hxxps://github[.]com/Da2dalus/The-MALWARE-Repo

Resubmissions

07/05/2024, 00:05

240507-adkv7ahe4v 8

06/05/2024, 23:49

240506-3t63ksbh68 10

06/05/2024, 23:46

240506-3shzcsbg86 8

Analysis

max time kernel
565s
max time network
553s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
07/05/2024, 00:05

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

https://github.com/Da2dalus/The-MALWARE-Repo

Score

8^/10

bootkit persistence

Malware Config

Signatures

Downloads MZ/PE file

Manipulates Digital Signatures 1 TTPs 17 IoCs

Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	regedit.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	regedit.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	regedit.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	regedit.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	regedit.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	regedit.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	regedit.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	regedit.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	regedit.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	regedit.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	regedit.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	regedit.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	regedit.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	regedit.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	regedit.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	regedit.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	regedit.exe

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3726321484-1950364574-433157660-1000\Control Panel\International\Geo\Nation	MEMZ.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3726321484-1950364574-433157660-1000\Control Panel\International\Geo\Nation	MEMZ.exe

Executes dropped EXE 8 IoCs

pid	Process
5188	Gas.exe
2276	MEMZ.exe
4544	MEMZ.exe
3940	MEMZ.exe
4772	MEMZ.exe
4104	MEMZ.exe
4816	MEMZ.exe
3580	MEMZ.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
78	raw.githubusercontent.com
79	raw.githubusercontent.com

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	MEMZ.exe

Drops file in System32 directory 11 IoCs

description	ioc	Process
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00002.jrs	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.jfm	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSStmp.log	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00001.jrs	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jcp	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.log	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jtx	svchost.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 17 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE

Enumerates system info in registry 2 TTPs 30 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3726321484-1950364574-433157660-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Key deleted	\REGISTRY\USER\.DEFAULT\Control Panel\Colors	regedit.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CWindows%5CSystemApps%5CMicrosoft.XboxGameCallableUI_cw5n1h2txyewy%5Cresources.pri\1d5acdddadc1b8f\a37dfe62	regedit.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MrtCache	regedit.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\Logs	regedit.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata	regedit.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	regedit.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4	regedit.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.System.MiracastReceiver	regedit.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CWindows%5CSystemApps%5CMicrosoft.ECApp_8wekyb3d8bbwe%5Cresources.pri\1d7e53674f18dea	regedit.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust	regedit.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentEcs\all	regedit.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CWindows%5CSystemApps%5CMicrosoft.AsyncTextService_8wekyb3d8bbwe%5Cresources.pri	regedit.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-19\02vdhixabfislqqa	regedit.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	regedit.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	regedit.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CMicrosoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe%5Cresources.pri\1d5ace4dcd9f954	regedit.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Control Panel\Input Method\Hot Keys\00000202	regedit.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CWindows%5CSystemApps%5CMicrosoft.Windows.OOBENetworkCaptivePortal_cw5n1h2txyewy%5Cresources.pri	regedit.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\Assemblies	regedit.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\Logs\02jyuezmqnasienc	regedit.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.BackgroundAccess	regedit.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Control Panel\Accessibility\HighContrast	regedit.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages	regedit.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CWindows%5CSystemApps%5CMicrosoft.LockApp_cw5n1h2txyewy%5Cresources.pri\1d7e5367a448984\a37dfe62	regedit.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CMicrosoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe%5Cresources.pri\1d5ace4a450ec0e\a37dfe62	regedit.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CWindows%5CSystemApps%5Cmicrosoft.windows.narratorquickstart_8wekyb3d8bbwe%5Cresources.pri\1d5acdded540f4d	regedit.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CWindows%5CSystemApps%5CMicrosoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy%5Cresources.pri\1d5acddea4e2414\a37dfe62	regedit.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "136"	LogonUI.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CMicrosoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe%5Cresources.pri\1d5ace4e9324c5f\a37dfe62	regedit.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CMicrosoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe%5Cresources.pri\1d5ace48a557267	regedit.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CWindows%5CSystemApps%5CMicrosoft.Windows.OOBENetworkConnectionFlow_cw5n1h2txyewy%5Cresources.pri\1d5acddeb9b0f78\a37dfe62	regedit.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	regedit.exe
Key deleted	\REGISTRY\USER\.DEFAULT\System	regedit.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.Share	regedit.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CWindows%5CSystemApps%5CMicrosoft.Windows.CloudExperienceHost_cw5n1h2txyewy%5Cresources.pri\1d7e5366dd4697d	regedit.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CMicrosoft.XboxIdentityProvider_12.50.6001.0_x64__8wekyb3d8bbwe%5Cresources.pri\1d5ace4be88d553\a37dfe62	regedit.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentEcs\officeclicktorun\Overrides	regedit.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.HelloFace	regedit.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.Wwansvc	regedit.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Control Panel\International\User Profile System Backup\en-US	regedit.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Microsoft\IdentityCRL\Environment	regedit.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer	regedit.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CWindows%5CSystemApps%5CMicrosoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy%5Cresources.pri\1d5ace438733a83	regedit.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\Identity	regedit.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1	regedit.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-21-3726321484-1950364574-433157660-1000\02ucmushjgeilpvo	regedit.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CWindows%5CSystemApps%5CMicrosoft.Windows.XGpuEjectDialog_cw5n1h2txyewy%5Cresources.pri\1d7e536746cabe0\a37dfe62	regedit.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-95739096-486727260-2033287795-3853587803-1685597119-444378811-2746676523\Children	regedit.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Advanced INF Setup\IE40.UserAgent	regedit.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1	regedit.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.LocationManager	regedit.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\PushNotifications\Backup\Windows.SystemToast.LowDisk	regedit.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CMicrosoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe%5Cresources.pri\1d5ace4d3c7085b	regedit.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	regedit.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	regedit.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	regedit.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CWindows%5CSystemApps%5CMicrosoft.BioEnrollment_cw5n1h2txyewy%5Cresources.pri\1d7e53689ea9e9c	regedit.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CMicrosoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe%5Cresources.pri\1d5ace495c536df\a37dfe62	regedit.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Policies	regedit.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Control Panel\Desktop\WindowMetrics	regedit.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5CMicrosoft.XboxIdentityProvider_12.50.6001.0_x64__8wekyb3d8bbwe%5Cresources.pri\1d5ace4be88d553	regedit.exe

Modifies registry class 8 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3726321484-1950364574-433157660-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3726321484-1950364574-433157660-1000_Classes\Local Settings	control.exe
Key created	\REGISTRY\USER\S-1-5-21-3726321484-1950364574-433157660-1000_Classes\Local Settings	mspaint.exe
Key created	\REGISTRY\USER\S-1-5-21-3726321484-1950364574-433157660-1000_Classes\Local Settings	calc.exe
Key created	\REGISTRY\USER\S-1-5-21-3726321484-1950364574-433157660-1000_Classes\Local Settings	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3726321484-1950364574-433157660-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3726321484-1950364574-433157660-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3726321484-1950364574-433157660-1000_Classes\Local Settings	firefox.exe

NTFS ADS 3 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 261620.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 294554.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 835335.crdownload:SmartScreen	msedge.exe

Runs regedit.exe 1 IoCs

pid	Process
808	regedit.exe

Suspicious behavior: AddClipboardFormatListener 3 IoCs

pid	Process
5788	vlc.exe
2288	WINWORD.EXE
2288	WINWORD.EXE

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2736	msedge.exe
2736	msedge.exe
608	msedge.exe
608	msedge.exe
5044	identity_helper.exe
5044	identity_helper.exe
5976	msedge.exe
5976	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
2004	msedge.exe
2004	msedge.exe
4104	msedge.exe
4104	msedge.exe
2740	msedge.exe
2740	msedge.exe
4544	MEMZ.exe
4544	MEMZ.exe
4544	MEMZ.exe
4544	MEMZ.exe
4544	MEMZ.exe
4544	MEMZ.exe
4772	MEMZ.exe
4772	MEMZ.exe
3940	MEMZ.exe
3940	MEMZ.exe
4816	MEMZ.exe
4816	MEMZ.exe
4772	MEMZ.exe
4772	MEMZ.exe
4544	MEMZ.exe
4544	MEMZ.exe
4104	MEMZ.exe
4104	MEMZ.exe
4772	MEMZ.exe
4772	MEMZ.exe
4816	MEMZ.exe
4816	MEMZ.exe
3940	MEMZ.exe
3940	MEMZ.exe
3940	MEMZ.exe
3940	MEMZ.exe
4816	MEMZ.exe
4816	MEMZ.exe
4772	MEMZ.exe
4772	MEMZ.exe
4104	MEMZ.exe
4104	MEMZ.exe
4544	MEMZ.exe
4544	MEMZ.exe
4816	MEMZ.exe
4816	MEMZ.exe
3940	MEMZ.exe
3940	MEMZ.exe
4544	MEMZ.exe
4104	MEMZ.exe
4104	MEMZ.exe
4544	MEMZ.exe
4772	MEMZ.exe
4772	MEMZ.exe
4772	MEMZ.exe
4772	MEMZ.exe

