066d99b7eeae449af840cb0b3d84c516943309684021dd227b74e40918e31577

Resubmissions

01-07-2024 06:58

240701-hrjjaaydre 1

01-07-2024 05:24

01-07-2024 05:22

01-07-2024 05:15

01-07-2024 05:07

01-07-2024 04:55

Analysis

max time kernel
695s
max time network
697s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
01-07-2024 04:55

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

sample.html
Size

490KB
MD5

901bff5e87be7b3c2c3ee45da179bce4
SHA1

2bd44512efd1923b5fd06b3fe2186e506d0f3d66
SHA256

066d99b7eeae449af840cb0b3d84c516943309684021dd227b74e40918e31577
SHA512

560265edf67899f2594bba5ba16f2243a4fa50f764df17eec7d09a753ca2f0eec2ac72c9d0d70e1bfe471b060fd7e16cfb6f4dfd0029866bf6f0d34be7b00697
SSDEEP

6144:VOxTA8eA8oA89A8iA81A8dA8ZA8SA8WA8NabK:VoA1A9AcABAEAAAqAxAnAhbK

Score

8^/10

persistence

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 9 IoCs

pid	Process
2080	BluescreenSimulator.exe
1120	BluescreenSimulator.exe
4560	BluescreenSimulator.exe
2268	pp.exe
2392	BluescreenSimulator.exe
2080	BluescreenSimulator.exe
4620	pp.exe
1676	BluescreenSimulator.exe
3760	BluescreenSimulator.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\""	pp.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\""	pp.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
3	raw.githubusercontent.com
134	raw.githubusercontent.com

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 12 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 17 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4290799360"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "24"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133642836375389854"	chrome.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292114432"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365268"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = 99ebff004cc2ff000091f8000078d4000067c000003e9200001a6800f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292114432"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365268"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3107365284-1576850094-161165143-1000\{BF53CA7B-482C-449A-B916-89F69F40A810}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3107365284-1576850094-161165143-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3107365284-1576850094-161165143-1000\{F54C4535-4E3A-47F6-A14B-E651776EEDD6}	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3107365284-1576850094-161165143-1000\{BDA3EB2A-FA84-476C-826F-7DD75D1CE840}	msedge.exe

NTFS ADS 5 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\MEMZ.4.0.Clean.zip:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 607178.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\BluescreenSimulator.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 952547.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Bluescreen.bat:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 42 IoCs

pid	Process
3776	msedge.exe
3776	msedge.exe
400	msedge.exe
400	msedge.exe
412	msedge.exe
412	msedge.exe
5052	msedge.exe
5052	msedge.exe
4800	identity_helper.exe
4800	identity_helper.exe
3968	msedge.exe
3968	msedge.exe
4876	msedge.exe
4876	msedge.exe
3388	msedge.exe
3388	msedge.exe
3776	identity_helper.exe
3776	identity_helper.exe
656	msedge.exe
656	msedge.exe
1560	msedge.exe
1560	msedge.exe
4940	msedge.exe
4940	msedge.exe
2644	chrome.exe
2644	chrome.exe
3380	msedge.exe
3380	msedge.exe
4860	msedge.exe
4860	msedge.exe
5076	identity_helper.exe
5076	identity_helper.exe
3708	msedge.exe
3708	msedge.exe
2516	msedge.exe
2516	msedge.exe
2080	msedge.exe
2080	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe
3128	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 42 IoCs

pid	Process
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeCreatePagefilePrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeCreatePagefilePrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeCreatePagefilePrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeCreatePagefilePrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeCreatePagefilePrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeCreatePagefilePrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeCreatePagefilePrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeCreatePagefilePrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeCreatePagefilePrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeCreatePagefilePrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeCreatePagefilePrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeCreatePagefilePrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeCreatePagefilePrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeCreatePagefilePrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeCreatePagefilePrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeCreatePagefilePrivilege	2644	chrome.exe
Token: 33	3576	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3576	AUDIODG.EXE
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeCreatePagefilePrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeCreatePagefilePrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeCreatePagefilePrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeCreatePagefilePrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeCreatePagefilePrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeCreatePagefilePrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeCreatePagefilePrivilege	2644	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeCreatePagefilePrivilege	2644	chrome.exe
Token: 33	3588	chrome.exe
Token: SeIncBasePriorityPrivilege	3588	chrome.exe
Token: 33	3588	chrome.exe
Token: SeIncBasePriorityPrivilege	3588	chrome.exe
Token: 33	3588	chrome.exe
Token: SeIncBasePriorityPrivilege	3588	chrome.exe
Token: 33	3588	chrome.exe
Token: SeIncBasePriorityPrivilege	3588	chrome.exe
Token: 33	3588	chrome.exe
Token: SeIncBasePriorityPrivilege	3588	chrome.exe
Token: 33	3588	chrome.exe
Token: SeIncBasePriorityPrivilege	3588	chrome.exe
Token: SeShutdownPrivilege	2644	chrome.exe
Token: SeCreatePagefilePrivilege	2644	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
2644	chrome.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
3004	MiniSearchHost.exe
1120	BluescreenSimulator.exe
2080	BluescreenSimulator.exe
3760	BluescreenSimulator.exe
672	PickerHost.exe
4060	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 400 wrote to memory of 4748	400	msedge.exe	78
PID 400 wrote to memory of 4748	400	msedge.exe	78
PID 400 wrote to memory of 1304	400	msedge.exe	79
PID 400 wrote to memory of 1304	400	msedge.exe	79
PID 400 wrote to memory of 1304	400	msedge.exe	79
PID 400 wrote to memory of 1304	400	msedge.exe	79
PID 400 wrote to memory of 1304	400	msedge.exe	79
PID 400 wrote to memory of 1304	400	msedge.exe	79
PID 400 wrote to memory of 1304	400	msedge.exe	79
PID 400 wrote to memory of 1304	400	msedge.exe	79
PID 400 wrote to memory of 1304	400	msedge.exe	79
PID 400 wrote to memory of 1304	400	msedge.exe	79
PID 400 wrote to memory of 1304	400	msedge.exe	79
PID 400 wrote to memory of 1304	400	msedge.exe	79
PID 400 wrote to memory of 1304	400	msedge.exe	79
PID 400 wrote to memory of 1304	400	msedge.exe	79
PID 400 wrote to memory of 1304	400	msedge.exe	79
PID 400 wrote to memory of 1304	400	msedge.exe	79
PID 400 wrote to memory of 1304	400	msedge.exe	79
PID 400 wrote to memory of 1304	400	msedge.exe	79
PID 400 wrote to memory of 1304	400	msedge.exe	79
PID 400 wrote to memory of 1304	400	msedge.exe	79
PID 400 wrote to memory of 1304	400	msedge.exe	79
PID 400 wrote to memory of 1304	400	msedge.exe	79
PID 400 wrote to memory of 1304	400	msedge.exe	79
PID 400 wrote to memory of 1304	400	msedge.exe	79
PID 400 wrote to memory of 1304	400	msedge.exe	79
PID 400 wrote to memory of 1304	400	msedge.exe	79
PID 400 wrote to memory of 1304	400	msedge.exe	79
PID 400 wrote to memory of 1304	400	msedge.exe	79
PID 400 wrote to memory of 1304	400	msedge.exe	79
PID 400 wrote to memory of 1304	400	msedge.exe	79
PID 400 wrote to memory of 1304	400	msedge.exe	79
PID 400 wrote to memory of 1304	400	msedge.exe	79
PID 400 wrote to memory of 1304	400	msedge.exe	79
PID 400 wrote to memory of 1304	400	msedge.exe	79
PID 400 wrote to memory of 1304	400	msedge.exe	79
PID 400 wrote to memory of 1304	400	msedge.exe	79
PID 400 wrote to memory of 1304	400	msedge.exe	79
PID 400 wrote to memory of 1304	400	msedge.exe	79
PID 400 wrote to memory of 1304	400	msedge.exe	79
PID 400 wrote to memory of 1304	400	msedge.exe	79
PID 400 wrote to memory of 3776	400	msedge.exe	80
PID 400 wrote to memory of 3776	400	msedge.exe	80
PID 400 wrote to memory of 2500	400	msedge.exe	81
PID 400 wrote to memory of 2500	400	msedge.exe	81
PID 400 wrote to memory of 2500	400	msedge.exe	81
PID 400 wrote to memory of 2500	400	msedge.exe	81
PID 400 wrote to memory of 2500	400	msedge.exe	81
PID 400 wrote to memory of 2500	400	msedge.exe	81
PID 400 wrote to memory of 2500	400	msedge.exe	81
PID 400 wrote to memory of 2500	400	msedge.exe	81
PID 400 wrote to memory of 2500	400	msedge.exe	81
PID 400 wrote to memory of 2500	400	msedge.exe	81
PID 400 wrote to memory of 2500	400	msedge.exe	81
PID 400 wrote to memory of 2500	400	msedge.exe	81
PID 400 wrote to memory of 2500	400	msedge.exe	81
PID 400 wrote to memory of 2500	400	msedge.exe	81
PID 400 wrote to memory of 2500	400	msedge.exe	81
PID 400 wrote to memory of 2500	400	msedge.exe	81
PID 400 wrote to memory of 2500	400	msedge.exe	81
PID 400 wrote to memory of 2500	400	msedge.exe	81
PID 400 wrote to memory of 2500	400	msedge.exe	81
PID 400 wrote to memory of 2500	400	msedge.exe	81

