f3e6034631ed05a06519a34e289ca5f02225290d92fe63518221c960b3d383a1bab477c6fe1f8dec18180572993761bcc3c1cd090e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
d6d2a9ee18e2230a5a315462cb183296

SHA1
fb0b779eb104c9893198d4dae1f8dd6bdaaf2ad3

SHA256
5b09034968e26655674440eee5c6b8c491c20f30ce28f2d27b069bd15671b4ef

SHA512
833cef73222002c8dc060f4cf893a8579b73a4d727807c375879694643df7d21e36f85992adfb71d9a634594443316c4f70faf4c5aca3f4ed169ebb4c6b6f4f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b7dd5c53eb0c568ce0ff09dd2958d2bd

SHA1
88d9636f5bec090318346dd178c930c6694ff0ef

SHA256
c860525e390b285a078cdbb6260adad532455a6a82b3a33c8f224c459fe5f0c8

SHA512
9235f7a9a81af7e25819910aabc8631ada92f712b53b7b7ea424c666bdaa8e60cad38f6cf79484e8cb215b2e85b8ca596527862d79ad1733134e898e859eb76a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c481831b740d279e7565ff4ef2e124ac

SHA1
1d36865056e728538a10fa9fddb684e42f4dccc8

SHA256
5fd3d069bc62fad55a1292712ff42886f8d0ec70adc16c1450efb38bbaa14e50

SHA512
48fd46077d46cacd5001cc0ab9e3780aa6b984d6fb92bd4934e40dee71b7b690f836eda76c3e81b2bf69f77ae72a498de518de0a2af454566775c2049d151d8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe579942.TMP

Filesize
204B

MD5
6a9fac3deef8c43667c406a20e367cd3

SHA1
8676a882dee485b618bbdbe7a5f2a756b9cc175c

SHA256
3749ba7c92a4ffb6509b1badf030c6eefcedcfe525342758c70eeecff0aa2397

SHA512
2b5be9e6bc52b9ee3cd2cd513b1ebc7d5c599db688893ece3240172b4058c4782829bfc5f66af575f0e44f5ae0144e3479b69a9cc7008091e5f8dd75855e0bc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
eb0d505d3624471ebea2a05c688491ea

SHA1
383f6dfaf71f6b43ea52b27ba2f687520bc02054

SHA256
12f61980c52be524511189dc218ad3936e6855d32ea460647e8e1e37135cee12

SHA512
ca2ef08bdefc18bdacf795f6e53913d2a8e666a5df7c145bacc00a4d2b2f1b53c626c9dc1515fca1502834a9c3f775ec613238dc0f92fa81aa14692b2e50cc66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f925e258f837db51296ffd7c427db879

SHA1
cf64b0f34ddf03ef7068c3f6f0cd2af5fcae56a0

SHA256
7069ca3c47673ab4f85283ee7072af8ef6bb1e6bb3acb7af0bad9e23436801cb

SHA512
48c88173ec15acc60a1d80f6466469118e011bae486d04ca3e8bffc6cea8a5b36bff72dc66699264e905f1084f96f83137b7f0847faf0534db8abfbc0b912822

Download Submit
C:\Users\Admin\AppData\Local\Temp\6233d76

Filesize
5.9MB

MD5
487f2bff0a0241767ba04c9ad4b548cb

SHA1
9e60976e40ee93bb51f4c64ed41dcd22585476ce

SHA256
ca23b2cb90ddfe834fd2089232221bd325ae3bf8961ecc06729c6a4a4b96e1f5

SHA512
aefe7ed653dde15a021069a3e67db2353c4976817a35be7c6bc0bcef82713bdc86c2c12b098896594310bae30c1a8b6a7e329fc1d6bd38a1aae7760202c75752

