Overview

overview

10

Static

static

1

URLScan

urlscan

10

https://twitch.tubso...

windows10-2004-x64

6

Analysis

  • max time kernel
    101s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-06-2024 15:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://twitch.tubson.pl/

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Drops file in System32 directory 11 IoCs
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 28 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 26 IoCs
  • Suspicious use of AdjustPrivilegeToken 38 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twitch.tubson.pl/
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2424
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe92d846f8,0x7ffe92d84708,0x7ffe92d84718
      2⤵
        PID:344
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,3688742968158461734,2145952399508397928,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
        2⤵
          PID:2548
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,3688742968158461734,2145952399508397928,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:4720
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,3688742968158461734,2145952399508397928,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
          2⤵
            PID:4544
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3688742968158461734,2145952399508397928,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
            2⤵
              PID:4536
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3688742968158461734,2145952399508397928,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
              2⤵
                PID:4812
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,3688742968158461734,2145952399508397928,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5248 /prefetch:8
                2⤵
                  PID:3684
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,3688742968158461734,2145952399508397928,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5248 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:784
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2056,3688742968158461734,2145952399508397928,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5692 /prefetch:8
                  2⤵
                  • Suspicious use of AdjustPrivilegeToken
                  PID:4312
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3688742968158461734,2145952399508397928,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
                  2⤵
                    PID:1856
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3688742968158461734,2145952399508397928,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
                    2⤵
                      PID:5012
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3688742968158461734,2145952399508397928,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4048 /prefetch:1
                      2⤵
                        PID:396
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3688742968158461734,2145952399508397928,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
                        2⤵
                          PID:2392
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3688742968158461734,2145952399508397928,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6752 /prefetch:1
                          2⤵
                            PID:3200
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2056,3688742968158461734,2145952399508397928,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6756 /prefetch:8
                            2⤵
                            • Modifies registry class
                            • Suspicious behavior: EnumeratesProcesses
                            PID:1092
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3688742968158461734,2145952399508397928,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6992 /prefetch:1
                            2⤵
                              PID:5148
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3688742968158461734,2145952399508397928,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1
                              2⤵
                                PID:5156
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3688742968158461734,2145952399508397928,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7176 /prefetch:1
                                2⤵
                                  PID:5164
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2056,3688742968158461734,2145952399508397928,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6760 /prefetch:8
                                  2⤵
                                    PID:5528
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3688742968158461734,2145952399508397928,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6528 /prefetch:1
                                    2⤵
                                      PID:5536
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2056,3688742968158461734,2145952399508397928,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8012 /prefetch:8
                                      2⤵
                                      • Suspicious behavior: EnumeratesProcesses
                                      PID:5736
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3688742968158461734,2145952399508397928,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7128 /prefetch:1
                                      2⤵
                                        PID:5868
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3688742968158461734,2145952399508397928,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8688 /prefetch:1
                                        2⤵
                                          PID:4536
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3688742968158461734,2145952399508397928,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9024 /prefetch:1
                                          2⤵
                                            PID:5908
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3688742968158461734,2145952399508397928,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8216 /prefetch:1
                                            2⤵
                                              PID:6108
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3688742968158461734,2145952399508397928,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8924 /prefetch:1
                                              2⤵
                                                PID:5140
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2056,3688742968158461734,2145952399508397928,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8780 /prefetch:8
                                                2⤵
                                                • Suspicious behavior: EnumeratesProcesses
                                                PID:2040
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2056,3688742968158461734,2145952399508397928,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6836 /prefetch:8
                                                2⤵
                                                • Suspicious behavior: EnumeratesProcesses
                                                PID:5856
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3688742968158461734,2145952399508397928,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8236 /prefetch:1
                                                2⤵
                                                  PID:1936
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3688742968158461734,2145952399508397928,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8656 /prefetch:1
                                                  2⤵
                                                    PID:1408
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3688742968158461734,2145952399508397928,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8620 /prefetch:1
                                                    2⤵
                                                      PID:3736
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2056,3688742968158461734,2145952399508397928,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6964 /prefetch:8
                                                      2⤵
                                                      • Suspicious behavior: EnumeratesProcesses
                                                      PID:6260
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3688742968158461734,2145952399508397928,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9244 /prefetch:1
                                                      2⤵
                                                        PID:6272
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3688742968158461734,2145952399508397928,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8936 /prefetch:1
                                                        2⤵
                                                          PID:6416
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2056,3688742968158461734,2145952399508397928,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8904 /prefetch:8
                                                          2⤵
                                                          • Suspicious behavior: EnumeratesProcesses
                                                          PID:6712
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3688742968158461734,2145952399508397928,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7024 /prefetch:1
                                                          2⤵
                                                            PID:6796
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3688742968158461734,2145952399508397928,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
                                                            2⤵
                                                              PID:5068
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3688742968158461734,2145952399508397928,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7700 /prefetch:1
                                                              2⤵
                                                                PID:4364
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3688742968158461734,2145952399508397928,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7576 /prefetch:1
                                                                2⤵
                                                                  PID:6684
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3688742968158461734,2145952399508397928,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6760 /prefetch:1
                                                                  2⤵
                                                                    PID:2440
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2056,3688742968158461734,2145952399508397928,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4752 /prefetch:8
                                                                    2⤵
                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                    PID:6924
                                                                • C:\Windows\System32\CompPkgSrv.exe
                                                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                  1⤵
                                                                    PID:456
                                                                  • C:\Windows\System32\CompPkgSrv.exe
                                                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                    1⤵
                                                                      PID:1856
                                                                    • C:\Windows\system32\AUDIODG.EXE
                                                                      C:\Windows\system32\AUDIODG.EXE 0x2f8 0x2f4
                                                                      1⤵
                                                                      • Suspicious use of AdjustPrivilegeToken
                                                                      PID:1948
                                                                    • C:\Windows\System32\CredentialUIBroker.exe
                                                                      "C:\Windows\System32\CredentialUIBroker.exe" NonAppContainer -Embedding
                                                                      1⤵
                                                                      • Suspicious use of SetWindowsHookEx
                                                                      PID:5300
                                                                    • C:\Windows\System32\CredentialUIBroker.exe
                                                                      "C:\Windows\System32\CredentialUIBroker.exe" NonAppContainer -Embedding
                                                                      1⤵
                                                                      • Suspicious use of SetWindowsHookEx
                                                                      PID:6612
                                                                    • C:\Windows\System32\rundll32.exe
                                                                      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                                      1⤵
                                                                        PID:5324
                                                                      • C:\Windows\system32\mspaint.exe
                                                                        "C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Downloads\misiunia (1).png" /ForceBootstrapPaint3D
                                                                        1⤵
                                                                        • Modifies registry class
                                                                        • Suspicious behavior: EnumeratesProcesses
                                                                        • Suspicious use of SetWindowsHookEx
                                                                        PID:7112
                                                                      • C:\Windows\System32\svchost.exe
                                                                        C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s DsSvc
                                                                        1⤵
                                                                        • Drops file in System32 directory
                                                                        PID:6840
                                                                      • C:\Windows\system32\OpenWith.exe
                                                                        C:\Windows\system32\OpenWith.exe -Embedding
                                                                        1⤵
                                                                        • Suspicious use of SetWindowsHookEx
                                                                        PID:708
                                                                      • C:\Windows\system32\mspaint.exe
                                                                        "C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Downloads\strarzak (1).jpg" /ForceBootstrapPaint3D
                                                                        1⤵
                                                                        • Modifies registry class
                                                                        • Suspicious behavior: EnumeratesProcesses
                                                                        • Suspicious use of SetWindowsHookEx
                                                                        PID:5436
                                                                      • C:\Windows\system32\OpenWith.exe
                                                                        C:\Windows\system32\OpenWith.exe -Embedding
                                                                        1⤵
                                                                        • Suspicious behavior: GetForegroundWindowSpam
                                                                        • Suspicious use of SetWindowsHookEx
                                                                        PID:5884
                                                                      • C:\Windows\system32\mspaint.exe
                                                                        "C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Downloads\strarzak.jpg" /ForceBootstrapPaint3D
                                                                        1⤵
                                                                        • Modifies registry class
                                                                        • Suspicious behavior: EnumeratesProcesses
                                                                        • Suspicious use of SetWindowsHookEx
                                                                        PID:6388
                                                                      • C:\Windows\system32\OpenWith.exe
                                                                        C:\Windows\system32\OpenWith.exe -Embedding
                                                                        1⤵
                                                                        • Suspicious use of SetWindowsHookEx
                                                                        PID:5372
                                                                      • C:\Windows\system32\mspaint.exe
                                                                        "C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Downloads\strarzak.jpg" /ForceBootstrapPaint3D
                                                                        1⤵
                                                                        • Modifies registry class
                                                                        • Suspicious behavior: EnumeratesProcesses
                                                                        • Suspicious use of SetWindowsHookEx
                                                                        PID:2340
                                                                      • C:\Windows\system32\OpenWith.exe
                                                                        C:\Windows\system32\OpenWith.exe -Embedding
                                                                        1⤵
                                                                        • Suspicious use of SetWindowsHookEx
                                                                        PID:1772

                                                                      Network

                                                                      MITRE ATT&CK Matrix ATT&CK v13

                                                                      Initial Access

                                                                      Execution

                                                                      Persistence

                                                                      Privilege Escalation

                                                                      Defense Evasion

                                                                      Credential Access

                                                                      Discovery

                                                                      Query Registry

                                                                      1
                                                                      T1012

                                                                      System Information Discovery

                                                                      1
                                                                      T1082

                                                                      Lateral Movement

                                                                      Collection

                                                                      Exfiltration

                                                                      Command and Control

                                                                      Web Service

                                                                      1
                                                                      T1102

                                                                      Impact

                                                                      Resource Development

                                                                      Reconnaissance

                                                                      Replay Monitor

                                                                      Loading Replay Monitor...

                                                                      Downloads

                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                        Filesize

                                                                        152B

                                                                        MD5

                                                                        4b4f91fa1b362ba5341ecb2836438dea

                                                                        SHA1

                                                                        9561f5aabed742404d455da735259a2c6781fa07

                                                                        SHA256

                                                                        d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c

                                                                        SHA512

                                                                        fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac

                                                                        Download Submit
                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                        Filesize

                                                                        152B

                                                                        MD5

                                                                        eaa3db555ab5bc0cb364826204aad3f0

                                                                        SHA1

                                                                        a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca

                                                                        SHA256

                                                                        ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b

                                                                        SHA512

                                                                        e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4

                                                                        Download Submit
                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001
                                                                        Filesize

                                                                        101KB

                                                                        MD5

                                                                        18926a50b524d135cc4f137615daf6e9

                                                                        SHA1

                                                                        f185d23023a9efdca1aa28831858d4a84d2c3be8

                                                                        SHA256

                                                                        1da43d3b1ffbe7c8b8d20ca7741bcac54e0283a247171cafe6f0775b69fea774

                                                                        SHA512

                                                                        7cf9927808582a0c87b651a8e36ad6f044fefa4cd72104ca7bc9a2f4c50ae354054fe9b48aafef5c177d17b19ac2ef22f1508ddbe137d892c920632621229fbd

                                                                        Download Submit
                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a
                                                                        Filesize

                                                                        1024KB

                                                                        MD5

                                                                        beb4c506e6383fae649cc6c37bb5f02c

                                                                        SHA1

                                                                        590deec7a5a74fe4020c33a481257e34f1e5c35e

                                                                        SHA256

                                                                        36e58ad2c8b57c91f9f64e3023043a6604f277c0220921201cf98b5e3e323c36

                                                                        SHA512

                                                                        0f6c1e39a4d3868c7e223073755e54de9b4264a42964c9e10f944217931d7d838304fa7bdd71043a65d8b5c26f89f54cc64bf6405b50cceef0cea35ceccf8032

                                                                        Download Submit
                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e
                                                                        Filesize

                                                                        1024KB

                                                                        MD5

                                                                        88e226426ed2d40e9cbf9b82c32e39a5

                                                                        SHA1

                                                                        4c36dec4db809bd68ab11c52a62f20d82184d18a

                                                                        SHA256

                                                                        4914f1c91ec925fa41dae54e1ae783788e542f8e677b471e2092438b07eb147b

                                                                        SHA512

                                                                        3e9ec8484975a17bb993dc77381981c0b2da52093441b99b4593452a95b28205e2a1fd028a212ffdd9fc0e5ccfabd4265ef2403015583fc4c7e83243c6034151

                                                                        Download Submit
                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0d2738c0c1176629_0
                                                                        Filesize

                                                                        260B

                                                                        MD5

                                                                        84cbf24ebf8b0b31b84b9666d13cfa37

                                                                        SHA1

                                                                        038096dd39d13e64f303ca2cf8bc348d4a5630b3

                                                                        SHA256

                                                                        813883459690df42af21c275905c60e33e18be766dfc193c003aa5b3085adbcc

                                                                        SHA512

                                                                        556ac33ec6f055221bf330582538d388869ccf1ed432375a4808842b53677589ad58a01f60913277d60e753800c0baabc87ed5df16c18a26d818fe82ffa8380a

                                                                        Download Submit
                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\63db904b4346fc57_0
                                                                        Filesize

                                                                        453KB

                                                                        MD5

                                                                        ad88598de09cfbb900450efe96d4f18b

                                                                        SHA1

                                                                        4aa87f8a51a5829504b4a40971a2815aa61fe769

                                                                        SHA256

                                                                        a33fcd616ce91a207434e4488148787c63b4a70604f5df6f4edf9c0172c0dba7

                                                                        SHA512

                                                                        a6cd6d7188e53032531b06007d6722639b48cde458a1e31f1ff933469cc287506cb408cf5dae812936efca2dfb805ec9961f50a8d83d5e6e061f86da6129ed0b

                                                                        Download Submit
                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                        Filesize

                                                                        216B

                                                                        MD5

                                                                        3ace24328ab80fccfb04802cf1a882f6

                                                                        SHA1

                                                                        652529f821fd351332d919b8425e9e4eb9188ed7

                                                                        SHA256

                                                                        9fef343b8c479a4b8a0e9306e2987046ca9de4674841f426ea9e89b2a0af2155

                                                                        SHA512

                                                                        eafec04ec92da1f86a024b1f3538718bf6b73c1602397c74a99f2b7ca5b2b3510dbf2659b5f4e3bff96ce1167a03cf6904ef6a52034b7e960775ab445ac0b483

                                                                        Download Submit
                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                        Filesize

                                                                        3KB

                                                                        MD5

                                                                        5c68e5c511322877223f9ce60253ed93

                                                                        SHA1

                                                                        4e8fb18427a3d4314d9f8af7ae42ca13f6662e0b

                                                                        SHA256

                                                                        25f9f3c78b4ccf985417ddd32e402a2a2d1106784fbe6cada55502f8330f4edd

                                                                        SHA512

                                                                        1375f88e1ae693259b8918be7c835aa569d20639bd87feff98ea1a1c50d4bb03089534f07ffb60abf1b3e19314e88aea0f8b2d7cda49c1b8faa70f89c36c1900

                                                                        Download Submit
                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                        Filesize

                                                                        3KB

                                                                        MD5

                                                                        a7aac4b9afd42f79fe60cac4ca65238d

                                                                        SHA1

                                                                        b9f1c7de47262916e39ccb2557c4a5275be0e76f

                                                                        SHA256

                                                                        088a4a19b58dc904f81acc19ad9c0216f2cace1c68d8f0b2f315e50f8187e072

                                                                        SHA512

                                                                        be3516e3ade5d1bbd3cb468122db9f273cb07484e7bf48172e5114eacf58caa9a7d80dfc9aab22bc156f0eab218540e2a1166c169ec38f64a9e86dcc6e474edd

                                                                        Download Submit
                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                        Filesize

                                                                        9KB

                                                                        MD5

                                                                        5a178c75f7336d50fc634dd5f0fa4468

                                                                        SHA1

                                                                        bfb499b178eb0ddd467a275e3d35b5e939260038

                                                                        SHA256

                                                                        cc365039ccef1ffc8eaffffeaf04d75780de1e7c61b7b1b0884a852c85777c70

                                                                        SHA512

                                                                        be34606f73a166413cc0922434f4d172b8fbcd8828f3c735a50bc007d86344820e0231a8d995a587d0b538a4603bff235cd965a1ff5899d22be8751a94d363c0

                                                                        Download Submit
                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                        Filesize

                                                                        9KB

                                                                        MD5

                                                                        318749eae85c45c17ff90b29c82ce723

                                                                        SHA1

                                                                        9977f16ed9520387a09d7dfdb45e4d776288fbf1

                                                                        SHA256

                                                                        1f573c519519687aed67aa07408c0cf8c7edcb04755d429dd7c8ff6cb5a0b41e

                                                                        SHA512

                                                                        19760b570ad7924fd7ce48f50a4c452520ad083d1f4a4f29e5f49934a0d7f769c535bfc1cec83dc6cde5a73715e86642fb24c81c45e914dcdee2a4c00363eca0

                                                                        Download Submit
                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                        Filesize

                                                                        5KB

                                                                        MD5

                                                                        b377a4e2a01b2c86ef3d030cce70109a

                                                                        SHA1

                                                                        cafc72012cdfafeb2a29021bb49b086c90405b85

                                                                        SHA256

                                                                        1f0e6730f0d55efade56f137b72f83a2279ff220c32f4dc7fa99f693354c34bc

                                                                        SHA512

                                                                        a5645e038d3fe3e34a32e39d66401d86c8cc729f854147635c057d7572e061f223ca649c0c93a3898a221a77b43f1a0cddf899007ac1066c6335527fdbc607ca

                                                                        Download Submit
                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                        Filesize

                                                                        6KB

                                                                        MD5

                                                                        b87599333520292c6af02dada332d454

                                                                        SHA1

                                                                        2698691aeaa1ab0779ea856dbce2a183bb98a661

                                                                        SHA256

                                                                        a51da07116e12d26944d7fc3b51fe733a83af52ef5b06dd62b85d39589f61e16

                                                                        SHA512

                                                                        8421de0f508b3f761ba53063d5870ee63f223e45467db8ce3fb75b03ef4aeb1b9ac0f2cf7adee378f26ae6076c3e7ea198c3e9506bab6d8cdc0d5f80e9e1f649

                                                                        Download Submit
                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                        Filesize

                                                                        8KB

                                                                        MD5

                                                                        5ebf5f7cd0a9d19cabf6f8b10e42df46

                                                                        SHA1

                                                                        5efbe3a6f51b35da34c3fb78f8d5bf525cc69052

                                                                        SHA256

                                                                        e8c7512840597993143f7d5d7f975b170c118e5a572646e81cef07a95ee3426a

                                                                        SHA512

                                                                        0ed736fb1652cbebb5bfe85f28f81e6773215fda90da8581ff862f2f013dceefcf240d18e97bfa1498ecf45615b7e54fe81d4f0448630e8a3190b30c341ee1df

                                                                        Download Submit
                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                        Filesize

                                                                        8KB

                                                                        MD5

                                                                        49190a2fff214c863d543dc27a6b115a

                                                                        SHA1

                                                                        626cdf6c7011c981c4ff26a2f9e6742904979946

                                                                        SHA256

                                                                        d94ca0a00a23eb39b398210dc503fff654fa193f61e51ffe7f4005c551c99a27

                                                                        SHA512

                                                                        dd96207a9b4f6ae5adaf2c76d40d8fb0d4fef5aeb8920ab016f8ce4c1ca7145a8a51576c8bd9a9a0004435e98706de60b637874a55fdb433d2f74f6c474e2884

                                                                        Download Submit
                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                        Filesize

                                                                        8KB

                                                                        MD5

                                                                        fcc4883288b883ff6b00d9178a2e5377

                                                                        SHA1

                                                                        756883b2fd2160c1c2be1dbb840cbf1b819eb5e9

                                                                        SHA256

                                                                        a79e8d2fb62fa27528bbef3658ac8f590b8092b2c291371f2bd17805fa2933f1

                                                                        SHA512

                                                                        db14013ac2ce7c712779b9e2dddc371f8894120facda30fe94fc8e2b0bf09013541a62f6f36cd06d7cbab2acd40b8afe3ba892f4648ae6fa201b7666f3d62a0c

                                                                        Download Submit
                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                        Filesize

                                                                        8KB

                                                                        MD5

                                                                        5703d46866922468bbecd1516a61a70c

                                                                        SHA1

                                                                        1785b8a1bb235760f31cbeff9e7b6d4a46ca5d64

                                                                        SHA256

                                                                        c805521c2b3f826d7e29b85548dc3a40128cdfbff4d7eea15674e079c02f83ff

                                                                        SHA512

                                                                        2861592bc66f6e4dafc77b92c9f661d76c1dfeffa7414845f7f860c136aa585e3da1580b2d54055607afaaf9c3f9a95d3fe12ba60509cb0a7167a0a5c67ed97e

                                                                        Download Submit
                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                        Filesize

                                                                        9KB

                                                                        MD5

                                                                        324179023c631360dd5ceb06aa4aee64

                                                                        SHA1

                                                                        769768f5091d4fb0da2e92fc182d1013003e0858

                                                                        SHA256

                                                                        3bea9f4a20002e9ca79c2470fd7273b76ca3d665e6baa33054bd05a51823468a

                                                                        SHA512

                                                                        e7704bf6be99f03bdb7b2a6f4a1641b074e23c8cf31ebad8d3e25cdbd13fa00ce805635ff1310850d64928dead9a909a57df526e4d32cb13eb85cbd2445cca72

                                                                        Download Submit
                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                        Filesize

                                                                        3KB

                                                                        MD5

                                                                        6c8726abd7c3833a68eaab5879ef870f

                                                                        SHA1

                                                                        28aec43846f5c42b840a9872322d138f38e6148c

                                                                        SHA256

                                                                        73737e985f07ce76f63d4c28d246719adfd949103951fc005f133e1b4dc3aeb9

                                                                        SHA512

                                                                        aa78687830463c188b5eca05d1721ae6aa783cb405edc129b08e73e07ae89b1b4c27a880ab9bd657f94547a8ea86564044728aead1226ef1f256ced0217d1ffc

                                                                        Download Submit
                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                        Filesize

                                                                        3KB

                                                                        MD5

                                                                        92fcf2eb04fd8c1a9e4a8aa93cab6e7e

                                                                        SHA1

                                                                        145ed9087341bf90b54b2ff130ca63f698a40c4e

                                                                        SHA256

                                                                        a3d53c007882fa2ab802633f7408e8b000248b21e2ee99edd63a65f1988febc1

                                                                        SHA512

                                                                        a13a5f440e74a82b8d3ff3a9518fe388bced97cc3c272dace1127621cd17cfe1e2992755036f12343d5b5858c2f1d8fa6645680e4b69b6ca120ce9c512ebfcc4

                                                                        Download Submit
                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                        Filesize

                                                                        3KB

                                                                        MD5

                                                                        fea4fc182c61dc745855e8662e59769b

                                                                        SHA1

                                                                        56972d7423e8b8db4276fa6b9062378c5db3b36b

                                                                        SHA256

                                                                        aab0d6872d8d48a3c13d8dfd3d322c2e6bc1deed3f2c6e200336f198c9657ad0

                                                                        SHA512

                                                                        2c96aa5fbc94748cded8a079ad90b4a4f9f8d1127103b0791bc18fd09809b68cc840f8f909a3039a563452c02aeb5cb9cd0bf68298777b1434ba75de1fd6d07e

                                                                        Download Submit
                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ad38.TMP
                                                                        Filesize

                                                                        2KB

                                                                        MD5

                                                                        eecdccb715b6687c92de27473a8edd77

                                                                        SHA1

                                                                        582443b47c38baa5d8514d151ff02d1116f530a1

                                                                        SHA256

                                                                        b0f306e02184ff10eb0b19cbb38196cfeb8798eec2ec81e7dfcb92c84c08f9dc

                                                                        SHA512

                                                                        420ff8210a16be37be0957eabf1c8319c806d35c175e39e559273d03b3a17c96b3f3d45710623459a3d394b6c6c0bb1ca163ee307beaf4019b603c26a5da5b53

                                                                        Download Submit
                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                        Filesize

                                                                        16B

                                                                        MD5

                                                                        6752a1d65b201c13b62ea44016eb221f

                                                                        SHA1

                                                                        58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                                        SHA256

                                                                        0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                                        SHA512

                                                                        9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                                        Download Submit
                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                        Filesize

                                                                        11KB

                                                                        MD5

                                                                        c6355a01dc005542d6d6b17a1dc247a8

                                                                        SHA1

                                                                        4507734a9f7e7466f5e47cf3eb22c2edd8d19057

                                                                        SHA256

                                                                        1fad98bed62afffb8f80f118a1c81d1606bd3d9893f1d3d3ce7dd2377f6c37dc

                                                                        SHA512

                                                                        c793e372892bbd5a94c5feead7a733ea71a66e5ff24b32663dd4c2f328702123a00ac15153723ef0a280250c4597732b6f2f3545e7d2532ca84120d4a36cc2ff

                                                                        Download Submit
                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                        Filesize

                                                                        10KB

                                                                        MD5

                                                                        2b5565265dc1adb228cc2b882d644a0e

                                                                        SHA1

                                                                        28caa8fa47dbe8ac8cbbc5c78cf0467739dd9a58

                                                                        SHA256

                                                                        b4bfbcbcc62a9c9e5ae6b7dcfee612b32deb99de7eaf67b61864c5e76fab2606

                                                                        SHA512

                                                                        e804dd11ceb27e868d72bf2518178d370f199b796d3d3cf424c51ad2beb5a700fa3d74d8dc7bceb76875ff7cd6061568f22d78e8811df06816bce76ff7336543

                                                                        Download Submit
                                                                      • C:\Users\Admin\Downloads\misiunia (1).png.crdownload
                                                                        Filesize

                                                                        1019KB

                                                                        MD5

                                                                        43b7d00d896163d58530c4d28ed0bcc8

                                                                        SHA1

                                                                        f26617e69b227b8a005fe47c4ec8d0e3e0343945

                                                                        SHA256

                                                                        811f499c7f4136351c3f38fd9ce9172f65e875f50c50fe9f05f20be9ca4a7c6c

                                                                        SHA512

                                                                        9ef73895f99c39765acac64844a83d5d8131edfd884db66564e5741c54e53d5f1199655e1201a8634be7304c1ed675aabe10993f9b15e7741af4b9710a65f680

                                                                        Download Submit
                                                                      • C:\Users\Admin\Downloads\strarzak (1).jpg.crdownload
                                                                        Filesize

                                                                        38KB

                                                                        MD5

                                                                        a8939ad47e35a55b335866db9f9521f2

                                                                        SHA1

                                                                        76c89d1d3a155223329f2fd365b16ad4fb568c4e

                                                                        SHA256

                                                                        906c2e9907a958108edba7e49bca275a502b9e574b5167ef719fa970d9f35a39

                                                                        SHA512

                                                                        ea1a69aa79c3db72fd1dd3af450c37447dfc603f2b7b58c88eb85e079aff5489cda51d466e7fcd7a0dd088d506c057b5338b299aaf25fc4779cb69a273850c08

                                                                        Download Submit
                                                                      • \??\pipe\LOCAL\crashpad_2424_BDZPDFARVUFILRTY
                                                                        MD5

                                                                        d41d8cd98f00b204e9800998ecf8427e

                                                                        SHA1

                                                                        da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                                        SHA256

                                                                        e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                                        SHA512

                                                                        cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                                                        Download Submit
                                                                      • memory/6840-719-0x000001B1710B0000-0x000001B1710C0000-memory.dmp
                                                                        Filesize

                                                                        64KB

                                                                        Download
                                                                      • memory/6840-715-0x000001B171070000-0x000001B171080000-memory.dmp
                                                                        Filesize

                                                                        64KB

                                                                        Download
                                                                      • memory/6840-726-0x000001B1793A0000-0x000001B1793A1000-memory.dmp
                                                                        Filesize

                                                                        4KB

                                                                        Download
                                                                      • memory/6840-728-0x000001B179420000-0x000001B179421000-memory.dmp
                                                                        Filesize

                                                                        4KB

                                                                        Download
                                                                      • memory/6840-730-0x000001B179420000-0x000001B179421000-memory.dmp
                                                                        Filesize

                                                                        4KB

                                                                        Download
                                                                      • memory/6840-732-0x000001B1794B0000-0x000001B1794B1000-memory.dmp
                                                                        Filesize

                                                                        4KB

                                                                        Download
                                                                      • memory/6840-731-0x000001B1794B0000-0x000001B1794B1000-memory.dmp
                                                                        Filesize

                                                                        4KB

                                                                        Download
                                                                      • memory/6840-733-0x000001B1794C0000-0x000001B1794C1000-memory.dmp
                                                                        Filesize

                                                                        4KB

                                                                        Download
                                                                      • memory/6840-734-0x000001B1794C0000-0x000001B1794C1000-memory.dmp
                                                                        Filesize

                                                                        4KB

                                                                        Download