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8a21d3cb8,0x7ff8a21d3cc8,0x7ff8a21d3cd8
  2⤵
  PID:4748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1952,4519080345018612959,7968471101662298092,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1960 /prefetch:2
  2⤵
  PID:1304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1952,4519080345018612959,7968471101662298092,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1952,4519080345018612959,7968471101662298092,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2628 /prefetch:8
  2⤵
  PID:2500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,4519080345018612959,7968471101662298092,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3148 /prefetch:1
  2⤵
  PID:3184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,4519080345018612959,7968471101662298092,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:2448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,4519080345018612959,7968471101662298092,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
  2⤵
  PID:3888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,4519080345018612959,7968471101662298092,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4084 /prefetch:1
  2⤵
  PID:392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1952,4519080345018612959,7968471101662298092,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5220 /prefetch:8
  2⤵
  PID:4892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1952,4519080345018612959,7968471101662298092,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5288 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1952,4519080345018612959,7968471101662298092,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5236 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,4519080345018612959,7968471101662298092,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
  2⤵
  PID:3580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,4519080345018612959,7968471101662298092,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3612 /prefetch:1
  2⤵
  PID:4728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,4519080345018612959,7968471101662298092,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
  2⤵
  PID:4708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,4519080345018612959,7968471101662298092,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
  2⤵
  PID:2172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,4519080345018612959,7968471101662298092,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
  2⤵
  PID:3944
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1952,4519080345018612959,7968471101662298092,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6208 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,4519080345018612959,7968471101662298092,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6204 /prefetch:1
  2⤵
  PID:2532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,4519080345018612959,7968471101662298092,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1
  2⤵
  PID:4324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,4519080345018612959,7968471101662298092,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6288 /prefetch:1
  2⤵
  PID:396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1952,4519080345018612959,7968471101662298092,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5720 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:3968

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4156

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3364

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3440

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8a21d3cb8,0x7ff8a21d3cc8,0x7ff8a21d3cd8
  2⤵
  PID:3168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,14900748693687552486,17077840009637694111,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1932 /prefetch:2
  2⤵
  PID:2568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1928,14900748693687552486,17077840009637694111,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1928,14900748693687552486,17077840009637694111,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2700 /prefetch:8
  2⤵
  PID:1296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,14900748693687552486,17077840009637694111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:5032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,14900748693687552486,17077840009637694111,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,14900748693687552486,17077840009637694111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4100 /prefetch:1
  2⤵
  PID:3512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,14900748693687552486,17077840009637694111,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
  2⤵
  PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1928,14900748693687552486,17077840009637694111,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3552 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1928,14900748693687552486,17077840009637694111,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5384 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,14900748693687552486,17077840009637694111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
  2⤵
  PID:660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1928,14900748693687552486,17077840009637694111,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3852 /prefetch:8
  2⤵
  PID:1488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1928,14900748693687552486,17077840009637694111,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5188 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,14900748693687552486,17077840009637694111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
  2⤵
  PID:2560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,14900748693687552486,17077840009637694111,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
  2⤵
  PID:1348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,14900748693687552486,17077840009637694111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4540 /prefetch:1
  2⤵
  PID:4728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,14900748693687552486,17077840009637694111,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
  2⤵
  PID:4068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,14900748693687552486,17077840009637694111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2892 /prefetch:1
  2⤵
  PID:4436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,14900748693687552486,17077840009637694111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1
  2⤵
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,14900748693687552486,17077840009637694111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:1
  2⤵
  PID:1212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1928,14900748693687552486,17077840009637694111,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6220 /prefetch:8
  2⤵
  PID:4956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1928,14900748693687552486,17077840009637694111,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6088 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:4940
- C:\Users\Admin\Downloads\BluescreenSimulator.exe
  "C:\Users\Admin\Downloads\BluescreenSimulator.exe"
  2⤵
  - Executes dropped EXE
  PID:2080

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3008

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1560

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Suspicious use of SetWindowsHookEx
PID:3004

C:\Users\Admin\Downloads\BluescreenSimulator.exe
"C:\Users\Admin\Downloads\BluescreenSimulator.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1120

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
PID:2644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8a18aab58,0x7ff8a18aab68,0x7ff8a18aab78
  2⤵
  PID:1080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1648 --field-trial-handle=1752,i,241765267593506924,8959827345339808035,131072 /prefetch:2
  2⤵
  PID:3964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2080 --field-trial-handle=1752,i,241765267593506924,8959827345339808035,131072 /prefetch:8
  2⤵
  PID:3592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2148 --field-trial-handle=1752,i,241765267593506924,8959827345339808035,131072 /prefetch:8
  2⤵
  PID:2080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3060 --field-trial-handle=1752,i,241765267593506924,8959827345339808035,131072 /prefetch:1
  2⤵
  PID:3644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3196 --field-trial-handle=1752,i,241765267593506924,8959827345339808035,131072 /prefetch:1
  2⤵
  PID:2948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4136 --field-trial-handle=1752,i,241765267593506924,8959827345339808035,131072 /prefetch:1
  2⤵
  PID:2592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3796 --field-trial-handle=1752,i,241765267593506924,8959827345339808035,131072 /prefetch:8
  2⤵
  PID:1620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4460 --field-trial-handle=1752,i,241765267593506924,8959827345339808035,131072 /prefetch:8
  2⤵
  PID:2908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4496 --field-trial-handle=1752,i,241765267593506924,8959827345339808035,131072 /prefetch:8
  2⤵
  PID:3744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4672 --field-trial-handle=1752,i,241765267593506924,8959827345339808035,131072 /prefetch:8
  2⤵
  PID:2312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4840 --field-trial-handle=1752,i,241765267593506924,8959827345339808035,131072 /prefetch:8
  2⤵
  PID:2472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4652 --field-trial-handle=1752,i,241765267593506924,8959827345339808035,131072 /prefetch:1
  2⤵
  PID:2000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4832 --field-trial-handle=1752,i,241765267593506924,8959827345339808035,131072 /prefetch:1
  2⤵
  PID:5080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3380 --field-trial-handle=1752,i,241765267593506924,8959827345339808035,131072 /prefetch:8
  2⤵
  PID:1348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3304 --field-trial-handle=1752,i,241765267593506924,8959827345339808035,131072 /prefetch:8
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:3588

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1016

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:1016

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x00000000000004E4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3576

C:\Users\Admin\Downloads\BluescreenSimulator.exe
"C:\Users\Admin\Downloads\BluescreenSimulator.exe"
1⤵
- Executes dropped EXE
PID:4560
- C:\Windows\system32\iexpress.exe
  "C:\Windows\system32\iexpress.exe" /N C:\Users\Admin\AppData\Local\Temp\\optionfile.SED
  2⤵
  PID:4624
- - C:\Windows\system32\makecab.exe
    C:\Windows\system32\makecab.exe /f "C:\Users\Admin\Downloads\\~pp.DDF"
    3⤵
    PID:2436

C:\Users\Admin\Desktop\pp.exe
"C:\Users\Admin\Desktop\pp.exe"
1⤵
- Executes dropped EXE
- Adds Run key to start application
PID:2268
- C:\Windows\SYSTEM32\cmd.exe
  cmd /c BluescreenSimulator.exe --read-command-file
  2⤵
  PID:4428
- - C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\BluescreenSimulator.exe
    BluescreenSimulator.exe --read-command-file
    3⤵
    - Executes dropped EXE
    PID:2392
  - - C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\BluescreenSimulator.exe
      "C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\BluescreenSimulator.exe" --win10 -e ":)" -sp 100
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2080

C:\Users\Admin\Desktop\pp.exe
"C:\Users\Admin\Desktop\pp.exe"
1⤵
- Executes dropped EXE
- Adds Run key to start application
PID:4620
- C:\Windows\SYSTEM32\cmd.exe
  cmd /c BluescreenSimulator.exe --read-command-file
  2⤵
  PID:2504
- - C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\BluescreenSimulator.exe
    BluescreenSimulator.exe --read-command-file
    3⤵
    - Executes dropped EXE
    PID:1676
  - - C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\BluescreenSimulator.exe
      "C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\BluescreenSimulator.exe" --win10 -e ":)" -sp 100
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3760