Download Submit
C:\Users\Admin\Desktop\filе_hеrе\use_7788_tо_оpen\ACDBASE.DLL

Filesize
2.9MB

MD5
dace23695dcfa0f7309b65366ac75bc0

SHA1
c5b1bad2dec36852fae90f81f0dbd00518479c01

SHA256
cf8b85beeff99b13d06ed15c79e555ab74e30dfa1491a36c4332f54ed09887e4

SHA512
0e1e5fc158fb39c3c3c7733226cb846407cd01ca1c49800fb7668134ebef129ab43030f2768a8b149b5ba9a18b2d1b0f8bf23d1a8de487a482e9268e0b679bbb

Download Submit
C:\Users\Admin\Desktop\filе_hеrе\use_7788_tо_оpen\Setup.exe

Filesize
8.5MB

MD5
98169506fec94c2b12ba9930ad704515

SHA1
bce662a9fb94551f648ba2d7e29659957fd6a428

SHA256
9b8a5b0a45adf843e24214b46c285e44e73bc6eaf9e2a3b2c14a6d93ae541363

SHA512
7f4f7ac2326a1a8b7afc72822dae328753578eb0a4ffcec5adb4e4fb0c49703070f71e7411df221ee9f44d6b43a0a94921fe530877c5d5e71640b807e96def30

Download Submit
C:\Users\Admin\Desktop\filе_hеrе\use_7788_tо_оpen\api-ms-win-crt-convert-l1-1-0.dll

Filesize
25KB

MD5
9f812bd3815909e559b15cb13489f294

SHA1
df751c956f59b4e3c82496d86895adc7cc1a1619

SHA256
ce6fcc2ddf21720c92bee04f5736a4787acffa970a1b0dbeea39ff5efec52c75

SHA512
0a360e8b81bf80cb6bdf240d627ddcf71b1a4ca42759de61b2d27fab521a8e6e3afa308cc69caf5a7c8b14d98d3d448f0d400ae1826cbe7d0f0ceafd14682064

Download Submit
C:\Users\Admin\Desktop\filе_hеrе\use_7788_tо_оpen\api-ms-win-crt-environment-l1-1-0.dll

Filesize
21KB

MD5
1a72e5f24214eb723e03a22ff53f8a22

SHA1
578d1dbfb22e9ff3b10c095d6a06acaf15469709

SHA256
fda46141c236a11054d4d3756a36da4412c82dd7877daad86cb65bf53d81ca1a

SHA512
530e693daecc7c7080b21e39b856c538bb755516aafdb6839a23768f40bcfc38d71b19586e8c8e37bb1c2b7a7c31fcb8e24a2315a8dd90f50fec22f973d86cb4

Download Submit
C:\Users\Admin\Desktop\filе_hеrе\use_7788_tо_оpen\api-ms-win-crt-heap-l1-1-0.dll

Filesize
21KB

MD5
9d136bbecf98a931e6371346059b5626

SHA1
2466e66bfd88dd66c1c693cbb95ea8a91b9558cd

SHA256
7617838af1b589f57e4fe9fee1e1412101878e6d3287cdc52a51cd03e3983717

SHA512
8c720c798d2a06f48b106a0a1ef38be9b4a2aebe2a657c8721278afa9fdbab9da2a672f47b7996ca1ce7517015d361d77963c686e0ae637a98c32fd75e5d0610

Download Submit
C:\Users\Admin\Desktop\filе_hеrе\use_7788_tо_оpen\api-ms-win-crt-runtime-l1-1-0.dll

Filesize
25KB

MD5
6b39d005deb6c5ef2c9dd9e013b32252

SHA1
79a0736454befd88ba8d6bd88794d07712e38a67

SHA256
b0e50572eb82a46ed499775e95bfde7cb25c498957432c18c20cf930f332efd0

SHA512
50bc1f669499589a480379d72166dae701914427d51223994d63a0363420ca6fdde07010803270a62451afea9e4ae55206d8a4c00ca4680e7a9120cd33f99a0f

Download Submit
C:\Users\Admin\Desktop\filе_hеrе\use_7788_tо_оpen\api-ms-win-crt-stdio-l1-1-0.dll

Filesize
25KB

MD5
97f24295c9bd6e1acae0c391e68a64cf

SHA1
75700dce304c45ec330a9405523f0f22e5dcbb18

SHA256
189d551fb3cba3dbb9b9c1797e127a52ac486d996f0ac7cba864fe35984a8d28

SHA512
cac75f623545c41b2597a25c14f2af7eb93e3e768b345d3b0e1928d8fd1f12bec39b18b8277f9550aa6a66d9cfe1bf6c3db93ae1eb2a6c07019d4f210b3e5998

Download Submit
C:\Users\Admin\Desktop\filе_hеrе\use_7788_tо_оpen\api-ms-win-crt-string-l1-1-0.dll

Filesize
25KB

MD5
d282a4fa046d05d40d138cc68c518914

SHA1
d5012090399f405ffe7d2fed09650e3544528322

SHA256
8b1471101145343da5f2c5981c515da4dfae783622ed71d40693fe59c3088d7a

SHA512
718926e728627f67ba60a391339b784accd861a15596f90d7f4e6292709ac3d170bcbca3cbf6267635136cb00b4f93da7dfd219fa0beee0cf8d95ce7090409e4

Download Submit
C:\Users\Admin\Desktop\filе_hеrе\use_7788_tо_оpen\api-ms-win-crt-time-l1-1-0.dll

Filesize
21KB

MD5
6d35a57a6d8d569f870b96e00e7f1f4d

SHA1
8407bdb3cd5ec15b2ce738b3dbd704aa289ce3e1

SHA256
f41511e477a164eb9451ca51fb3810437f3b15f21e6f5c6ce0956e84ec823723

SHA512
4317b86d32ca93e5f0d832819cf1ab8af68e853a19eb07dd1fa4d168a0b2a8eab309194884ed3a613b09fc6d511be872a053f76f00ea443499006cdd226fea8f

Download Submit
C:\Users\Admin\Desktop\filе_hеrе\use_7788_tо_оpen\api-ms-win-crt-utility-l1-1-0.dll

Filesize
21KB

MD5
8ed70910380aa0b28317512d72762cc0

SHA1
0421518370f24f9559f96459d0798d98b81ea732

SHA256
f15af0db93d9385ff9d8efdc06aacd0729d0dfcb66e91ca0243bb160f2ed89d0

SHA512
b31ef07eaac310fdd3df3546246e7dc696595b8e92141e3db79a44ddc3358b12129e3829a53c76d0fef214e3f29dba77fa5d556211830a140ea34ff62258d9d7

Download Submit
C:\Users\Admin\Desktop\filе_hеrе\use_7788_tо_оpen\epiphragm.psd

Filesize
5.6MB

MD5
c43d96e934bdcc39bb4c59d3d766470e

SHA1
0ddc818c3c832b491b48456b29c1a509219a4372

SHA256
e695c409dd8f4297ed86c520293f52a3f8c44739734ec7d8d52ece3450356cc6

SHA512
19169d612f0aba407f76d8e73b222789ee068ece1a02477fadbcd0084a70e647f910466f5f853d74c90b438f5acb633adea578e5a80c9c90c1bc988d19a377b4

Download Submit
C:\Users\Admin\Desktop\filе_hеrе\use_7788_tо_оpen\libmmd.dll

Filesize
4.0MB

MD5
43f721959c4abc70bd7a0322db76ec59

SHA1
5c077409e71048f7022397c432f4f03038e68173

SHA256
e64ddffd26abd3dbdfa732d779515c5db519107f2c98b81aaa610f1eda373d85

SHA512
cff1a8666ebca04b70b01b27260b6bacb4fc0352f2dd18ebc4815932317beda0949d51e9692ec79ba7529a1b4e11ee49c40c31a9cef8a73a861568771546ba96

Download Submit
C:\Users\Admin\Desktop\filе_hеrе\use_7788_tо_оpen\sulphanilamide.yaml

Filesize
77KB

MD5
68acfc368c5fb4c1523bbe7894e75b9f

SHA1
1f5895cfab8a22eb55e077f04525dc7fd25c1049

SHA256
391bcd9c7df6e29fb4262be92ba02aab4019cdb138a3e5c962035db26ffc1f72

SHA512
7361cd7748d848aa9352fd4749acbe36fba02fe3ac2d8773cbc536011abf97fc90a8a2414c2b57eed90a86c5942201df0e2ef32c5ab3045fd0a1dafdbe896d7f

Download Submit
C:\Users\Admin\Desktop\filе_hеrе\use_7788_tо_оpen\vcruntime140.dll

Filesize
116KB

MD5
699dd61122d91e80abdfcc396ce0ec10

SHA1
7b23a6562e78e1d4be2a16fc7044bdcea724855e

SHA256
f843cd00d9aff9a902dd7c98d6137639a10bd84904d81a085c28a3b29f8223c1

SHA512
2517e52f7f03580afd8f928c767d264033a191e831a78eed454ea35c9514c0f0df127f49a306088d766908af7880f713f5009c31ce6b0b1e4d0b67e49447bfff

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 243462.crdownload

Filesize
20.2MB

MD5
40e377501f777b2dbade67bacd12ae52

SHA1
0781790275b8fafc10d338c5c05c215273c0b4e6

SHA256
654a6be242d1dc6768b32ea2f730e4ef5a8205a46329a612b04a8fb5521e2de3

SHA512
de3128313e5aae002736cd6f521d6451ebe4c4939a25b4a9fe8400563107b9675a1f986580e92571089c6f2473b0aec6efab56c02f110251b65b585bfac885d1

Download Submit
C:\Users\Admin\Downloads\[FRЕЕ]-app_mаnual_install_v5.111_7985.zip

Filesize
23.5MB

MD5
fcea8f5e8a93cf5267cfe3f0249f7e04

SHA1
83ed0ceabe858141c9c0d13a80335e225751b7e2

SHA256
65245fcd9e1a254b22934d06fd21c2f8af903076e3e24ecb170a57e7bdf7eec2

SHA512
4474b97d9b6103d457f29c7d12cf0338726430ab4698178ad870215d696ca35a665306a3d478f33e2b75ff0f18a66d4d5521cd3b6d61be1d27823ea37216ebea

Download Submit
memory/2896-830-0x00007FF91E1F0000-0x00007FF91E3E5000-memory.dmp

Filesize
2.0MB

Download
memory/4032-682-0x00007FF8FC110000-0x00007FF8FC282000-memory.dmp

Filesize
1.4MB

Download
memory/4032-668-0x0000000000400000-0x0000000001CF7000-memory.dmp

Filesize
25.0MB

Download
memory/4032-673-0x0000000000400000-0x0000000001CF7000-memory.dmp

Filesize
25.0MB

Download
memory/4032-713-0x00007FF8FC110000-0x00007FF8FC282000-memory.dmp

Filesize
1.4MB

Download
memory/4032-671-0x0000000000400000-0x0000000001CF7000-memory.dmp

Filesize
25.0MB

Download
memory/4032-669-0x0000000000400000-0x0000000001CF7000-memory.dmp

Filesize
25.0MB

Download
memory/4032-670-0x0000000000400000-0x0000000001CF7000-memory.dmp

Filesize
25.0MB

Download
memory/4032-656-0x0000000004080000-0x0000000004268000-memory.dmp

Filesize
1.9MB

Download
memory/4032-664-0x0000000000400000-0x0000000001CF7000-memory.dmp

Filesize
25.0MB

Download
memory/4032-666-0x0000000000400000-0x0000000001CF7000-memory.dmp

Filesize
25.0MB

Download
memory/4896-1052-0x0000000000E00000-0x0000000001553000-memory.dmp

Filesize
7.3MB

Download
memory/4896-920-0x00007FF91E1F0000-0x00007FF91E3E5000-memory.dmp

Filesize
2.0MB

Download
memory/4896-919-0x0000000000E00000-0x0000000001553000-memory.dmp

Filesize
7.3MB

Download
memory/4896-939-0x0000000000E00000-0x0000000001553000-memory.dmp

Filesize
7.3MB

Download