hxxps://animeslayerbeta[.]github[.]io/

Resubmissions

20/06/2024, 06:14

240620-gzk7eaxfmr 1

20/06/2024, 06:13

240620-gy2g1ataqb 1

20/06/2024, 05:59

240620-gp2fmsxcjl 8

Analysis

max time kernel
569s
max time network
570s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
20/06/2024, 05:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://animeslayerbeta.github.io/

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 2 IoCs

pid	Process
1396	winrar-x64-701.exe
4628	winrar-x64-701.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133633370152823336"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-200405930-3877336739-3533750831-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
4892	msedge.exe
4892	msedge.exe
5024	msedge.exe
5024	msedge.exe
4632	identity_helper.exe
4632	identity_helper.exe
5716	msedge.exe
5716	msedge.exe
5748	msedge.exe
5748	msedge.exe
5748	msedge.exe
5748	msedge.exe
532	chrome.exe
532	chrome.exe
60	chrome.exe
60	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 48 IoCs

pid	Process
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
532	chrome.exe
532	chrome.exe
532	chrome.exe
532	chrome.exe
532	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeRestorePrivilege	2200	7zG.exe
Token: 35	2200	7zG.exe
Token: SeSecurityPrivilege	2200	7zG.exe
Token: SeSecurityPrivilege	2200	7zG.exe
Token: SeRestorePrivilege	2428	7zG.exe
Token: 35	2428	7zG.exe
Token: SeSecurityPrivilege	2428	7zG.exe
Token: SeSecurityPrivilege	2428	7zG.exe
Token: SeShutdownPrivilege	532	chrome.exe
Token: SeCreatePagefilePrivilege	532	chrome.exe
Token: SeShutdownPrivilege	532	chrome.exe
Token: SeCreatePagefilePrivilege	532	chrome.exe
Token: SeShutdownPrivilege	532	chrome.exe
Token: SeCreatePagefilePrivilege	532	chrome.exe
Token: SeShutdownPrivilege	532	chrome.exe
Token: SeCreatePagefilePrivilege	532	chrome.exe
Token: SeShutdownPrivilege	532	chrome.exe
Token: SeCreatePagefilePrivilege	532	chrome.exe
Token: SeShutdownPrivilege	532	chrome.exe
Token: SeCreatePagefilePrivilege	532	chrome.exe
Token: SeShutdownPrivilege	532	chrome.exe
Token: SeCreatePagefilePrivilege	532	chrome.exe
Token: SeShutdownPrivilege	532	chrome.exe
Token: SeCreatePagefilePrivilege	532	chrome.exe
Token: SeShutdownPrivilege	532	chrome.exe
Token: SeCreatePagefilePrivilege	532	chrome.exe
Token: SeShutdownPrivilege	532	chrome.exe
Token: SeCreatePagefilePrivilege	532	chrome.exe
Token: SeShutdownPrivilege	532	chrome.exe
Token: SeCreatePagefilePrivilege	532	chrome.exe
Token: SeShutdownPrivilege	532	chrome.exe
Token: SeCreatePagefilePrivilege	532	chrome.exe
Token: SeShutdownPrivilege	532	chrome.exe
Token: SeCreatePagefilePrivilege	532	chrome.exe
Token: SeShutdownPrivilege	532	chrome.exe
Token: SeCreatePagefilePrivilege	532	chrome.exe
Token: SeShutdownPrivilege	532	chrome.exe
Token: SeCreatePagefilePrivilege	532	chrome.exe
Token: SeShutdownPrivilege	532	chrome.exe
Token: SeCreatePagefilePrivilege	532	chrome.exe
Token: SeShutdownPrivilege	532	chrome.exe
Token: SeCreatePagefilePrivilege	532	chrome.exe
Token: SeShutdownPrivilege	532	chrome.exe
Token: SeCreatePagefilePrivilege	532	chrome.exe
Token: SeShutdownPrivilege	532	chrome.exe
Token: SeCreatePagefilePrivilege	532	chrome.exe
Token: SeShutdownPrivilege	532	chrome.exe
Token: SeCreatePagefilePrivilege	532	chrome.exe
Token: SeShutdownPrivilege	532	chrome.exe
Token: SeCreatePagefilePrivilege	532	chrome.exe
Token: SeShutdownPrivilege	532	chrome.exe
Token: SeCreatePagefilePrivilege	532	chrome.exe
Token: SeShutdownPrivilege	532	chrome.exe
Token: SeCreatePagefilePrivilege	532	chrome.exe
Token: SeShutdownPrivilege	532	chrome.exe
Token: SeCreatePagefilePrivilege	532	chrome.exe
Token: SeShutdownPrivilege	532	chrome.exe
Token: SeCreatePagefilePrivilege	532	chrome.exe
Token: SeShutdownPrivilege	532	chrome.exe
Token: SeCreatePagefilePrivilege	532	chrome.exe
Token: SeShutdownPrivilege	532	chrome.exe
Token: SeCreatePagefilePrivilege	532	chrome.exe
Token: SeShutdownPrivilege	532	chrome.exe
Token: SeCreatePagefilePrivilege	532	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
532	chrome.exe
532	chrome.exe
532	chrome.exe
532	chrome.exe
532	chrome.exe
532	chrome.exe
532	chrome.exe
532	chrome.exe
532	chrome.exe
532	chrome.exe
532	chrome.exe
532	chrome.exe
532	chrome.exe
532	chrome.exe
532	chrome.exe
532	chrome.exe
532	chrome.exe
532	chrome.exe
532	chrome.exe
532	chrome.exe
532	chrome.exe
532	chrome.exe
532	chrome.exe
532	chrome.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
6356	OpenWith.exe
6356	OpenWith.exe
6356	OpenWith.exe
1396	winrar-x64-701.exe
1396	winrar-x64-701.exe
4628	winrar-x64-701.exe
4628	winrar-x64-701.exe
4628	winrar-x64-701.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5024 wrote to memory of 4284	5024	msedge.exe	83
PID 5024 wrote to memory of 4284	5024	msedge.exe	83
PID 5024 wrote to memory of 2144	5024	msedge.exe	84
PID 5024 wrote to memory of 2144	5024	msedge.exe	84
PID 5024 wrote to memory of 2144	5024	msedge.exe	84
PID 5024 wrote to memory of 2144	5024	msedge.exe	84
PID 5024 wrote to memory of 2144	5024	msedge.exe	84
PID 5024 wrote to memory of 2144	5024	msedge.exe	84
PID 5024 wrote to memory of 2144	5024	msedge.exe	84
PID 5024 wrote to memory of 2144	5024	msedge.exe	84
PID 5024 wrote to memory of 2144	5024	msedge.exe	84
PID 5024 wrote to memory of 2144	5024	msedge.exe	84
PID 5024 wrote to memory of 2144	5024	msedge.exe	84
PID 5024 wrote to memory of 2144	5024	msedge.exe	84
PID 5024 wrote to memory of 2144	5024	msedge.exe	84
PID 5024 wrote to memory of 2144	5024	msedge.exe	84
PID 5024 wrote to memory of 2144	5024	msedge.exe	84
PID 5024 wrote to memory of 2144	5024	msedge.exe	84
PID 5024 wrote to memory of 2144	5024	msedge.exe	84
PID 5024 wrote to memory of 2144	5024	msedge.exe	84
PID 5024 wrote to memory of 2144	5024	msedge.exe	84
PID 5024 wrote to memory of 2144	5024	msedge.exe	84
PID 5024 wrote to memory of 2144	5024	msedge.exe	84
PID 5024 wrote to memory of 2144	5024	msedge.exe	84
PID 5024 wrote to memory of 2144	5024	msedge.exe	84
PID 5024 wrote to memory of 2144	5024	msedge.exe	84
PID 5024 wrote to memory of 2144	5024	msedge.exe	84
PID 5024 wrote to memory of 2144	5024	msedge.exe	84
PID 5024 wrote to memory of 2144	5024	msedge.exe	84
PID 5024 wrote to memory of 2144	5024	msedge.exe	84
PID 5024 wrote to memory of 2144	5024	msedge.exe	84
PID 5024 wrote to memory of 2144	5024	msedge.exe	84
PID 5024 wrote to memory of 2144	5024	msedge.exe	84
PID 5024 wrote to memory of 2144	5024	msedge.exe	84
PID 5024 wrote to memory of 2144	5024	msedge.exe	84
PID 5024 wrote to memory of 2144	5024	msedge.exe	84
PID 5024 wrote to memory of 2144	5024	msedge.exe	84
PID 5024 wrote to memory of 2144	5024	msedge.exe	84
PID 5024 wrote to memory of 2144	5024	msedge.exe	84
PID 5024 wrote to memory of 2144	5024	msedge.exe	84
PID 5024 wrote to memory of 2144	5024	msedge.exe	84
PID 5024 wrote to memory of 2144	5024	msedge.exe	84
PID 5024 wrote to memory of 4892	5024	msedge.exe	85
PID 5024 wrote to memory of 4892	5024	msedge.exe	85
PID 5024 wrote to memory of 1444	5024	msedge.exe	86
PID 5024 wrote to memory of 1444	5024	msedge.exe	86
PID 5024 wrote to memory of 1444	5024	msedge.exe	86
PID 5024 wrote to memory of 1444	5024	msedge.exe	86
PID 5024 wrote to memory of 1444	5024	msedge.exe	86
PID 5024 wrote to memory of 1444	5024	msedge.exe	86
PID 5024 wrote to memory of 1444	5024	msedge.exe	86
PID 5024 wrote to memory of 1444	5024	msedge.exe	86
PID 5024 wrote to memory of 1444	5024	msedge.exe	86
PID 5024 wrote to memory of 1444	5024	msedge.exe	86
PID 5024 wrote to memory of 1444	5024	msedge.exe	86
PID 5024 wrote to memory of 1444	5024	msedge.exe	86
PID 5024 wrote to memory of 1444	5024	msedge.exe	86
PID 5024 wrote to memory of 1444	5024	msedge.exe	86
PID 5024 wrote to memory of 1444	5024	msedge.exe	86
PID 5024 wrote to memory of 1444	5024	msedge.exe	86
PID 5024 wrote to memory of 1444	5024	msedge.exe	86
PID 5024 wrote to memory of 1444	5024	msedge.exe	86
PID 5024 wrote to memory of 1444	5024	msedge.exe	86
PID 5024 wrote to memory of 1444	5024	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://animeslayerbeta.github.io/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc0d7546f8,0x7ffc0d754708,0x7ffc0d754718
  2⤵
  PID:4284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,3183279801490850854,12243305440950153395,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
  2⤵
  PID:2144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,3183279801490850854,12243305440950153395,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,3183279801490850854,12243305440950153395,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
  2⤵
  PID:1444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3183279801490850854,12243305440950153395,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:3668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3183279801490850854,12243305440950153395,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:4944
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,3183279801490850854,12243305440950153395,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5312 /prefetch:8
  2⤵
  PID:2212
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,3183279801490850854,12243305440950153395,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5312 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3183279801490850854,12243305440950153395,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
  2⤵
  PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3183279801490850854,12243305440950153395,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
  2⤵
  PID:744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3183279801490850854,12243305440950153395,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
  2⤵
  PID:2876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3183279801490850854,12243305440950153395,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:1
  2⤵
  PID:5136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3183279801490850854,12243305440950153395,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6152 /prefetch:1
  2⤵
  PID:5316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3183279801490850854,12243305440950153395,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6348 /prefetch:1
  2⤵
  PID:5492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3183279801490850854,12243305440950153395,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
  2⤵
  PID:5640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3183279801490850854,12243305440950153395,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1
  2⤵
  PID:5648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3183279801490850854,12243305440950153395,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6320 /prefetch:1
  2⤵
  PID:5820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3183279801490850854,12243305440950153395,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6948 /prefetch:1
  2⤵
  PID:5896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3183279801490850854,12243305440950153395,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7144 /prefetch:1
  2⤵
  PID:5940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3183279801490850854,12243305440950153395,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7272 /prefetch:1
  2⤵
  PID:5960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3183279801490850854,12243305440950153395,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7448 /prefetch:1
  2⤵
  PID:5968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3183279801490850854,12243305440950153395,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7452 /prefetch:1
  2⤵
  PID:6012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3183279801490850854,12243305440950153395,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7492 /prefetch:1
  2⤵
  PID:6020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3183279801490850854,12243305440950153395,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7876 /prefetch:1
  2⤵
  PID:5256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3183279801490850854,12243305440950153395,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8060 /prefetch:1
  2⤵
  PID:5268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3183279801490850854,12243305440950153395,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8400 /prefetch:1
  2⤵
  PID:5400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3183279801490850854,12243305440950153395,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8584 /prefetch:1
  2⤵
  PID:5552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3183279801490850854,12243305440950153395,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8956 /prefetch:1
  2⤵
  PID:6208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3183279801490850854,12243305440950153395,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6748 /prefetch:1
  2⤵
  PID:6320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3183279801490850854,12243305440950153395,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9044 /prefetch:1
  2⤵
  PID:6328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3183279801490850854,12243305440950153395,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6876 /prefetch:1
  2⤵
  PID:6464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2064,3183279801490850854,12243305440950153395,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=8556 /prefetch:8
  2⤵
  PID:6680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3183279801490850854,12243305440950153395,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9700 /prefetch:1
  2⤵
  PID:6688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3183279801490850854,12243305440950153395,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6316 /prefetch:1
  2⤵
  PID:7124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3183279801490850854,12243305440950153395,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9520 /prefetch:1
  2⤵
  PID:6336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3183279801490850854,12243305440950153395,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7324 /prefetch:1
  2⤵
  PID:6548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3183279801490850854,12243305440950153395,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7428 /prefetch:1
  2⤵
  PID:6640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3183279801490850854,12243305440950153395,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10104 /prefetch:1
  2⤵
  PID:6632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3183279801490850854,12243305440950153395,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6592 /prefetch:1
  2⤵
  PID:7072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3183279801490850854,12243305440950153395,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
  2⤵
  PID:1208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3183279801490850854,12243305440950153395,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:5680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3183279801490850854,12243305440950153395,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10612 /prefetch:1
  2⤵
  PID:6908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3183279801490850854,12243305440950153395,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9904 /prefetch:1
  2⤵
  PID:6964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3183279801490850854,12243305440950153395,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11024 /prefetch:1
  2⤵
  PID:7280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3183279801490850854,12243305440950153395,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11208 /prefetch:1
  2⤵
  PID:7288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3183279801490850854,12243305440950153395,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9552 /prefetch:1
  2⤵
  PID:7424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3183279801490850854,12243305440950153395,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10264 /prefetch:1
  2⤵
  PID:7544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2064,3183279801490850854,12243305440950153395,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6892 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,3183279801490850854,12243305440950153395,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=8460 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3183279801490850854,12243305440950153395,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3708 /prefetch:1
  2⤵
  PID:4368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3183279801490850854,12243305440950153395,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10276 /prefetch:1
  2⤵
  PID:3932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3183279801490850854,12243305440950153395,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9556 /prefetch:1
  2⤵
  PID:3584

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4272

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3428

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5844

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap26993:84:7zEvent24709
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2200

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap11857:84:7zEvent21251
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2428

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:6356

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
PID:532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffbfbb6ab58,0x7ffbfbb6ab68,0x7ffbfbb6ab78
  2⤵
  PID:2872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1692 --field-trial-handle=2056,i,10930450076129653999,14098414078453576738,131072 /prefetch:2
  2⤵
  PID:7428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1980 --field-trial-handle=2056,i,10930450076129653999,14098414078453576738,131072 /prefetch:8
  2⤵
  PID:7576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2176 --field-trial-handle=2056,i,10930450076129653999,14098414078453576738,131072 /prefetch:8
  2⤵
  PID:7584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3076 --field-trial-handle=2056,i,10930450076129653999,14098414078453576738,131072 /prefetch:1
  2⤵
  PID:6768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3084 --field-trial-handle=2056,i,10930450076129653999,14098414078453576738,131072 /prefetch:1
  2⤵
  PID:1012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4404 --field-trial-handle=2056,i,10930450076129653999,14098414078453576738,131072 /prefetch:1
  2⤵
  PID:8148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4568 --field-trial-handle=2056,i,10930450076129653999,14098414078453576738,131072 /prefetch:8
  2⤵
  PID:5892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4620 --field-trial-handle=2056,i,10930450076129653999,14098414078453576738,131072 /prefetch:8
  2⤵
  PID:5848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4648 --field-trial-handle=2056,i,10930450076129653999,14098414078453576738,131072 /prefetch:1
  2⤵
  PID:6780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3304 --field-trial-handle=2056,i,10930450076129653999,14098414078453576738,131072 /prefetch:8
  2⤵
  PID:1108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5116 --field-trial-handle=2056,i,10930450076129653999,14098414078453576738,131072 /prefetch:8
  2⤵
  PID:5468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4696 --field-trial-handle=2056,i,10930450076129653999,14098414078453576738,131072 /prefetch:8
  2⤵
  PID:6284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3556 --field-trial-handle=2056,i,10930450076129653999,14098414078453576738,131072 /prefetch:1
  2⤵
  PID:2676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2856 --field-trial-handle=2056,i,10930450076129653999,14098414078453576738,131072 /prefetch:8
  2⤵
  PID:6420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4700 --field-trial-handle=2056,i,10930450076129653999,14098414078453576738,131072 /prefetch:8
  2⤵
  PID:6352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4004 --field-trial-handle=2056,i,10930450076129653999,14098414078453576738,131072 /prefetch:8
  2⤵
  PID:7248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1624 --field-trial-handle=2056,i,10930450076129653999,14098414078453576738,131072 /prefetch:8
  2⤵
  PID:5724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5308 --field-trial-handle=2056,i,10930450076129653999,14098414078453576738,131072 /prefetch:8
  2⤵
  PID:1628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2708 --field-trial-handle=2056,i,10930450076129653999,14098414078453576738,131072 /prefetch:8
  2⤵
  PID:4784
- C:\Users\Admin\Downloads\winrar-x64-701.exe
  "C:\Users\Admin\Downloads\winrar-x64-701.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=244 --field-trial-handle=2056,i,10930450076129653999,14098414078453576738,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:60

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:828

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\96f5cd011f8a409793ecfc6ca0fc0d67 /t 2240 /p 1396
1⤵
PID:7884

C:\Users\Admin\Downloads\winrar-x64-701.exe
"C:\Users\Admin\Downloads\winrar-x64-701.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4628

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
552B

MD5
1679fe23212c0fe5e3a990d5571bb82d

SHA1
a2ca8efb67acc61e15ce230d994f7f8dd4f729ae

SHA256
8c8ebd88f774546c52e4d17f7867d20062d3a03c17a22719adcebc14a19eecc9

SHA512
6cf3025ddbcf8d7e2b337662eb36f024bb50d5861f22d3db52d096a6d4087ae60e9c5c7f4c805b4560b24b28836eb5938318a083428dbcae4608391a82849510

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
49be37e0dff1e4a82112c7a286766574

SHA1
c4dbf3d4d08ac669f4ff27f28d27f6d33de41049

SHA256
45128094d77dea4bd6897c80ef7ba5a1eef1e390e5ce15753dc177ba2157aaff

SHA512
69c7e51ab624e87ce48e70825bd8e7b0ecf9260d0ecde18f47f2adfb658f68cb8197682919ba12a1b9c431ce1eab1de500ccb943ae5a0d185cbba14f79b4ef91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
c5c2d3831921114404d1b791138b2066

SHA1
5bdb79186c4fc3da80205f78278ca36999427c66

SHA256
c40d2f15d657a0392da3f8a0678e8839a2825f1f10eb5477b81e7c956de95314

SHA512
bea7b0212c39487fd1784054af634743b44cf6869bcc74db80e85de341e0e10290fc621ba724e9ab77018693006490aab9b6ec1748cc270fa05394587a2ba631

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
f5a9be7d904006f8fad2fec253b6e704

SHA1
048d521773347b2c1532f441be2f8d702211e5e3

SHA256
a7d2483ddc0fd34bf7873ce7e006d20824057a13d48f56f795b4b2f464496dc9

SHA512
9fbbb9e94eb25c5a1b1feef440a10b9d1c3d479e711f0d8483e76750bd2a22d4dd16f97be48df5659538864b229df9772b92eaf8fcb4cba890cf8b929589af9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
d07d28852dcec981d028e92f677b3e15

SHA1
da635ed3ecb848d33f4b24610a760f62c2352d61

SHA256
e370265140586ae19ccbb23a332c9134ab4d9f1b47f2d3a9a1849a8af81af314

SHA512
94e88723a6007875edb4f8baee8e1eb94c5caa4e60a1887713af981eebf65a0f082ff920c9210d80c5976703914d3873a3fb75d2745cd5463763b7d871d1f162

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
5988529cf52639268077247c26e4985c

SHA1
047d1f277378d35dc2151c79e7d1f23f3e41ab92

SHA256
8fdc11d2899b9df7a17762259712bb728a3d1248f5c4e1a337d5180cb481d5ee

SHA512
bfa13b8fb5509bd78bac65127a79b54cd4b67986d923c832fb1f454b6b3e3152e24077305610504f590415c8f6c458cfba786b07264b36b61e7b7dfabdf70510

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
9b536471150138a4b8b801ff0244159d

SHA1
cb9299c088af139313ae9b27727d044c0d57ffbd

SHA256
8ebdd1e8e90c2a16dc3ffaa8ae49f37d8f04aeffa5a909d1d7df539bca96a4a7

SHA512
c87c28430a95317bcd1e1231ca349685be65a98fdecadcc9f6b5f9ce294445d298106c02745cdf11370fbaad49d4ee18bda7c34c8e2c76545098db7cff8bb9a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
98c72f94540e39ce929e85d57f175433

SHA1
81e8cf687b0f1488fe05431c36c6fe627e8256cf

SHA256
b14659159e3aeeba7e969278fe0bea64596594489d97d8d6920a455e67d729fe

SHA512
8465ebd9d5520d7b23433cf9eba8fe1da7d4dfc92de3f6d374b7c49355e9b723d1a607c60ee0a0c5d099ea27607994a65d9dcc8477d9a07985b01d3f05198f9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
b7a1f5c7d904d818e4e41a1e82a82471

SHA1
b9b2be554f9095848af54151bb0cf7dffdb51e3a

SHA256
75e636ba35631b31d09a0710697214779117759882f77acd61a47de10ecdddca

SHA512
519f76f6b8ce321d5f7d61170ccc284e467428d209bb0fdbfc02fdf6d67f4e9ebea127c3babea96b10e2291c85a9e65b99afca9c2478c50302287fdc5d7db0db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
74ec8606f81f35db424666b4ae8e8578

SHA1
3b7acfa12e47c1773268667a78ba04243255bde6

SHA256
5ce4cd2a9ed21e5ac096d53f0e1e3688a773a678f91c44e971d0cc3f6e89c114

SHA512
e4e0d431bd74f7927aa027a03db89892f746ae6b27e66d888d7375c8e33a77de2c9a9cece52048065366438ea3a78e337cd09b6ffeb706c588115056c942c98b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
278KB

MD5
119d531604aa3af002d59e9febab7bec

SHA1
8dce5ca3a7700947f7b161d9cbe1cdfac1b81c58

SHA256
7faa76deb6d80db2305203a5b7d79334383b67ae79ec5c56f02a6a17a877fa56

SHA512
2ca747051a7f4b87ed84b0c57c563e95dc4099d5f4ffb884d101bf589b494a1f50d567de33feb9a04a0b62246143d25f524a1ae1ce8ce963d95b2e987ae63992

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
100KB

MD5
7891be17e2cd0a85d237b7449958a739

SHA1
0e3d058a087929c454a6c2bbbca60fdc04ce46fe

SHA256
1773370359b7df97e6a33b622662fa6e625acb9a9f233b6203c2535f963b4fc6

SHA512
624df4df2a33088098590735e7c214dc665024c2201a2867616986b15f1e912d13faa356dd93f1430d2cbacd14199aa9faf29d149fcfc6ae40962f0e2ca29b8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5b2835.TMP

Filesize
88KB

MD5
3d8bec40c50293ce81bdba1113f5be99

SHA1
d4eb1dfd3990560b189c370872ccbebfc5daf169

SHA256
1f836af5bfc7f429fef34e7c7b214f4bef1601543ee50c62027c3b76dae5dde8

SHA512
795aedbc1f13dc8818018661210510ad8cb1a0d7d2021dcc2416fa39089d9aa7acf1a9fa6b6e9313c6cae6d17df05aefa76f3a51b06d4da220252e96b46ecf6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
477462b6ad8eaaf8d38f5e3a4daf17b0

SHA1
86174e670c44767c08a39cc2a53c09c318326201

SHA256
e6bbd4933b9baa1df4bb633319174de07db176ec215e71c8568d27c5c577184d

SHA512
a0acc2ef7fd0fcf413572eeb94d1e38aa6a682195cc03d6eaaaa0bc9e5f4b2c0033da0b835f4617aebc52069d0a10b52fc31ed53c2fe7943a480b55b7481dd4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b704c9ca0493bd4548ac9c69dc4a4f27

SHA1
a3e5e54e630dabe55ca18a798d9f5681e0620ba7

SHA256
2ebd5229b9dc642afba36a27c7ac12d90196b1c50985c37e94f4c17474e15411

SHA512
69c8116fb542b344a8c55e2658078bd3e0d3564b1e4c889b072dbc99d2b070dacbc4394dedbc22a4968a8cf9448e71f69ec71ded018c1bacc0e195b3b3072d32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\23558d1c-f83d-4884-aec3-cb57e6737865.tmp

Filesize
15KB

MD5
c3e55efa6442885dfb7b570364c3175f

SHA1
bc2f31e4231678bebf78ac8fc40a14044572ba9a

SHA256
dc1a030dbc0a8414ffe60765e1e91b60917c2720b3b29b551c9de235d3c43e25

SHA512
d1e6092345952292b751e437b8337c69610b601533e0e7ebcc344fa6b1df03310cbf0085fff03536373457dbf623255e8d1953e8056cfcb50d0f1d3405e3d976

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003c

Filesize
204KB

MD5
081c4aa5292d279891a28a6520fdc047

SHA1
c3dbb6c15f3555487c7b327f4f62235ddb568b84

SHA256
12cc87773068d1cd7105463287447561740be1cf4caefd563d0664da1f5f995f

SHA512
9a78ec4c2709c9f1b7e12fd9105552b1b5a2b033507de0c876d9a55d31678e6b81cec20e01cf0a9e536b013cdb862816601a79ce0a2bb92cb860d267501c0b69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
4726426d4be2b251e436d211316d1ce2

SHA1
e1c0aba07a94b9429cc4915bad79cc04b8b5f9fa

SHA256
2248528f7c5a79bb333dcb129fdbb8c868a8ccdcd59302ef6c099ebe898559cb

SHA512
b55cc10e395ef0f5a4df4cced68d8b3775a7a2e8fce1372d38017761d89fbba04e918c39bfa4f7b15cd3f9da128b2403ce122cbfefae21ae1202672df9c1c0b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
14KB

MD5
2e3bd5bd56170b9d306f351daad8394a

SHA1
f2eab6d5093f70664d602871340ab32698e6fa19

SHA256
09c39d55b2de82e7d296919c48846dd1b6e56e9fd00efcc51e66645854551851

SHA512
d094e4122dd5aa30e8ea838f379c7ed7c69b94243a3e86289357d3cf7adac3f99ab58af22ed10f740b03d956e224a5a3f392dcabdae46fb80d323bfcb063b7c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
35c3be52a1b14906d7e3034e38384024

SHA1
8792584c896768ae3b9f2ac6b9229141b3fd8c95

SHA256
bbc52056f20e3b5cb2050d9e303dfa7f53ee22534de37787cb94a65c29a51c99

SHA512
280b9d3db667040b4ced9e17f25374077319295774d1391eaf2a831d3e02f90c25fcf5bd27f86d26e669b0afc5d54ca37585b88f5969a431b7401c6b08032048

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
693dad86987c91bd34117ca81cc14ee5

SHA1
ee6d2905ac06b6ab655c5ad0e2a1f2e5236d8bdc

SHA256
c5d464eb36d61b7dbfeff9290a08a764a2419e7a67bf8c0186e0e176a9763c64

SHA512
3c23b5939b1b4c8fe8d6a43aab61f23058162c1114e02de4414a9ecfe52bc84016d3e6baff9c0b00aa5e814d36aa4fb9af42c90fab725e78cc89fd61e673c8bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
22b71366fd0c60932c225c488c479e53

SHA1
774dd99f43eb44543369744505ceff91a1fe3d55

SHA256
8a95cb242683d844b79ba5a3322be8e402e9761e860f2e1eb33e9046ac546bd3

SHA512
2028a0a59092e1cb61b8b85f226dc5955fab31b212c57e0a01cd312393b446d52025de8743844a1a6d83be3566ece519cdd6f56b3b4c602ff7e78a6c3128115b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
19KB

MD5
82679e41adff0cf2bbacac5d085f7e7f

SHA1
7178da69fb36a5e9460adf16c868cf34ae76d970

SHA256
9a7bdba16364497e2c6fefed7518f0152963db05c347bbd20b69513699b6dd84

SHA512
4157aa5c3d15e14ca21bbb015b50f3d84e85a5039e7da0e02077dd3c1a490937d54bdc79d4d3c900c4a336085f6dc70f07b0e099ffa814a308629963d9df3171

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
1e9bb65e9d8972e368358896b966886b

SHA1
a8c0049c84bb4eab53b82a20f2437488b75f1c2d

SHA256
3e2e089320f17d0307a98f063bed3accbcfe4dc4e78d64fb2c45364c79ff9af1

SHA512
120ac6887ed136dcf51edc574ea8796e241b7f48fee104b83ad75797ada8c004d078914c2a3ca2dbdfad639165971ea88c1d23d098d8549bc18771973a634fb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
a1c6b62d25feb2b5badc0dea2d6f7ad7

SHA1
2ca3f584acefe8a82b8c60223dd27f38076442fa

SHA256
578586b88fe2434e885455cd79a457e508cab05b7097d5c090cc3dc9ac5c26fc

SHA512
96b9b4bf9cacf0cc59663d0410d662c663f445a8316ea9131607a329c460ff71a4fd8edadcd4e8be37045a92cc9ad9585d4d8896e8071476190e9b8c2e11f956

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5781f1.TMP

Filesize
372B

MD5
5d7906560aae97f7f616eaa19a4ac3cd

SHA1
4de8c1491309f31a320a260c2604a386abb429f7

SHA256
5caaeb79a79db3fb97bfe0aeefcde0aa134444568d6f50b705e6ecfba8340225

SHA512
3ea0ef6ecaf0c16212ec7e2d034430426819f489bee50699efe4dfe0a44b9ccb14ce12113fb48bf8e3f1fec73d0b62f6f48f3975fb6f1231f2e9c18bfade47b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
fc6462f031a8fff12e879ae7c7d74846

SHA1
fac5ae692200e247851c5d23b542ff20ac466ecc

SHA256
47ee613dc7c3d04206c685f95d4eb0dcd8f592de21388500f3de46a479d3e5d4

SHA512
e42ad1e3beb6f120800068bccddd3e5448bcf2fa0df0df5149e11facd7bb116924a75599608a19b0ba5872704c4371c7f7331159d0224176809743a5614833b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
7d4dc9dbc575fb625a315d8dec3d6b6a

SHA1
a41ffc6635ad3925391c05b18cce82b69f35c280

SHA256
919936055cb19db0bff63f39e06a5ead3399c9301de2d8748b7546561a075cf6

SHA512
884c1d9aa65d99df4bfbc5df74657b3119a9eab5aa01bebc17f8f149f286ccd3577470bf823b6b19724f39037fcd7c9668633430730f0b3768bd8a65c322f650

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
597ce5d60dcb1409e329798796489d14

SHA1
43a9ab9ff4c8696772ab13823823c865107fcfc4

SHA256
b0d194efd51e1507e1d6802d3c801686f797120d0c20fe375ab80d57b54c732a

SHA512
bc82eb43c70d09ecd1046220c4b851a4f21d8a051d5c2fda72f0d335fd6cc62ee7da69bb50ccefa2680edabc31864043c102d7e8151c55262f8b7a6072111615

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e664a02673f8ca9d9ddddad7f18923a3

SHA1
61dd5b08a0ccec6706ccaf1262012ef001a8c27e

SHA256
eb4aab9ae247242dcbc717e686a199e977e3c92e0a7efe9c156b19162ee44155

SHA512
837c801e6a0ed101b953525695f75004a590d66166e8606392c64bb6050b5bbeb6f5f3a1bf1da7a9c89ac5a917b5c5776b205e3746bc70a2142537b829fea97f

Download Submit
C:\Users\Admin\Downloads\winrar-x64-701.exe

Filesize
3.8MB

MD5
46c17c999744470b689331f41eab7df1

SHA1
b8a63127df6a87d333061c622220d6d70ed80f7c

SHA256
c5b5def1c8882b702b6b25cbd94461c737bc151366d2d9eba5006c04886bfc9a

SHA512
4b02a3e85b699f62df1b4fe752c4dee08cfabc9b8bb316bc39b854bd5187fc602943a95788ec680c7d3dc2c26ad882e69c0740294bd6cb3b32cdcd165a9441b6

Download Submit