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:4860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8a21d3cb8,0x7ff8a21d3cc8,0x7ff8a21d3cd8
  2⤵
  PID:3056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,12898478113185120602,9877345582633316207,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1932 /prefetch:2
  2⤵
  PID:3052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1912,12898478113185120602,9877345582633316207,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1912,12898478113185120602,9877345582633316207,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2624 /prefetch:8
  2⤵
  PID:2112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,12898478113185120602,9877345582633316207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
  2⤵
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,12898478113185120602,9877345582633316207,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:1
  2⤵
  PID:4372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,12898478113185120602,9877345582633316207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4416 /prefetch:1
  2⤵
  PID:4128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,12898478113185120602,9877345582633316207,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1
  2⤵
  PID:2212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,12898478113185120602,9877345582633316207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
  2⤵
  PID:2000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,12898478113185120602,9877345582633316207,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1
  2⤵
  PID:4956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,12898478113185120602,9877345582633316207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4404 /prefetch:1
  2⤵
  PID:4800
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1912,12898478113185120602,9877345582633316207,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1440 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1912,12898478113185120602,9877345582633316207,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5268 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,12898478113185120602,9877345582633316207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:2520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,12898478113185120602,9877345582633316207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
  2⤵
  PID:3212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1912,12898478113185120602,9877345582633316207,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5188 /prefetch:8
  2⤵
  PID:4372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1912,12898478113185120602,9877345582633316207,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4104 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,12898478113185120602,9877345582633316207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
  2⤵
  PID:4568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,12898478113185120602,9877345582633316207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1736 /prefetch:1
  2⤵
  PID:1872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,12898478113185120602,9877345582633316207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
  2⤵
  PID:4472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,12898478113185120602,9877345582633316207,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:4960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1912,12898478113185120602,9877345582633316207,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6148 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:2080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,12898478113185120602,9877345582633316207,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6652 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3128
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Bluescreen.bat" "
  2⤵
  PID:4672
- - C:\Windows\system32\cscript.exe
    CSCRIPT //nologo "C:\Users\Admin\AppData\Local\Temp\~tmpSendKeysTemp.vbs"
    3⤵
    PID:4692
- - C:\Windows\system32\shutdown.exe
    shutdown /r
    3⤵
    PID:944
- - C:\Windows\system32\shutdown.exe
    shutdown /r
    3⤵
    PID:4540
- - C:\Windows\system32\shutdown.exe
    shutdown /r
    3⤵
    PID:4180
- - C:\Windows\system32\shutdown.exe
    shutdown /r
    3⤵
    PID:2144
- - C:\Windows\system32\shutdown.exe
    shutdown /r
    3⤵
    PID:968
- - C:\Windows\system32\shutdown.exe
    shutdown /r
    3⤵
    PID:2200
- - C:\Windows\system32\shutdown.exe
    shutdown /r
    3⤵
    PID:2820
- - C:\Windows\system32\shutdown.exe
    shutdown /r
    3⤵
    PID:1328
- - C:\Windows\system32\shutdown.exe
    shutdown /r
    3⤵
    PID:4128
- - C:\Windows\system32\shutdown.exe
    shutdown /r
    3⤵
    PID:1524
- - C:\Windows\system32\shutdown.exe
    shutdown /r
    3⤵
    PID:4884
- - C:\Windows\system32\shutdown.exe
    shutdown /r
    3⤵
    PID:4460
- - C:\Windows\system32\shutdown.exe
    shutdown /r
    3⤵
    PID:2940

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4060

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4624

C:\Windows\System32\PickerHost.exe
C:\Windows\System32\PickerHost.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:672

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa39f6855 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:4060

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
28218d0dbd6955863ae306dd3af6123a

SHA1
3625cef58a442c0afa5ce9b6adc3005894680c0f

SHA256
4cfb159bafe6b0facf7e353c10c49de5acb9c4de71d2693ef060a0b5a7a7278c

SHA512
cac3470a175294932fa7f629074313ae11579a148b99090ae88980f0fb2c68a98d515bae8e13450bc8977ae387b797539d41350f1dc6a269bb0f43a64e5eccac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\4d0e1489-3d95-4b12-a9e9-ee4a97e0f7aa.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
202KB

MD5
9901c48297a339c554e405b4fefe7407

SHA1
5182e80bd6d4bb6bb1b7f0752849fe09e4aa330e

SHA256
9a5974509d9692162d491cf45136f072c54ddc650b201336818c76a9f257d4d2

SHA512
b68ef68c4dcc31716ce25d486617f6ef929ddbb8f7030dd4838320e2803dd6dd1c83966b3484d2986b19f3bd866484c5a432f4f6533bb3e72f5c7457a9bb9742

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
e602294a0d547396e970a07ab6b52249

SHA1
bf4e11128d7872a86f2b246ec8543e83dc8f66b3

SHA256
d88af284a04172ccb54434219ee533c375e5bd96d77d64f15bbfa787bedb68aa

SHA512
54f3ccabe4befe826adcad859906ea67d4d598cf13c6e78c77614615a882f85c69100b81f163b14deb9530a6f80fec5c8f911dcddab0369f61bb9ed6182f0f40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
711f52a51ff4610bbfac4f56bd57cbee

SHA1
78bdc1185394eca2e1ab3b3c527e700da8fbfe7b

SHA256
8cd9073f7e77420c92e298b87a6eb19f9c500b3f867df8ad4830540a46589452

SHA512
62e50490733aaaa3faddd1e9b30644cad26e27d92e55976f69143479eaf474e872e77b77a5cbaba4ae43ee741a4c503241c474f74ea90b2475fa7c5e996d0c99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
24bc91d9026dad2300cf8965563d49bd

SHA1
39e72d949af4cef19e1466016c8ef57123fbb25f

SHA256
1b6b8ff6448983a171b0e87599b82752c79a48e221a153765683307c5ce0014a

SHA512
8ec097d1530970fa6ba50d697c838d573349a69bd535ebde6bcbad0d7de161c3b549845931c04a8ae3461d4dfcabd15abef13e4e8cf0237fc13b6abcdc28615f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
456dd7417ba6e001fe10bf5c42d72db1

SHA1
4c637a5be4b2606f621b52371698b0b1b0b81fb0

SHA256
a1c9c04d6391f0665c6066fe27de8aeac3eab5d82a194d8c81293340b53e9dda

SHA512
2887c6f67a6f87627569ff97418b69cec1d3d301f0c8e24e27674984a23ae11c9964ab01e74e534acf35cefedcebc6cb477a77da3db1e4b23938e84124d04e0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
e79c9e30947001d15ca06c43bad8f706

SHA1
49aa4bb5747c4f028647815cdfb20c9848fa2a51

SHA256
3a0365b56f982d8f6123734f780b5c87044d979e3f1e27b62cce35772154e7bd

SHA512
f72f02efd96d0c1a1ff62b288c6f3d6e165f23d25ac9551ea09e975b878d491b037a4efa90afe6922518dc5390ef4396efd37b62cd405f2050f8e816708258b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
d535da8750ed0faa5a794d0e135fe109

SHA1
0055556188be9e78b23fa5c6ed2a424a816d1d4a

SHA256
9afb3030aeed98b995c47abce5827a90727eda138312cc9f7a567ab787848736

SHA512
2132f6b91313faaa8835bcd535c0f341af842f2b4adb3eefe8480acc89aa59349ffb39aa8404055de3bf3d433130f0c12c06416806be27a03e49001cc1ff26d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
df81432ec134d50a6d63977ee5d53df7

SHA1
2e608d2eee8f13996e0eb722b908b63c937e0ded

SHA256
50a020edc169a6b12f6961bfa78108b164c8dc5cfbeb220a9e4ed1a93f0f5572

SHA512
99eb223eb2ede45334979780178adf1e07f22540370e4c0e5b7b926e278e0b67e95c865e2bb29a1c420d186b116258bab4279b8d8c4fe0ee8b67cc4a478d9b9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
8c1c82d7482fd5005683462ffe34acab

SHA1
76f1a1e77e1e9424c8d1ae9ae09d30c84bb1fc79

SHA256
960e6956f292d8812fd006b733152d62ac09dadd7d96c00a0b018a461e8b9cd9

SHA512
474b0e6813e9cfec51be4a2915f8f2b47ba03b442cc3b461ad575a30c4fa61f9a28ae1f2057dc15bfe5275d6dc7d4dbd4965a7b71e6f4466b2ace92337019595

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
3cd76ee3350c4778138b0fce821a2568