Suspicious behavior: GetForegroundWindowSpam 6 IoCs

pid	Process
5368	OpenWith.exe
1088	OpenWith.exe
5788	vlc.exe
808	regedit.exe
5740	OpenWith.exe
5520	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
608	msedge.exe
608	msedge.exe
608	msedge.exe
608	msedge.exe
608	msedge.exe
608	msedge.exe
608	msedge.exe
608	msedge.exe
608	msedge.exe
608	msedge.exe
608	msedge.exe
608	msedge.exe
608	msedge.exe
608	msedge.exe
608	msedge.exe
608	msedge.exe
608	msedge.exe
608	msedge.exe
5696	chrome.exe
5696	chrome.exe
5696	chrome.exe
608	msedge.exe
608	msedge.exe
876	msedge.exe
876	msedge.exe
876	msedge.exe
876	msedge.exe
876	msedge.exe
876	msedge.exe
876	msedge.exe
876	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
1920	msedge.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
3276	chrome.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
4304	msedge.exe
3576	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	5280	firefox.exe
Token: SeDebugPrivilege	5280	firefox.exe
Token: SeDebugPrivilege	5280	firefox.exe
Token: SeShutdownPrivilege	5696	chrome.exe
Token: SeCreatePagefilePrivilege	5696	chrome.exe
Token: SeShutdownPrivilege	5696	chrome.exe
Token: SeCreatePagefilePrivilege	5696	chrome.exe
Token: SeShutdownPrivilege	5696	chrome.exe
Token: SeCreatePagefilePrivilege	5696	chrome.exe
Token: SeShutdownPrivilege	5696	chrome.exe
Token: SeCreatePagefilePrivilege	5696	chrome.exe
Token: SeShutdownPrivilege	5696	chrome.exe
Token: SeCreatePagefilePrivilege	5696	chrome.exe
Token: SeShutdownPrivilege	5696	chrome.exe
Token: SeCreatePagefilePrivilege	5696	chrome.exe
Token: SeShutdownPrivilege	5696	chrome.exe
Token: SeCreatePagefilePrivilege	5696	chrome.exe
Token: SeShutdownPrivilege	5696	chrome.exe
Token: SeCreatePagefilePrivilege	5696	chrome.exe
Token: SeShutdownPrivilege	5696	chrome.exe
Token: SeCreatePagefilePrivilege	5696	chrome.exe
Token: SeShutdownPrivilege	5696	chrome.exe
Token: SeCreatePagefilePrivilege	5696	chrome.exe
Token: SeShutdownPrivilege	5696	chrome.exe
Token: SeCreatePagefilePrivilege	5696	chrome.exe
Token: SeShutdownPrivilege	5696	chrome.exe
Token: SeCreatePagefilePrivilege	5696	chrome.exe
Token: SeShutdownPrivilege	5696	chrome.exe
Token: SeCreatePagefilePrivilege	5696	chrome.exe
Token: SeShutdownPrivilege	5696	chrome.exe
Token: SeCreatePagefilePrivilege	5696	chrome.exe
Token: SeShutdownPrivilege	5696	chrome.exe
Token: SeCreatePagefilePrivilege	5696	chrome.exe
Token: SeShutdownPrivilege	5696	chrome.exe
Token: SeCreatePagefilePrivilege	5696	chrome.exe
Token: SeShutdownPrivilege	5696	chrome.exe
Token: SeCreatePagefilePrivilege	5696	chrome.exe
Token: SeShutdownPrivilege	5696	chrome.exe
Token: SeCreatePagefilePrivilege	5696	chrome.exe
Token: SeShutdownPrivilege	5696	chrome.exe
Token: SeCreatePagefilePrivilege	5696	chrome.exe
Token: SeShutdownPrivilege	5696	chrome.exe
Token: SeCreatePagefilePrivilege	5696	chrome.exe
Token: SeShutdownPrivilege	5696	chrome.exe
Token: SeCreatePagefilePrivilege	5696	chrome.exe
Token: SeShutdownPrivilege	5696	chrome.exe
Token: SeCreatePagefilePrivilege	5696	chrome.exe
Token: SeShutdownPrivilege	5696	chrome.exe
Token: SeCreatePagefilePrivilege	5696	chrome.exe
Token: SeShutdownPrivilege	5696	chrome.exe
Token: SeCreatePagefilePrivilege	5696	chrome.exe
Token: SeShutdownPrivilege	5696	chrome.exe
Token: SeCreatePagefilePrivilege	5696	chrome.exe
Token: SeShutdownPrivilege	5696	chrome.exe
Token: SeCreatePagefilePrivilege	5696	chrome.exe
Token: SeShutdownPrivilege	5696	chrome.exe
Token: SeCreatePagefilePrivilege	5696	chrome.exe
Token: SeShutdownPrivilege	5696	chrome.exe
Token: SeCreatePagefilePrivilege	5696	chrome.exe
Token: SeShutdownPrivilege	5696	chrome.exe
Token: SeCreatePagefilePrivilege	5696	chrome.exe
Token: SeShutdownPrivilege	5696	chrome.exe
Token: SeCreatePagefilePrivilege	5696	chrome.exe
Token: SeShutdownPrivilege	5696	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
608	msedge.exe
608	msedge.exe
608	msedge.exe
608	msedge.exe
608	msedge.exe
608	msedge.exe
608	msedge.exe
608	msedge.exe
608	msedge.exe
608	msedge.exe
608	msedge.exe
608	msedge.exe
608	msedge.exe
608	msedge.exe
608	msedge.exe
608	msedge.exe
608	msedge.exe
608	msedge.exe
608	msedge.exe
608	msedge.exe
608	msedge.exe
608	msedge.exe
608	msedge.exe
608	msedge.exe
608	msedge.exe
608	msedge.exe
608	msedge.exe
608	msedge.exe
608	msedge.exe
608	msedge.exe
608	msedge.exe
608	msedge.exe
608	msedge.exe
608	msedge.exe
608	msedge.exe
608	msedge.exe
608	msedge.exe
608	msedge.exe
608	msedge.exe
608	msedge.exe
608	msedge.exe
608	msedge.exe
608	msedge.exe
608	msedge.exe
608	msedge.exe
608	msedge.exe
608	msedge.exe
608	msedge.exe
608	msedge.exe
608	msedge.exe
608	msedge.exe
608	msedge.exe
608	msedge.exe
5280	firefox.exe
5280	firefox.exe
5280	firefox.exe
5280	firefox.exe
5280	firefox.exe
5280	firefox.exe
5280	firefox.exe
5280	firefox.exe
5280	firefox.exe
5280	firefox.exe
5280	firefox.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
608	msedge.exe
608	msedge.exe
608	msedge.exe
608	msedge.exe
608	msedge.exe
608	msedge.exe
608	msedge.exe
608	msedge.exe
608	msedge.exe
608	msedge.exe
608	msedge.exe
608	msedge.exe
608	msedge.exe
608	msedge.exe
608	msedge.exe
608	msedge.exe
608	msedge.exe
608	msedge.exe
608	msedge.exe
608	msedge.exe
608	msedge.exe
608	msedge.exe
608	msedge.exe
608	msedge.exe
5280	firefox.exe
5280	firefox.exe
5280	firefox.exe
5280	firefox.exe
5280	firefox.exe
5280	firefox.exe
5280	firefox.exe
5280	firefox.exe
5280	firefox.exe
5280	firefox.exe
5280	firefox.exe
5280	firefox.exe
5280	firefox.exe
5280	firefox.exe
5280	firefox.exe
5280	firefox.exe
5280	firefox.exe
5280	firefox.exe
5280	firefox.exe
5280	firefox.exe
5788	vlc.exe
5788	vlc.exe
5788	vlc.exe
5696	chrome.exe
5696	chrome.exe
5696	chrome.exe
5696	chrome.exe
5696	chrome.exe
5696	chrome.exe
5696	chrome.exe
5696	chrome.exe
5696	chrome.exe
5696	chrome.exe
5696	chrome.exe
5696	chrome.exe
5696	chrome.exe
5696	chrome.exe
5696	chrome.exe
5696	chrome.exe
5696	chrome.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
5368	OpenWith.exe
5368	OpenWith.exe
5368	OpenWith.exe
5368	OpenWith.exe
5368	OpenWith.exe
5368	OpenWith.exe
5368	OpenWith.exe
5368	OpenWith.exe
5368	OpenWith.exe
5368	OpenWith.exe
5368	OpenWith.exe
5368	OpenWith.exe
5368	OpenWith.exe
5368	OpenWith.exe
5368	OpenWith.exe
5368	OpenWith.exe
5368	OpenWith.exe
5368	OpenWith.exe
5368	OpenWith.exe
5368	OpenWith.exe
5368	OpenWith.exe
5368	OpenWith.exe
5368	OpenWith.exe
5368	OpenWith.exe
5368	OpenWith.exe
5368	OpenWith.exe
5368	OpenWith.exe
5368	OpenWith.exe
5368	OpenWith.exe
5368	OpenWith.exe
5368	OpenWith.exe
5368	OpenWith.exe
5368	OpenWith.exe
5368	OpenWith.exe
5368	OpenWith.exe
5368	OpenWith.exe
5368	OpenWith.exe
5368	OpenWith.exe
5368	OpenWith.exe
5368	OpenWith.exe
5368	OpenWith.exe
5368	OpenWith.exe
5368	OpenWith.exe
5368	OpenWith.exe
5368	OpenWith.exe
5368	OpenWith.exe
5368	OpenWith.exe
5368	OpenWith.exe
5368	OpenWith.exe
5368	OpenWith.exe
5368	OpenWith.exe
5280	firefox.exe
5280	firefox.exe
5280	firefox.exe
5280	firefox.exe
5280	firefox.exe
5280	firefox.exe
5280	firefox.exe
1088	OpenWith.exe
1088	OpenWith.exe
1088	OpenWith.exe
1088	OpenWith.exe
1088	OpenWith.exe
1088	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 608 wrote to memory of 5016	608	msedge.exe	84
PID 608 wrote to memory of 5016	608	msedge.exe	84
PID 608 wrote to memory of 2960	608	msedge.exe	85
PID 608 wrote to memory of 2960	608	msedge.exe	85
PID 608 wrote to memory of 2960	608	msedge.exe	85
PID 608 wrote to memory of 2960	608	msedge.exe	85
PID 608 wrote to memory of 2960	608	msedge.exe	85
PID 608 wrote to memory of 2960	608	msedge.exe	85
PID 608 wrote to memory of 2960	608	msedge.exe	85
PID 608 wrote to memory of 2960	608	msedge.exe	85
PID 608 wrote to memory of 2960	608	msedge.exe	85
PID 608 wrote to memory of 2960	608	msedge.exe	85
PID 608 wrote to memory of 2960	608	msedge.exe	85
PID 608 wrote to memory of 2960	608	msedge.exe	85
PID 608 wrote to memory of 2960	608	msedge.exe	85
PID 608 wrote to memory of 2960	608	msedge.exe	85
PID 608 wrote to memory of 2960	608	msedge.exe	85
PID 608 wrote to memory of 2960	608	msedge.exe	85
PID 608 wrote to memory of 2960	608	msedge.exe	85
PID 608 wrote to memory of 2960	608	msedge.exe	85
PID 608 wrote to memory of 2960	608	msedge.exe	85
PID 608 wrote to memory of 2960	608	msedge.exe	85
PID 608 wrote to memory of 2960	608	msedge.exe	85
PID 608 wrote to memory of 2960	608	msedge.exe	85
PID 608 wrote to memory of 2960	608	msedge.exe	85
PID 608 wrote to memory of 2960	608	msedge.exe	85
PID 608 wrote to memory of 2960	608	msedge.exe	85
PID 608 wrote to memory of 2960	608	msedge.exe	85
PID 608 wrote to memory of 2960	608	msedge.exe	85
PID 608 wrote to memory of 2960	608	msedge.exe	85
PID 608 wrote to memory of 2960	608	msedge.exe	85
PID 608 wrote to memory of 2960	608	msedge.exe	85
PID 608 wrote to memory of 2960	608	msedge.exe	85
PID 608 wrote to memory of 2960	608	msedge.exe	85
PID 608 wrote to memory of 2960	608	msedge.exe	85
PID 608 wrote to memory of 2960	608	msedge.exe	85
PID 608 wrote to memory of 2960	608	msedge.exe	85
PID 608 wrote to memory of 2960	608	msedge.exe	85
PID 608 wrote to memory of 2960	608	msedge.exe	85
PID 608 wrote to memory of 2960	608	msedge.exe	85
PID 608 wrote to memory of 2960	608	msedge.exe	85
PID 608 wrote to memory of 2960	608	msedge.exe	85
PID 608 wrote to memory of 2736	608	msedge.exe	86
PID 608 wrote to memory of 2736	608	msedge.exe	86
PID 608 wrote to memory of 5008	608	msedge.exe	87
PID 608 wrote to memory of 5008	608	msedge.exe	87
PID 608 wrote to memory of 5008	608	msedge.exe	87
PID 608 wrote to memory of 5008	608	msedge.exe	87
PID 608 wrote to memory of 5008	608	msedge.exe	87
PID 608 wrote to memory of 5008	608	msedge.exe	87
PID 608 wrote to memory of 5008	608	msedge.exe	87
PID 608 wrote to memory of 5008	608	msedge.exe	87
PID 608 wrote to memory of 5008	608	msedge.exe	87
PID 608 wrote to memory of 5008	608	msedge.exe	87
PID 608 wrote to memory of 5008	608	msedge.exe	87
PID 608 wrote to memory of 5008	608	msedge.exe	87
PID 608 wrote to memory of 5008	608	msedge.exe	87
PID 608 wrote to memory of 5008	608	msedge.exe	87
PID 608 wrote to memory of 5008	608	msedge.exe	87
PID 608 wrote to memory of 5008	608	msedge.exe	87
PID 608 wrote to memory of 5008	608	msedge.exe	87
PID 608 wrote to memory of 5008	608	msedge.exe	87
PID 608 wrote to memory of 5008	608	msedge.exe	87
PID 608 wrote to memory of 5008	608	msedge.exe	87

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/Da2dalus/The-MALWARE-Repo
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbde1a46f8,0x7ffbde1a4708,0x7ffbde1a4718
  2⤵
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,7723729743718757992,16020372634223436592,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2220 /prefetch:2
  2⤵
  PID:2960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,7723729743718757992,16020372634223436592,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2180,7723729743718757992,16020372634223436592,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2480 /prefetch:8
  2⤵
  PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,7723729743718757992,16020372634223436592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:3392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,7723729743718757992,16020372634223436592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:1720
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,7723729743718757992,16020372634223436592,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5336 /prefetch:8
  2⤵
  PID:4764
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,7723729743718757992,16020372634223436592,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5336 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,7723729743718757992,16020372634223436592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
  2⤵
  PID:4020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,7723729743718757992,16020372634223436592,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
  2⤵
  PID:2224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,7723729743718757992,16020372634223436592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
  2⤵
  PID:324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,7723729743718757992,16020372634223436592,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4640 /prefetch:1
  2⤵
  PID:4764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2180,7723729743718757992,16020372634223436592,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5624 /prefetch:8
  2⤵
  PID:5704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,7723729743718757992,16020372634223436592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
  2⤵
  PID:5712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2180,7723729743718757992,16020372634223436592,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6032 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5976
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\DudleyTrojan.bat" "
  2⤵
  PID:6068
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\DudleyTrojan.bat" "
  2⤵
  PID:4256
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\DudleyTrojan.bat" "
  2⤵
  PID:3264
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\DudleyTrojan.bat" "
  2⤵
  PID:5352
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\DudleyTrojan.bat" "
  2⤵
  PID:5420
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\DudleyTrojan.bat" "
  2⤵
  PID:4604
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\DudleyTrojan.bat" "
  2⤵
  PID:5868
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\DudleyTrojan.bat" "
  2⤵
  PID:6012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,7723729743718757992,16020372634223436592,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3244 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,7723729743718757992,16020372634223436592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:1
  2⤵
  PID:5876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2180,7723729743718757992,16020372634223436592,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5484 /prefetch:8
  2⤵
  PID:5944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2180,7723729743718757992,16020372634223436592,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4800 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2004
- C:\Users\Admin\Downloads\Gas.exe
  "C:\Users\Admin\Downloads\Gas.exe"
  2⤵
  - Executes dropped EXE
  PID:5188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,7723729743718757992,16020372634223436592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1296 /prefetch:1
  2⤵
  PID:5160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2180,7723729743718757992,16020372634223436592,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5496 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,7723729743718757992,16020372634223436592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3056 /prefetch:1
  2⤵
  PID:1880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2180,7723729743718757992,16020372634223436592,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5252 /prefetch:8
  2⤵
  PID:5640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2180,7723729743718757992,16020372634223436592,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5632 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2740
- C:\Users\Admin\Downloads\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  PID:2276
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:4544
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:3940
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:4772
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:4104
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:4816
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /main
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Writes to the Master Boot Record (MBR)
    PID:3580
  - - C:\Windows\SysWOW64\notepad.exe
      "C:\Windows\System32\notepad.exe" \note.txt
      4⤵
      PID:3220
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+send+a+virus+to+my+friend
      4⤵
      PID:5636
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffbde1a46f8,0x7ffbde1a4708,0x7ffbde1a4718
        5⤵
        
        PID:3964
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=is+illuminati+real
      4⤵
      PID:2688
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffbde1a46f8,0x7ffbde1a4708,0x7ffbde1a4718
        5⤵
        
        PID:5512
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=batch+virus+download
      4⤵
      PID:760
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffbde1a46f8,0x7ffbde1a4708,0x7ffbde1a4718
        5⤵
        
        PID:5248
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=facebook+hacking+tool+free+download+no+virus+working+2016
      4⤵
      Enumerates system info in registry
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      PID:876
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffbde1a46f8,0x7ffbde1a4708,0x7ffbde1a4718
        5⤵
        
        PID:5808
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,17596584655569276215,12197058085054179156,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
        5⤵
        
        PID:5580
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,17596584655569276215,12197058085054179156,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
        5⤵
        
        PID:5040
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,17596584655569276215,12197058085054179156,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2964 /prefetch:8
        5⤵
        
        PID:1924
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17596584655569276215,12197058085054179156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
        5⤵
        
        PID:6088
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17596584655569276215,12197058085054179156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
        5⤵
        
        PID:2340
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17596584655569276215,12197058085054179156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
        5⤵
        
        PID:4848
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17596584655569276215,12197058085054179156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
        5⤵
        
        PID:2520
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,17596584655569276215,12197058085054179156,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4996 /prefetch:8
        5⤵
        
        PID:2032
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,17596584655569276215,12197058085054179156,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4996 /prefetch:8
        5⤵
        
        PID:2128
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17596584655569276215,12197058085054179156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3016 /prefetch:1
        5⤵
        
        PID:2032
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17596584655569276215,12197058085054179156,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2120 /prefetch:1
        5⤵
        
        PID:3192
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17596584655569276215,12197058085054179156,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
        5⤵
        
        PID:4528
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17596584655569276215,12197058085054179156,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
        5⤵
        
        PID:5980
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:4180
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=dank+memz
      4⤵
      Enumerates system info in registry
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      PID:1920
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffbde1a46f8,0x7ffbde1a4708,0x7ffbde1a4718
        5⤵
        
        PID:528
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,8029135315572665426,7295577934364884311,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
        5⤵
        
        PID:3572
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,8029135315572665426,7295577934364884311,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2468 /prefetch:3
        5⤵
        
        PID:5596
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,8029135315572665426,7295577934364884311,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8
        5⤵
        
        PID:1356
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8029135315572665426,7295577934364884311,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
        5⤵
        
        PID:2060
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8029135315572665426,7295577934364884311,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
        5⤵
        
        PID:3148
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8029135315572665426,7295577934364884311,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:1
        5⤵
        
        PID:4520
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8029135315572665426,7295577934364884311,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
        5⤵
        
        PID:5520
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,8029135315572665426,7295577934364884311,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5520 /prefetch:8
        5⤵
        
        PID:2184
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,8029135315572665426,7295577934364884311,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5520 /prefetch:8
        5⤵
        
        PID:4256
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8029135315572665426,7295577934364884311,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1
        5⤵
        
        PID:1788
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8029135315572665426,7295577934364884311,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
        5⤵
        
        PID:2340
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8029135315572665426,7295577934364884311,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4104 /prefetch:1
        5⤵
        
        PID:1048
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8029135315572665426,7295577934364884311,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3524 /prefetch:1
        5⤵
        
        PID:5388
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8029135315572665426,7295577934364884311,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
        5⤵
        
        PID:5680
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8029135315572665426,7295577934364884311,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4072 /prefetch:1
        5⤵
        
        PID:3368
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8029135315572665426,7295577934364884311,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4632 /prefetch:1
        5⤵
        
        PID:5388
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8029135315572665426,7295577934364884311,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
        5⤵
        
        PID:808
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8029135315572665426,7295577934364884311,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3864 /prefetch:1
        5⤵
        
        PID:1960
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8029135315572665426,7295577934364884311,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:1
        5⤵
        
        PID:1272
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=skrillex+scay+onster+an+nice+sprites+midi
      4⤵
      PID:5500
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x104,0x124,0xf8,0x128,0x7ffbde1a46f8,0x7ffbde1a4708,0x7ffbde1a4718
        5⤵
        
        PID:1836
  - - C:\Windows\SysWOW64\regedit.exe
      "C:\Windows\System32\regedit.exe"
      4⤵
      Manipulates Digital Signatures
      Modifies data under HKEY_USERS
      Runs regedit.exe
      Suspicious behavior: GetForegroundWindowSpam
      PID:808
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=is+illuminati+real
      4⤵
      Enumerates system info in registry
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      PID:4304
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffbde1a46f8,0x7ffbde1a4708,0x7ffbde1a4718
        5⤵
        
        PID:2436
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,9421260478603400167,3619957068931800431,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2216 /prefetch:2
        5⤵
        
        PID:2644
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,9421260478603400167,3619957068931800431,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
        5⤵
        
        PID:2868
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,9421260478603400167,3619957068931800431,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:8
        5⤵
        
        PID:1288
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,9421260478603400167,3619957068931800431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3104 /prefetch:1
        5⤵
        
        PID:2568
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,9421260478603400167,3619957068931800431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3144 /prefetch:1
        5⤵
        
        PID:5556
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,9421260478603400167,3619957068931800431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:1
        5⤵
        
        PID:5052
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,9421260478603400167,3619957068931800431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
        5⤵
        
        PID:5720
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,9421260478603400167,3619957068931800431,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5092 /prefetch:8
        5⤵
        
        PID:2036
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,9421260478603400167,3619957068931800431,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5092 /prefetch:8
        5⤵
        
        PID:4636
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,9421260478603400167,3619957068931800431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
        5⤵
        
        PID:5504
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,9421260478603400167,3619957068931800431,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
        5⤵
        
        PID:3860
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,9421260478603400167,3619957068931800431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1
        5⤵
        
        PID:6000
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,9421260478603400167,3619957068931800431,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
        5⤵
        
        PID:3640
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+download+memz
      4⤵
      Enumerates system info in registry
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      PID:3576
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffbde1a46f8,0x7ffbde1a4708,0x7ffbde1a4718
        5⤵
        
        PID:4364
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,12988697591594326508,130932166053900015,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2
        5⤵
        
        PID:2340
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,12988697591594326508,130932166053900015,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
        5⤵
        
        PID:6028
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,12988697591594326508,130932166053900015,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
        5⤵
        
        PID:4788
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,12988697591594326508,130932166053900015,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
        5⤵
        
        PID:4932
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,12988697591594326508,130932166053900015,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
        5⤵
        
        PID:1400
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,12988697591594326508,130932166053900015,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
        5⤵
        
        PID:5900
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,12988697591594326508,130932166053900015,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
        5⤵
        
        PID:4628
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,12988697591594326508,130932166053900015,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5344 /prefetch:8
        5⤵
        
        PID:4744
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,12988697591594326508,130932166053900015,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5344 /prefetch:8
        5⤵
        
        PID:5216
  - - C:\Windows\SysWOW64\calc.exe
      "C:\Windows\System32\calc.exe"
      4⤵
      Modifies registry class
      PID:628
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pcoptimizerpro.com/
      4⤵
      Enumerates system info in registry
      PID:3596
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffbde1a46f8,0x7ffbde1a4708,0x7ffbde1a4718
        5⤵
        
        PID:5452
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,17684487583995813621,4807935493927768410,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:2
        5⤵
        
        PID:324
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2200,17684487583995813621,4807935493927768410,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2340 /prefetch:3
        5⤵
        
        PID:5176
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2200,17684487583995813621,4807935493927768410,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8
        5⤵
        
        PID:1408
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,17684487583995813621,4807935493927768410,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
        5⤵
        
        PID:1992
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,17684487583995813621,4807935493927768410,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
        5⤵
        
        PID:3956
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,17684487583995813621,4807935493927768410,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
        5⤵
        
        PID:1832
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,17684487583995813621,4807935493927768410,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5544 /prefetch:8
        5⤵
        
        PID:1052
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,17684487583995813621,4807935493927768410,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5544 /prefetch:8
        5⤵
        
        PID:5568
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,17684487583995813621,4807935493927768410,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
        5⤵
        
        PID:4620
  - - C:\Windows\SysWOW64\explorer.exe
      "C:\Windows\System32\explorer.exe"
      4⤵
      Modifies registry class
      PID:3252
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+get+money
      4⤵
      Enumerates system info in registry
      PID:1588
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffbde1a46f8,0x7ffbde1a4708,0x7ffbde1a4718
        5⤵
        
        PID:3588
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,8880831225049869114,10305345239254755039,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
        5⤵
        
        PID:5592
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,8880831225049869114,10305345239254755039,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3
        5⤵
        
        PID:3196
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,8880831225049869114,10305345239254755039,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:8
        5⤵
        
        PID:1564
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8880831225049869114,10305345239254755039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
        5⤵
        
        PID:4220
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8880831225049869114,10305345239254755039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
        5⤵
        
        PID:2344
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8880831225049869114,10305345239254755039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
        5⤵
        
        PID:2824
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8880831225049869114,10305345239254755039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
        5⤵
        
        PID:2580
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,8880831225049869114,10305345239254755039,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3616 /prefetch:8
        5⤵
        
        PID:1444
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,8880831225049869114,10305345239254755039,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3616 /prefetch:8
        5⤵
        
        PID:4044
  - - C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
      "C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"
      4⤵
      PID:4012
    - - C:\Windows\splwow64.exe
        
        C:\Windows\splwow64.exe 12288
        5⤵
        
        PID:1992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,7723729743718757992,16020372634223436592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
  2⤵
  PID:5700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,7723729743718757992,16020372634223436592,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2980 /prefetch:1
  2⤵
  PID:448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,7723729743718757992,16020372634223436592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
  2⤵
  PID:4748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,7723729743718757992,16020372634223436592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:1
  2⤵
  PID:5848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,7723729743718757992,16020372634223436592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6472 /prefetch:1
  2⤵
  PID:5940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,7723729743718757992,16020372634223436592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
  2⤵
  PID:2180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,7723729743718757992,16020372634223436592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7020 /prefetch:1
  2⤵
  PID:1304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,7723729743718757992,16020372634223436592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1336 /prefetch:1
  2⤵
  PID:2784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,7723729743718757992,16020372634223436592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1268 /prefetch:1
  2⤵
  PID:1928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,7723729743718757992,16020372634223436592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1
  2⤵
  PID:3220

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4584

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1856

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3964

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\Downloads\AUTOEXEC.BAT"
1⤵
PID:4252

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\Downloads\DudleyTrojan.bat"
1⤵
PID:392

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5368
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\Grave.apk"
  2⤵
  PID:3624
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\Downloads\Grave.apk
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    PID:5280
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2028 -parentBuildID 20240401114208 -prefsHandle 1956 -prefMapHandle 1948 -prefsLen 25457 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bac682e3-fc4c-4d04-8abe-e13fd3a0ecb9} 5280 "\\.\pipe\gecko-crash-server-pipe.5280" gpu
      4⤵
      PID:4380
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2464 -parentBuildID 20240401114208 -prefsHandle 2440 -prefMapHandle 2436 -prefsLen 26377 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {68a9d6d2-86cc-4fac-99ee-72afca969a9a} 5280 "\\.\pipe\gecko-crash-server-pipe.5280" socket
      4⤵
      Checks processor information in registry
      PID:3452
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3088 -childID 1 -isForBrowser -prefsHandle 3116 -prefMapHandle 3112 -prefsLen 26518 -prefMapSize 244658 -jsInitHandle 908 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {503a994d-b0ad-4f18-bb05-402fc6b47e4f} 5280 "\\.\pipe\gecko-crash-server-pipe.5280" tab
      4⤵
      PID:2448
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4156 -childID 2 -isForBrowser -prefsHandle 4152 -prefMapHandle 4148 -prefsLen 30867 -prefMapSize 244658 -jsInitHandle 908 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {74dea55d-766f-4588-aba6-9d8d9dc41d77} 5280 "\\.\pipe\gecko-crash-server-pipe.5280" tab
      4⤵
      PID:5176
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4976 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 5048 -prefMapHandle 5000 -prefsLen 30998 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2dc525fd-a267-4768-b55a-72478496535b} 5280 "\\.\pipe\gecko-crash-server-pipe.5280" utility
      4⤵
      Checks processor information in registry
      PID:5356
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5356 -childID 3 -isForBrowser -prefsHandle 5348 -prefMapHandle 3536 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 908 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {06e0f3b4-456e-4285-b4f3-1beb98c86c80} 5280 "\\.\pipe\gecko-crash-server-pipe.5280" tab
      4⤵
      PID:1916
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5516 -childID 4 -isForBrowser -prefsHandle 5476 -prefMapHandle 5252 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 908 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6a6cddbe-e4e1-4c92-a101-23ebf1bf5428} 5280 "\\.\pipe\gecko-crash-server-pipe.5280" tab
      4⤵
      PID:2564
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5692 -childID 5 -isForBrowser -prefsHandle 5700 -prefMapHandle 5704 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 908 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f7038804-4f1f-4465-b955-10bb8f61c283} 5280 "\\.\pipe\gecko-crash-server-pipe.5280" tab
      4⤵
      PID:3108

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1088
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\Downloads\Grave(1).apk"
  2⤵
  - Checks processor information in registry
  - Modifies Internet Explorer settings
  PID:536
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
    3⤵
    PID:5492
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=7EA3C0A44A63D19B45A7AA118CDC67E9 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      PID:5292
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=088AE7D2CC9A02E023B8E23CD93E9947 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=088AE7D2CC9A02E023B8E23CD93E9947 --renderer-client-id=2 --mojo-platform-channel-handle=1764 --allow-no-sandbox-job /prefetch:1
      4⤵
      PID:5348
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=0B6D07501AA8946FE52675AE39B8C263 --mojo-platform-channel-handle=2328 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      PID:1996
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=A41D77675D6A15A8C82E2C9C513FC65E --mojo-platform-channel-handle=2440 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      PID:5248
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=95A773DDA5157791DDCB028038B6BEF0 --mojo-platform-channel-handle=2368 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      PID:2824

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5772

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\UseUnlock.mpeg"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SendNotifyMessage
PID:5788

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
PID:5696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffbccaacc40,0x7ffbccaacc4c,0x7ffbccaacc58
  2⤵
  PID:2616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1808,i,58784423705634998,10568339824357402925,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=1804 /prefetch:2
  2⤵
  PID:3816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1972,i,58784423705634998,10568339824357402925,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2416 /prefetch:3
  2⤵
  PID:5268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2144,i,58784423705634998,10568339824357402925,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=2640 /prefetch:8
  2⤵
  PID:2716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3140,i,58784423705634998,10568339824357402925,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:4964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3168,i,58784423705634998,10568339824357402925,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:3660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4616,i,58784423705634998,10568339824357402925,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4596 /prefetch:1
  2⤵
  PID:4416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4756,i,58784423705634998,10568339824357402925,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4744 /prefetch:8
  2⤵
  PID:5732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4752,i,58784423705634998,10568339824357402925,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=3716 /prefetch:8
  2⤵
  PID:6056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4960,i,58784423705634998,10568339824357402925,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4992 /prefetch:8
  2⤵
  PID:1252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4952,i,58784423705634998,10568339824357402925,262144 --variations-seed-version=20240418-180204.077000 --mojo-platform-channel-handle=4840 /prefetch:8
  2⤵
  PID:5376

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:3120

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5812

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
1⤵
PID:5904

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
PID:396

C:\Windows\system32\SystemSettingsAdminFlows.exe
"C:\Windows\system32\SystemSettingsAdminFlows.exe" SetDateTime
1⤵
PID:1916

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x520 0x510
1⤵
PID:1704

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {c82192ee-6cb5-4bc0-9ef0-fb818773790a} -Embedding
1⤵
PID:4036

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:3276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffbccaacc40,0x7ffbccaacc4c,0x7ffbccaacc58
  2⤵
  PID:5656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1960,i,4855810450161917061,1539032847917796830,262144 --variations-seed-version=20240506-050114.221000 --mojo-platform-channel-handle=552 /prefetch:2
  2⤵
  PID:6004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1812,i,4855810450161917061,1539032847917796830,262144 --variations-seed-version=20240506-050114.221000 --mojo-platform-channel-handle=2552 /prefetch:3
  2⤵
  PID:872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2144,i,4855810450161917061,1539032847917796830,262144 --variations-seed-version=20240506-050114.221000 --mojo-platform-channel-handle=2540 /prefetch:8
  2⤵
  PID:2652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3152,i,4855810450161917061,1539032847917796830,262144 --variations-seed-version=20240506-050114.221000 --mojo-platform-channel-handle=3164 /prefetch:1
  2⤵
  PID:1988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3188,i,4855810450161917061,1539032847917796830,262144 --variations-seed-version=20240506-050114.221000 --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:3416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4496,i,4855810450161917061,1539032847917796830,262144 --variations-seed-version=20240506-050114.221000 --mojo-platform-channel-handle=4592 /prefetch:1
  2⤵
  PID:2040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4816,i,4855810450161917061,1539032847917796830,262144 --variations-seed-version=20240506-050114.221000 --mojo-platform-channel-handle=4824 /prefetch:8
  2⤵
  PID:5760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3692,i,4855810450161917061,1539032847917796830,262144 --variations-seed-version=20240506-050114.221000 --mojo-platform-channel-handle=5028 /prefetch:1
  2⤵
  PID:1580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4832,i,4855810450161917061,1539032847917796830,262144 --variations-seed-version=20240506-050114.221000 --mojo-platform-channel-handle=5068 /prefetch:1
  2⤵
  PID:3768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4468,i,4855810450161917061,1539032847917796830,262144 --variations-seed-version=20240506-050114.221000 --mojo-platform-channel-handle=5380 /prefetch:1
  2⤵
  PID:3084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --disable-databases --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4424,i,4855810450161917061,1539032847917796830,262144 --variations-seed-version=20240506-050114.221000 --mojo-platform-channel-handle=5432 /prefetch:1
  2⤵
  PID:4124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4652,i,4855810450161917061,1539032847917796830,262144 --variations-seed-version=20240506-050114.221000 --mojo-platform-channel-handle=5464 /prefetch:1
  2⤵
  PID:4284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5012,i,4855810450161917061,1539032847917796830,262144 --variations-seed-version=20240506-050114.221000 --mojo-platform-channel-handle=4372 /prefetch:1
  2⤵
  PID:6052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5456,i,4855810450161917061,1539032847917796830,262144 --variations-seed-version=20240506-050114.221000 --mojo-platform-channel-handle=5044 /prefetch:1
  2⤵
  PID:1504
- C:\Windows\system32\control.exe
  "C:\Windows\system32\control.exe" /name Microsoft.DateAndTime
  2⤵
  - Modifies registry class
  PID:3252
- - C:\Windows\System32\rundll32.exe
    "C:\Windows\System32\rundll32.exe" C:\Windows\System32\shell32.dll,Control_RunDLL C:\Windows\System32\timedate.cpl
    3⤵
    PID:4680

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:3860

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:2344

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Desktop\StopUnprotect.jpeg" /ForceBootstrapPaint3D
1⤵
- Modifies registry class
PID:2216

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s DsSvc
1⤵
- Drops file in System32 directory
PID:4964

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:5740

C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Desktop\RestorePublish.docx" /o ""
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
PID:2288

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:5520

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc
1⤵
PID:5748

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3eb9055 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
PID:2632

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
15c5470237aa190e42bfff282595f603

SHA1
5b64feec6cf386101e33cd033e8aed638d1c6a20

SHA256
60f41a883e854742f8faaddb2638e55e68e7e6d46f3cf97b9ec3c748d0d958ff

SHA512
99b89afc9f07282a2bf877fa91aba67597989fa8d0035a6d96c258f8a28f5b51429f848ed26bf2d4d5e0f56b05493f9f4396e10331e75f12900914ae6536a972

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
884B

MD5
73711565071e627879af3366e2113ca4

SHA1
da7a2a5f659dc26651af7f344224f5e283093cc2

SHA256
0364078a07a346802830cf0c3e64e54fba377ce3622f8034801ca4bf9c9008ac

SHA512
3d904ba7f334eba57d602d9e54f7c2ff14b474be567fdb328b7dbf0f1cc56e6291782b2be100389fb5a4c10dfefb8ffed34d4926f3458543cbfdcc9a6a8f9c59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
6f3a83e73e20260a0c4773485d47038b

SHA1
6a983cfb8b723a7006055a766114da0bf1696d24

SHA256
7865d3b93feb980962e8e5467bb8b91c2a57dbc498514cff623478f909613ca3

SHA512
900f550ce0a28581461e442187ec8df15d298b812a44f6e7566f29b12e5db178dbc3a9a25b70bd4f46a5b449f6aa0adfc7e76a340e83b35291678f7b589d426c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
adc48c0195b5aa03dbbc376e1b2e6157

SHA1
dfd22a4887b5a9a3fa017296df3d471adfef3e1b

SHA256
ea52be16c1d087ffc35331ff67614b85267ebc3d8b0e9d11b1c457f7efee520b

SHA512
3fbc516a0e3006e0750f7b01be5804d6dfc78953091c31dd4775199856960e501d7ac7c2886a59ac27087223b432eb6ba20480919b7bebfde886ec2c06ddfc02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
1e7909de1a632b426f3d3f7c80e15362

SHA1
5ee31201e426bc9cba881334fd3b247db728a954

SHA256
981abd23228cf399c84e4a86af6deec50000feafa8f3226ea260e30ab73a05c6

SHA512
8b1338e2b24a2563810e5f6e7cb6da52a651edcbdb1a59bb77bbbe48d14ca05f1f493c1f912ce24f5f72e73082287cf591f2465d5bffc37e434e84250692d50a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
941da42eef4997d9922dd01e5b689857

SHA1
b5506b6866e33f9a967122a333fe8814b5e92159

SHA256
dcdf5980f162a9db3cecde6e554fdfdae36e4b972dd8bf88ac487fb38415ef93

SHA512
2d393bc68a1140d788afbba42ae1616b65388130b35d94b7e746478430a50ab3bdeca81b1e999f630fb0195088be75373de8431542b83266308eef0f3c53a90a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
930954896b55d8b154d43937698f8805

SHA1
abc2a8d1430bccd3ae2607f53c395a59a663fae3

SHA256
4ea94bbd00855dceddfc050174a295fcfabfe2a2f2c1c28957b25af3226c6fec

SHA512
d34c7a3fe7e9907697cbedec600b89ce9407ab999456a1d70e5a4fd87602e972fa328dbe435c414a3c0d2a88c889ec75a666add6f7a9d88fe752e3f4c32f576e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
970747a71042579ab9c94accbb14c6b6

SHA1
8c3aadfd192e03ee57c41b207fe21cd7b72610e8

SHA256
baa068771a0bd3ab72d18edf5271c987ccf84fda9522485dfb89804a6732a045

SHA512
c0680921c2923ab0582a34a75ae7fbd09cae90a679b6016e0cb0e42d92612eda37921b57a269b633fd131a37fad7e32ed50829c2c62ebc5c99a1ee8cfd989322

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e37b631986eca88ae74704401ac8e1a3

SHA1
bffb4599c5c1cb4d56eb64a6e575c7617155026d

SHA256
5dc938fbaee6a577d7f11084b4fdb1fe88261c09b5d38b3124966b46d788134a

SHA512
31846f10ac8c10e4fa0fc040d73a77542aa45bc859a9f15440d6c685e944154efe52870636d748c1981d5e25bf4c7eb4c4615da609fca9f77d317e7645b2ba14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
823bcefdae5960c81b0be5b063deb6be

SHA1
a886bab89f8332cf72e9e860ccdcfde0dca479df

SHA256
1b392339fa9dd885a01cde527a5069739fdab68debb9a145e8396b5151c99eb2

SHA512
8e7b80baed98425b629909c41320525bdc0337712362e68e4bc9ea2c6f5acc2d90d308a402fecda19799de4154d4292ee37bb08f1a63a3e9a6958e4f6cfd428e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
341e4f7e2422b39da0f2a46ee38c1468

SHA1
85cc5254d88564ecb071eea342311c914ae9b794

SHA256
73a2bac93d18a37e711f8d852144dbc19f1c4deb0eb0ec68c0ff3a4f00bb33fa

SHA512
4d4dd7a7dfbeb054d016a7759114986ebdfcc9761cc475c05b1e1c4eccfa6387f2652c958e3492e0070d4235fce74371a9cc06175cf58d199a4feaa63cb27fc8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3ce2c5501755bdfb1835b4bf49cd1191

SHA1
522769bae09922ffa2af51e57a6ca55cf934f5bb

SHA256
33039470c6c5b7a381da02577ddd3ea87cb7202225ee0ff647d0adc63d311380

SHA512
efa4a8b099ea3947108a10c8e82c4449db0a89e1343f9af4ef721bd2abce8944c8f3e5c67db2571bd46bd02421bea3699d66a4ce8029bb29371cd7831b2b4d49

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ffb120d78745921a944852b61d041bfa

SHA1
520cda25966e097b60c8d462d5dd6057690b1cf2

SHA256
439ab4cca22f4a6576d0fbd1c5af757ec851162f8808e573a31cdd75d6010238

SHA512
ebeefd1b73da04e812fcdf99f2f0010c5e25c01f9bd895d3ea93353f0d8d19ad81b6ca957bb7701f2ac390ca01852ddc51d97a39eb66d9eb188713523d57b60b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f1f9dc8bc6d4cd97f0f7f2289aa06540

SHA1
c8088bd031e312efec43c1d997b45080fdf914c2

SHA256
8b970263a769b2054a8cd670173178cd5ba682398efc08a84e212298a5fc7f7e

SHA512
514694dd3b8a25f1122d0a896d2dd36d65c5b414051fe7cb5e29d32e8f1b788a6df0e56fb6d1fe54aa4834f28e15e353d1e143626031a05c51143142dfe7e1f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
9740cf3ffa5eb657315d402fa30997ef

SHA1
c9afe7aa25326f457e9e79fddfb6bc028fbae4a1

SHA256
6af3aa0c18cdbee92693c13482f3c7615ceead04d88b54d2f05efdad29498222

SHA512
09a206295df78e28ec2d4aac0ddd410356347bd314d34e2f8514d3889b1c6d8492d591713d1db358b87cc5ee5344a803a85a3eb084f07aae21e4e7e3f183c658

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\ec744677-9827-433a-b3f0-a8d926c8973f.tmp

Filesize
9KB

MD5
a6472e190a338812c412a74114e14f27

SHA1
241bd6c06f5557af85e7c2f8f66d8261a45ea777

SHA256
8480bb0fd8f8a492a975076cb7105116ee96cec9ccb56cd3a3a3446c295a1189

SHA512
9781cf2eca6ee01f7c9214f3ac179d3fd618916931b7efe3cb89fb730447d88c7340cda396ac1a8dea55e59eed1db55842db8dd3d526c310f2921731591ec53e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
152KB

MD5
ea196ea50537e7fc7c2566194cd428d6

SHA1
c52cfa839d44ace0f626bd41b1d9f09524e3b948

SHA256
010f4d56bda9b7ac1463fb82e5edfe266821b4d4c1a51955b8cb7d67e883d669

SHA512
5b66d469918eca29cdd8250fb9fd95db332919cb36b7501e6dfc0e4bae0babe3153b00194ba7afa0d240478691ce4c67a454bb702a0f815819dbaaae91ed66bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
152KB

MD5
957257f5eff1c3d01cdc88858e5756f2

SHA1
90bbf9650f45f726f559fd3184de9d9757bf22df

SHA256
891e5ce4f18fe2b072145571b3edd29bdf092bf78d01127f91da6eee105ec8a6

SHA512
f7f6d982568280b5b33d2b8832bdae08f9a11a5c5833318fbd1aacd81b185cdd6705b643b14d48dbaf406ad9a2f2d0fd5ab746639f6b3e0f82de4fc9304bf5b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
152KB

MD5
858d6289427c2637e40e6c11edd4ac6d

SHA1
0fb60648444394144842679ed90108ae922a7d3e

SHA256
f5af3d3153dc0eb756e455e030c2769cdf7c6ac0173e536c059487e940752a6b

SHA512
3a0dac73fa22c724e43f13fbcebebcb22d7fe3b807b6cbf03a631c40fe019005444fa04aad1c865e82283ab13d14d7d507613ec02cbcd92adce160dac03d6e0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
152KB

MD5
3892cd32e25815de1d0233c723b70a35

SHA1
72f4ad32520042a0ed58bf635a54fdbd43c19cda

SHA256
a8b6a3423205655168ae05b16fb3b7f298d59177a09415ea39b74130e14a36a6

SHA512
ae4327961f22ab0185631ee961fb41a70cbae991f0a5cf358b952a686482fe93430a7d5bb910aff2cfe927dcc024881d44aae5697dcc11ab9bf8bb95b1602496

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\4a70ae21-8fea-4050-a1cf-264ae6b3fffd.tmp

Filesize
12KB

MD5
b8bd46150fb5be35b65f89467caeb1fa

SHA1
00876ee5583b3c6f8ff23f092a4358bb6c2f58fe

SHA256
df57ca2af7e29259311dfe4de983d633bffdfe029c0928d522032e2ebef11674

SHA512
d13b7a5f181828c8704807b62b66fb231624301e9964db890a1f256d39c84cb8d9e0c6e2943e12c1aeba0fb0cd020f74f2b56a309ffdd2781bfeac355cff0e7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
553e78e9368f47c6de1004590b953f7c

SHA1
c9cf553c2a9dac21274500d46463784536a3d032

SHA256
6ce04ac470378b8f67701d1ae479112c93d2fc8222f61cdddd520a8db9ca6431

SHA512
cc2c5c52a68a9867ab224c7236719c0071b1de295884ba12244ef76c384466233cac9434b0117e0ec594d8925c7e8d5103bb56d3d4ca90d89062211af07464d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2a70f1bd4da893a67660d6432970788d

SHA1
ddf4047e0d468f56ea0c0d8ff078a86a0bb62873

SHA256
c550af5ba51f68ac4d18747edc5dea1a655dd212d84bad1e6168ba7a97745561

SHA512
26b9a365e77df032fc5c461d85d1ba313eafead38827190608c6537ec12b2dfdbed4e1705bfd1e61899034791ad6fa88ea7490c3a48cdaec4d04cd0577b11343

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
36c13335106346a651ba628285da5ee6

SHA1
548df54cb379e3cf542cd74c71a64b4503c4701a

SHA256
968140f40343a1818c53c9b334853d04c16c273d3e48815f4d73bb08cc04106b

SHA512
f2144c6b08a8ac54261fcd6cc610bc9662a657c2b165f353277fc4afe2ec98f30dda13458380364fdfad5eba2f8550a561256d8e61061a4632579c5a01d0ac84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
91b4dc894af4fb2bd975c3ed1a742556

SHA1
a7441e1911caea22b4cb66707718527c0b9119ca

SHA256
93e84706402f79955b5728597836f81d3c25cec29c5bb74aad20767d07987f32

SHA512
3090fc3b95fd4bff90b699ae92b025f8ae798b3c87bd144262df9e672cee7eb0612441532808a5909102804b4df47c62d2ea7d334df31a97225151d0823d9dbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1d27cb0b91496f542987d427b2c9dfe8

SHA1
b19224aa749a339af8c55e3b47eff7159a5d5ffc

SHA256
814f83f6d359f664aa977fd8272c698861cca54d324d72f8e287e34ad6528463

SHA512
3a175d76d4030ebf72ab2289a53f98f2296295a5807a448e3248421ccec4da3e2bd4032767e946973230ab3b8298333156c316f23174a7bf25de0c3154eaa901

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
224d00ac8de433b55ef57423cc78ad56

SHA1
20517f7da85c4372977a6d3413b87196574dc270

SHA256
28f9b8baf64730172451a2b535704ddbfc039937236a46727f7bc3de3f086612

SHA512
6d1a9dbb8aa16a431c2d54450c158336675fa4fe70f7e822ecdc971502f4a7460b1d28ee7e75f526b7ed4aa24e019204ca69baa1a2d472ec03d6d9835256181e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
922564e7101daf764ba074fcbb264d2b

SHA1
3b66fcfa9da60f52f06c906201a256dd36b03b6f

SHA256
22862fbf269e97386d4d10475abe72af76336a8518c0d58dda83bac7c5ccb859

SHA512
46f0cbddd137184a5618032bd382b1d61025d7f2f811f5da90d5877c6754e1f0167a0a6ceccc1b94445768d7e73c99f3fa8aa022ecad9c700a2b6ab82c6e8970

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fbe1ce4d182aaffb80de94263be1dd35

SHA1
bc6c9827aa35a136a7d79be9e606ff359e2ac3ea

SHA256
0021f72dbca789f179762b0e17c28fe0b93a12539b08294800e47469905aeb51

SHA512
3fb0a3b38e7d4a30f5560594b1d14e6e58419e274255fb68dfe0ca897aa181f9ce8cb2048403f851fd36a17b0e34d272d03927769d41a500b2fe64806354902f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\88af1c47-392a-464e-9766-6b08541975f8.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
200KB

MD5
a484f2f3418f65b8214cbcd3e4a31057

SHA1
5c002c51b67db40f88b6895a5d5caa67608a65ce

SHA256
79cbe928773386d07f0127f256f383debed5ccea5ff230465bf46ec7c87319d6

SHA512
0be1bb8db08f6e6041a85cfee90cd36a5b595afbca34d52a125465454fc806b4bb7ae569eaf4c882922fb1b962b6060534e597791cd0ad23483be5981d9be85c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
918661e7afca8f088c495e45f0edc6c7

SHA1
ee1face1f7375f16c0f4b483731f412d7bb8cfc0

SHA256
c7138c5feb917fa426069ea222085838f9c27ad436d5a59ddccb962cda5fcf49

SHA512
9ff006261ae16f221499bf860b0c5870b07e66ab081f0a67730f3a58f0d90def17334ec2b96ee46c7fd8162e5d1316111ab985e4a03a74d4763d3245d339f736

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
7455d0964aa7cfb0af2c195f9b3a5d2a

SHA1
0c365293a087b3112103855190ee3573f44e7a36

SHA256
d2402ed00a2b7221fe5eb95341fc0c8361b0cdc0e7069b0ceca8a9d92f37bf09

SHA512
c0faee0e4762cba16726a912884f711007c0e5d7f35e1102edf60d66ae81068dccb34888a949b62646789de69e5d4566c94c887220af13cb9652c80c7964c52d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
0d6837e96155ea4f938af73591a292c2

SHA1
a299ec665dd043673d0f8ba6b104cbfa4147c6ca

SHA256
a51c056548fe6cdf3cc1c32ae229a39a3bb1a7f2454f5fe3fea2a951112f8c0c

SHA512
786e1ea1ef543219b0dc3006b4f5a5cb8868273e5a70a8ba4cc7c7475167bed7f1100eb0bc757e7b0b5c7ab86fceb18252b784038bc59e0fc066b83376816d75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
cab36fc2af304b1d611e76e719adc873

SHA1
ab78a220c1e9919248617f43db45e3dad7e8798a

SHA256
2f77783fb131e4e8c81edc6fc060d199cb46a389b40d0b418b8f0e62b231ca3e

SHA512
110b2712609b2e83f3d209b0c38a628d2aaa6b94ac802eaec692833d4ffa8bb853083ca16f25d068277bc4d0e7620f057710595fed2e7772022c98ae21fa730a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
01c021647e8bb1ff5884f1dadfab7317

SHA1
bbd4a7d763b418383e2ccbca6a5c8dee74d7210e

SHA256
96593b238b5c2bee694ab5e76facca514919203052c1b12ed3c24db0ae575c92

SHA512
d3ebc23e4f28e262f03af1bf61859b647ceb26cd9552a7a849a9bb066176c22ce2cbb45e480ef7056bb6969ebaa6d73a43c25b08769b4a308764eb546387ca6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
4d0cea8d0ed4bed14014e9bea76b134e

SHA1
bb1bcc222e95d2f9703ac64cc28cd81e08a16e9f

SHA256
88e65d7eddcfe3a91f82697180b83164c4be6587b2fba8d50c677f60359e583a

SHA512
82b2c520f7db6ef7197cbf72dd7250c55bd5c7b4b4ef5d397b3387f3ce4a96663663c472bf9cc16d95b6976d17591ab9d59e7518b0a623438ab095a3c67801e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
6eb0c7a4672ce1122b1115fee26e7631

SHA1
d2324b271c55eeac2dfad2047b94bf384bac9895

SHA256
bc7e00973264d1380cc64b7c15ffc8cb98c278a489d661c671dc0f0c9b1e3f57

SHA512
b11d109088eb6f6db4793d0c692df9edde32af1b309b979c9394a8e98cdf629de463c8464fa74f2151750a5c8f82fb880b3924dac1d448a3d73bdc182d5604ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
a76d42e65ed22bbf64ce84a8ac6e8732

SHA1
ce123adc0c59f51812474e6f0386ac7366fa63a6

SHA256
81e201e214cdc986f658636621f0b46a779ba98f5f6d2ba8e0a9a3e7e71834b5

SHA512
aa1197936872857dd39b05e9e301766f8a5e375cdc30f2ac225698d1483c505d99ed5c00606802ab14290729272a1424aa95bddfc901b94057ccbbda4f3c8473

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
98c9e3f994db87232716be919512103b

SHA1
075d07c5775ecfee6ebdb3501be0750bd84e2889

SHA256
cc78b2cf6162c946738fb498f42b41e9c8f996e01d511db320ff700606224a46

SHA512
6d6b0bd3cb9a5b8ee260b42d71a2a677026199a87f23737590f04fc9f16535d748c20af087611a6ed5a5062bcacdd334270bf9b4bdbe5b682a1337f496c5df12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
42add8cd292c5e1f08c63e6716772b92

SHA1
c36f1286bf7c04bc6c381dcb8d7aab1d1a50c7dc

SHA256
27a26e3c869ccef638b333b8592ff9a7ef2be31c649ab97c21942fa0b6e0c2e7

SHA512
aa97fbb937fccc37d16a66d92a541dd880b8255663f8138759101f966d1b3292c29ae99c4d236e0d6d666b3d549fac1e3d58661afb274301938d8f24d6b6536b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
f018f96d16809b6047150fb0a5026df5

SHA1
4beb9775b77913b797834bd405ff64964bb9099d

SHA256
84fcc5edb54d8a0c38ca09b9850f34e514208a47a53f7469b627eda8ddac56c8

SHA512
6a18ff9dde556613b0652fc4c72ec206a85f24acd61b745819791f38840aacf7c92c58cadb3724e11561331de751a6c46b94326a4dc59748dcf1a102daf7502e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
98dafa03ab9f397eabf5862d7ff6a54a

SHA1
5c0ebd88e20974aebf18263807de689a3c5c5f4b

SHA256
4bce461d1f2a0f9c6fe0b94851a0e6177f86727cd2e912e616d6ced5c40a9bc4

SHA512
d9909e7315c0af14f4f85b08c533318290000aef4c46ba6ecaf1b42fcf819d26bcbe7ed94b5d05f6980ca0be1a14101da9f2c5efdaf9de4e631b5f6ce479ae77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
70e39952939a18735692570e95137fd7

SHA1
7258a8929fae8135846370295db4c347613caab6

SHA256
549dc4c04f92c64dd00316eb2bcd4177ea83b98f61e095d740d5874df231b236

SHA512
a63315f256f05b1bd720838d396a6195ba615d0ef46feacace317ba6cc8ba46f036ad7295764ee6747cd2e909135d669537b2cf7657e42ea0091e11dc6c2c2da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
1201ca67cd6651188b7f7e2f27376e25

SHA1
6f77b9a000f02af4892e9cde84f691145e392d6b

SHA256
3b8e8a3df68d348c74db352a0633959b8bd5882f2cc8a61623e55efad9e1e32e

SHA512
c267de633f105106d025cb1d93c8b74ed0567d7aee96c5868ae8b035785f34ef77045a342bbf83cb6ca5edadb668c427f60e0809cfe2ad161be71ac95e456d65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
764493d1c0d912b01bcaa9b52f97ce73

SHA1
95d12ddb899d4f9910814a8d210b96d13f06a114

SHA256
1e2a7b4e310b684e236e822f957b1c1595a308617514bfb69b2825e7e16b926f

SHA512
d53d1e330fe366db20fda063389520ce1ceeeabbd0a9ec5950ef39fff5b1d3e5dd9f1c953d8de2ac8c548c91ae0b1fe81234428fff45360b8f1d7a8e0c5f7d94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
bee358cc29ae14840a2457addf0a8e4d

SHA1
0ff58ca292e8cd55b2d2ccc349d53ee8f35beb40

SHA256
7210c60677da53bf5d6408e5117e10cdcfe5786bb2134258e7919e5bb02f76fc

SHA512
b0e8e8567a06957343ff029c1ffe23e6ab857afa02440a6082b9de4f5e20aee4fefd0b5d75b95711aba06f76670d6b65dc5547dbd37c1952498597dc264190ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
579B

MD5
a7d1701142cca705f833d70023ef4e1e

SHA1
1b76853132abfcddb4fefac42bf9df5d013c9815

SHA256
6c92f51e7f056e73c407228fc280cb7ca4d00ab02674d1dda4eafd7dc9f070f7

SHA512
806b7ccb375cc6116e64a9fa15229d783615d13b54cf40251561d9b664f0925915c5375ad88f5ca8d061e01367de239c29da79adf693559af53eeb7d9b1ba1a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
4b001c651e1356dcd87bc0a0a5c94eb5

SHA1
721c7f7c96824127bb301c0dec6fc91ce1f91b2d

SHA256
3ff8e6a029f22b22993b9fe51e657ee4245dc70fa63d0469897430140c076740

SHA512
70764057ecedc58b05abdf0fefbfce43c50e22a676cbf23d63a3b1bd51deacb78b42044881e2a21a43102661db03038831b2848f8f375bd685c45ddd484961a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
369544553b8695b87559cbf6b9f3de6e

SHA1
8c044e9e553ebcdc9cf846bfc07bc85a9c36c2d6

SHA256
e74f13125b9ef173c15b5cfb8bb270d325349df71710f783379fb429157011d2

SHA512
d77b588045757a7e294e68de4053f71030520069961c0f76a1dde09c81ba8e40d2ba7418c5bc630dc95191461822c1324b0ec3891470d64107eef882b227c935

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
58b8c48da18b2937e0d69e622b6f31a3

SHA1
5ce4ebd640b26d0961fdeec48872a2bf997a32a7

SHA256
ec57cc71dd996f40af719d8e9b2e5e6da4d4e1ab135785a212e84515adc1a265

SHA512
9cc9b474a0c9cdbb6649c631c0f8a73949307d07903fbfeb638ab8156464ca34938bfc1a421b324014d8d190a64f0561478c3436d48a109b6bb2a1f28f65fd82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bdf53b4725f6b0270c5240d851ec3be9

SHA1
2a6362aa3595c57b35e596668423ff8b7b395689

SHA256
03ef321e276c0aa45541410dd13b977382001f9a464c3d20d12f4eb388822986

SHA512
9e8ef175d2f180aaa6f60e1646cf13f68aa9a624c89774027bb64cd0088e9a500522e406e9fcf45a8e7f38093d46d16837325e26b722dce41ca44e17d1ced189

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b961b832b1439ab3918a0fa810107e49

SHA1
00ae2c78ee7783b9767d873156a19b5caac6d301

SHA256
fdf5a953a0fc5bceb0de85c26d1a4d7a7fdb7a2da3f66a073d4536f52d337d85

SHA512
ae8ab5954700fe1292dbade3d9db261c2dadcdbc7e4954ba75d1b910b1bfc24e7ccd4c85ad916b098dbaa5d6852b11b5e1838afa42236296bc971a990c13fa25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5f277d08cb3c5f021f0eb721369859f5

SHA1
84283cdd50e5cf1f77ee464b46b64394ec44332c

SHA256
24002eeb50d44ff7df86afe18d570ae6b09e0edc2a32751281240a1369d7352a

SHA512
92c08c70b1f07b1f5b885a4f9f37e58ea9cc47fc72b7d298d0ffaaa290aaa83c48c9f712457b7d3fb4a9d0a11645e6d5f7a3a14b5a6c814d33273cee9f1d6c0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
078600cc5650f3907b21d14c264f0e9c

SHA1
a3738c0a9826ac89e950b5fa51f9f359d0ff5a37

SHA256
cd1ace8318fbf550f62519188570d270e7a77b9027294fb5f4e5cca53b6b21e9

SHA512
c5e8367d3273b7b0b4218eddc656d6af6db0c80225a3f7539a363f75582297f1f29a5aeea28bbddbc58a79f91202baacfae118ac94a0e294d9df715becc5adfe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
022e10bab19aadfac38eb07d05c611f0

SHA1
e09f1d62a24eb830ec733ff0e1a7cf8c60b2a080

SHA256
c8e9628f1a8b181868232ed91557beda2cca4c53bf395c1fc761e6dfb2408a6d

SHA512
fba0c7adeb1d77f3802b70997ffa474dbbc88784f03de6e08db3d96a3b584ef32054a7d450133af60d487b0b43c8992d28a812d9e3371e72e05542c71a32b3d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9cae10a12ae26293b05566fd4bcf7cd5

SHA1
5b1927af89da036a95882218e3d90247ce27a42a

SHA256
64a04af1fda8db930a5b75f7ba1c4e7a6d12862d915cdb9cd22f758e1c3e33a7

SHA512
b5316a217b1228282bc22c3204b7272a8b0cad7e70d7ecb998531b43d87a427779ea9fb2585c85e794d320ac3ac25f8f6770281b5a6dcd18398c83c92577e4d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2e787acd9102ae82e126c111b2220619

SHA1
4d38192e136cff4f703598c7a44dce3f3e9f0f8b

SHA256
673915fdc336ec8f9abac3e82c14210ea962a1d128d702fd4ba1ab66cce38248

SHA512
f6249a281028b5252f8746eca6383858287e0e4bcecd27d5dc980b77017bfe4b4cea17e2d23591b363729d676b3bb65938d63164aa2a26ec4aeb43c6b258f597

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
0ffa1d4420970eefae67621e7374802e

SHA1
dd3e18e901efad1fca0031eb69f5e93ab066accb

SHA256
0dfca3285eae958f50d95a8de4eb0698204e34b22d543cfc55e4f4a693b1a4a8

SHA512
850906383ceb0671550e4493db9b3c89a749d94881951ba16cbf334b3af466804b88a53c51d908978bc198bd8c62b83ac0d10f972fb6e7ff9a5abbc6bb716070

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b5d4a57f166d4d03a0fa664ee747b348

SHA1
4f4109a36c042b12fc917801ed6318d4db1f6f45

SHA256
fb69836c251ebd08e750950e88f07e254bdc8e25de329dde069c5c3aee2333c7

SHA512
043e84add9ab4ed0cf0ff0b2f26d69e02b009b2cbd4017c89825a5bf434739f6d329f42746ee2dacba721fb852630717afe91f55d21e1b234c7a92518e3d5ddc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a482456dc571ba1444426b25cae5f15a

SHA1
9bc318194975067c5ccf726084ee0d8940348c92

SHA256
b5870688981aeda83d32d1769ba45767447c04f3eacddfd69f76c9ef07fa9471

SHA512
87610005a447394b670761c4400368e82caed93e1a00444e69ca6920fc13178ed75ea543b955b8c3a7fcbf86f873addb6192f9eb80eebc34e0e6d1e5cf29928b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
cb5856d717a3dc207cc3d876870edf99

SHA1
505bff34d318fba932b431afc4a53e7aca88b8b6

SHA256
e417bdac32cbb9658735fd0184b4659bb12a5140bb12e25f4f46975ae3760ed9

SHA512
44dff455fbafaf5ce08ea8e81c36e8c9e0904a3a8b9b568c944a24caa3f4474b31055619aa372e37821bf35bccad9cc03d1da18801b864be477cca4911bb68fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b367b770cb25d8150ba4fc201a716543

SHA1
a2114565d233d6a8f43181eff6db327e187ff623

SHA256
e53cea1aa39ab16dc1e7d84de551e34c20fa03902c2d78fb32b7ac1d4b521a51

SHA512
ac293eed8110fb495010211c256c73e083cf16da8867db5192f5223cbcf5edff1d50221df6f0adfce3d33a2f2a806ab28e6570994369775d709dd4a669c31e25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
6921db1cb35645215d7d9030ab56adcd

SHA1
8400eabacb928974d7cff2f4681480c22e36e27a

SHA256
bc57256a66d89e7ec205809fc710d10cb0fdcadbfa4c911f2315529f02b3cfd5

SHA512
54061956b59f5246391ce9c1f2644792bbd1b233a916b23fc715556e2e3228f751d4a510e73352632cd0907609a4e641c18242b6e737d45ce8a32aa7f126592b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
0efe971bb75d354fb67264ed3c9ae7f4

SHA1
02d94a3f8e375c380aefe5f0540ddfcd35b386c2

SHA256
64c71d190e271b738bc6d187c7d6a81ed41d148b568cc475f1bb908e5ab897e2

SHA512
6d927801c455cded122140201041b4fd7be0852c0cd8b1265a6127d25d624df15e02d1bbfc9df04d8e7743161728e0fcd24deac1b515c12feb0b2e473270ccf0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
4c14500dba38326c225f68a99e626023

SHA1
523b48041b82373f345ee0ae543057415a6b85c9

SHA256
d0a78643dbd3f3c4cd5424e5b1a3ae87b568708a1d90ed75addf834bad452e1c

SHA512
92e4b723951f2b0597bc16a93b5710062b952a1a3bbac91c35cccf1d12d00541d016aa8a5c3b138721ff9ce99a1c19703e42146724408315ec2ddef4476e5cc9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
14241ffe2bde6131c450a6ff819513a6

SHA1
69ca6a0a147d40ef66772a98f07a89e2817463c9

SHA256
0297d5f5d241d99599f017df97c2e77058bdee2a9aa9e9f16afbfd4a220e3173

SHA512
e859390a5a95d8671c773731c84034468dcb9932e94a136a8477855e10109646045de9efe4672069254bcf724326f1ba9f4f0f99261147bb2f7c0f1324a672d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6ceb007c286a65f5a900bf13e66097c7

SHA1
04fac0a02e7a37bf98e288ba918d79be5b97266e

SHA256
840f7ee1dd895f4c27d13e194daed90b2d04c10e742f368b1870378909176e81

SHA512
e7234a8fef347eeaa2bfcb513d6e469a01c1e073a0556d23c446ac742c6d885d38de13d027b17f4b808518ebde667a015143131f21e9c1b2080b025bc1b3fa00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d21865bf5253c50a3adfb3c86f922010

SHA1
7a021571c6b77fce703954c7d4ba73d53d02adf4

SHA256
35e36820f9ab7041906f31bd65fd64c9e123bf90ac09bbf659198590de415fec

SHA512
3a6a1fccbe37cff820aee354b4640f206ea3c1de25ea4fd3601d2051989b58cccc96e6d7f1516c8008d4fa246ca2ddc8e46cd6d5d2a4724f27e81e47fb8e9010

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
f903800169217216acd4c35329fa4c26

SHA1
9039cbec01b8ec08940a587fe8049c9c45c09ace

SHA256
41516ddb28f576010ed8c99bb2310c7e88642c6c60ac6242a411aeb91316de2e

SHA512
f79366373cae2cea12ba565d6f205f89a9a4d4c869123c585d1154d01cae0e0c97aad3d70651095ae52a718644afd1156213ac695c5e0a2e6513532a8b22de91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
30fdc9b57f2dfb059d795dd39336a97e

SHA1
4cb6c00b4c109a1ea662b69ad2dc9307e431f153

SHA256
7785b7075b3ad73e06d1f4bf1c088936b9ddb215bb841902b4170ccada317ef5

SHA512
ba5aab42d75653d7d594a8b680089a3c9ceece9902bcf4e55cb6e06c8fe259b271cc81d9d50ff0de5c7c6f38ae83079d4332b3be9bc9485aa166737dcad4a3fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
03938f4d3061f290024522ff5d1df15d

SHA1
c402f8999676dc4cce120750a8629e8069d7dc2b

SHA256
39a48068d737760268ad48114369d1579ac21e14a31d73b8f35442b07fdfe9c5

SHA512
5092815f4b9c6f013db551b6fb13b499f814073237c51e8d5305554260e69a5902b652286a4965ac70329c58219cf6b363c70693a3be9672a32c32780cc990b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
bfa36542cd91bd89c612f084e53810e8

SHA1
5050c99475916ee5375600d1612204b2d38bf637

SHA256
52a77a4db7f4960fbd3481bb4978c7fed74d53d3aca1ea38f2645df79e5f5de6

SHA512
06859eda61fa1407639b32e09887a065d3246018b0242729217405112436251fcf3fb63137b5fb10d7b37b173b191769feb0501c6c309483eeec9be85f2ad80f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
4KB

MD5
0a1119ff417d155ce286a77f88f015fc

SHA1
a00af810e26b1294cf3b14005d705e2d8dd4d951

SHA256
2750b19aed7bda9199987956cfc33b860e4aca151bac831e544a1b2123c09549

SHA512
e8775f00010fe3ba68e6ebc6b0c271d974f3fbdeca55e2eb80fa437d8918211d463cbfdb061195d641790a35653e40bc951600f31ebfb2c310e4da4b554cc59f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13359514281988406

Filesize
64KB

MD5
5fedb4b8c379f1cec06289f4889e5fad

SHA1
e977ca98c65998effe02dbe5e8766305dd8f0f86

SHA256
c7757f1d6c5402eb8f51562fcc8cf9596751f4a79ea8c6a16a6070798302f723

SHA512
084b4431918859f1ab51b85c78151e688439d74a59ea2261556447ea3b40018b771d62d53f65f3d64344b95b1a5a8dd2be6b2e72db277d73e90b59fb11697173

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
cae67806e30e5e4e0de05cf6a256c8e9

SHA1
52f158eea93c4c8e1b374a23fb3eb4040c8a5318

SHA256
cc0184478b8e7b644f2da76b081f7c0d71f30ebb744c4db3fa7789c0f0b870a0

SHA512
a8c5a7b334aa9bc0dc6fbfb07b66d75a9eb7234147ec5d4ecf661c5bf0ece149b492593035ea07ca4af6338d4c24f3b91c124d6380ffdb44d4f7f29b1818b79c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
41e9833ec9a357ac1e39b8e6d36b3033

SHA1
1af10e9ca3374dde7e747d9edaefb45673fe0436

SHA256
e6c9a445f28c7ae96cfec200d54117f390d45faf400d34f5fe477e21ac5211d7

SHA512
aefdec70aeadc6361262c1a68914a1a5f2633874f2c302b5223f1e16a77c8b895a5952ce609e217ebc808b7cd2a27e722b87313055391a0f15115a0233a9f91e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
a4a33f651a92389c24d296840d308b7c

SHA1
cf19672c5d45952649342d6948e6f33dc4118458

SHA256
2c4032c846f75f4c4be999f0d3dfffddcf2dc4360707fc5a8a2e88f60e05e93d

SHA512
6eddf62c178ece68abb06d38fe637ab739432de3778354d416335977b85878abb2306aa012b87ad88a6bf4676e461ca333ca854adb61780229a89425fb26153e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9e214bd2b973d26e2801787dfb5032af

SHA1
eda637e2dcf5037de8469ea4a2e25b60d917091f

SHA256
08607f18fb92093fd9815a9b80234fed1272a5b8d59b36b8bc48f6da5c946836

SHA512
d63adb84e90571f5e3a7e70925a7b605e0116609140bc4594b089a3bdcac27afc991214888f9b223323506b123bde7d949cf73efdab59b78ca5728eea07099eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a264e16107f591358714786df1cff6b3

SHA1
70ab38588f5c864f6e52e002be06b937a07ecf62

SHA256
70b4babda9ce5027c079a3d571232554daf0174238d3bb6e019b794ddf70863a

SHA512
610781db82789123d02e173cd23505261694997bde09c24da6903b19320fc8456c3f9c9b072901a9001c77f0b70b8210df40cebd1f097ee063791c81660e823d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4363af2a3474d93c424fc3dc71634685

SHA1
32647171e970b2119607f12b992f3e3cd92ff31e

SHA256
34986f1c681937161efcc53f5e837deeb8bb8a1bd41b4659da1cf05812f07cf6

SHA512
512970401f651c17ba37b2509173ae53f3b9c4ef0629ebbed729e51ae880a4a2da6eec705d41cff9a55276e05312a40edaa2a82aff355b38cff2b06d75d5cfff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e445.TMP

Filesize
874B

MD5
14176d426d084324b4edb48240835fd8

SHA1
11520d5cffef224e2f0a550c6b42fe471273ad23

SHA256
42f458e83610ac9c44b2515130b668f14bc353cf4ce99ed4356eeca653a848a8

SHA512
44ea78ada95e350c835aea86649363385b08c5ab9106bd1037c2011c45f2a933d0d26e045cbcdae29a8ae770627866e937246cd2c704e2a9ef71a6264f4d793b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
ebc863bd1c035289fe8190da28b400bc

SHA1
1e63d5bda5f389ce1692da89776e8a51fa12be13

SHA256
61657118abc562d70c10cbea1e8c92fab3a92739f5445033e813c3511688c625

SHA512
f21506feeed984486121a09c1d43d4825ec1ec87f8977fa8c9cd4ff7fe15a49f74dc1b874293409bd309006c7bbc81e1c4bcba8d297c5875ca009b02e6d2b7be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
edd71dd3bade6cd69ff623e1ccf7012d

SHA1
ead82c5dd1d2025d4cd81ea0c859414fbd136c8d

SHA256
befea596b4676ccf7cc37ea8048044bfa0556c8931d76fdeeb693d20264e50d6

SHA512
7fa9b9ef95db0ce461de821f0dec1be8147095680b7879bad3c5752692294f94ebc202b85577b5abac9aeaf48371595dd61792786a43c0bd9b36c9fc3752669d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
589c49f8a8e18ec6998a7a30b4958ebc

SHA1
cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e

SHA256
26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8

SHA512
e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
60e3f691077715586b918375dd23c6b0

SHA1
476d3eab15649c40c6aebfb6ac2366db50283d1b

SHA256
e91d13722e31f9b06c5df3582cad1ea5b73547ce3dc08b12ed461f095aad48ee

SHA512
d1c146d27bbf19362d6571e2865bb472ce4fe43dc535305615d92d6a2366f98533747a8a70a578d1f00199f716a61ce39fac5cab9dd67e9c044bc49e7343130e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
ab6ab31fbc80601ffb8ed2de18f4e3d3

SHA1
983df2e897edf98f32988ea814e1b97adfc01a01

SHA256
eaab30ed3bde0318e208d83e6b0701b3ee9eb6b11da2d9fbab1552e8e4ce88f8

SHA512
41b42e6ab664319d68d86ce94a6db73789b2e34cba9b0c02d55dfb0816af654b02284aa3bfd9ae4f1a10e920087615b750fb2c54e9b3f646f721afb9a0d1aea3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
12KB

MD5
62f37689e15509e4193be832211e2ae6

SHA1
7215031c7e2907ae76b4fadc4a19a5a8696bac90

SHA256
f16721ba3520020562bf53341677486b15b70160df9f068227b287f32e0956f7

SHA512
12ebbc3dac604d2dd31210fbc8baac99a9f2d9d97291bb5785a6d0fc2cbd288b1c76b6f999472a1f2f07f0e7acb7e7df92818464fa9ca006c3896180c54e09ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
8b8b1dd85c070f0f70b8453d079dea00

SHA1
4a0db0d1ad0de11b9b53c8d214801cab1fc85ee3

SHA256
fcc775ced4bc5f40a022e7034c48aa2e425a39ea4c944933fddb164aa677c34e

SHA512
631c0963e7ca4ae0db00a57d4bfdb643e976ae312bac30e4d461367cae594e80d07ed54e3029122c7956b88fc8958620693f8d73928b0ee6bf3cbda12c51de4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
35ba5904313dee0ab0a8625fcb6dfcce

SHA1
6cd30ac0f3c70018356eec8ae22c560a8091659a

SHA256
7430215a9421e9157185eefb0f9af4d77b094208908a5160cb3a7ca1aa7adcf7

SHA512
5d4555372407c97f30150d623336f429d06ecc1ef5f9b72ff815d5328fe8799a09958d07bed8d78d2b58137a33326befb5930f9579f75ab3d0e29bfa351936c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Browser

Filesize
120B

MD5
a397e5983d4a1619e36143b4d804b870

SHA1
aa135a8cc2469cfd1ef2d7955f027d95be5dfbd4

SHA256
9c70f766d3b84fc2bb298efa37cc9191f28bec336329cc11468cfadbc3b137f4

SHA512
4159ea654152d2810c95648694dd71957c84ea825fcca87b36f7e3282a72b30ef741805c610c5fa847ca186e34bde9c289aaa7b6931c5b257f1d11255cd2a816

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
d43e4cb4a78d62f3b41107b027d56a1e

SHA1
f80af04d6f79166f1b7fb4fd8ba48a67ec2db31d

SHA256
cd6396b09d9f0b62121a4043afd09e3ccc71ed7f91f2def33758ffa58f1e3178

SHA512
c27cd22606b4daf74a2af5c140a412e9f395fa9e7ad071bd7203b78cb9ef27901b9cd0d361e36ff47afd51fce3dcbf00d3ceba357b628b8f770d07e40cf81ed8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
b782178c7a5a881bcceae5e1798cd6dc

SHA1
bbc8f23f8078cd3cb19b2c95fe8a2ae00f99ec7b

SHA256
fea77bc5c35c5cfa1b92b9f22aa50494ae6710bf78a04263a3c32098be6f72b3

SHA512
602712c432a710307166ef421a2fd9be0cd8735d231d30a1fc6052f35af2fe42bffebc9f4a09d467f5463e76b282b75aac33815c045d0cf777c7ac3175979514

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
933ca161a11d6042832a43dd040bd4f9

SHA1
686d0f18ed1ab2f98f6ce7ee708a4d87d860c48f

SHA256
5ce4d18ec2453580cce285028481a4db6514f2215902b798245e564932116455

SHA512
b2bd40a13f662ccce0c1615c21e704c5dbaa169922bbeb5583de47cb841af595ba196f2e84479b8ab76bf6cbe69b7369252a3996b07fd14a8cc345cce9ffba78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
233845b275dd4ab1a157f04a990b11e4

SHA1
0026d9830a5517b9ce2e31ac17ad19469a60a27c

SHA256
77ea109e6a1f52f3ef1d527e87228a30e092e639264b366b6a9a7e48311828b3

SHA512
c85320ba4c18494035068310271ad515affee3d712bf89d3ef5a1a3cfea30e2dce5a0caf93cc5a8f54d22cf9ce8d96295507e2b9850e86d6c2455635f790c1e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
183e987393a9fd2c9c12703b79228089

SHA1
ef58c29d1b93cd75644c6930d56948cda5d8a24a

SHA256
9afc93001a34841ba53ef35eadc307c53138139feea13507e053a6ddeee4cc07

SHA512
48c3ccbbe422a152ab506261bae8ab44d5b8fcb11de7af5731d396a7c4111ef5224ae5a726e121808628fea5ce32bb087069db023de073ad6bd214700a79dfc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
a115f3bb66eb30b030da6bc8e489b4dc

SHA1
4515ea005e4a55ae9050ccac56391528bd31237e

SHA256
c4b02ed8c3cc0cce8e0098f87819dfade16509750a7ed288d7281f3e6bfbca50

SHA512
bb63f07e4dbfb4f85d89828d83f9a3ad80d4bd1999e028e56ff6443883ea7783004283390c09d93ed492d43f38e663c1665828a8afb091af9038b8cde824d595

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6e4b79e05f79dd239984f1391a4431de

SHA1
beb91bc388f414dc5769f6b4766517b42630eecf

SHA256
89c58ab567666967f9a75b7f26cad1299362cac78eb2dd86883ae35cab39930a

SHA512
a66d5c7171ba6b8a91bb6a56004cc8fc6e32fc3df57caf6d1701977290ebcbed168fe5c10620717f0ba57c0106df1cff9831a2208fddbe2ec114770c0b396580

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
4c8d53b915fa6122f6d618a87c805898

SHA1
210cc0401ef4c97ce1f0af2ce61b7500efc436af

SHA256
f54d209b856ceabaed33f0031eabe0169ff8263b5f0f623229cad66269b93ac4

SHA512
c639640e0b894b8c94206b7ceb667f67f295f34698eb095625e83375979243122be36cb14ae7a4c36a2d08ccfd3075aa9d0954d79c9b608029b11f02a0fed86e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
7c72e5a524ac7c9e9622466fa11eb92e

SHA1
72fbfeaf6705c1c5a79cf285048b1bd5ab5d1392

SHA256
18557b68a5a8f5734efdec015765c3be53ff6c84f22e662dfc27e961a21d5300

SHA512
0a7ace5519df0d6e98c9ebe124e265f72f1df7a938120cb954a14547553bf71c965f355d9fb1c46502cdd5d37df0862d85485acf6d9d67c5964c0d3422151ac1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
790ea016205548346dbe1f31419047ca

SHA1
4bc0435d25bd120f055bf463b5b0e0352d5cbf01

SHA256
368d3ae045723f275010fbd2b87134af2869f6d3f2012c3cca4b1aa499c49db3

SHA512
d4a99883a9c523ecb7db82c03f61cfc5c0ebecec74db2f96ea6b08f138105908797f9a1bc95e4e6427625d1a679539c9ffb9306c60658ab49c8ef908931d34c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
d2b91286805cacbfefa5f35ddfdc867d

SHA1
4769c955fbe26157e84696f700f47184c1bccb8b

SHA256
dc7a0fe0c9cd088da8cff29c8669ec565e3823efdfcd2d189406a6e1de7ed2b6

SHA512
940206cf48a104a1d2af3c4700a542a2067f2f443bab326493041a93d51961419cd6011a6ae13be2ebb5836f7d355c7ab316ea700dfe34825d89c3771e3343a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
d47701cdc476a0d9e0855cfba593c119

SHA1
b8811269aaf2dbdd2d04e3123715365f1a8b02bc

SHA256
b0b7ad40dda728351d2290912dfc8e3aba412e51a8ec4a15289bd21f1e99918d

SHA512
49bf1b687698d549cd9fb82cd7b20bf423df489aa6471425b35baea875d1e37b9ab3576b1366550aa30ec1077e643fceaa92eecd0fc1db586ecc16a88322e9bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
25465206e2862d84749a2dd8829b9307

SHA1
ce07b2fc62e8c3035f9ee09ee1bf44cddbabef93

SHA256
77ad71ea26c57ff41479e00772d204b3b97d377f314e5f182d6094417c181dbf

SHA512
71a645628178632a39317fbd3a4d5e54961372d74e62906162b887c4101182cd786b16dbc62c1805ce26179f41d6bbed222aad63b14d152c4bf761491a564710

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\l594d31n.default-release\activity-stream.discovery_stream.json

Filesize
23KB

MD5
848ae40d50382aa9bae220127d99c41e

SHA1
20ee2b7d37fb2e609d57aa74159ee604f212fdeb

SHA256
494fb5e6587132300238200b268963b9684edbf087d31beef3ffe46e62efeaf0

SHA512
886bb86eea7ab8c685cd78aa7080fdba082ff447b1e1c0db6730bf5f1467aba7af3b87a1f3d71ebca70760b408251e6b2c99e8ab8f2e1b243c303e4b62ab0682

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l594d31n.default-release\datareporting\glean\db\data.safe.tmp

Filesize
22KB

MD5
b26fb5e9a97140c9ed91566dac9a72ec

SHA1
4c0e62081bcdd7e9b0319103c8dfda1e15d469cf

SHA256
60d98cce9155b4dc032b149512844df4166f85ca305515b401730fb290c9a4bf

SHA512
29d6379755367fb673c612e907f10e5fe897fb40c7daa77ee5245dbf084bf1e0a205f4a12998da1ec4688280371f2bfa58278abf6e76b701dc83d583d633f9c0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l594d31n.default-release\datareporting\glean\db\data.safe.tmp

Filesize
21KB

MD5
d5bb5c89d9a94b9a374a0638037a4ff3

SHA1
3e48f5fd6dd0a1c0f1ca034bb451792c5d51105b

SHA256
03d3efa0813260b2bd23386cf61eaba7f9b96e2829264189c013d2575b8ee401

SHA512
0c62b8e2def039f316d520e030c05371c78782405d0de1b91987b96f2e0bccc9b9198e46c150ff2be8e4fafdf6aae6b6bda7f25108687ded0cd63e62363f2c94

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l594d31n.default-release\datareporting\glean\db\data.safe.tmp

Filesize
22KB

MD5
2f5bc9595d437b32e2d4df192bcfe843

SHA1
d18f883bced513ec57d659721f165aa62a327c5b

SHA256
bb986f59a9f112acedf07d49c63c4b204565f8354c199872c46de59f0579150f

SHA512
836444be2ee96e9dd8ffa69c2574b9efbd4ccc8f0ce07a9cb5cad958fe945195dabe56c5c6ce1a01761367515b9268000c59770a452c80bf1370ed4789ba53ff

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l594d31n.default-release\datareporting\glean\pending_pings\9855d5df-91ac-410b-8a53-0bc7a21be6f6

Filesize
982B

MD5
8242c2f750a81efb2ad86b3446e08c2e

SHA1
0aa4509d16b581706a96fc4b9bf7e7868442f175

SHA256
72a1c9c7fa7105751b052321a3860978318e3d7cfc30f898f39f7c8d6dcc8c0d

SHA512
b6f233214320e511a243e432083ba1aa0b4a8c600915704bc98be7173ae312fad6bdcbd1febd9462f98efb2b0ba3c0942a77d809eb9b65ef0021c6790ab55911

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l594d31n.default-release\datareporting\glean\pending_pings\ff964e8b-7cb4-4b0e-b314-9a91a0e5c71e

Filesize
659B

MD5
af1f139aa24bc8d036367eeaf7ab55e1

SHA1
cbda7d4ddd5582b90dc97d8dcf5bf11ff6eb9cc6

SHA256
403acc279f6fed4232efc0b7c0ad1f0c7bb88e73878f265c91a20781f6ca7aea

SHA512
baf002ab6e3d58c60e25356463404699fc5a520310794d6f826310213a58465a2c8165b706b93559954318879fc3d20ea57c50c8324d2dabf5bb5366f4fa1ce5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l594d31n.default-release\prefs-1.js

Filesize
8KB

MD5
211966b5808642753fd2bef10046b213

SHA1
8f39f11351d30c8769164200173a7fd0ce403a0c

SHA256
59960b9105d754ac506eb40217ca00b14208891b53bad19c0b6f127ccae5d19b

SHA512
ef9bc2083b03ecf1364f5093757bddd353c479bf275209e5e378d9cca91ec9051c258df41058e2a90320f2a76cdcdff79a4f07b4e0869fb26a0fb2e8f7883559

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l594d31n.default-release\prefs.js

Filesize
8KB

MD5
31bb2c29e4a24cb257c002b0a3f65e3a

SHA1
218842c4e90940494009dd942137ef478a36873c

SHA256
4299435fbe312022f5ebc21b32f977dbc303b6d92aad1ebcfd6bcb51d4994ff6

SHA512
f75a290c42cdf208e4fb858879f15661c2cff4d2f989b644c298e6edfaf9cd196c5485c345fd998e3f902e6f47668a3a062218020770a8cb9e5499b353f2cb16

Download Submit
C:\Users\Admin\Downloads\AUTOEXEC.BAT

Filesize
101B

MD5
a362372f2be18727f636809acc263348

SHA1
ce59ef762b2ec3c3da191344e74aaa8e1cefc666

SHA256
4cd7a7b5f58492b9c77b35e1e07940039968e2865567c81e1ddebd827abd00fe

SHA512
8fc8878d52077b4af4952006681e7d6542f9a69405427b246862a159d3b33761a50ceaf0c4d3eafdacbb861bcadb3e8019f8cf3002442748ec3b4305a3829e72

Download Submit
C:\Users\Admin\Downloads\AUTOEXEC.BAT

Filesize
177B

MD5
c52297fd2b86fcc80d8d39c61b84c619

SHA1
c1928cdaf959a0de1439a4b1287ce6488d109e36

SHA256
7cb52533d6e357fbcd19e6d42070b1d6fdc60ca1aa0aeb9734157a20a02b799e

SHA512
8687a6aedc71cf66d70c2358c52a616b2bc0d4403a8fa3487bedc71b9532eca7d42cff172e563086e6bef8fefbf13fbec42c51a1bcbfc9d3e13728e204e79944

Download Submit
C:\Users\Admin\Downloads\AUTOEXEC.BAT

Filesize
253B

MD5
5f57fe4c3a4f03e0688ae6714d7e0c57

SHA1
d559148512d2552a76206060b33eb5d1d446fa6f

SHA256
efa742666fc9779d58f5da5bb338d708ea1a307db3173ee0d7a7f0451be72b16

SHA512
9de3f04999521aa072523c42b3017c1a487ceecdbd3a3ff5b2cdb217a6a179a3bd7a3ce262483e0bd576f054afffc7189ca2782e5b58c235357758f8eb7db68a

Download Submit
C:\Users\Admin\Downloads\AUTOEXEC.BAT

Filesize
329B

MD5
ce354a01f1e274c05a180a4b35767356

SHA1
ca3ed580f828b4c95686376c4df1535d620d928a

SHA256
6119dd68a954076e55b73018cbd055ba20eca29fe72f78f6d7b3043589b407f6

SHA512
c114f9f2b9e75bd9419cc39839db67753a15a1089aefcb77464e8b1222a6770c36b4831748a3db9bea02a64922b3816fe83349074ed2efca6d9fd527b26bf5fe

Download Submit
C:\Users\Admin\Downloads\AUTOEXEC.BAT

Filesize
405B

MD5
87d1a44644c477e9b85fcfe7888025cd

SHA1
ca62975d140a6417260236ec9e74ef569b91188b

SHA256
8a8efe47585ea6a15b06d41cde4b3ec1df6349a24cc4e8da05f93b070e2835a0

SHA512
6dcdd319ae7bed7e90322e2cc6f04184c27894768f27fd51b92dbf17a6af964930d65da5546f1b85f45e202863a4312986079a66e1ed191cd3ef0a54d40340dc

Download Submit
C:\Users\Admin\Downloads\AUTOEXEC.BAT

Filesize
481B

MD5
613810124872dfa7e461da8c3b21460f

SHA1
d82f6a857502256497a8b5fee56893561ba4e43e

SHA256
18a33d8f3151811add0708d1f180a577ffbd6915ba2e4e911c0fa03aeb798731

SHA512
a62bd0a759ac74fd6e0440dffe7a2d0d5c5610be13f4da9d7824df4efff368cd9be109e2ad1c9dd3de98f734c20b152c15e11c9e4af78164c12203f642e94502

Download Submit
C:\Users\Admin\Downloads\AUTOEXEC.BAT

Filesize
532B

MD5
22f60b8a922f12c1e7b3397ef9089e3b

SHA1
c11333403362c0ac0bf907886c939cfc501c8274

SHA256
0aa24447ca0bd19dd0cffd1e20b325d5eddbdfbef32cdb587c1dc8ec38c9e890

SHA512
95b74d2eb42c505dbf992b03e3641a4cf6fe7a72cd5f108967796c26f75940709bbbf9f74af493d9802e64bdc5f1d849bb2907274efa145ca04b2a25eeae27d5

Download Submit
C:\Users\Admin\Downloads\AUTOEXEC.BAT

Filesize
608B

MD5
aebd5244de0a653d321bf287ce8b30f1

SHA1
04ac6dfc933a4bb6e813bd82d0235f09cb290a08

SHA256
da17a74d34fd850cb93977fac5bb93a08e1b6f1aaa0b6c023e3bba2a0eac6ddd

SHA512
ade72e9212c2852084b2c118f63a1bd88175fbeab3c8f710da5458c078c35d55453f4ae3f695c84f9f74a792fe4e528eae3d9980544ddbc9b1a5cfaeed132c92

Download Submit
C:\Users\Admin\Downloads\AUTOEXEC.BAT

Filesize
633B

MD5
5edc12445b97a7bde775f97084edbbbf

SHA1
e0bc96ddc4f50dd876cf417cae6fbcf17b650d4c

SHA256
deda38401f728b1b0c2524a71c790b9e49e77ce2f91511195bf552b374e4a4f0

SHA512
360e51b0bab37df53862c71d233c114e0693dccba01e3723f8df4bc3307642725899fcd4d3feca63979580e0e31a4e6be717f958ae154de91237ccbccc152679

Download Submit
C:\Users\Admin\Downloads\AUTOEXEC.BAT

Filesize
658B

MD5
a2cf55b89a3dd0af8466d29b0340c89c

SHA1
b755439ff4f9e46e3a74a9d018835d6d79b648b8

SHA256
a329d23ef48acebee695d4a329240b1943adee91785e303b8e4c676df27734b5

SHA512
524f27c663c616e4a37403ca217309e1fbd7f8c4a08924f3618de6374f5f1e57c0c3c4881ebb603ae36fffdc04a7bb0fff3c54a84dba92a4f88a6486c0124bfe

Download Submit
C:\Users\Admin\Downloads\AUTOEXEC.BAT

Filesize
673B

MD5
ac7165d48a6c71853380a11b6114701e

SHA1
78b0b69e4cc03c7cca69ef3b56a0d0683081a71d

SHA256
e4e7b5b75a1e5f8802db91115e382fa936b01e22fde368bc0e54e82b7583676f

SHA512
bc261e055cf60606d31da2ef2e54335009e79eaad318393a048280812aeeaf30c51f46d375ced9d6376de372881f51a8832da2e5ecf3460a9c251210abcdbee8

Download Submit
C:\Users\Admin\Downloads\AUTOEXEC.BAT

Filesize
684B

MD5
0b550ffb13778697bb33cda1db16f36f

SHA1
30bca813b269015141328713b014aeb5e0579e29

SHA256
f2ca1481888d81d0867250c44228dfd7e2d2a25034cbe6888f414c1a96137c51

SHA512
bc513c27fe3e0ce0bffeb5ed423ddf189e87270fe044940667f5ae9ebdc5b8f8d22bac6596aead5d9cf7a902f12d39e9cb9ffc60f00c018cf7c6b89751ae27bb

Download Submit
C:\Users\Admin\Downloads\Grave.apk

Filesize
560KB

MD5
61b29201190909e848107d93063726ca

SHA1
f6505a3b56fdbbc54e1624793581afe45010c890

SHA256
64c874d0a67387d174fbf18811ef23e9d9b0f532ed7f805e542dacdf3c9d42f9

SHA512
a2e8fa752d62e77e20e6fd86b7c6de3e683e41932eef448164944bd5f5dbb91ccf4380b3c13943e5c0264b9127b7f5e471ece68753af541d408caefae1065930

Download Submit
C:\Users\Admin\Downloads\MEMZ.exe

Filesize
14KB

MD5
19dbec50735b5f2a72d4199c4e184960

SHA1
6fed7732f7cb6f59743795b2ab154a3676f4c822

SHA256
a3d5715a81f2fbeb5f76c88c9c21eeee87142909716472f911ff6950c790c24d

SHA512
aa8a6bbb1ec516d5d5acf8be6863a4c6c5d754cee12b3d374c3a6acb393376806edc422f0ffb661c210e5b9485da88521e4a0956a4b7b08a5467cfaacd90591d

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 261620.crdownload

Filesize
176B

MD5
6784f47701e85ab826f147c900c3e3d8

SHA1
43ae74c14624384dd42fcb4a66a8b2645b3b4922

SHA256
39a075e440082d8614dbf845f36e7a656d87ba2eb66e225b75c259832d2766bc

SHA512
9b1430a426bf9a516a6c0f94d3d20036a306fae5a5a537990d3bcf29ebf09a4b59043bbe7ef800513ea4ac7fe99af3cac176caa73cd319f97980e8f9480c0306

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 294554.crdownload

Filesize
18KB

MD5
e7af185503236e623705368a443a17d9

SHA1
863084d6e7f3ed1ba6cc43f0746445b9ad218474

SHA256
da3f40b66cc657ea33dbf547eb05d8d4fb5fb5cf753689d0222039a3292c937a

SHA512
8db51d9029dfb0a1a112899ca1f1dacfd37ae9dec4d07594900c5725bc0f60212ab69395f560b30b20f6e1dffba84d585ef5ae2b43f77c3d5373fe481a8b8fc3

Download Submit
C:\note.txt

Filesize
218B

MD5
afa6955439b8d516721231029fb9ca1b

SHA1
087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

SHA256
8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

SHA512
5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

Download Submit
memory/396-1500-0x000001C327E50000-0x000001C327E60000-memory.dmp

Filesize
64KB

Download
memory/5788-1026-0x00007FFBDE2A0000-0x00007FFBDE2B1000-memory.dmp

Filesize
68KB

Download
memory/5788-1038-0x00007FFBCD1F0000-0x00007FFBCD201000-memory.dmp

Filesize
68KB

Download
memory/5788-1036-0x00007FFBCD640000-0x00007FFBCD651000-memory.dmp

Filesize
68KB

Download
memory/5788-1037-0x00007FFBCD620000-0x00007FFBCD631000-memory.dmp

Filesize
68KB

Download
memory/5788-1100-0x00007FFBC8390000-0x00007FFBC9440000-memory.dmp

Filesize
16.7MB

Download
memory/5788-1025-0x00007FFBDEAF0000-0x00007FFBDEB07000-memory.dmp

Filesize
92KB

Download
memory/5788-1128-0x00007FFBE1850000-0x00007FFBE1884000-memory.dmp

Filesize
208KB

Download
memory/5788-1032-0x00007FFBC8390000-0x00007FFBC9440000-memory.dmp

Filesize
16.7MB

Download
memory/5788-1039-0x00007FFBC9D30000-0x00007FFBC9E3E000-memory.dmp

Filesize
1.1MB

Download
memory/5788-1035-0x00007FFBCF7D0000-0x00007FFBCF7E8000-memory.dmp

Filesize
96KB

Download
memory/5788-1022-0x00007FFBE1850000-0x00007FFBE1884000-memory.dmp

Filesize
208KB

Download
memory/5788-1127-0x00007FF6745A0000-0x00007FF674698000-memory.dmp

Filesize
992KB

Download
memory/5788-1034-0x00007FFBCD660000-0x00007FFBCD681000-memory.dmp

Filesize
132KB

Download
memory/5788-1023-0x00007FFBCB4A0000-0x00007FFBCB756000-memory.dmp

Filesize
2.7MB

Download
memory/5788-1129-0x00007FFBCB4A0000-0x00007FFBCB756000-memory.dmp

Filesize
2.7MB

Download
memory/5788-1028-0x00007FFBDE030000-0x00007FFBDE041000-memory.dmp

Filesize
68KB

Download
memory/5788-1033-0x00007FFBCD690000-0x00007FFBCD6D1000-memory.dmp

Filesize
260KB

Download
memory/5788-1031-0x00007FFBCA260000-0x00007FFBCA46B000-memory.dmp

Filesize
2.0MB

Download
memory/5788-1131-0x00007FFBC9D30000-0x00007FFBC9E3E000-memory.dmp

Filesize
1.1MB

Download
memory/5788-1029-0x00007FFBDDCB0000-0x00007FFBDDCCD000-memory.dmp

Filesize
116KB

Download
memory/5788-1030-0x00007FFBD92A0000-0x00007FFBD92B1000-memory.dmp

Filesize
68KB

Download
memory/5788-1130-0x00007FFBC8390000-0x00007FFBC9440000-memory.dmp

Filesize
16.7MB

Download
memory/5788-1021-0x00007FF6745A0000-0x00007FF674698000-memory.dmp

Filesize
992KB

Download
memory/5788-1024-0x00007FFBE1970000-0x00007FFBE1988000-memory.dmp

Filesize
96KB

Download
memory/5788-1027-0x00007FFBDE050000-0x00007FFBDE067000-memory.dmp

Filesize
92KB

Download

Resubmissions

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads