redline | e1d6fa7331003a1218c5bed0ea07ee1da0029270ea8493435230c8d4587038c2

Analysis

max time kernel
600s
max time network
600s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
09-05-2024 16:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

redirect.html
Size

6KB
MD5

81c1b324d6bd1f0e100ac0d74680e349
SHA1

ecff724ae87c7678d2a2acab0a6c9beaf80c29b6
SHA256

e1d6fa7331003a1218c5bed0ea07ee1da0029270ea8493435230c8d4587038c2
SHA512

f9eb6c6c0abbea8bf7c7584918eb60e2603b20b64cb66085b7e7aba5e9511c58e329754961a3b98aa481be36dce8ca9c23ee35b3141190865ea3d92e5b16d55a
SSDEEP

192:dTHLxX7777/77QF7KXyrp0Lod4BYCIp/hOAyXFET:dTr5HY4C0+CIp/hOAyXFK

Score

10^/10

redline zgrat infostealer rat

Malware Config

Signatures

Detect ZGRat V1 1 IoCs

resource	yara_rule
behavioral1/memory/2912-1050-0x0000000000400000-0x000000000044A000-memory.dmp	family_zgrat_v1

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 1 IoCs

resource	yara_rule
behavioral1/memory/2912-1050-0x0000000000400000-0x000000000044A000-memory.dmp	family_redline

ZGRat
ZGRat is remote access trojan written in C#.
rat zgrat

Suspicious use of SetThreadContext 3 IoCs

description	pid	Process	procid_target
PID 3004 set thread context of 2912	3004	Yuqu v_7.98.exe	129
PID 2080 set thread context of 4516	2080	Yuqu v_7.98.exe	134
PID 5792 set thread context of 5868	5792	Yuqu v_7.98.exe	142

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2457560273-69882387-977367775-1000\{7180C804-95B0-48EE-B625-7F9CE5E1ED70}	msedge.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Yuqu v_7.98.zip:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Yuqu v_7.98 (1).zip:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3988	msedge.exe
3988	msedge.exe
5044	msedge.exe
5044	msedge.exe
2924	msedge.exe
2924	msedge.exe
4224	identity_helper.exe
4224	identity_helper.exe
1512	msedge.exe
1512	msedge.exe
1512	msedge.exe
1512	msedge.exe
1036	msedge.exe
1036	msedge.exe
3324	msedge.exe
3324	msedge.exe
5228	taskmgr.exe
5228	taskmgr.exe
5228	taskmgr.exe
5228	taskmgr.exe
5228	taskmgr.exe
5228	taskmgr.exe
5228	taskmgr.exe
5228	taskmgr.exe
5228	taskmgr.exe
5228	taskmgr.exe
5228	taskmgr.exe
5228	taskmgr.exe
5228	taskmgr.exe
5228	taskmgr.exe
5228	taskmgr.exe
5228	taskmgr.exe
5228	taskmgr.exe
5228	taskmgr.exe
5228	taskmgr.exe
5228	taskmgr.exe
5228	taskmgr.exe
5228	taskmgr.exe
5228	taskmgr.exe
5228	taskmgr.exe
5228	taskmgr.exe
5228	taskmgr.exe
5228	taskmgr.exe
5228	taskmgr.exe
5228	taskmgr.exe
5228	taskmgr.exe
5228	taskmgr.exe
5228	taskmgr.exe
5228	taskmgr.exe
5228	taskmgr.exe
5228	taskmgr.exe
5228	taskmgr.exe
5228	taskmgr.exe
5228	taskmgr.exe
5228	taskmgr.exe
5228	taskmgr.exe
5228	taskmgr.exe
5228	taskmgr.exe
5228	taskmgr.exe
5228	taskmgr.exe
5228	taskmgr.exe
5228	taskmgr.exe
5228	taskmgr.exe
5228	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5228	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 40 IoCs

pid	Process
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeDebugPrivilege	2912	RegAsm.exe
Token: SeDebugPrivilege	4516	RegAsm.exe
Token: SeDebugPrivilege	5228	taskmgr.exe
Token: SeSystemProfilePrivilege	5228	taskmgr.exe
Token: SeCreateGlobalPrivilege	5228	taskmgr.exe
Token: SeDebugPrivilege	5868	RegAsm.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5228	taskmgr.exe
5228	taskmgr.exe
5228	taskmgr.exe
5228	taskmgr.exe
5228	taskmgr.exe
5228	taskmgr.exe
5228	taskmgr.exe
5228	taskmgr.exe
5228	taskmgr.exe
5228	taskmgr.exe
5228	taskmgr.exe
5228	taskmgr.exe
5228	taskmgr.exe
5228	taskmgr.exe
5228	taskmgr.exe
5228	taskmgr.exe
5228	taskmgr.exe
5228	taskmgr.exe
5228	taskmgr.exe
5228	taskmgr.exe
5228	taskmgr.exe
5228	taskmgr.exe
5228	taskmgr.exe
5228	taskmgr.exe
5228	taskmgr.exe
5228	taskmgr.exe
5228	taskmgr.exe
5228	taskmgr.exe
5228	taskmgr.exe
5228	taskmgr.exe
5228	taskmgr.exe
5228	taskmgr.exe
5228	taskmgr.exe
5228	taskmgr.exe
5228	taskmgr.exe
5228	taskmgr.exe
5228	taskmgr.exe
5228	taskmgr.exe
5228	taskmgr.exe
5228	taskmgr.exe
5228	taskmgr.exe
5228	taskmgr.exe
5228	taskmgr.exe
5228	taskmgr.exe
5228	taskmgr.exe
5228	taskmgr.exe
5228	taskmgr.exe
5228	taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5044 wrote to memory of 1992	5044	msedge.exe	77
PID 5044 wrote to memory of 1992	5044	msedge.exe	77
PID 5044 wrote to memory of 4028	5044	msedge.exe	78
PID 5044 wrote to memory of 4028	5044	msedge.exe	78
PID 5044 wrote to memory of 4028	5044	msedge.exe	78
PID 5044 wrote to memory of 4028	5044	msedge.exe	78
PID 5044 wrote to memory of 4028	5044	msedge.exe	78
PID 5044 wrote to memory of 4028	5044	msedge.exe	78
PID 5044 wrote to memory of 4028	5044	msedge.exe	78
PID 5044 wrote to memory of 4028	5044	msedge.exe	78
PID 5044 wrote to memory of 4028	5044	msedge.exe	78
PID 5044 wrote to memory of 4028	5044	msedge.exe	78
PID 5044 wrote to memory of 4028	5044	msedge.exe	78
PID 5044 wrote to memory of 4028	5044	msedge.exe	78
PID 5044 wrote to memory of 4028	5044	msedge.exe	78
PID 5044 wrote to memory of 4028	5044	msedge.exe	78
PID 5044 wrote to memory of 4028	5044	msedge.exe	78
PID 5044 wrote to memory of 4028	5044	msedge.exe	78
PID 5044 wrote to memory of 4028	5044	msedge.exe	78
PID 5044 wrote to memory of 4028	5044	msedge.exe	78
PID 5044 wrote to memory of 4028	5044	msedge.exe	78
PID 5044 wrote to memory of 4028	5044	msedge.exe	78
PID 5044 wrote to memory of 4028	5044	msedge.exe	78
PID 5044 wrote to memory of 4028	5044	msedge.exe	78
PID 5044 wrote to memory of 4028	5044	msedge.exe	78
PID 5044 wrote to memory of 4028	5044	msedge.exe	78
PID 5044 wrote to memory of 4028	5044	msedge.exe	78
PID 5044 wrote to memory of 4028	5044	msedge.exe	78
PID 5044 wrote to memory of 4028	5044	msedge.exe	78
PID 5044 wrote to memory of 4028	5044	msedge.exe	78
PID 5044 wrote to memory of 4028	5044	msedge.exe	78
PID 5044 wrote to memory of 4028	5044	msedge.exe	78
PID 5044 wrote to memory of 4028	5044	msedge.exe	78
PID 5044 wrote to memory of 4028	5044	msedge.exe	78
PID 5044 wrote to memory of 4028	5044	msedge.exe	78
PID 5044 wrote to memory of 4028	5044	msedge.exe	78
PID 5044 wrote to memory of 4028	5044	msedge.exe	78
PID 5044 wrote to memory of 4028	5044	msedge.exe	78
PID 5044 wrote to memory of 4028	5044	msedge.exe	78
PID 5044 wrote to memory of 4028	5044	msedge.exe	78
PID 5044 wrote to memory of 4028	5044	msedge.exe	78
PID 5044 wrote to memory of 4028	5044	msedge.exe	78
PID 5044 wrote to memory of 3988	5044	msedge.exe	79
PID 5044 wrote to memory of 3988	5044	msedge.exe	79
PID 5044 wrote to memory of 2848	5044	msedge.exe	80
PID 5044 wrote to memory of 2848	5044	msedge.exe	80
PID 5044 wrote to memory of 2848	5044	msedge.exe	80
PID 5044 wrote to memory of 2848	5044	msedge.exe	80
PID 5044 wrote to memory of 2848	5044	msedge.exe	80
PID 5044 wrote to memory of 2848	5044	msedge.exe	80
PID 5044 wrote to memory of 2848	5044	msedge.exe	80
PID 5044 wrote to memory of 2848	5044	msedge.exe	80
PID 5044 wrote to memory of 2848	5044	msedge.exe	80
PID 5044 wrote to memory of 2848	5044	msedge.exe	80
PID 5044 wrote to memory of 2848	5044	msedge.exe	80
PID 5044 wrote to memory of 2848	5044	msedge.exe	80
PID 5044 wrote to memory of 2848	5044	msedge.exe	80
PID 5044 wrote to memory of 2848	5044	msedge.exe	80
PID 5044 wrote to memory of 2848	5044	msedge.exe	80
PID 5044 wrote to memory of 2848	5044	msedge.exe	80
PID 5044 wrote to memory of 2848	5044	msedge.exe	80
PID 5044 wrote to memory of 2848	5044	msedge.exe	80
PID 5044 wrote to memory of 2848	5044	msedge.exe	80
PID 5044 wrote to memory of 2848	5044	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\redirect.html
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb09723cb8,0x7ffb09723cc8,0x7ffb09723cd8
  2⤵
  PID:1992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,3342342202449200597,2833819827557567363,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1912 /prefetch:2
  2⤵
  PID:4028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,3342342202449200597,2833819827557567363,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1968 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,3342342202449200597,2833819827557567363,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
  2⤵
  PID:2848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3342342202449200597,2833819827557567363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:2856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3342342202449200597,2833819827557567363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:3444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3342342202449200597,2833819827557567363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1
  2⤵
  PID:3788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1908,3342342202449200597,2833819827557567363,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5880 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2924
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1908,3342342202449200597,2833819827557567363,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5796 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3342342202449200597,2833819827557567363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
  2⤵
  PID:3784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3342342202449200597,2833819827557567363,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:3800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3342342202449200597,2833819827557567363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1
  2⤵
  PID:5032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3342342202449200597,2833819827557567363,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1
  2⤵
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1908,3342342202449200597,2833819827557567363,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5732 /prefetch:8
  2⤵
  PID:2020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3342342202449200597,2833819827557567363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:1
  2⤵
  PID:3316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3342342202449200597,2833819827557567363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
  2⤵
  PID:2144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3342342202449200597,2833819827557567363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
  2⤵
  PID:1640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3342342202449200597,2833819827557567363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6320 /prefetch:1
  2⤵
  PID:1332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3342342202449200597,2833819827557567363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6328 /prefetch:1
  2⤵
  PID:1056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3342342202449200597,2833819827557567363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6804 /prefetch:1
  2⤵
  PID:1596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3342342202449200597,2833819827557567363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7032 /prefetch:1
  2⤵
  PID:2580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3342342202449200597,2833819827557567363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
  2⤵
  PID:2460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3342342202449200597,2833819827557567363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7360 /prefetch:1
  2⤵
  PID:4752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3342342202449200597,2833819827557567363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7588 /prefetch:1
  2⤵
  PID:1376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3342342202449200597,2833819827557567363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7532 /prefetch:1
  2⤵
  PID:4512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3342342202449200597,2833819827557567363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8132 /prefetch:1
  2⤵
  PID:2800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3342342202449200597,2833819827557567363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7300 /prefetch:1
  2⤵
  PID:2568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3342342202449200597,2833819827557567363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7428 /prefetch:1
  2⤵
  PID:4080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3342342202449200597,2833819827557567363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7660 /prefetch:1
  2⤵
  PID:3108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3342342202449200597,2833819827557567363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8528 /prefetch:1
  2⤵
  PID:1612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3342342202449200597,2833819827557567363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8624 /prefetch:1
  2⤵
  PID:2772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,3342342202449200597,2833819827557567363,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=7128 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3342342202449200597,2833819827557567363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8504 /prefetch:1
  2⤵
  PID:1584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3342342202449200597,2833819827557567363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8720 /prefetch:1
  2⤵
  PID:1612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3342342202449200597,2833819827557567363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8340 /prefetch:1
  2⤵
  PID:4628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3342342202449200597,2833819827557567363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8592 /prefetch:1
  2⤵
  PID:1532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3342342202449200597,2833819827557567363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8808 /prefetch:1
  2⤵
  PID:5108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3342342202449200597,2833819827557567363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8940 /prefetch:1
  2⤵
  PID:4776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1908,3342342202449200597,2833819827557567363,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7992 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:1036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1908,3342342202449200597,2833819827557567363,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7908 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:3324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3342342202449200597,2833819827557567363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:4700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3342342202449200597,2833819827557567363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9040 /prefetch:1
  2⤵
  PID:400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3342342202449200597,2833819827557567363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
  2⤵
  PID:6056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3342342202449200597,2833819827557567363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9308 /prefetch:1
  2⤵
  PID:1952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1908,3342342202449200597,2833819827557567363,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5660 /prefetch:8
  2⤵
  PID:5436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1908,3342342202449200597,2833819827557567363,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=8712 /prefetch:8
  2⤵
  - Modifies registry class
  PID:3864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3342342202449200597,2833819827557567363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
  2⤵
  PID:5632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3342342202449200597,2833819827557567363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:5356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3342342202449200597,2833819827557567363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:1
  2⤵
  PID:5348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3342342202449200597,2833819827557567363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9104 /prefetch:1
  2⤵
  PID:2988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3342342202449200597,2833819827557567363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6960 /prefetch:1
  2⤵
  PID:2616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,3342342202449200597,2833819827557567363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9400 /prefetch:1
  2⤵
  PID:1220

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1168

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4868

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1892

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Yuqu v_7.98 (1)\README.txt
1⤵
PID:3540

C:\Users\Admin\Downloads\Yuqu v_7.98 (1)\Yuqu v_7.98.exe
"C:\Users\Admin\Downloads\Yuqu v_7.98 (1)\Yuqu v_7.98.exe"
1⤵
- Suspicious use of SetThreadContext
PID:3004
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:2912

C:\Users\Admin\Downloads\Yuqu v_7.98 (1)\Yuqu v_7.98.exe
"C:\Users\Admin\Downloads\Yuqu v_7.98 (1)\Yuqu v_7.98.exe"
1⤵
- Suspicious use of SetThreadContext
PID:2080
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  PID:3192
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  PID:2068
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:4516

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
PID:5228

C:\Users\Admin\Downloads\Yuqu v_7.98 (1)\Yuqu v_7.98.exe
"C:\Users\Admin\Downloads\Yuqu v_7.98 (1)\Yuqu v_7.98.exe"
1⤵
- Suspicious use of SetThreadContext
PID:5792
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  PID:5860
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:5868

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0d84d1490aa9f725b68407eab8f0030e

SHA1
83964574467b7422e160af34ef024d1821d6d1c3

SHA256
40c09bb0248add089873d1117aadefb46c1b4e23241ba4621f707312de9c829e

SHA512
f84552335ff96b5b4841ec26e222c24af79b6d0271d27ad05a9dfcee254a7b9e9019e7fac0def1245a74754fae81f7126499bf1001615073284052aaa949fa00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0c705388d79c00418e5c1751159353e3

SHA1
aaeafebce5483626ef82813d286511c1f353f861

SHA256
697bd270be634688c48210bee7c5111d7897fd71a6af0bbb2141cefd2f8e4a4d

SHA512
c1614e79650ab9822c4e175ba528ea4efadc7a6313204e4e69b4a9bd06327fb92f56fba95f2595885b1604ca8d8f6b282ab542988995c674d89901da2bc4186f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\240fe9e4-b29b-44f4-9e7b-86327428165b.tmp

Filesize
10KB

MD5
58f76f136e3473d4ebbdb1613f1235dd

SHA1
eaaa43b02a6b620f998029675bcb236efc927a29

SHA256
72610d8fad992e925023fbded24715794dc2fa76424b84e732420d4d843617e6

SHA512
b59e9d846d80b0e8a958b34e08c6591b7c00a3ffffc08dae33b9e5caf5258ee235f9964861213a40ca72c6c319c94389200e3731611ec49d8017df969ea73e30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\296f79fa-47a7-4040-a6e1-ae6d0b3eff95.tmp

Filesize
2KB

MD5
86f3fe391a48058b98b8e77e3d430d78

SHA1
93417a07bbd7e35c10596c6d7b9787d0c7a521cd

SHA256
0875779bebedbd331c80fea59d8b01782b179a3a307acca07e38078c61a53d4e

SHA512
25b11c340d4b1d341d195242c7f661ecf35724b23d57e630de3d61292f0a75c4c9b3d5b0405a4f4af413ffe3685136aa519bb2022efcbb60d72d71551c8788cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
18KB

MD5
3e16bd7f93fac25e45659640806d21cf

SHA1
fa63c288ac000891be3a3232dedf2b03ad91881a

SHA256
173f8eea8a6a9d5b81a07ed44ff54469dfff9f038fd1ea313735769a2a18b0e7

SHA512
7047594672bb0e4faf80bb00a43ae8aed06462ab3416542c6a6a7cd0ada8f1d8ac812a4d2a64f261a537583259825ca6b81ff43cd5dd2c9dc23e1e6946c7ac83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
211KB

MD5
cbb593253666074f4d9982d3da4df817

SHA1
a2f3d725b6da1dfae104c9e85364a75dff943de6

SHA256
35f2cabb87cb71d494a4747d657602be092592b429491d582108f14c06e23c93

SHA512
43878c4876eac2c5a6a85941590da34ff49b33ef75eaf4d3acb923f9b0835db7a1d00a877c1e4dc30951309e82f3057884af51c405755f0bb8549a2e97aa43d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
260KB

MD5
67a093bafa78133d094d9cc413d14c81

SHA1
a98e8c33e8fbcb4c943198e953b155f0c8680c77

SHA256
4f0f15bd6fa8d6be1781a4550cfe82f5b1aeda99b36e0e658d784179ff644680

SHA512
7b54d733343576f62a645e98f13fe00c6db3aa934ca0969ecf9dee83de548683d682f43cd9b1160faa0bddfa9cee2666098b93cf9a589b6398481d263cef8b2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b

Filesize
73KB

MD5
e95cfaf396f20b2b8bc95d2acf37e836

SHA1
e49b7f252ef9e2fd41b8fbdc9f60a77f60141128

SHA256
0951a1b10fbef2cf450e69f5a9ac8f2d97268ecdb7991e7f0912ba216363a520

SHA512
cf226405a56e5f74911aa8f5e74e59727bc08f21f086672035f8c03d7563f59a6fa263efb0ef18119f9c7a7f404f8a4338e9bb28241ea8188d665a964c9b0f55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035

Filesize
64KB

MD5
475b50689dfe5ac600b3de04ace088ea

SHA1
fbb328c285b985d98e436e1a2025dc2ef814f08d

SHA256
bb3580399452f7fc44aa591302242cc83e1a1c5daad646fcc2d1d3e81b9b7bc1

SHA512
55bef283c23fe00a25ab86c8e62df455236bb4a114d72da8986d0ab51b46567f195d35f94de1e133ae61e95d121de99938aa02e80abfd38c3c841fde9214c381

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000039

Filesize
19KB

MD5
77a7756774746386ef9ead66068e5e5c

SHA1
55692345ecefd7eefe4b8b78b377c23d27281ad5

SHA256
e2519bf5591b6053295770da0709fd923a5c679c543776bf35a12412d17add91

SHA512
33222b2b55bb28e340545fd123806dc0dc3177d8e5f7e8bf209128a34680c8af6210906f2170433d4b9cd1066b88b74eeec400aab89654024359907c6e0fbbd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000069

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006a

Filesize
67KB

MD5
d2d55f8057f8b03c94a81f3839b348b9

SHA1
37c399584539734ff679e3c66309498c8b2dd4d9

SHA256
6e273f3491917d37f4dbb6c3f4d3f862cada25c20a36b245ea7c6bd860fb400c

SHA512
7bcdbb9e8d005a532ec12485a9c4b777ddec4aee66333757cdae3f84811099a574e719d45eb4487072d0162fa4654349dd73705a8d1913834535b1a3e2247dc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006b

Filesize
37KB

MD5
472ec32677a453af2c74692a60147dad

SHA1
d88b5e900d82c9bdac5cecdc1104ae46888f9e89

SHA256
28f495a706bbb9a09ca286ecba0123bde6bb8e1e0aece749eeea7c8d62fd52f7

SHA512
4140bdd439121c889e8ca3824b2aa6783318d0ed28557ad18ec8469df1cbcfa4b492f37b27124f3ec12300e3e32247bc1bd3aa9e89936228e6fba84e975beea0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006c

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006d

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006e

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006f

Filesize
1.2MB

MD5
be529a907c265364aea60b32d2a6b43f

SHA1
4e36681dc58aaaa130238083d0aa43d4604019e8

SHA256
1790bffabda47de3ac63c09728874fec01d03bd240361e81dbef964f8ed179bd

SHA512
37e65201a514127811d0f92dce4ca096401af92b4c90441d1e0673c1829cdf5d47f513a63f8ee1593987ac3dd542f197654423b0fe24d50aea4794001356004b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000070

Filesize
32KB

MD5
bbc7e5859c0d0757b3b1b15e1b11929d

SHA1
59df2c56b3c79ac1de9b400ddf3c5a693fa76c2d

SHA256
851c67fbabfda5b3151a6f73f283f7f0634cd1163719135a8de25c0518234fc2

SHA512
f1fecb77f4cdfe7165cc1f2da042048fd94033ca4e648e50ebc4171c806c3c174666bb321c6dda53f2f175dc310ad2459e8f01778acaee6e7c7606497c0a1dea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000071

Filesize
75KB

MD5
cf989be758e8dab43e0a5bc0798c71e0

SHA1
97537516ffd3621ffdd0219ede2a0771a9d1e01d

SHA256
beeca69af7bea038faf8f688bf2f10fda22dee6d9d9429306d379a7a4be0c615

SHA512
f8a88edb6bcd029ad02cba25cae57fdf9bbc7fa17c26e7d03f09040eb0559bc27bd4db11025706190ae548363a1d3b3f95519b9740e562bb9531c4d51e3ca2b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
d051c0547747932197d06bdc197ffc71

SHA1
419286441b96d9c17275b2d18e23e2827163ec49

SHA256
b251255222faa7014909b90f4920c3f65983d94dd5bda1ab9b321df46b612a45

SHA512
29cf6faa80717187ea132a680150912727024b1d0b97aee277219a321c1e5cf1d6b758da488adc2fdd72e7a78622431c99fb2284eb3e694ca02f25622e03e238

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
2905e13c6d1090d166878c76f5d8bde2

SHA1
0e3da47a18ee172c05d20709ecc6f50eb931eec1

SHA256
18c8d5f565e8fdfb7342f3df1d3beeaf23e37fccf59a97318bff8b0c7bc78a2e

SHA512
e6de156decaacbbe95b771c9028f892a7284709322befd033869682ebb4ea272abdb757f7bd01b5f3d48d87093e0cc45f1b79a62defef36cb29be2e3cd68a22c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
b056c95683ef0aafb99c8a6f92c4e703

SHA1
f4e1f504108824a665bbf378139d1d2e623ee797

SHA256
4812ea60602f40bd0e5eb46610aba412990c7d295cf6e997b86feda278cac499

SHA512
7868e4a4420d196870f5c690a92d18ed9dc36d031ce622ea1626db49f27c20f5a86a4cc4ab03a3e4a820a42b6be6fd3b587b248d20cbee3c904d8d7ef111b5e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
56d50fc6e0663367497518707291232e

SHA1
76b709220be096b68a85ce4c45b5a2b6d11f7d37

SHA256
e674b20b85e216efc8de0b94f859402f8fbc839b8ed0156073d21601f4d29f6f

SHA512
a0960ef0d442d6d850bd77ee47c1f172c94d5ff835e94ca30e58b0a91e72134b76a8b904d2b388fdca696e89a3179019a7611baf39f8dcd76cb1cc020aa3860d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
074460a300cb6e536339d4e6358ab64f

SHA1
3b745a06a130306468b4f4e25ce9963e4feec04a

SHA256
731f7b16388f3c0125f2044332279353f95cc6059b432082755c1cc233967f82

SHA512
3486ccda6d48bea1d4a018149eaf249dd53393327df20c312aade1d765f67c73ff7d87050142e4f30f114fa6bdb7dcf727cee20699ec8d0f8b85f8f05bd4c91e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
182B

MD5
98a23781fd1f95b764b5e6530fa61ced

SHA1
4c136ba8441f7ecdcb6d496a0c9b49e47a777440

SHA256
e69bad4f1c37afdb563708446eee1b85dbd27328d4cf2c294296ab671c60e44c

SHA512
56acd928826bcb2cdbfb8329e3c9c555cd686f5cccc2d997071f3f0c2164049fde90c1bf17866fd791c9c413ee7a4a6b9455aadd05bef687a128d08d2f774935

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
8KB

MD5
f7fda85065ede8e0b77dfac43a01a1f1

SHA1
6c0b2f093f154500ff39984bbbee90ba390d4d38

SHA256
d5cc8fe34b38e212e5a53cdc7e4877346ba8d9852e5c6a5a2b597d1959d8bc9d

SHA512
585639428b1955735a43ec6ae59833e25d59f78a3fe0c6a16491837f9ae40f05471799c1ce9464604a2b9a3bd58c6870686460e327dc9aab86bfa189e0af048a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
9KB

MD5
568080436c655a3383c7d60f9faa1c92

SHA1
5979b9d7b181a7aafe26dc6f9d0cb60063471cbe

SHA256
467ab155de73574b12f836c9e1a91956845da3c5e17c2a7c568d2f8fe9d1ed29

SHA512
0f6961ddf2089c7ac84987817c631f08297dec68c4c2793e2993cb31df19b4333920cca51e809cd6244d16acc86f504e3d6a1af18f6a446a34ab85abcfa9a9b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d44da8471966510f57a99ac4c72b5e04

SHA1
fe31134aa26e379887f8e789c16196b275e202d7

SHA256
fc3cbcbafe58bd9302eab22f914ef99059da687312189fae654ab8be80417f9b

SHA512
30e926d0ac1bac43af322e7647c2860da991ac3da08f400f8cdbb9f794fdaab9c2007dd4646bf65c58dd3d07a5e0b224ae8ea62b3efa20cdc983f58a56cf0649

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2d7bb45d03186dccfcf57aa4011bf32b

SHA1
5df81d924b9a57ef8fcfef7f2458220ac848e91b

SHA256
3055265c3c017a38e26c4eca70573ba10a2ad74ae7c3880f2dfaeaa21c5f18ec

SHA512
ea1a7f37e3cf80458dca38f1a67846eee769ef07d00473c3b1e9f1e3d77f41b546b7e89bcc257fc2002a584d041d6c5b267e9064a1cd7434f89403b10eca57b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a55ae418563c5f4e004b39b42dfe7946

SHA1
9aeab3f3dc34082ca5190f7a319d339e2beb76f9

SHA256
af986862e494e078c7ccc2d9836185f5c4348c2fa654d3d5818234f62eb425a9

SHA512
ac7ca3d6d0610020ff5ff394e8010def0a80765e5329fa625bacbe9b5ea75c3f9b3526e9ccc813ac11579acf98654530e0035807b5e30d6f1219bc343758618e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
c9b34475757655ed014560ee5d920957

SHA1
9be1f28de49e9afc99b6418bca6cf55f641f52fd

SHA256
8dab139f73f08ceea22ec56dd43898fce45a0ea266331ac593ae5d934f3e59d9

SHA512
3932ecfa6399d0976dac52fff50758235a2b31ee5e2ea9feac039a217a25be524180603d09b569b4a9fa7e2f86ce1df32959aaeaac08788661eb4f813fed45fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fe5b8ed3af187c9d891e239f896c062f

SHA1
247f3151207c524ef1a8f25885b7d5ab059fabf2

SHA256
041fae9b6bd73c31ddbc4c514524a158a94bb962f7eec988f34ea5f6643197fb

SHA512
dc79f4c3fc32660f16cdf26d37565c529c39575236a16eb138e85eb77deb1495395b7ea32953affed674f72ce12f753b159ed8247b02d0d61da821e2777276fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
166d553683de983a2326485af9029905

SHA1
679fc45a452be966642b3b3cb59dce4ceb740bdb

SHA256
926f8bdb55b6c4a545dc19a8e42214f43dffc8e6b5f2338515191f0664e7afda

SHA512
10ffd3f7ca7fa5dabf11555c9f1d2a17172c2658ef1d61bc585e754e1fdf5b6b4c0bf43d8b362dcc2aa9bb0d51f4df8dd51adbda9301a0088f2209c45a7c515b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
9f62db05a67feabd7ed83ed75b49c285

SHA1
e8278f0c6e751cf2371f8b17a566e76ec0b60f21

SHA256
5a15cd9f3195ae20cae7d0f9cd815389aba18df8eb81250721c967285dfb3c0f

SHA512
ae52e0b0d5fa521031e18f5525b110a710727ca8483ab70b39861d123cd6deaa1abee56231418c0fc9f07ac931aabe5eace8afd555407ae4decefa23ab8723d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
348405904ac4a1a419f4811ae746f784

SHA1
06eabaeedda72ce851ba32129b53271e91d3a0d3

SHA256
cb9de204f8f7f6da5c866638d8a4496ed09123834d386730ca1bb93ebb8dac0f

SHA512
bfeefdb02880fc9c28ccfcf9fe5e7010bf3d21c6293a26ed47cf4f9647c5ee11da8f1d5c406d7a84d049d038f2f0370444a56afc310404cddc243a8010832bc4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3b595a8342620b8e4fd99f4d5a8a35af

SHA1
427e9873f30ddfe1ed169e2f8a01e8a516f7fde9

SHA256
33c921db7db51483de818fbb2e30d80d697c83b21cfde4e0d9ac7ca8791c19d7

SHA512
af00d01316b738fd2d10aeb2425906ce7769a1bb098997f85abbfb5386fdb705b4f300a94a3e58510dc890fda27506835f526f37dadb01409de7a6ef9866951c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
21fb0151a44de909b9c55c47e8198bc8

SHA1
36b7f62597b97fad381f2e8295e857a0fce764f5

SHA256
34820838522d2bffef78fdb9d33fa498119dbe7cc963e3ae605d12257609336a

SHA512
f56f718fe5ef093bb72a1fc04520beb228d50614a4b9de6d3c5d6e101a92b7dccc719f4a6127429b0f76568191a94834937eef53d77a7d5d7d65455d497e01a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
8c72af3bff385b1f3be77e01aa8f8934

SHA1
e23c88c848f5798efbea995dd464d450f37838d4

SHA256
bdead5066068994443952ec4cf4a40304a568b32e25cab70d685654bbffe3fa9

SHA512
1a0b67548d014095d33795d5389c18bc5762b823a8b4046893b9a2297b577fc66df064823320f9f0d5fcfc706b25d32b2db880decb317e29caa57c88fb7750c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
8a17fd94c0d7c5f5a3c196ca1b9c1ce0

SHA1
e0900b6c24b0fbc6af550e93dbf147a77ce63b87

SHA256
d95ac3f8e3660ebe06ff0b2e775a36a045232744017609d70dc68495c44f3fca

SHA512
81eaa6f7162874aeaa99bf7041de5c71a4618c20f36ec136548ceefeded7504dc1c951effbe04153d1f4c6d3b6b34e4978a935061417ce4726aaa40a56506615

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
c3c963dd80573bda5d9d49c7900a7378

SHA1
03e52fff33c061dba45417abe66586f4c1383888

SHA256
84862233586ee47ed7f0fa36c696af596dd264bd65097eb6bb45b30b2720caf1

SHA512
fc5d254b4adf47875ef58431d8b30a57390d55702d2188c4416525b20e245727891cd7a6702409048b70b0977255185b3a64e2afa2345a7348c07278ab0c0ee4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
0593e3d6d63f1d07aafada6a8ae66c23

SHA1
a4caf0e73d0479d250f0a472620d6f405a2c3535

SHA256
4966f182a377d1ed332b53aefce2cb030437034e1c96f044cd64eebaf3a6a4ed

SHA512
6df2efdaab46ff3d46bd513f13b6aa798eb2e34e70778f0e52d49b398fdc28e55803eacfebd69c57853ea3a47ef07ed93ae99e6bb28749ed6d5107d4d286e8ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
719fc72574b633ef4813774a6f8ff7d9

SHA1
6b075371b089971e5daf1042495168ca4dcc46fc

SHA256
31987a8cecdb6445d5249a072bde7a8a933576a02acbc0ddefcb33b0878fa407

SHA512
30e2c0e90ff9f84a4925daa3c4919482651cb61abf1dace13195d7e8692f1ba86c568e5784360f472e6ae635ef7e24243166a9dce3e5918a395a9ad6982570de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
83c7fbf9b96c381f8e42ff4d47ac7ee5

SHA1
00e6c1b0a34f078e1365a6d4847a5a46421381cb

SHA256
2fc4fbbbd593b3f889c217306dc9cc2883e721003691ac8db033129898ffb227

SHA512
b4897c4409fbe462f5b057e4297220a3c7f57a343e136b5ddf13e2799bad5fa17820fef7c890a2e8313d09efdaf369398430153397eaa28152ed6f6271661b43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
b2df18f7088292456866d2a5521237b4

SHA1
e6e02a7dd0e8b95bf25c23bfb7c07e29536a1c68

SHA256
ab7ad709711036571d3a83850a5945437215ed5027cdce2cd0324ea08d190905

SHA512
3419e414003d1bd137489d295038a1676cd277a64bcbea837d8b4c554ad1a629bce75e96fdf78a2292f7b27ead2d5015477c1ec07935ca73d250222388522081

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
102eacee64388cb2db48bbce4a036618

SHA1
cc986b007f705924f1af9597f5502a63f0c26e03

SHA256
520bf7d4c2a9ca5be7e9882fb71158aa1c5247420edd57d54d82b5b6f9282f15

SHA512
2c4383e517f8af16c7ca30a905839e8ea58eb163feaf7959e89f3869a758b014f5a20e8fef55d24ad4f8ab624fa478007ac9d0ffe0f0934a71df7efc3ad6c48a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
3fb730398545808943d849c4ef50595d

SHA1
7d2969d253d36d19ab1d2d50b10365b16f0dc526

SHA256
c63b8e08da007d89d1fbac6ee6620c069d7959e00d79dc1762d100422b6e4f8d

SHA512
18157f84fddc6a435dcb40ca2ba287e62571ebe2ab5a2289565a1cde5d89792963975422d12b8c712be22abf694dc8f112edec8242c84cedd4c7a245e774bbda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
13fe79064538d26312ca3207105309ec

SHA1
4e35a5f98f52a3edad0fe4d1e73102436faeed5f

SHA256
e05e71dc0ef0652f5235b3bd23bf1b7f054527dcc9f7a8b29ec7917bb04cb82e

SHA512
c4ba8a069054569a218c7197753a1cf4654bda1fe2fe2552552bfde26ed3a41a01a12f50f7661fe6b0271441ef52019e25fbe7bc75e13ff1261eaa1b3087c551

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe59456c.TMP

Filesize
1KB

MD5
6d207d2766e6561d81e9ef757e113269

SHA1
86dbc91efe83abb9f73c1f6152d00f811557a41d

SHA256
32278c4e897728487dab45923bb633db774fe599ff09907f02a9d7f9053c81e5

SHA512
93ffbe6af351e1db67614f53b1e545f9b1a488a71ca571849492df8f179f0fc5f93ece07bc74fb6e0412c192bc455e2fa6594df305d74457be789a98405ff648

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c5509b262efd65de8fe09896bd6f2d9c

SHA1
36ae7d0837fdf7c704108c8adb75bf13812437e6

SHA256
f6cde97208e111e4d5861fe870308ff366ce2b0e74c6c692945841f57b53bc62

SHA512
fc1abcd6274eb35b8bf39efa96b00d3a00353bf482ad56c919dfb1764d6db1e54f7ad40324e664993b8f8eb2812354db6819c18796504918e4fdf15e5d32f600

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
773064d7b9acfb735f763619f6cb84b9

SHA1
bc13889f3d822ba0648eed3a43350f54c9c96033

SHA256
cb052a766af1fac155c880c4ccacf89afe038c984ec2d41c879c3f3a2c7ba420

SHA512
cd067290ec86ca118a976d4e47891769864a0262f19a2ee7b071b555713059535a1f4eb8c05c78edbd24bd93507c8c909bcb813feaf6404297ffb436367b5f8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
b559d611051f395c7f467af8f5eb365b

SHA1
00a71a7ddb34739ef6a48b6f48f387bf741812a3

SHA256
6d7df85acfaa095955a68817999c4f742712827d95df60c11d2a1e5f7d0a61d0

SHA512
001607a5ac5b9b030559ac0b0135934e1b950a690effd954f5ebcf298386d4b2b951227227bcdfdbadaa3b4418b12ca7e5bece2e2d0fd25f019bb0bcb036fa30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
34accfdcb9e145e182ec6de0468e251f

SHA1
e1307c3dc2f0ecfdbf41b45ec92fe8ae2bea3b70

SHA256
3c9f5dd60502e42343967beda2755b2f20e0019488eb00cbae77fdd8bf2440c5

SHA512
b43ce7b8bfe43b6e836e70590c765a1844b80ab9564f89fe9ad820e02019cde3ac02ef90c4eaa1d1fdf2414b2a3262412c80511a46ae88feb1d84f87bcf74226

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
5c111cf7f05eafc99db802cd5741d9fc

SHA1
c24f1311e2ce848342af95e203e86c4d13516d0a

SHA256
4715feac0af5f353087f8cab40e4c0ab061dd6603c78e95df8f4b46640e2f2dc

SHA512
b203b93da86c421624704d3900712a85c8447c036febbb06a3979eaa0ce54241307246ecf09b8ce0caaa9373cd51b2053f2897cf671606be54f4f6acab137a62

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\Yuqu v_7.98.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
memory/2080-1062-0x00000000005B0000-0x00000000005B1000-memory.dmp

Filesize
4KB

Download
memory/2912-1052-0x00000000058E0000-0x0000000005E86000-memory.dmp

Filesize
5.6MB

Download
memory/2912-1059-0x0000000006560000-0x00000000065AC000-memory.dmp

Filesize
304KB

Download
memory/2912-1050-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/2912-1053-0x0000000005330000-0x00000000053C2000-memory.dmp

Filesize
584KB

Download
memory/2912-1054-0x00000000052C0000-0x00000000052CA000-memory.dmp

Filesize
40KB

Download
memory/2912-1055-0x0000000006900000-0x0000000006F18000-memory.dmp

Filesize
6.1MB

Download
memory/2912-1056-0x0000000006450000-0x000000000655A000-memory.dmp

Filesize
1.0MB

Download
memory/2912-1057-0x0000000006380000-0x0000000006392000-memory.dmp

Filesize
72KB

Download
memory/2912-1058-0x00000000063E0000-0x000000000641C000-memory.dmp

Filesize
240KB

Download
memory/3004-1049-0x0000000000A20000-0x0000000000A21000-memory.dmp

Filesize
4KB

Download
memory/3004-1051-0x0000000000A20000-0x0000000000A21000-memory.dmp

Filesize
4KB

Download
memory/5228-1082-0x000001E221A30000-0x000001E221A31000-memory.dmp

Filesize
4KB

Download
memory/5228-1074-0x000001E221A30000-0x000001E221A31000-memory.dmp

Filesize
4KB

Download
memory/5228-1073-0x000001E221A30000-0x000001E221A31000-memory.dmp

Filesize
4KB

Download
memory/5228-1072-0x000001E221A30000-0x000001E221A31000-memory.dmp

Filesize
4KB

Download
memory/5228-1084-0x000001E221A30000-0x000001E221A31000-memory.dmp

Filesize
4KB

Download
memory/5228-1083-0x000001E221A30000-0x000001E221A31000-memory.dmp

Filesize
4KB

Download
memory/5228-1081-0x000001E221A30000-0x000001E221A31000-memory.dmp

Filesize
4KB

Download
memory/5228-1080-0x000001E221A30000-0x000001E221A31000-memory.dmp

Filesize
4KB

Download
memory/5228-1079-0x000001E221A30000-0x000001E221A31000-memory.dmp

Filesize
4KB

Download
memory/5228-1078-0x000001E221A30000-0x000001E221A31000-memory.dmp

Filesize
4KB

Download
memory/5792-1088-0x0000000000FE0000-0x0000000000FE1000-memory.dmp

Filesize
4KB

Download