SHA1
a76192d3947c85e7abb815d99430274d4e9b6410

SHA256
26492e3e21c70d40e3dbfc9553aab4eaf76adf6daed4fdd17155a33530338abf

SHA512
642cb5c04bc7ea720ac9e0c699d9bb8262593af66186a3e9d95d97cc9693081fe85ab9f5c85479c79c2a3a7de7c1a8fdf5e488c7938c79d405d198f1ba1eeda1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
112463d77a3eb19809a4c439f8f4ca68

SHA1
3c7ee1ec7b7610da695b5e48406ed4a39b6828d6

SHA256
c344f8142e91d8508068c85bf8a1adc4604b56ebeeb1c254ca60343c62d34fe3

SHA512
2b4466919e837910cd38cdeb82b8194600806ed948fd21d2abc85a85683b19c42b7a768fa49c2a467602cbd83d847a841431392b9aab5ccd335f11183a546430

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
272KB

MD5
1f02372e38e1caabd35aa0f7e63f390c

SHA1
84e0b9a72797a532b74330b5f8b81a846bfff88f

SHA256
53b93e04feb89a0672e1c31e09d34ee8ef42dda0d181d178f04b11f1214a237a

SHA512
3303cdad1afebf0e1f4ae4109dfb87d13a4fa6f25135f9cf5a32f8b8e8a18f588e58b77ce2356b7bedf50e8be10c8445cbe70aa66242a2c5096c52988a1d9730

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
272KB

MD5
59cab8a22fc1081420ebe8c270a9b442

SHA1
30d1119bcac161800096e599f426636b1dc5c7a9

SHA256
bc9fd4ce3472e855caa0020d7ba2d7f915e70a2379b94ee4a700c69f852bffd3

SHA512
2f359e12699fc3ef1f7a1214f9379f8b88d70d2817f13de06749e8fad52f1460c0b4ebd49ca814833a089783668a9cb843c4941dc34051e2362376365284b6ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
272KB

MD5
550ef4bac10897e8f05ecc477478fbef

SHA1
f01d3e954bf06e411c1f21423372a9e4c2860510

SHA256
d6de6ecd3ebd378e350ecdb58495183a3a4624c0a3fb45cc8dfd94fb13b29ebe

SHA512
ae8feee2ccb84026fed3baeb7cd2254fb34d535a2dcb2ad047121ebddc0e7740349a0618699d9aa7026ab9bcac6b5face258cb859b6b565fcfb0733d55cc4deb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
272KB

MD5
2c78488ef95ca8e48454db42f356607b

SHA1
a7c8f23ed7185cdb5f04a614dc000fc99bd9ea0d

SHA256
0c72d39d35104c31b99a6cfaca2935e072d9b285d70c94cc9db4382f7a7b2483

SHA512
08f3172ea3add5513acdb1e94fafbf24c26770d4393f6496e4568f25d34c57c555a07a13f849ec263ba01f9f5ab5326ef06c2d8942b067f373802c84af61f4e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
272KB

MD5
8d831ec48e2b9ef4e825eae35b97358e

SHA1
125b2087a8420f60dcfbfd1cd28b4552b3f6b064

SHA256
32cb88c6868d10058c605492f73da426405a1773143b08251dffb17ce828f4c0

SHA512
eda7dc9f0c262e30e4f56cf3dd95c9a2e7a33610e08a8e7a64352fefcb573184395673eba487a7ed4195ba7e80965a7c29d0ea7a0b3de7a9e82400f6a17a0904

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
272KB

MD5
aa440232701a8c1cadf025672e789913

SHA1
aa16aaff303c58f66f82d8bae43a7495cefbb44c

SHA256
7595ad1405e13641bdb1477eb45518ce14540cae14d4eb94617ea94cae274b03

SHA512
b3ae35f1a55da7878443c641294e64e669dcbd4865406f23b6e8b9090f6afafd53140ea4d4236be17483c7792b98ebfce4a6842ef3aba828cd76da9493e91ef0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
272KB

MD5
2f2a495bc63980b20b220f6de485c60d

SHA1
534d76e206d9f911df67c6aef5f765d9b3126b97

SHA256
f49fe928f96e941093487c9c96948874b96b6d550e546aabdf668cfe90ae2e14

SHA512
0c6ea278fcb493596f82d87e64083cab881b3701afc7751205386797aa3231a1562f734c8cdb22e58ad185f299ea14161b80fe3a3dc047a9ad566c68ef1ff712

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
88KB

MD5
3aab09f2dc5d8edaf897054d41b9a3db

SHA1
74abecbf488074568863afcfea0bbcd1c20b9f0b

SHA256
a60be6055a26f79caf04227ae96b288040b4c07630badb407ddca6c59f5e21e3

SHA512
8209b309506d7074a5dc9d59bc0d9229b42648b9fa471aa5e497494a40fc525ef76b4b69dd9dc384411341ddb53f4dba8c8061a47b00bd9c198a14f8c263cffa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
83KB

MD5
f39af3d5510892531fda27ec08f8d474

SHA1
415ddc14ed236d93d9109fe377869914f2b1b60f

SHA256
9d0dbffcf83c76ee5f0ab928fe1daa0995b6f2b798c76ad24308e902c0de7dcf

SHA512
88038d096af45b1cfc4ba623d31814937501d9a4edbf939025176f39136f100bf20d37eecc92410ff2bbc6655f2dad2a49b4e22c35c0cc1afdb1ee6c5341a4df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6876cbd342d4d6b236f44f52c50f780f

SHA1
a215cf6a499bfb67a3266d211844ec4c82128d83

SHA256
ca5a6320d94ee74db11e55893a42a52c56c8f067cba35594d507b593d993451e

SHA512
dff3675753b6b733ffa2da73d28a250a52ab29620935960673d77fe2f90d37a273c8c6afdf87db959bdb49f31b69b41f7aa4febac5bbdd43a9706a4dd9705039

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9e3f3d1ac734838c57878088948be27b

SHA1
a18cf57b36eb249fd9dddadf2cf61b6befe339a6

SHA256
f87b8a695b056337b11356e49722e7c4f7a5a7eaf89066635d38ce84c7dd74ac

SHA512
5bd204dd3654aa29a0b7d287b7dee71757f9ce29b72e28280429817db6014d472a96386429de4a9ff73113bb9ca010fa12e5ad66297c5d91e70a80db6a3d68d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c1c7e2f451eb3836d23007799bc21d5f

SHA1
11a25f6055210aa7f99d77346b0d4f1dc123ce79

SHA256
429a870d582c77c8a661c8cc3f4afa424ed5faf64ce722f51a6a74f66b21c800

SHA512
2ca40bbbe76488dff4b10cca78a81ecf2e97d75cd65f301da4414d93e08e33f231171d455b0dbf012b2d4735428e835bf3631f678f0ab203383e315da2d23a34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0fba3fbf88b10f5a5118204e2a14a60a

SHA1
55e3b99372f124d2e3d8385b90f5774355166b28

SHA256
54d15e8005b239ef169bb40394acee352c031fb77d32c35fb583542c1e57d3ed

SHA512
8180bd002334ac5cbc1cf98c97e443174544b1c94ac23e9115f61ebbc7909f5c69c6a606527ac2a3b66672ed64cbad76536ee9ab24e718521a1978db1aec7d68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\51c9bded-08ae-47bf-8856-eb1087cec8d1.tmp

Filesize
1KB

MD5
08ba89322510e3c4458813e2339cd05a

SHA1
f67b4288e830d4f1dc52129d81a5968f87dad09a

SHA256
ef783641a8ba43cec9cebf88bcb4a48eb079c2507e5f782e55250e5347ed5e9f

SHA512
64f42c14f6312f957f730d9bb01d8fecf4a385aea70ca3ce61769655094e783f7bb8e35c09c7fb50a2278855f78ce7498b01bc754c95748ec6e55445f8850c66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
78801c3bdb274e9e0d0f2307fcb259eb

SHA1
bec7127910152c16a8ec3087d6c11e58a607e43a

SHA256
e6e7593f5bc177693f08e5cdb384cfce817989d8f57931cd8fb9e01e63666511

SHA512
e762687ff572266934def2625beace03f8593516a146bbc7a8f1a30935d9db34459a398f64436f2ca09329f11a1677ba1ac26bb8700f6694caf5886754bc7c96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
7d50209099e366eebbcfae7137117632

SHA1
9af68b0945f4d2ecde7c0ea8172c1d396f0a1efb

SHA256
9d4de1e8e9e8043e3bddecfb28905e512d3ca34f41734fc2fcc93cdc14d70846

SHA512
26e46e50ccb3d3055a898d6439f8d6f1bea8a188c1aaa7d7ad78752b6001da61bd1dea8b4a9c9d9117a31d560a1a91a4dcfbcdc678d9a5dcc9af8db3e51ccb7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
479b0ed123d92b73b3fd79d50202c6e5

SHA1
3e13871931722bab6715f7b8b0a299cbd5b170b9

SHA256
246a86b9ea95951a48c73f1aaeacf73c0db6b80ca9a93d7d6cbae442eb182e54

SHA512
107f47a7564f5d0631f06a6b8bd9b99079cad96a75cbdf13d596b35cec2fc00d07147cee5f62a9a7f8ea587d78adc75f57c279970ac352703f590e5507d09674

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
c375149c550cc8bc755dc6018d0fbba7

SHA1
36aa04f008c95ce6030ee7b142b1547187ebf55a

SHA256
2a55303f329cb091684f2ba64f6305ede98b616a28b54ae32ed7dcaebd754214

SHA512
35676278a92165c6139e6d8e95af95c94cfc3453b154f95f42d10a99504581ecb242a6df15d5915921a262f4be73584b9b10de638d2d2931bbe382993f7d02cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
18KB

MD5
b7c77b81b35ee8966e744e1880b702c9

SHA1
a70f0bb2690e7f8e1c587a0979b70f13a5b08cf4

SHA256
a4b7d9fc3d343c447940b0ad100e269ab7673c3560d848c3904b1c98999f6c90

SHA512
4012edee4d97d765b014be35f0e139ca119d99b19afaa376873dbb86c8cfe572f23462efe4c9bd58e6702aff47296a6972637911b0a87b625900719826ed3276

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
efe72ce318c60191102c41f4cd7c91d5

SHA1
8a4f9e431034b16115a1f3e4daa68914b4b79825

SHA256
3381e4ba1be92d16c9b0b9afa1234c3b1d72fe17ec0927f1cc34848cd247ea1b

SHA512
222b3d62c33031dbc0ddc05b27929ed15cdd0e00b433eb431dd59682587b3ab78a6b368ba530d2137b8507b6acace93d0ac71ee8993987d774857b4d5819af3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
e1a6504b8ba011decc9ead0ae2647f99

SHA1
927d0daa0cd29e1f220af8416f127d666269be1a

SHA256
3e5897a0c4aad5d6b841203dcf10be7554c47a09f7155126cfd5a9f82dce8b3f

SHA512
eb69bed7af880d372b9c6e45a7e15835e1e7c7a46ef8e6bba3ffc6420ebc3846d8167d235fea98583189af018a9d7d41648d0ed8707ecd933eee3179f48898ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
09f7c2281f4ec61ac115c9a816e785c5

SHA1
930f7d18480f0a0d8f22dc6b0714ca28df939605

SHA256
d38feed04890325fac066b6e41817a77c20929a2282097c2fe64884bfe1bfd6b

SHA512
d1bd3cf037b885492e51d7f357d122036227cd7daf9dab3bc745da8c2a91c38e6fee91e86eae1a04cb95ea6753e6508b06fffc3b22480188afbcbea8f0db68a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
28KB

MD5
1e17fee5edabe925c5c8a611aa64597e

SHA1
f0f79bb18c626ae9c927982a68e7d89c00eb24fb

SHA256
c06f93cc58ecd5d3ae8d308787a3bb75fd4189721b1c7b1ed475e1f6f9fb1ff8

SHA512
dba624ef70702c4d3c1f811289d8af612d00e6bb0c2977f22a1a522ce3d2330dadb81001f81f250ad6bc319ea59ad482b635f5c00ae714a28f0fdf4ed083fc4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies-journal

Filesize
20KB

MD5
a14d95bc2ba5887a72ac64c38549c9ce

SHA1
80fb6a966b9d72ea750031e8ac124bd12c66d935

SHA256
773f7bbd0e7ac643e64c598ab24c618efd7d773dd0dfda1cf8c944c5a69f0233

SHA512
8da6b4103ae05ea9d9c6e76f4c2998e19639e38b2acaa047e7da41685d614b7e3d5cc0fe72b89649cdc8e2110e1d00ef925b580a09911dbcdfd3836df1a7d922

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
28KB

MD5
4f395bded8a74c9ef4c198e911acb442

SHA1
b1f16222d3ec4eb1c9e76979154b224189529b47

SHA256
22761bc3c14ceaefcb2eb4ae24e856ca5191d93a7f6c3065a63f23047f9bf8de

SHA512
0855d31f14933234c762613107f8dd7a1ff2ac4bd4f1c6332550aa010a29da93ab55c73c044da8c3975a361bea3dc86cd10d1a68a737d2bfaed9c0f13a079b26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
6190244f8bc213c246cea62e13dad21c

SHA1
2234b2260d49d61df406373cef40592cceead2b3

SHA256
0c978e5d6c0542e289a2cb6154cc4c6140bd07e41b8e175f6a7091c45153a6ee

SHA512
8ac6c5837ac5668e838af103bd898d66888a9f590e5bcc926f87729e2c3ab709ac054c7d2dd48de2a836241e2c7e1a3ad9a3c96a52e45feacc0fc53e596293ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
116KB

MD5
f84be7a4b2b2972afb548168d0901fd8

SHA1
53dfe07e758368253f73ff703cc9e0cf3f2466b9

SHA256
88678eea175ee8d1d0218282da7b6e900067838af470bab00d6098e5ba4dd45d

SHA512
41cced887aafdd93541f228f4d965c0b739fe0cb59436d6f04f2014ab8b6268167e73f645c9c5b63854d1a685f37bd3ee78a678ff5ac28782f1dfccb8556857b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
3KB

MD5
2a7988426baf59d998e5d18107b2ae8b

SHA1
c2727e50404da39a9e9251c9f1aa01d9d836e863

SHA256
114140a5e097a3adc05e2d7b060a20a695c58e0bc8d0811003df43efb05a5d00

SHA512
988aefbb306991c14cd16a608fe1647872f5dcb4f141037d61c34e4607fb04167929315f34541d82b994d62dcb1022c0ddd3e3a894be5fe3a0ba05ffae68b023

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
11KB

MD5
e3ca1c56a85909a2e047fff1dfbfa100

SHA1
dcc003958d8d9ee41bacb44fbd958c8a20db5b95

SHA256
3f5a4982788efce4f60a6bd2b6e2d4e4e60465fff24c4e2b8925da623bd95c3d

SHA512
3e3d9afcb3f00134c79fc36ab32a15969e5b9e8e37eebe84f97c7615114562f9204eaf23a46c76911fd7c66c9a107adfcc45a38bd2bfb1fb8ff5502ca7b56d97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
5c64ada63c409e580b6e4ac359edcabc

SHA1
dfe503896a26fc3aadcf3c1533eebc72d613e02d

SHA256
6bfc776a1244236e8e171901f9cc030025dd3886c81dcfd6b85936ae6c1bbeea

SHA512
c5ab813d769bc76667099520c168839e32d6560c527fd711f5af9fde2c64c9db4b831c2d2aac7a2bf8803a3d93763fc4e7c9dd988b59091ec64b8c1b5a2471a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
d3f321d00e1be1b49699bdae15d316ad

SHA1
2e3e053eed5981854a4577be8f6851195c8b42ad

SHA256
64e3771042ba76bba7eea678c84c9d9072a57ec1af11c7ab95e4c1e1b4c0c623

SHA512
5c88f30d9b3f69f9dab9405e0d969f0e41cc9ca8e0525fca5c90b500b18732b289bf3dc0df5fe5cfd110f482033c058c49c70667311d036bd4ea0700491c7804

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
60981adb2cf8d06df1a9d426f2baac71

SHA1
971738509058c7de1d1a75112339519fd61cfc30

SHA256
148246d5639c2877a76387ee73037f0e9d8eb96d59eeff2a98281bfad6e78f50

SHA512
b5fd0abb3e8caa4b691664ad45d7f1097c9c5a6bb852ec13b48cc032c3e2251e178d827a6a7497be53162c3dab6e8e3d5781fa51bb02add67a802ac620535d3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
97b0d44f575c72af9a9ecdf0b063e6e9

SHA1
4f85916148e98c9dcff7b0f46ef8b279998b0e55

SHA256
4d1e85f0cc17aaf14154fd8b50aec5c763e57a33327bb586ee79905c853e9c1d

SHA512
84027c8dec8ee00e8fff2f87681522d02684ec2cf5872eb2d1707b8eaa2abe236ec5922ea977c9b7107ce4843df1fc5b83a52258e90de39983f23b9fc4ee55e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
770c2a2c94357d5d98ab87aec4000667

SHA1
0c23656d87ed065aa45c46c55851a16d7098c1ab

SHA256
858186898350f7f5951d272ee834bffe09bb5084f2b7f7a001ccd340ba8ee04c

SHA512
c90f68e4549cee36afeb497a0c419b7c8abf4ee74aee9e39b03e794e667a9de050167a50132e410ba4eec29d733ee5000dc0ffdccf5182f5cddeb96767e592b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bb6a00528b82bb06fbd6bfbc62d8ae64

SHA1
dee0af3a6f8a6a8f644c3e62fd25238c44195a2c

SHA256
97efc51cf8d6bdec0dbbdc756d03cc9d12e801668621cedc0017cc42497b1be4

SHA512
d213edfca3ad1c2b343bf3617637ab6edc84e42660a0a09ec9f1061cf6d7c386c8c82e73e895f3a95309580209c9639a91958fb76edcdaad53e60e751230a7a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
996108fe74e28b420f0a19684e32e0c5

SHA1
304843dffd1367884eb4226a5a2516617e90a449

SHA256
359ec89fa48d643a5001b2b04276cc11de7d6cf2536f5a9674b0c748116cfdc5

SHA512
807f4429ea51c4f24d094dd49997dc7d0ba7ab549030ff1d76fa8cfb7cb14e51831c79cdb09dbfd76f5d6e46fa018d92eef88ad33180b63f9fa93b1a1e80954d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
877b27311869310e4e3663f909d57933

SHA1
ae0fbd674588f895f5d4ff59206eeabcde41f93f

SHA256
97f1c32455f5c3ddc1f24c26f954c665844650b75b5668e1fa619e8accb8876f

SHA512
8b6bbea004d544910220e772f62cb35b8f132436b8507c172d80f597bc1a5b0da2eb0643b36cbbe42266bf895998b809f19714cf5ce5cda4b81c5eda610412ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8c7aafd4f8cf05d0cc51a769610e664d

SHA1
bf1f96900115e66229ea685022d5a441b4ca2f25

SHA256
614cac3ff8198a824d021a77821563697cd907d3b1f6e1e56c63046172661790

SHA512
a4ee4472dc7f43786917885d97edfe105892377ddb9bdf74aa3cd957bb346cf505f8e77d8f8ae10788d61bf36c66477f8d09822510c7806f6aea2b08ebd09969

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
1e118e6fdf3524be996666bfe2dbfbe2

SHA1
14694b59c43846d2ab2473af086ab0c5f79115ac

SHA256
996fb83250d817f1b6acc42d37178026d59a245d6869be29ab3c1b6a474e5870

SHA512
62bd33a80fb35e301c57a3150866203e1dbf43b13fa37c7f1907a722fb71b709457ac626d0e79a9d7263e499900ea4b2524538d6ebc3a27148c10fac43075095

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d411ace4eece30bf53d0a29c026cdbf9

SHA1
6587a20f7973cafdfd810573b3679561ebf8f752

SHA256
88ce7cd996b00d95072bc0f4cddd41f41e2e1634e449772840089307ea7c2664

SHA512
6fcc74585f22d1d230e6f956d64e6c65515b8e36e3a9add68ab47fbe08a51cf8474a7c4a6ffa991b5c75c828080f78a8dcbb59191879f60207db35216f9d40e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2a52abe72ecb278373090f6879c19cf7

SHA1
95478cabc506b2f43f826304045f4828f9fabb23

SHA256
b431217a2b75c2abaddf9e1f1766947aa43ad56c4a5aa72b2a60806a5c6d4390

SHA512
3ebd53d84cc2b91ac7f2a7c5eb555bb5bb68bcef750eb32d8d41a0051a08158434d2518b17771429474f9b7f9e1310b4a9ab6184741e3a198300f6229f2a4cf2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1c9777a333af9f3043d8e0e6d590828b

SHA1
1ae25e6f00dd54cc2b03461ce6acb28f0db4d2f7

SHA256
244f8b62278824880bcd3ad13c8464d54e8188da93a76e5707492514a0d7922d

SHA512
2dd174be4154ad2b8deafd1c9695dca5042ef831ed92cb330d11300d302156a95f01a2fe191658fd682003b4e6b9b2275cefdccbe5c9e6ead0608547128eb903

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
202d60ef8d00a0bf493bde5d90263b71

SHA1
4937a57a74948eaf76acfce4ae445f4fcb00caf5

SHA256
b70623ab686a322e7f826f547d0d04c508df383ecbab7dd3369515087ffcfdb7

SHA512
bac6a0eb67321b89b3f176f1b0aaf637759ff6dc9c4d16f871009ca9f30ac65bd69e6c9a069680105faab398b7b34d9794295da7b3d47fc11f34118b73b43f80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
90cb9c0dd1b9b46f09c4cf155860979f

SHA1
66046922d117f5d2bedb8734d47101362d46ca37

SHA256
6ab6af0b6e10cdc230af32a772284e82ff087ddb77b0715ee4f43629b8bf04f5

SHA512
3c4875ce4ca43ab21afa1bb42d02de44e17cf44372fd732ce3f61286ccd5835b028036c82f698a3da74a0c1fb04b5343ff2cdfa2e443ab9ebfdb3ba1fb749a6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
16be933c51a9808ad8aad1e735424664

SHA1
31c1c3ac92edb828db4d49ae5bad65c926b49657

SHA256
ed274d15cd46a5e131f6ab7422c78d3892f013bc361744dca47841b1fc153575

SHA512
7c68682147b06c2f41d5a212de549c96717660aa39fb4b1d49c2b422983751adf308ecad6ee48a4983da14c39e73793b41ac5fbdf9af1e79d35f604f7406debd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000004.log

Filesize
383B

MD5
b36914994ba543f0fcc146e30004b5a0

SHA1
f05edaa3eb82271463fbc2391accc0dadbd3c203

SHA256
a2f770374de8805f712d10fa4f707c05db89965efbfdfd97b852b46fac635457

SHA512
a6e08705a3eb845875ddbf4ea1502b8d8b6d66e9f29cf6d6c712a156575c60d10af38acd8e98be6c45af01d7b3c182ccbec2f5a9b7bf75db57dcd6d95437e614

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000005.ldb

Filesize
495KB

MD5
87acd3b18ffbe907ebdfd2ed270259cf

SHA1
76b31c24ae3f179ea3af073b8e9865f3d25332fd

SHA256
f400fb43e02153d0a663a170de0c196a38511f706a1a6aaf62df53d6dd42919c

SHA512
4df120e1f10e374ded781b57618aab06bc526cbae22905285b069b0f8029280e5f0e709426dd8cf2d91a553641c9434f8ac50256c43634094661cc7278e5a2e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
480B

MD5
04d485eb5e2f62d6eac7c8850d4d8be4

SHA1
77b5d1100c090665d73cff977744030471a136d3

SHA256
19682d2fee415fa3b35ed2cf240c88e9f466a166ba7a9a0e9cca58b435272827

SHA512
47b5c2ad0ca12115d4d16168d3cbb0a12d0705f0f74934bcb57c147d139ba5ebf936ee122384b89776bc15fbc2d15eae21c45434f4211660548a326b98f782ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\MANIFEST-000001

Filesize
108B

MD5
b97440de1f9819f21712a4ea48013b29

SHA1
845afaa1184f57922a451b0051f0787ce0525bf0

SHA256
c3f4a79b231143f545e556a7c3c1c1190337373443b4467325322e05d258356b

SHA512
ca53e0e23e6e38188491916392ca7042b6d77df8c23f7319e8ce62d813dfb2dedbd2779bed0711150ad7488b8b52aa0f02357fefe95c9e95fe461f170ac9612c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13364283319177068

Filesize
10KB

MD5
7c46858a43d797e39d3e958551d251e5

SHA1
f8b6007ac5d70599e2bdc3734376ccca2791311c

SHA256
a425416d85701a34595798a0e6bf53db3f3bd253a639496c1e5ab8ff018c2cf4

SHA512
fa26975854777accf6ab3865e5f86a4185549226fc74611806049d5c16d0a215727eea67e98363df4fc5fa65050d73e84d108ed40512a6af8154b46b1983f17e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
184B

MD5
e2877c337cf08cf3c6e89a02b5770f67

SHA1
631990de2ff528a8dc1521cd78a22844c5d1f630

SHA256
83e4b1117a8eb0208326d96901be1034ee49a9009df1bed0ba023a4f1cc2a158

SHA512
b212c956c5735fac0cc90c7c1ae07b16bf4a0e6df4dd4d7ca2191b5902506cdad2889cd943a1c7d1361c1c926cc3b560e219e42f51a9a194497a2034afb55f26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
b9535f42dafb372c2ed9b477a977ff57

SHA1
a8907df1bf65af476d214b0745e59eb89557978b

SHA256
e2df4725e92e5a285cf0b35f53e4e05781e3faf2a1ed7dfb84fab1f428387420

SHA512
f893a2550257c34267ad765ebd8a202734cbc71bd4ed065a71fd61e6fcecaff970d650b98a5a719e189f92235cfed637fd26741f8f979cc72e2681a0adcaf552

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
213ed2d367b9ad2e829f6dfe15dfe454

SHA1
5e372b810e0bab169b6c6329a800f6c44f1937de

SHA256
631d2b9a0451324f38ab05bdc1fb34d1dce182963e65bff25848e9292d02bdf6

SHA512
8b12782700331c8f826bbb7f722f9a034fbfcc9256ebc8ba6bc9bf9c8524cf29326d8b7822d687c2ae168d1a09c67f3b5f30c0920464cbddf5425d15b4ff43f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1b789d4118a4725134f93d428a542516

SHA1
d5c821f5d78ccf8e4aeb9567fe42cba4b8f00b61

SHA256
9e1afc2dc1f452477cdf2bae5aa62837018aaca1200a291df42195a75d8eebce

SHA512
a12fb12bbf043401b03fe4a0eed8f072a4f19fbc7383b6d89cd54f82133fa310bb73e3826663612f18e8a6bbaa74f57a14cba400c304149a07dc486809780fc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1124f8ea5bf8eb32327e23b5e83ae8e5

SHA1
da721c30ca79afcea63173122b0cb554395bbf04

SHA256
3daaf538d5172318a1325c7bfbce5676249c72e62321a21ec2443ed29ccf9e25

SHA512
4cf1b04d6a4cb13ec1b63edd6977fda4bdc8ced1f6aeb11611eabe341a6ab5255dbbb244eef4c73cd462e264ea2e2983015e57fed85f4938f4a964cd83afd591

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6899a929ca211a11817736d447d918b4

SHA1
2470f63c239ef2efd77b90020de99789e0380e09

SHA256
0ec9cf081b81b12e359b576145fd8e7131c8cf754748bf261f021258a8e6e169

SHA512
94ef78a0a24bb94a25bb02d4a0893cac38404dac7bc242a4ba8b3c30f9f6f7d907660c6a2443bbd3da9a931bb692dae50f8f09ee0716cb4140c6c89310f48a5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2fcfeb160b9eab79a1bac9381d01f7f3

SHA1
4d81e3f1341c098d557b4cb87ff988911a027388

SHA256
d4a011f98d8f2e48a351da66ec15328c0c5dc3ce635cfeb6c2d0147aaf8906af

SHA512
6cb0ca28b607576b6347b250d1da0765e120883cc1df9bc169a56a71c3d6f4fcdf1629d55fb2f3c031907b7d6b0e3cae5af42f84073d82bd22394ab4f2231a11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f59d94bde6704a5a543a0e49715816b8

SHA1
23772aeb84a94fb8e073a940a3282c7a485e9a30

SHA256
896a457da7179fc5afe17b305df59025ccef3d3a9abeeed4cd4e6fb192895d8b

SHA512
74b37b49bba06e2f075f7e6789f19b7a83353d70b627ae68d7b6e2e1edf56befb7b276944d902412afbbbe329b85fd51b770ed87ec1943b9068dbcb7204cd915

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
04a71c116dfed239b2a96d7dfa3dbef4

SHA1
4d36262044bf64a08619663a6129af59d2ced77b

SHA256
2af95aebfd20a20a94678c80faa9c381d4de93710a77068f5d8ea7eb90e2f43d

SHA512
c3bd65286bce956c931330ae8c7be5e8c27328a784dbd520da314dbcc3159141809f98ff38284fc975a154f7d78188d4793124aecff538ea547bd4c74c564a1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f3b6b5cc09e64cc483299fb83036f278

SHA1
43d6d7facaf0ffc3d4d08cec64d81580b383b26a

SHA256
3b488e3c0ed8cee233062e9c21fbdb651bf491bcf8e842306b54b107b0e5fcde

SHA512
4d129bf6a310d6b00894136546be832d6dce39d9ce173d3485af7079c42a62e06864f589e168baf876bb642187ee3e2e98a9333064d1461157941f5f873d7788

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
de3058670a9e184e14d35f39e944f7f1

SHA1
22db93b6e3253b169a8386b01f5c5be27311b436

SHA256
dba17ea950d33f679991a6d5688d841b537625d3db161a61ae1019cdf32f1347

SHA512
0b92272a63cdc2a1dbab1151072e8ea9674ff8962c504911b8bd4bb662fcdc398adb169d5e2de9e3dc7496a0a62dc9bee65ccb89729534a285540a8815c61ea1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
d9c5e2ee8740e8f456f2d7764d406524

SHA1
cf45c49e6409e2a5ce727eb86aa9055f8ef04cd2

SHA256
b81d892c34d2eb57b218b7e3159b1dcad528f722e579ffeaee771ad7f7d61ec8

SHA512
f491406c89931b0fe881ae2b98733a916a38246cb3dfa51566109a461b8bcdd9efbafbbe36b05d8826dd615ede92defffaf35db86badd42498301114af927e5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Filesize
112KB

MD5
782579fb7c40929a87b25f4b74f6e3a7

SHA1
30d49a968cd228396271955c246d623d6ee5b7be

SHA256
c68dd41ffdf51a459dde1fbacad2035ae3d673ada16f339d1cba1f94b8e4b8a4

SHA512
55356c68f8b50f9f0e4186fda79745302c465962d655bef4ab1b4519d303404d2da1a50c89ed252688128b3632746f952d68cea514e0066cf6eb82b1648b9b02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
72KB

MD5
726e0e7b6e22c1940e0a1babfa647015

SHA1
178041f2e7bfcce38c534327f53cd7a439503443

SHA256
fc91dd3c004452f1818ec648a63bc61a6316fb3c9ca25c7b19e8d3fe4b7cd310

SHA512
7b4209da2b04fd947ad13a7eaf0adc2e216b18a3c02b8937e12b733a92dc70aeb3860c9ba5ef6a4f3cfe36b4877a1aedd92662fbf4a1e9f6b0e2aec7cd0ee305

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
5KB

MD5
8630f88f062d44ec3baf89e1f9915749

SHA1
a38fa9856d4bdedf2b2aeef895d31d0566b4c219

SHA256
80a717cf54078bdb9ec79aa57afab6a3c0d51a862c583f2bb32ccabf9b7c511c

SHA512
e0ec6d5b1ab1c9b2748bc4155e640ccf3656fa3e28636c1156bc4c8517994b8ffbde0e8aad93bcee792f58e1563f79a09c3566fd46cc4557f3f3b4760f2c5e30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
322B

MD5
c744a241f7d6408a51bfcffe291b3a38

SHA1
4f29ea0a4294056460fced740730f93e7eb57d72

SHA256
2f5f704e3d081daea3b35904df081f3a64a3c46f9c955c9c828fb12a00b3114c

SHA512
7503408f2b19f22e1af7d7ef8957817d43e8c64567fa7e7eb45e4abb18628cbc3390ca964ca5bc155b75a26d8a75f892c8b0f599232d5af37da5b8fa8aa7fcc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
318B

MD5
b7b7d05dd5dcb3dfa8292b17bcec8f69

SHA1
e98464d3272e4bf1b4d680ea5a7ed41b09df7594

SHA256
d9c2a61077dcbfd626391c622c4c4ea4a7ebbb67bc782fe1f85d391276fcb857

SHA512
8890f8d6a91f4043441540b333389f29cf3e0f00870414df91f700b8273b7bbc32d92a8923aefc955a99fc6b3f1f639f6fd5aec620b5cbc39933ee583bcc8311

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
340B

MD5
0ffde23928002f2e826101e0fece78da

SHA1
5f24625c51abbdddf88af053ff1621d9a11c81c2

SHA256
4dc1ba4c5a5772729373715d1063ba7683257b3d5ab7f7521b972114c2b8e8cd

SHA512
511f96de7167654dfffc6ef95e9ec317a64ca52858d3e5258964f6aeec9eacc0f4063e36257ca0148967f7497a3888d09c4c7b0e636f6ecb2c3858b0e54bfa61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
0447c6dd1e84c20b66f5673de6dae86f

SHA1
8af2a2f62a3cbb11535c09c1861d12d2c9793880

SHA256
113670556d0bf64c38154468ca5d2400a13f9a3cff3b440d1b8f103fcd8aaf8f

SHA512
7f2f5dff781a54320b3262a45830b301a11220dcb7aaf66f3662a8a8ef8dd7d1fc254d21e0c7f194329069d1ea5b2e481b9a26e89d58d2d4243ee20a76245ebf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
d709e5d278de521ce3c08fb93d83e303

SHA1
cb5674129939652e113f352db437fa5411467579

SHA256
ac3b10b0f53588ebac2a5bb9195b9f7f4dffe1d4a418f9bec81292d39b6ba7cc

SHA512
67981afa87b71c94d2988aee0568fddbf2ac6d53d126c7b0402bf281f0460be5b74c29e19b6e681f9f55bf7c3a158066970a6ac58d6e928465278817220928e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
60a503cd5df3f9c00596d08175dc4598

SHA1
f92808dd8c69ae77785813507447d530d3bd478e

SHA256
9c3199e69c9f8b5c8565815fa38f8610606cd62b6e5a8d32f01a7638b801fb44

SHA512
74739a38822b0039e4d4827d3ffe0f6db9ebe1bf1fc9cbfe212fd075383eb4036d1868f95206a82683a1a7c91a03c96f8358076d7158ce45889e540e128999bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
b29bcf9cd0e55f93000b4bb265a9810b

SHA1
e662b8c98bd5eced29495dbe2a8f1930e3f714b8

SHA256
f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

SHA512
e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
94db2a3ce727c04f70ef08029d7a1d6b

SHA1
d251f343c2d186113e75ba71a9e31c428f6ad594

SHA256
7045400f84c48687d12e72b7d921a38ff27b7e4248aed52607e90fba8093a33f

SHA512
caf96a9c5312505ecd6e7659bd0770dbfbeb55d3abc94de9b36bbce880c66d1a4d6e9e4772d2925a2835b5d3377fb214189ef0d02f2d4527d7b8c0004ba3df5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b617bbe772670b615dfaf858978ad376

SHA1
b64b9d67c963f6bdc61a4f7986a0f862f828be3a

SHA256
5d5959dafd1c4629116cbf303d66d2aafef7ba3201eac937c5fa06efaed834b4

SHA512
aa326044a973e200799f1e3961ffb7836d728c4233edef228f63be0f4fac52804f59f3f56d3f9739216c02232d8a2ae4b77ee6f9eccb54a7aac3bbdfd79f2d32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
493007528d3757483c92faae7cfd7a4d

SHA1
d6bda8c6afd1947c27746359b9ab7acf6b6ab610

SHA256
50fdc2155e46d59088c16e3d503b7a95c361c8699054b546f76aad494470af73

SHA512
1d74c0f936f8aefbe2ed6fbfad6a82eabed2dc7952053ef2d84e72473d3a44fac9dfdb1eb89cdd97c59ae9f2d5609a5cf7669fceb7b8a5403b4addd09ab9d7a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b02b85ce57515066cb69985484ef0900

SHA1
4b0f7510736cd912e493943212e4d7222f6e1c28

SHA256
5900b37c6b6acce85db96c11a1dc8d946fd9d1f5a50c857e0e3049164d016148

SHA512
ef4554400b1c2825d96694409fae0c7669fb815f05fad750ffadd2aa4f9d7704b88e32646702f230657c6bf4a86024282330f5127cfb0910f09a53c4a98edb91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
12db067d1d8a666d4acc77ea6b01a4e2

SHA1
84fae8a9d71e6b6d8af9d9f47b1e9be500223300

SHA256
e0900c99c6ea031dae3c8ff7db057774d89375b1ad323aefafc3dcfd826daa5d

SHA512
bdd46e38baddf07d52056de5d414cd090a32f5b4aac8ac9a1092f902efd163def0e13925fddc56c5849f9fedadce8de9a59570c6ccbb40626ecf64fa25f97182

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f5af89a2639c6aa92b549f7596d51159

SHA1
f3eb2348b35ef6ee81b789eba958914c2c3764b0

SHA256
5d955a4798f11ea3852ad51dabded94f7d3be1cac8be46a6dada4f6bd630a487

SHA512
3e63967c251bea8cf20e6915c5d50ebfc8aa39f2f6cb2e9ce429200353d7f71f49647fc503462e34bc051390173174926fb44db4f3fe1d3cb687a5e91d2910c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7a1def62d44fc396571380463a3f442e

SHA1
75a0ff1109999f9056c6ec0d8378ef9e114bc63d

SHA256
b37ebff6b270b26927217a199d87602d9b46fce82b902e92e83ed058353df814

SHA512
cc42b7d4335f9f888cdb75be06a63e820a0a905918e87abe6923516fc38802d1deb1283cfa005b03f04fe7982cc4362174a689d3df63a73acfac11a78139057d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
ac68e567a837fbea700863a9f7255c30

SHA1
a86432e79d3134ed3754fe1719719928a194390b

SHA256
858b47eb59fb2fb6607ff31c9d3c0f9188634e56c7cb438817c0002ee0d1ee72

SHA512
22fb309f3c9ee1b38caf625e438d0e7638897d594691ae72b05b0b8ff3fb77a09d6287c2c82cd989dab3d4e5441f9fcfae42a379d016cb9e4816d80ee623f263

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
45ee1d4b3130cb4342b448be9795503c

SHA1
c29fce0260fb56f5d346684629c290881f6ee7cc

SHA256
16be7b48294e5a30d5e51c5eccdce91eb590a5bfb8513d12f97c08d23bd57d4c

SHA512
c981f57632056d0ca1e4b0ed57e92070b719036ced23a74256fa6dcd538170c31d3656b1c37a1cbec1abe8c5697d5fa61ee32d7e09203b60cffdba90697a324f

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\command

Filesize
23B

MD5
b8101213ae4a00d80aea33e89fc18354

SHA1
4731913561f6a790895679d52cbb60cf92085399

SHA256
b5a4c60342138bbe6329eced96ec99eafd11b70bc72943020a309f3479c2d9a2

SHA512
bdd899a12358ab5111de61fe0879cfbf28b925aa3d8d3f02c98e0ac7308965503881cc345a594f94f8d8c0f13e5cfdede285a4c05f7fa5721d01212fbe19289f

Download Submit
C:\Users\Admin\Downloads\MEMZ.4.0.Clean.zip

Filesize
12KB

MD5
8ce8fc61248ec439225bdd3a71ad4be9

SHA1
881d4c3f400b74fdde172df440a2eddb22eb90f6

SHA256
15ef265d305f4a1eac11fc0e65515b94b115cf6cbb498597125fa3a8a1af44f5

SHA512
fe66db34bde67304091281872510354c8381f2d1cf053b91dcd2ff16839e6e58969b2c4cb8f70544f5ddef2e7898af18aaaacb074fb2d51883687034ec18cdd9

Download Submit
C:\Users\Admin\Downloads\MEMZ.4.0.Clean.zip:Zone.Identifier

Filesize
652B

MD5
0d5b03ea24bdf1a23fdb000c04da2e4f

SHA1
4610ce8cfe7ff5a0e0eb1e71c614cd52310dd601

SHA256
2c0b21ea96ee2abe4ac17cb77f133d4382156542d794d0328c1324d19e4c5ae6

SHA512
c94ec628dcb9ee6d4c535d5e838e93891e45eb92b212af50a399ec844ecf0e05a0b7ae040de40fd2102bab6694fc6a178c1a7e571c970a7eede6ffa116243f27

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 607178.crdownload

Filesize
436KB

MD5
647af7197c5b9aa9d309ea47233d3134

SHA1
6d74bead5bc149ee03960c1fefe6a05779e8064c

SHA256
3a0f137e7b29fb6ec6636104d95588d4155cb188734299b61a87120fadeb6c9b

SHA512
a974c24c624f28a3e84f9189a069a0d89d412fbfde4e68f7494bf7c9ee1b610c21182a854a16f9fefed17be3488c6743083afd57e9c3fe790deaf7cee8aef09d

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 952547.crdownload

Filesize
1KB

MD5
ec25501ede2d86b7b92ffa469f6b7262

SHA1
d1119d79765341945693395438a0d8209132a117

SHA256
88e555414887a5c50e602b33fd295f47a565ebc8bfa6bd4ec7c7574f5eff0a75

SHA512
5c192438043de266e20bf4897e56facf1e9bfff689d5d8487c9258a1dec75bb05ac4850db0e22617844056e1b1452252b4f1521dea6d780a6f299ce5b2527de8

Download Submit
memory/1120-1073-0x0000026AFB830000-0x0000026AFB9E3000-memory.dmp

Filesize
1.7MB

Download
memory/1120-1079-0x0000026AFB830000-0x0000026AFB9E3000-memory.dmp

Filesize
1.7MB

Download
memory/2080-935-0x000001F75EE90000-0x000001F75EEC8000-memory.dmp

Filesize
224KB

Download
memory/2080-1725-0x000001C53F2F0000-0x000001C53F4A3000-memory.dmp

Filesize
1.7MB

Download
memory/2080-936-0x000001F75EE50000-0x000001F75EE5E000-memory.dmp

Filesize
56KB

Download
memory/2080-934-0x000001F75C9D0000-0x000001F75C9D8000-memory.dmp

Filesize
32KB

Download
memory/2080-933-0x000001F75CA00000-0x000001F75CA76000-memory.dmp

Filesize
472KB

Download
memory/2080-923-0x000001F742160000-0x000001F7421D2000-memory.dmp

Filesize
456KB

Download
memory/3760-1731-0x000001ADEC9C0000-0x000001ADECB73000-memory.dmp

Filesize
1.7MB

Download

Resubmissions

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads