904e61a8a39c5b7193769d47f8f76b2a9b871ecf625a2578ac8bf133f7f3d32f

Analysis

max time kernel
234s
max time network
234s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
09/05/2024, 06:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

uAhEEu.html
Size

512B
MD5

7ad73985213864f075408a02bf660c3b
SHA1

c72cf590fd8d94d866f2a3f60151169986c9cb7c
SHA256

904e61a8a39c5b7193769d47f8f76b2a9b871ecf625a2578ac8bf133f7f3d32f
SHA512

64b7d0ee9ed7d16dc69b1f677ccf20856d2efe7989d1f8a166f76761fecc4066391585488352d30ea426d14f8534008281ebecd58631eae0534ae760a398bb3d

Score

8^/10

evasion persistence

Malware Config

Signatures

Disables Task Manager via registry modification
evasion

Executes dropped EXE 1 IoCs

pid	Process
1364	innocentcatgirl.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\""	innocentcatgirl.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Delays execution with timeout.exe 16 IoCs

evasion

pid	Process
6060	timeout.exe
5388	timeout.exe
2964	timeout.exe
5368	timeout.exe
5460	timeout.exe
428	timeout.exe
3908	timeout.exe
5092	timeout.exe
5632	timeout.exe
2620	timeout.exe
3652	timeout.exe
880	timeout.exe
2968	timeout.exe
880	timeout.exe
4360	timeout.exe
5464	timeout.exe

Enumerates processes with tasklist 1 TTPs 1 IoCs

Process Discovery

T1057

pid	Process
2300	tasklist.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Kills process with taskkill 4 IoCs

evasion

pid	Process
5416	taskkill.exe
5440	taskkill.exe
4964	taskkill.exe
2816	taskkill.exe

Modifies data under HKEY_USERS 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
1668	msedge.exe
1668	msedge.exe
1900	msedge.exe
1900	msedge.exe
1532	identity_helper.exe
1532	identity_helper.exe
5660	chrome.exe
5660	chrome.exe
5712	msedge.exe
5712	msedge.exe
5560	msedge.exe
5560	msedge.exe
5360	identity_helper.exe
5360	identity_helper.exe
2300	tasklist.exe
2300	tasklist.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs

pid	Process
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
5560	msedge.exe
5560	msedge.exe
5560	msedge.exe
5560	msedge.exe
5560	msedge.exe
5560	msedge.exe
5560	msedge.exe
5560	msedge.exe
5560	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe
Token: SeShutdownPrivilege	4136	chrome.exe
Token: SeCreatePagefilePrivilege	4136	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
5560	msedge.exe
5560	msedge.exe
5560	msedge.exe
5560	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
4136	chrome.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
1900	msedge.exe
5560	msedge.exe
5560	msedge.exe
5560	msedge.exe
5560	msedge.exe
5560	msedge.exe
5560	msedge.exe
5560	msedge.exe
5560	msedge.exe
5560	msedge.exe
5560	msedge.exe
5560	msedge.exe
5560	msedge.exe
5560	msedge.exe
5560	msedge.exe
5560	msedge.exe
5560	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4136 wrote to memory of 4072	4136	chrome.exe	82
PID 4136 wrote to memory of 4072	4136	chrome.exe	82
PID 4136 wrote to memory of 1896	4136	chrome.exe	85
PID 4136 wrote to memory of 1896	4136	chrome.exe	85
PID 4136 wrote to memory of 1896	4136	chrome.exe	85
PID 4136 wrote to memory of 1896	4136	chrome.exe	85
PID 4136 wrote to memory of 1896	4136	chrome.exe	85
PID 4136 wrote to memory of 1896	4136	chrome.exe	85
PID 4136 wrote to memory of 1896	4136	chrome.exe	85
PID 4136 wrote to memory of 1896	4136	chrome.exe	85
PID 4136 wrote to memory of 1896	4136	chrome.exe	85
PID 4136 wrote to memory of 1896	4136	chrome.exe	85
PID 4136 wrote to memory of 1896	4136	chrome.exe	85
PID 4136 wrote to memory of 1896	4136	chrome.exe	85
PID 4136 wrote to memory of 1896	4136	chrome.exe	85
PID 4136 wrote to memory of 1896	4136	chrome.exe	85
PID 4136 wrote to memory of 1896	4136	chrome.exe	85
PID 4136 wrote to memory of 1896	4136	chrome.exe	85
PID 4136 wrote to memory of 1896	4136	chrome.exe	85
PID 4136 wrote to memory of 1896	4136	chrome.exe	85
PID 4136 wrote to memory of 1896	4136	chrome.exe	85
PID 4136 wrote to memory of 1896	4136	chrome.exe	85
PID 4136 wrote to memory of 1896	4136	chrome.exe	85
PID 4136 wrote to memory of 1896	4136	chrome.exe	85
PID 4136 wrote to memory of 1896	4136	chrome.exe	85
PID 4136 wrote to memory of 1896	4136	chrome.exe	85
PID 4136 wrote to memory of 1896	4136	chrome.exe	85
PID 4136 wrote to memory of 1896	4136	chrome.exe	85
PID 4136 wrote to memory of 1896	4136	chrome.exe	85
PID 4136 wrote to memory of 1896	4136	chrome.exe	85
PID 4136 wrote to memory of 1896	4136	chrome.exe	85
PID 4136 wrote to memory of 1896	4136	chrome.exe	85
PID 4136 wrote to memory of 1896	4136	chrome.exe	85
PID 4136 wrote to memory of 4660	4136	chrome.exe	86
PID 4136 wrote to memory of 4660	4136	chrome.exe	86
PID 4136 wrote to memory of 1848	4136	chrome.exe	87
PID 4136 wrote to memory of 1848	4136	chrome.exe	87
PID 4136 wrote to memory of 1848	4136	chrome.exe	87
PID 4136 wrote to memory of 1848	4136	chrome.exe	87
PID 4136 wrote to memory of 1848	4136	chrome.exe	87
PID 4136 wrote to memory of 1848	4136	chrome.exe	87
PID 4136 wrote to memory of 1848	4136	chrome.exe	87
PID 4136 wrote to memory of 1848	4136	chrome.exe	87
PID 4136 wrote to memory of 1848	4136	chrome.exe	87
PID 4136 wrote to memory of 1848	4136	chrome.exe	87
PID 4136 wrote to memory of 1848	4136	chrome.exe	87
PID 4136 wrote to memory of 1848	4136	chrome.exe	87
PID 4136 wrote to memory of 1848	4136	chrome.exe	87
PID 4136 wrote to memory of 1848	4136	chrome.exe	87
PID 4136 wrote to memory of 1848	4136	chrome.exe	87
PID 4136 wrote to memory of 1848	4136	chrome.exe	87
PID 4136 wrote to memory of 1848	4136	chrome.exe	87
PID 4136 wrote to memory of 1848	4136	chrome.exe	87
PID 4136 wrote to memory of 1848	4136	chrome.exe	87
PID 4136 wrote to memory of 1848	4136	chrome.exe	87
PID 4136 wrote to memory of 1848	4136	chrome.exe	87
PID 4136 wrote to memory of 1848	4136	chrome.exe	87
PID 4136 wrote to memory of 1848	4136	chrome.exe	87
PID 4136 wrote to memory of 1848	4136	chrome.exe	87
PID 4136 wrote to memory of 1848	4136	chrome.exe	87
PID 4136 wrote to memory of 1848	4136	chrome.exe	87
PID 4136 wrote to memory of 1848	4136	chrome.exe	87
PID 4136 wrote to memory of 1848	4136	chrome.exe	87
PID 4136 wrote to memory of 1848	4136	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\uAhEEu.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xd8,0x10c,0x7fffac13ab58,0x7fffac13ab68,0x7fffac13ab78
  2⤵
  PID:4072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1684 --field-trial-handle=1928,i,14162826159676337897,7064876125674443488,131072 /prefetch:2
  2⤵
  PID:1896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 --field-trial-handle=1928,i,14162826159676337897,7064876125674443488,131072 /prefetch:8
  2⤵
  PID:4660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2208 --field-trial-handle=1928,i,14162826159676337897,7064876125674443488,131072 /prefetch:8
  2⤵
  PID:1848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3000 --field-trial-handle=1928,i,14162826159676337897,7064876125674443488,131072 /prefetch:1
  2⤵
  PID:2408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3008 --field-trial-handle=1928,i,14162826159676337897,7064876125674443488,131072 /prefetch:1
  2⤵
  PID:1668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4004 --field-trial-handle=1928,i,14162826159676337897,7064876125674443488,131072 /prefetch:8
  2⤵
  PID:3880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4436 --field-trial-handle=1928,i,14162826159676337897,7064876125674443488,131072 /prefetch:8
  2⤵
  PID:4280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4616 --field-trial-handle=1928,i,14162826159676337897,7064876125674443488,131072 /prefetch:1
  2⤵
  PID:4612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4788 --field-trial-handle=1928,i,14162826159676337897,7064876125674443488,131072 /prefetch:1
  2⤵
  PID:1996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3352 --field-trial-handle=1928,i,14162826159676337897,7064876125674443488,131072 /prefetch:8
  2⤵
  PID:2032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4784 --field-trial-handle=1928,i,14162826159676337897,7064876125674443488,131072 /prefetch:8
  2⤵
  PID:4344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4532 --field-trial-handle=1928,i,14162826159676337897,7064876125674443488,131072 /prefetch:8
  2⤵
  PID:4852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4036 --field-trial-handle=1928,i,14162826159676337897,7064876125674443488,131072 /prefetch:1
  2⤵
  PID:4616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3572 --field-trial-handle=1928,i,14162826159676337897,7064876125674443488,131072 /prefetch:8
  2⤵
  PID:4908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5100 --field-trial-handle=1928,i,14162826159676337897,7064876125674443488,131072 /prefetch:8
  2⤵
  PID:4712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4488 --field-trial-handle=1928,i,14162826159676337897,7064876125674443488,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5660

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1336

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2072

C:\Users\Admin\Downloads\Catgirl‮gpj.exe
"C:\Users\Admin\Downloads\Catgirl‮gpj.exe"
1⤵
PID:824
- C:\Users\Admin\AppData\Local\Temp\RarSFX0\innocentcatgirl.exe
  "C:\Users\Admin\AppData\Local\Temp\RarSFX0\innocentcatgirl.exe"
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  PID:1364
- - C:\Windows\SYSTEM32\cmd.exe
    cmd /c "innocentcatgirl.bat"
    3⤵
    PID:1800
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://img.booru.org/censored//images/33/cd8960808ef14fb25216278309ada361432002ca.png
      4⤵
      Enumerates system info in registry
      Suspicious behavior: EnumeratesProcesses
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      PID:1900
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff96ae46f8,0x7fff96ae4708,0x7fff96ae4718
        5⤵
        
        PID:3536
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,1617678213525208558,9101570666780877516,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
        5⤵
        
        PID:1624
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,1617678213525208558,9101570666780877516,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1668
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,1617678213525208558,9101570666780877516,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8
        5⤵
        
        PID:1632
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,1617678213525208558,9101570666780877516,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
        5⤵
        
        PID:2684
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,1617678213525208558,9101570666780877516,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
        5⤵
        
        PID:2972
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,1617678213525208558,9101570666780877516,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5492 /prefetch:8
        5⤵
        
        PID:4360
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,1617678213525208558,9101570666780877516,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5492 /prefetch:8
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1532
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,1617678213525208558,9101570666780877516,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
        5⤵
        
        PID:412
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,1617678213525208558,9101570666780877516,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
        5⤵
        
        PID:996
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,1617678213525208558,9101570666780877516,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3664 /prefetch:1
        5⤵
        
        PID:5204
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,1617678213525208558,9101570666780877516,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3624 /prefetch:1
        5⤵
        
        PID:5212
  - - C:\Windows\system32\timeout.exe
      timeout /t 1
      4⤵
      Delays execution with timeout.exe
      PID:5092
  - - C:\Windows\system32\reg.exe
      reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v DisableTaskMgr /t REG_DWORD /d 1 /f
      4⤵
      PID:3348
  - - C:\Windows\system32\timeout.exe
      timeout /t 3 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:3652
  - - C:\Windows\system32\wscript.exe
      wscript.exe temp.vbs
      4⤵
      PID:4452
  - - C:\Windows\system32\timeout.exe
      timeout /t 3 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:880
  - - C:\Windows\system32\wscript.exe
      wscript.exe temp.vbs
      4⤵
      PID:1428
  - - C:\Windows\system32\timeout.exe
      timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:4360
  - - C:\Windows\system32\wscript.exe
      wscript.exe temp.vbs
      4⤵
      PID:5172
  - - C:\Windows\system32\timeout.exe
      timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:5464
  - - C:\Windows\system32\wscript.exe
      wscript.exe temp.vbs
      4⤵
      PID:5484
  - - C:\Windows\system32\timeout.exe
      timeout /t 30 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:5632
  - - C:\Windows\system32\wscript.exe
      wscript.exe temp.vbs
      4⤵
      PID:5916
  - - C:\Windows\system32\timeout.exe
      timeout /t 3 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:6060
  - - C:\Windows\system32\wscript.exe
      wscript.exe temp.vbs
      4⤵
      PID:2412
  - - C:\Windows\system32\timeout.exe
      timeout /t 3 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:2620
  - - C:\Windows\system32\taskkill.exe
      taskkill /IM chrome.exe /F
      4⤵
      Kills process with taskkill
      PID:4964
  - - C:\Windows\system32\timeout.exe
      timeout /t 1 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:880
  - - C:\Windows\system32\taskkill.exe
      taskkill /IM brave.exe /F
      4⤵
      Kills process with taskkill
      PID:2816
  - - C:\Windows\system32\timeout.exe
      timeout /t 1 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:5368
  - - C:\Windows\system32\taskkill.exe
      taskkill /IM firefox.exe /F
      4⤵
      Kills process with taskkill
      PID:5416
  - - C:\Windows\system32\timeout.exe
      timeout /t 1 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:5388
  - - C:\Windows\system32\taskkill.exe
      taskkill /IM msedge.exe /F
      4⤵
      Kills process with taskkill
      PID:5440
  - - C:\Windows\system32\timeout.exe
      timeout /t 1 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:5460
  - - C:\Windows\system32\wscript.exe
      wscript.exe temp.vbs
      4⤵
      PID:5180
  - - C:\Windows\system32\timeout.exe
      timeout /t 25 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:2964
  - - C:\Windows\system32\wscript.exe
      wscript.exe temp.vbs
      4⤵
      PID:2608
  - - C:\Windows\system32\timeout.exe
      timeout /t 1 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:428
  - - C:\Windows\system32\tasklist.exe
      tasklist /v
      4⤵
      Enumerates processes with tasklist
      Suspicious behavior: EnumeratesProcesses
      PID:2300
  - - C:\Windows\system32\find.exe
      find /i "discord"
      4⤵
      PID:2716
  - - C:\Windows\system32\timeout.exe
      timeout /t 3 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:3908
  - - C:\Windows\system32\wscript.exe
      wscript.exe temp.vbs
      4⤵
      PID:4612
  - - C:\Windows\system32\timeout.exe
      timeout /t 3 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:2968
  - - C:\Windows\system32\wscript.exe
      wscript.exe temp.vbs
      4⤵
      PID:2648

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4360

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1380

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fffac1446f8,0x7fffac144708,0x7fffac144718
  2⤵
  PID:5576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2224,1746062054282780798,3702323571073352066,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2256 /prefetch:2
  2⤵
  PID:2492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2224,1746062054282780798,3702323571073352066,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2224,1746062054282780798,3702323571073352066,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8
  2⤵
  PID:5708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,1746062054282780798,3702323571073352066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:4340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,1746062054282780798,3702323571073352066,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:5768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,1746062054282780798,3702323571073352066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
  2⤵
  PID:5952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,1746062054282780798,3702323571073352066,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
  2⤵
  PID:5928
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2224,1746062054282780798,3702323571073352066,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5360 /prefetch:8
  2⤵
  PID:2412
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2224,1746062054282780798,3702323571073352066,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5360 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,1746062054282780798,3702323571073352066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:1872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,1746062054282780798,3702323571073352066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
  2⤵
  PID:1904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,1746062054282780798,3702323571073352066,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3960 /prefetch:1
  2⤵
  PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,1746062054282780798,3702323571073352066,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
  2⤵
  PID:2172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2224,1746062054282780798,3702323571073352066,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:5148

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5852

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:372

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
48719260846f54080f0490a16f2cdd97

SHA1
5d079722591e9a86dfd961ef8823a4de1757c34f

SHA256
162c6cdc290507a9f97e2e9411eadfdd2ece97fce6295b37add55a2aa9eeaf0d

SHA512
5e2751e39a55e13e2ca54621dc701ec249be4a2d79e39f414f317d43ae23aa27220bd2d8c7070599cc96545c4aa36a7159b6be135b03c29b26f1f76fa901ef5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
df81f87af9c0cb791ef64cb142419f32

SHA1
4a3f90289e180f50cb31c994056a6ff123e8c212

SHA256
d69aa2957989795137ea9121d48a9c0a572101535b7989f4009d5b3787e14d0d

SHA512
ba84a454cb3024262d68e6b092cb2e622d7a86b8b1a4784d4ebfa58380640c98c426a34bc3eea06441f7827c2b999dafa9e081355ef8327cc7dccab8f7dd791c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
686B

MD5
78b42367b91ab77b3c5e3055f1683ff5

SHA1
9c0520112b359fdeab5925f454f2c9749deafd08

SHA256
2e2a387aa562d85e3da601a1afaf0ecf33c6f185768069bbef526cb852857eff

SHA512
a806df4db9b3d197f8f1944ff752c5e903f270d19b477f9dc404aa6f750c6fa7e222c60d413e0e69967787a210fe130082e771a04389c8a2a9aa878698444db2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
7ad460ef3b4dbb8acbc47a8c6bb1bfb5

SHA1
8af55da7885a83f064a463c829d584dc9c13b1d1

SHA256
d6c2736653abcb7888466ec7a8a082ab2767c551de08bab8ceb8c1b5fe7ffcbd

SHA512
54a04338e78c853c7ce84ae9ced7bd94a5bbffc7c5430cad92c42ad35e9549b542308bbca0407246f9ddb37440bc433f733e5bcaef6856bd39055f6420c71a89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
02669ae4c7bad9508082cbeba14ec7c0

SHA1
9cf96b92e4feccec1b7ffb4cd5309687f7577b6e

SHA256
09834f164614d865cf4543377df5384f4bc388a5da187cb3bba2c16ef2124bb4

SHA512
c8a59223ce806b93c07193ab90f681ecf98788b5e01f57f0c0fd1f9ca4778a921b4308d60ade15a2135c3d3314873cadebfb8b3bdcb71ef311f38a4faf7f786a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
079e0174ba40993bfa7c060f488b613b

SHA1
31e864f11e4d5006d0a105528379b3e4ed24f09c

SHA256
cfc1bf03c2f6d5cf6211763d91932e9e1414584c5cefbb91e98adb2ea9254cf5

SHA512
363da9622bbeaea4aad86755bcd86f9299c46d81cdf44a277bc4629f57336457f3d8f6f369ebc879dfcce80d9bb0d2f8496828d036e743c8a5885407493a3f15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
dac0fbb801d013ee62524c2faa4e3ab7

SHA1
d40a88903239f4a91fd0d5564ec382322d703dfb

SHA256
a430b514526173b5e44d2295b1065acf95b96b021088251df5ba02cf64fa8aa5

SHA512
c3786f3c9d20d44f92c71fccd781428e5ae594dc9cdd145390188848dd29c15efe82d5bb1beecc4af7f96f0b4816de6e476655e96aed615ce96fe926a0bb3f5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
80433a7c6e92d934ed7d6f43a734cc08

SHA1
f2b2874a6920c698f645af8aaec5b642aaaf8c16

SHA256
2f45f375704e1c8428a216e5b5ca78f99e823462b8dbed9241a7ad2e2bd5436f

SHA512
c7f5b92e7d7325f9f4006eec4bd95eba7c753ee80e7c214f1fbb96979d25cf5c6aff32d105822d5a24fe9920b107ab74e841d3df1f028921f4ff439914d28e1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
f3461dd9873b97818e96405b25afa5a7

SHA1
7c22e9cb9c75bde318cde25833f34cfbcffd5077

SHA256
b9fa896562f9abb307247787642e3b9736e475eb96fff5c406d7ad369639ba2f

SHA512
7505d0b2185483958722f33a11505fa384dbe176bd9a51c51dfa6088efe849340900b6a12ef21f07993717121fdd2c8d8667d5ded51f5e8787e761209f910b92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
277KB

MD5
bdf494ab6739fedbb8897b7e531794f5

SHA1
a414e03ec302aa59a55f82f2ad5d0df51bed2ab7

SHA256
57659b8e886f3569e6ea2790c1edc12104a4190a1b1bafc134a3fd8a8877666d

SHA512
2939b7f9c5ed97c4969a5fffae167092eed980245eb801441ad0cfe01182c3892e1a7869cf8623fc81b2a5d716bbfad992099a83c56e4fcabf1e4f7272c74352

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
100KB

MD5
cd143809eca64e379bb73f704268a09a

SHA1
cfdede83bf4a8d889f3e6405ab8d9e560dfbaa8a

SHA256
56876302965501dd7edbbe126d2d6cd238d279e91986db6e709261121b80046c

SHA512
1049e5ed2325a0fc616aafe95a45d556155ea17c9f258960de7474075954abb33ac8e689c29b75e597dff4cc2a97c3eb2ffa66fc798998bc3dcd7d79fab29cf9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe580049.TMP

Filesize
88KB

MD5
64d55ed3b0ded65f4cb1b1dcdb5e4aee

SHA1
eef2d72ee4f9ed11a1c69e64740e694c6cb74adc

SHA256
bb2498d0e101883ef114c8b59819ccb877b96126a820956ec6646b600048a055

SHA512
8ae6cc79c7cb5ba870c721d98da2305efb74cbdb028cb3fe5ff70a2927542026b81451fc75ccd0e1e6d74412ab9d2350a72607c6e199e4d60c8e9f28815b15d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9be60d1c7db05918d977790c37ffd5d5

SHA1
40653b45e82ba27cc724d8ba45914c45c8503c9d

SHA256
4f50b8ee1676079d53210e20b3a10f8f490cead0dbf9ee02238d7dd317f9cdf5

SHA512
15f3ea65119d356a1693747c5631838ec79df11525c0320fb0fb37a92241e8073855ec4f44237dec142fab16b7c375bd76cc9d63471cb10d1003a3136dfe6629

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ea9aa3ce07afc05c5a55a0dc4b8aa259

SHA1
173d2d3fdc2e466a05f6f3abf4c600499ecb726c

SHA256
143914d5a1e62f4329ce51cd5cf73f3a797af5e15eb52cab7fbb1b34395d342a

SHA512
d5738c63312647a49d583770eeb8e6eef54687a3b38843e76e30f5f83b9a3d3eb42fb34615ef38878243f0084d8d4753011db15a0ed422cb36e81e1d4f8c5004

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\1850ba08-430f-49d4-9580-0f64a002e232.tmp

Filesize
6KB

MD5
db89c91ead978ff8359d5c33b978a390

SHA1
d6ec249799990c1de165d66c4a09ae165914ee87

SHA256
1b378caf99afdf4df773ef0ba1261ee9a5ca3bccd9bd74cfd93ddb9097425c1e

SHA512
13ccbce8cf1ab4642a4a0494bacde4a9e30bd6b20f69f6a083617d024edd51ff6c2ec1810c0909ecf12cc9f0c046a34bcaf609456237a84b5cdb28e0feb9bffe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\295d604f-7a0d-4d76-967d-0eaa56596f1e.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
964ebb98102479557f5100a08d6eda3d

SHA1
b1c1bcd31d2c243f574f55e2955a0745be04c4df

SHA256
e26cafec9655dc4b2d0262f300bd8b2c80cf5ef2c19b423cb3d448b6c42e8ecd

SHA512
eae994b556ab79b7101736373ab7ad8fa400cb389644a4273302dbb6a3baffe7a4f3ad10d212e966db93e3930b78e712a253105a82e2287170ceacb2c7579fe7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
d1d1a1fe9f81d9ec07956f540e4f6d7c

SHA1
73ebfd7d0e8e2987ffbdd63b7bf8f1c5c4d7c7b8

SHA256
73493c925e2cee31169aef84933d8ab99ba8830ea8664d63c657e537fb96c9e2

SHA512
7e03fef6033988a5bbade2cf9499483567dc08038b846c3ee285244ec3337cee8ba28b01d04d0e1866e46e20e52701944f8469c9c57698f4e7fdfaf8764fca1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
4de450df83e6048bdf34600345e1d3ce

SHA1
6b9322f54ee9cac8e79500d457582bf04c72567c

SHA256
24e375049fd99cc2e6734b30f9ed0f7a8eff0e69b6a8e63d85b8ced1a5053f95

SHA512
1c88af3ab5a07a84fba24f80c066bc3150a50e4336e934183a889298a9c5006bd11b4a6b76c7d1e7a295f814f98e5a26b2292f68f35340fcc51fc93238d15f62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
322B

MD5
25663c5b189dc1388d20cc2048f9b615

SHA1
97d66825907c0597242ca5cf80ba0a8a7da84cdb

SHA256
a625ba106864a3105c5c238f5b950e06bf09fe3d64b7f5795c32e5c4a2b8869a

SHA512
1b14ca87c8167918ee3d94018b01a9f2b76bd54add2be0e9f4f02161771df6d3e32a92311af800f3ea742a9b5f296a0b6829b7dd9332c886782baf0bb209cbc1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
20KB

MD5
df3943716f83b577a77f21903c4cc7be

SHA1
be0ba81d15dfb9709ea1783091054c2c9880e3e3

SHA256
582d74fa4a29121f254bf773cc6aabe170ffd983a28eacdc64b2a6c8ed9cc63d

SHA512
fd03b62e83b20378bf5db9379210cca7ad93f1b3e4258fe614ef579ca738fe387795e76dce820b0d459a24ece91c5d6ce4a24aa9bec0f5ffd6b945b388c8d9ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
2b057bb27b03dd1dfd1e6e437ff5cfe1

SHA1
717918842c7f9a9d6b01a1b9a0d564bd79032dc9

SHA256
d8aa7e9ecaf72090ac7763b347e8775feefbfa6124a6bd98e1e9b92552fff53c

SHA512
1f7823c994ed8f0473e66afcdb963b5b45c9072653f7a1c19f22fde8ff722ed28567f11d24874954224f5106753b6067f17d989ec0b7a26fdaf34617c9a965bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

Filesize
8KB

MD5
1e475388abb8bd0a9b46f7d83c2fcddc

SHA1
48e32ac4fb55cef7c3c283b68eaa4f5a954a87af

SHA256
eee1d525b141befe63effbd699ccd57822dd2fe6a5b5f1e9f459891af5c9b7bb

SHA512
5aa75e370d215edd76ebf6f0f5ca497b572aec94e166b6e5b70ac27c6cbb7a1b45393704249fb09d0fefa624d1789c70cd0cbe6d5e341a91993291e0ceb77fab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
334B

MD5
b9ee70feb48d2da88e00c8115086c557

SHA1
2dd61667279c759cefde6964bd1fcfa19d978ab4

SHA256
541e744053ea0d9ff99eab5f025c274c2eb5193a250cca8cfcc1a2a9bb53d84b

SHA512
426f8ceff1eddc207ea62b1dc6b381fa992143609f32d29d347f8beb232e2280045b5a746296132fcfe355e6acc0cfffb9dc9e28ab3568baab8e54af479c7a73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
181B

MD5
572220b3cb7e05d5d20d436b6c91f12f

SHA1
3d1fe87fa4587d2ceceed271401909eae3ac2baf

SHA256
25d8c3a3c54a069f731d2183ee950ce5d32357cbf9567225e552d18d7f5aeba2

SHA512
ff0d4195b950bc8eda8fbccb4ce4bdb010ec093e68376ccd4b5b064dc2352c27f0a9c5bc1180ddfe06a697fef20fc6510a16229806a1bdc567dfba290e028b25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5ad8b076b6388ff641b0ba69e259fa68

SHA1
109e1446399e90ea76652d52b0a85430bb588fa0

SHA256
b0625fe79890c782edcddc743efb07464e0cbca9e64719b669275cc049be3aed

SHA512
20d59a78035ea6a87d4f9aed5763fdbaee07a5056accd84e7999f2fff71726dc559fdda45e6a4331f41c397c1718d0e20efec100ba3bb866f9ee6f25f2297506

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1d961380f31fc21b003b059c2c52f93f

SHA1
f169c0c8c4728daded64906060dba5ded6daf912

SHA256
0a91feeedf01e95dd36ae3f06ab69f74092e7110619554cf7d76298e597f1832

SHA512
c985911da5e27a1d25c9aad8a06a3b0d8946db70b8d63ffb8497a3e8c50c3558d60f3c1fee557cbcda377a1f826dc32dc5b9338ef5f38cf4027d915457a90684

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
121d0e9ef201d3c3a60d05d17b44f018

SHA1
63b1098f0138f2b58f95ccd68f539a7b4aab3eac

SHA256
3b23b6667164abbc9510dcfab46a7dce06a2a0e2350e14c2f77f54ad67825820

SHA512
80a16e81f759da1bdea18bf13eb8b2bfeb7809128c1979bd476bbd4fe851dc5bca47703317dcc22640b1d5657d4525d3a19ac28aa39143aa4af9ea2d22e8e4e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e509dc75f94fc3a046c006f1e65f9b91

SHA1
daf24f0566a1fa31b921d67bb52c7117a873e27f

SHA256
d55b6f95c515e3845a51967f71f6fad9ea8de1c3f8e35fbaf3783f173e21cde4

SHA512
5913a04fd84d001bcca0478bc331086f3cfab1a478eac23b27873a826f31248d11b8c535ff81f70dfce0999935b655495ad1204785b1fb05e7aa769d77e30339

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d28ef7757bc6a079e9c827213e946b06

SHA1
e27b4bb49dd3a85eb68ebe44c228817f237db9f1

SHA256
f097f9eaca170160d8f1ce22f3180f15c8cd8e0608111c7ee38a30af606e6007

SHA512
32c01e609bb38aa84ca050eca9ba33fa9ed7a901d0b17639691de68b84260b2647d5cde61bd0636bf4ec74d191976ead0bf345d98d90614007983f4599cbb98d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13359711276768993

Filesize
1KB

MD5
b7e6968b5e2f78a1712ca7d34c55303a

SHA1
5e3e094a5e49b96a68cca6f671281d5aed0594b2

SHA256
7a4b29947e1d6bb77ec0a7e67077c0385c213d61031438fb8db3cc0bd0973817

SHA512
786d9702d24dce0aec5d63e35d2dbdc004472f87d0cec373ba03cdf6c720fc7abac223e19cfd86bd69f07f13ace24dd6597c3186b77bc45ddcb0f1025cd32138

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13359711276927993

Filesize
933B

MD5
430fe97bbeee8e79e10a7fb99008bc02

SHA1
76c0e20da62cd55fc6847102eee790de2eb5d9e8

SHA256
64c053c3b6f084c3ecd08430c74ad190d66a186c6e1f9e01356c46b1afc266b3

SHA512
bda276626356db07c70224c4713fc3ca4000a404872a0edba644143dfa2db0b3183e97990a9463c4d559d4177f4a21b9cb1aa42b714dca20dddeb0bc81dd8ca0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
afc555efe5f8ffe1872688a33f4460c9

SHA1
774d140f1826d7b292db3cbd7dd23709f7d09f27

SHA256
f2a385d5ea9b78de8cd3fc59e3bbafd0dfd2f74e7c2081b06ce234b6f3254218

SHA512
88e0ed8fbe398875a077a87929e46f57dcf74186cdd64604e5d1564a9c7334fa1c0ac52721a18e40de15142e8f939191f4dff053749e458fed81ab92ac405102

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
2b2b6d1c53894639a00226e139d3e889

SHA1
2c147d6a0e0dfa4d33485ae249398ed1cb252fad

SHA256
ba019ece0efaeb32add8748d01332c451dcf7a5ed40c8e306c26b44a4a44ee70

SHA512
c676f6bbaa480db8a1afda325532d015ed9f2f20f49d738ff6bc73bfde4ea9a04e236f95e1824d51b6cb695cef7a3f4b5bd93c5a8643f84c2294a8c47a967077

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
483b19d56fb5bf1e76a3c620a4ce27fb

SHA1
f1705269c6cc5362dbe38b7b1b669a5a77f7fa7a

SHA256
a8714974a366d97ca472cf35ef162b771c4b06288d8efa3aa66c7bf5b2b13a5e

SHA512
dedda368a7476a05315daa5d7afc70d12a4dccfa417efadeabed7bd4d1785b88d5173ded3dd5ab53575b0b16ed41edc4b781f191a689b5e9476b0a407d266249

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

Filesize
32KB

MD5
d074908d6f69fbf4282768efd2379b05

SHA1
b60e38ca5abcad3c5cb833025f2a6605f7b466ee

SHA256
ffccf517ab43d874d4878e9b16fbb6a3fbeeb0ab1503bd293fc5a812359808de

SHA512
985c1f655d289c0362110b97dc36076744f6389e0a4a9dc42a1dce0791fade951f94a374e7521c51854772e82cf59602378d9d09548906823ba32978789a40e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
187B

MD5
fcec34e025f1695b4f84258b78898f76

SHA1
4f6a18ba9eca3d3e4d820d93df8c3ab680803c3c

SHA256
6fabfdc9e68bc2a1e741a69fac80eec03fafae30e3e37a1ca4a0efd10232471b

SHA512
d5544da12c5881909731cc9d52110d871247ce7cedf660182cbe97f4352bb3220f66de0f1b4dd8fe7cf8eead1b052c483d19bb30a3c96370524da97542623e71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
322B

MD5
8f464f7f0ed80e5bfb8a21db6a8aa3c6

SHA1
9deda78d575d49a5798554f664ef5b608c3df408

SHA256
e86f0d274e3a728e97a07f11eeda90e10e87e21b4e78e9695df4119bc3f98780

SHA512
70f4d41b503ef5c83a554c3e993a56fc4eed5c75792313b2ba5d84079c9c6ee1c6477236a2b692f3073b601415a89f55c165fb0bcbd10d78644bc1e456e97f5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
565B

MD5
a40655695a7868af1c4660f66fd1b931

SHA1
63d9f63b637a3681769505d14b55f572dbc61475

SHA256
c3b11f2f007f3688faa679a9327a3daa5e076dca9bca3335d60264b1e194d550

SHA512
7f5751b03f003bd75bebad65c4c4d76e4de71f4e134cc86837b51ce5494de2979d6b81556c6c16fd6e8c67083a1ada83d8b8d3fa5033fdcae33d149779544a9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
340B

MD5
c68e5c3ec66cf9318194f92e631a5089

SHA1
e73d7534cbc27ae088043c364b103b28720e83db

SHA256
51161281537b81817e486c5ff0031845568c0f0ff12aa27f70e275bc173e287b

SHA512
66a4c9007214819f50e3835fa4eaa9b0034bae706764341e8c6e8b2621c4f32d99327823dfd8362eb510fd9c137e2c8838d3bb4ff922af5308a6270558cd4dc1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
fc7ebf54df76c94a5062ca1ad8781a32

SHA1
856a6fbfcca418cf50c665c35f662e21aeba33af

SHA256
a67cd2fe33568c1ac35c7aa1964824a2e3c46493ab59d38d4decae905fdf1381

SHA512
61574f220bcfd0b47fef883aafd171e1842bf4894f496ad907c1d23ac8c4b7e10a1c5fd1c66fbab284b9301fa217655310e2afde227531c4cda8bfe5309e6312

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
67ace082fdeb75fe1078ccb0625315b9

SHA1
0cd68b5ce105abad07500a0676623f8e10af22d9

SHA256
4d13180f95215b769ec1ec20311e8a2328768899b9f0a4065e2c5f8b59d119d4

SHA512
3f0e4c52fdac5a160c2555cd191a32b79dd5746187d129bab4ba1dcd45504660c15da5bf74bf788cd992410f4b9cad5a58271725db8fd80e5e3277e4fda849bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
8a01cb6bc23d8beb61698fb00e339743

SHA1
6f5b3bd5e08e63631bd66030c154b5aa9d92233c

SHA256
f69e59ddd4e28cff11ccd80354a0b40f0f1b15faa5a09babe46e139204619011

SHA512
0fc979e4dcb39159bed6bbff03b4aff972b8914c282d899bf8635394b6421cfda8ab1a5099d170b96db939b9765a821c1a5b2f4d03aa59ba0d14d7c528616bad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
be7bdac8e141b3a59d94779e43720178

SHA1
cb88574b65444f23b2ea1107fe05bbdea269080f

SHA256
387bc7ee8479b1d6ce367cfeecac9df37336f7f61f125bd006245645f938e343

SHA512
4c92b60d907f3e02dc08c5c9d6edec380c7fcb880d05d6e982e9d99b77519b2f914a1da55c1d89e041f678f732f9a2ba0e6524239f95eb7edcc7c410ea0bc91e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
68e7da2dd9308993616e8f9bb681029e

SHA1
32c579be21e84066f46d32693f7341d9db5ccebe

SHA256
f20d1663d0705dbf0299228beaa80c65d890dc533d61c0535dda109ce1b5b16b

SHA512
e4392bfa731b8d13e4183ce8d8636e21f077186da9cdbac51644d645b2ee841251d410b8cbf3fe3b1e908be7ed3b9080f0b98ca917c51ea53b69f20aca8f2905

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9adf6b53692c6ad0a7a7a3e623c349dc

SHA1
4f5d56745365fd4577fa60700a1a36097e92502d

SHA256
efa11cb936e0ea55d4a54ef9776928baceb19b8bf5e60207d61785998d6e0dfc

SHA512
8b5b26f958c71c4de922304e859fd663e1da18267fceb7a10cdd850fcba03ab9aad932c7c60be023ae55a6f6fec1461ca0f0b4b8eaf45226e77bb6066b2a37b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
467698ac62f91aa2f9198719d93c7794

SHA1
ef6f156ffb684d3176c07e8cc7c8be6f06ea4472

SHA256
6b316cd4b4305d683decaecf4b5b0bea6fa534b376c4d32e6271550ac4430260

SHA512
6eeddb0516351f2558d71b5fd0ea1ca1accada2991dcff34821a062e233f353dba04673e94425ce9867d8469a06784443e22bdecc2c46b0b0f4af046d3a2637d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
773a7a83800b830bb1b2c42b8e6f00d6

SHA1
3f545383e67b066934da874808e3c8499003ece4

SHA256
caba63fd5b6a54df85ce2a70faccacfe7ce87c06a787aafc02293f1a13e5e581

SHA512
8e5f9a58b491b7bdfb3db34848f51db686584bba05f54da9210a28d166087c3908c17c5670a427e0738ed8e81b448c7f2841ec8e2b04ee8952ee228cdf860dbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
7408c92a49189dbca871c4a5162a0bb5

SHA1
9d1c9c0176a76cdf0d30fbdd19a84dcc6eed7d14

SHA256
f95e619498f25972bc7bde4a4445d6e64c2e28d97f3d411de366df104b41564c

SHA512
ae183c8e07ce5335665e5d140dfdd5383497873084638ca76ec5739d6d043a10a90f43c156282d53d65d2fc672ca89a964c2ea4656432f22da9290570860194f

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\innocentcatgirl.bat

Filesize
2KB

MD5
9285efe757be1f274bf9aab3228a6d9b

SHA1
4bcfa911027e38f1235367705fb2b01231fc030f

SHA256
db6e77d31eca79979390c2f9036687a66533780e3d8c9e9f29448a1e0d1ef6d4

SHA512
66f165afabe105a072cba0f63051f34cd4ea492b37a0ba9cbcf685459955377f84a2594162c22af3b4be2705fbaa5781fba41a3c76921bf3d7e2163740ba7eeb

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\temp.vbs

Filesize
85B

MD5
f5d4d082037fa94dd7afec271efc11bd

SHA1
0dcf3fe5dd23f51c626e46b24325a0a3be4ac348

SHA256
b7f9e2091665acd867e73c67517641b6342c55f508e179fb4d3cecd39a98a574

SHA512
b6316ce355c75fdc48ed84524d2baf6593625ae8b7e2f55e3ab90c0ff17cb30149aed3fc10b5006b942993e6a36f6f8e617c2ec838f85583f499d2b92ea31810

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\temp.vbs

Filesize
101B

MD5
2cf7ffb368996838976026ea8e04eaf0

SHA1
5a4880783862671ddca4d75621dffa514e6b76cd

SHA256
30c8c18cf8d1e7fae7dfcca3af3724432636e5abbeb5be5dbdc375172ee094ef

SHA512
f5b1e56c5ae82795b842f896be383e254a70166abe0514391007589abfb99fa6a119ed25de2049afe3409b57592ab0a6ac8a2fced824cec36415f43fea8db43f

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\temp.vbs

Filesize
81B

MD5
8b89688d5ca566fbc819d30496a01b48

SHA1
2e53e83b117884cd5753e932e10dfb1cc84d4234

SHA256
4aef0359abc784adb99185d051303e4ce612211058f6278884e01c9f1e9e12b9

SHA512
1a4d1b0dda8b482a8c98b5d126117595ea5564d9479c428201a661bcd62824249b1e8ee3e3fc60df3270e2f4a2d2ed84083b49496b110284aaa92467f05518fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\temp.vbs

Filesize
52B

MD5
97b02559b04a12632661f67054c2105e

SHA1
596a48a8085e997962e4a6fc60539f086c8765a0

SHA256
4ae588a4a4bab6968b02b26149a0fb376a2dc8823cffbf8ec218382ea10575bc

SHA512
3c26386e45eef408460b9a557a1a8314f30bd12620f96f4753514dfadbded65346e856270d42547614027d289c768c28ad88736cc1a6633293bbbeef71461117

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\temp.vbs

Filesize
62B

MD5
0ae3190e88927036905f2ffe3dd4f20e

SHA1
abc2d7a6cf6b350782e35bbc1d9ac0fe4da2963d

SHA256
842a58daffa74c47f64168e126da003b41d1b083a870314d9f4c6545b77159ae

SHA512
139cdb6a151b82db686a06750494b17c5450ed97924caa13360a2d0aa33d3d9f6d145be7d509ba46c9079056cd6cb596e5a7e90b3a3e3df1af506bfd51fedd62

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\temp.vbs

Filesize
86B

MD5
fd9174e53ad731b9c4a3ce8639f19b4a

SHA1
9e9f5515af88832f638b27acbf102ac73d4e478b

SHA256
f66edf103c736b3012cf8d5854a2ed398cfef3326c11faa98847991db3bdb0b3

SHA512
9fba51ef0b40bc54f7ee41045e25f434b547a813b9a0add3fff8ff753d3bc2d61b0bcb31c589d6ad9fa1c02f7cd060bd3eeb53b580a93c7199fef7481cfaac52

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\temp.vbs

Filesize
55B

MD5
a9fb509e6e7b556fdc3b48d06398fc8a

SHA1
e5fc4d9e6603bdad8c101656eb21a568d53f65cb

SHA256
c94a8b9886d1bd8f140724f6f63474052cbc9f603ec8596b59784c4133ee0023

SHA512
d5c59f01157b13af4740358048f7cba93342031b74fc6235a1ebd28603dfea43fe5a2d37fd7b5b056aa1d839f222a89e05855be89cecac346bba73a5bda4dfe8

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\innocentcatgirl.exe

Filesize
154KB

MD5
b04d47d3b82f878ea49488c75ef58536

SHA1
65af226842e0bd0ad924cd3ff5afd34e420a561c

SHA256
d7ef05307c7eea65348892af1023dd2bf800f5c43c4d23bfa53bd9c8592521cf

SHA512
4495ad60ca55697e690028730da2b9d6f45a53d3de09806c9f17a9be06f7c8c2b071072d7b67e868d3be1ac7a861ef07759968a370edbcc64ff4395f3530188d

Download Submit
C:\Users\Admin\Downloads\InnocentCatgirl.zip.crdownload

Filesize
1.6MB

MD5
85bf1e0508175fccdad5051e09b87438

SHA1
870be3e587e285e3cfdd4cf7ed89297a31ddf822

SHA256
21529408f7952981b0306a95ba9ab1c07b1c29f918a38e16bbd5a25adabc284c

SHA512
319e7fa38bec25cd9798c46eeb09106994b9c41bd6e770ae749b09ea469314e3716b392a73b198fa521cea52c487495b559c01e44bc6bf2d9d477249611f15b3

Download Submit