hxxps://cdn[.]discordapp[.]com/attachments/931963858116042823/1260441138456952852/Mod[.]zip?ex=668f54c9&is=668e0349&hm=e2374df893f4307cdcbdffc8dc605d68bf193b3054c24680a8b87baee3b7f8d0&

Analysis

max time kernel
399s
max time network
409s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
10-07-2024 03:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cdn.discordapp.com/attachments/931963858116042823/1260441138456952852/Mod.zip?ex=668f54c9&is=668e0349&hm=e2374df893f4307cdcbdffc8dc605d68bf193b3054c24680a8b87baee3b7f8d0&

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 = 200000001a00eebbfe23000010009bee837d4422704eb1f55393042af1e400000000	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{80213E82-BCFD-4C4F-8817-BB27601267A9}\FFlags = "18874433"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0\0\0\0\NodeSlot = "5"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\ComDlg	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0\MRUListEx = 00000000ffffffff	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202020202	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616257"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616193"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\SniffedFolderType = "Generic"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{80213E82-BCFD-4C4F-8817-BB27601267A9}\GroupByDirection = "1"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{80213E82-BCFD-4C4F-8817-BB27601267A9}\IconSize = "16"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{80213E82-BCFD-4C4F-8817-BB27601267A9}	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{80213E82-BCFD-4C4F-8817-BB27601267A9}\IconSize = "16"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\0\0\MRUListEx = 00000000ffffffff	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{80213E82-BCFD-4C4F-8817-BB27601267A9}\GroupView = "0"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\NodeSlot = "4"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0 = 5c00310000000000e9588d7210004d4943524f537e310000440009000400efbee9587170ea58831d2e00000084e101000000010000000000000000000000000000003d9725004d006900630072006f0073006f0066007400000018000000	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\1\0\MRUListEx = ffffffff	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	msedge.exe

Suspicious behavior: EnumeratesProcesses 24 IoCs

pid	Process
2508	msedge.exe
2508	msedge.exe
3872	msedge.exe
3872	msedge.exe
2108	identity_helper.exe
2108	identity_helper.exe
4612	msedge.exe
4612	msedge.exe
4896	msedge.exe
4896	msedge.exe
4068	msedge.exe
4068	msedge.exe
4676	msedge.exe
4676	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
2840	msedge.exe
2840	msedge.exe
4772	msedge.exe
4772	msedge.exe
2008	msedge.exe
2008	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 4 IoCs

pid	Process
4068	msedge.exe
4676	msedge.exe
2840	msedge.exe
2008	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 23 IoCs

pid	Process
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe

Suspicious use of SendNotifyMessage 34 IoCs

pid	Process
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
4068	msedge.exe
4676	msedge.exe
4676	msedge.exe
2840	msedge.exe
2840	msedge.exe
4772	msedge.exe
4772	msedge.exe
2008	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3872 wrote to memory of 1632	3872	msedge.exe	80
PID 3872 wrote to memory of 1632	3872	msedge.exe	80
PID 3872 wrote to memory of 3468	3872	msedge.exe	82
PID 3872 wrote to memory of 3468	3872	msedge.exe	82
PID 3872 wrote to memory of 3468	3872	msedge.exe	82
PID 3872 wrote to memory of 3468	3872	msedge.exe	82
PID 3872 wrote to memory of 3468	3872	msedge.exe	82
PID 3872 wrote to memory of 3468	3872	msedge.exe	82
PID 3872 wrote to memory of 3468	3872	msedge.exe	82
PID 3872 wrote to memory of 3468	3872	msedge.exe	82
PID 3872 wrote to memory of 3468	3872	msedge.exe	82
PID 3872 wrote to memory of 3468	3872	msedge.exe	82
PID 3872 wrote to memory of 3468	3872	msedge.exe	82
PID 3872 wrote to memory of 3468	3872	msedge.exe	82
PID 3872 wrote to memory of 3468	3872	msedge.exe	82
PID 3872 wrote to memory of 3468	3872	msedge.exe	82
PID 3872 wrote to memory of 3468	3872	msedge.exe	82
PID 3872 wrote to memory of 3468	3872	msedge.exe	82
PID 3872 wrote to memory of 3468	3872	msedge.exe	82
PID 3872 wrote to memory of 3468	3872	msedge.exe	82
PID 3872 wrote to memory of 3468	3872	msedge.exe	82
PID 3872 wrote to memory of 3468	3872	msedge.exe	82
PID 3872 wrote to memory of 3468	3872	msedge.exe	82
PID 3872 wrote to memory of 3468	3872	msedge.exe	82
PID 3872 wrote to memory of 3468	3872	msedge.exe	82
PID 3872 wrote to memory of 3468	3872	msedge.exe	82
PID 3872 wrote to memory of 3468	3872	msedge.exe	82
PID 3872 wrote to memory of 3468	3872	msedge.exe	82
PID 3872 wrote to memory of 3468	3872	msedge.exe	82
PID 3872 wrote to memory of 3468	3872	msedge.exe	82
PID 3872 wrote to memory of 3468	3872	msedge.exe	82
PID 3872 wrote to memory of 3468	3872	msedge.exe	82
PID 3872 wrote to memory of 3468	3872	msedge.exe	82
PID 3872 wrote to memory of 3468	3872	msedge.exe	82
PID 3872 wrote to memory of 3468	3872	msedge.exe	82
PID 3872 wrote to memory of 3468	3872	msedge.exe	82
PID 3872 wrote to memory of 3468	3872	msedge.exe	82
PID 3872 wrote to memory of 3468	3872	msedge.exe	82
PID 3872 wrote to memory of 3468	3872	msedge.exe	82
PID 3872 wrote to memory of 3468	3872	msedge.exe	82
PID 3872 wrote to memory of 3468	3872	msedge.exe	82
PID 3872 wrote to memory of 3468	3872	msedge.exe	82
PID 3872 wrote to memory of 2508	3872	msedge.exe	83
PID 3872 wrote to memory of 2508	3872	msedge.exe	83
PID 3872 wrote to memory of 2556	3872	msedge.exe	84
PID 3872 wrote to memory of 2556	3872	msedge.exe	84
PID 3872 wrote to memory of 2556	3872	msedge.exe	84
PID 3872 wrote to memory of 2556	3872	msedge.exe	84
PID 3872 wrote to memory of 2556	3872	msedge.exe	84
PID 3872 wrote to memory of 2556	3872	msedge.exe	84
PID 3872 wrote to memory of 2556	3872	msedge.exe	84
PID 3872 wrote to memory of 2556	3872	msedge.exe	84
PID 3872 wrote to memory of 2556	3872	msedge.exe	84
PID 3872 wrote to memory of 2556	3872	msedge.exe	84
PID 3872 wrote to memory of 2556	3872	msedge.exe	84
PID 3872 wrote to memory of 2556	3872	msedge.exe	84
PID 3872 wrote to memory of 2556	3872	msedge.exe	84
PID 3872 wrote to memory of 2556	3872	msedge.exe	84
PID 3872 wrote to memory of 2556	3872	msedge.exe	84
PID 3872 wrote to memory of 2556	3872	msedge.exe	84
PID 3872 wrote to memory of 2556	3872	msedge.exe	84
PID 3872 wrote to memory of 2556	3872	msedge.exe	84
PID 3872 wrote to memory of 2556	3872	msedge.exe	84
PID 3872 wrote to memory of 2556	3872	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/931963858116042823/1260441138456952852/Mod.zip?ex=668f54c9&is=668e0349&hm=e2374df893f4307cdcbdffc8dc605d68bf193b3054c24680a8b87baee3b7f8d0&
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff615746f8,0x7fff61574708,0x7fff61574718
  2⤵
  PID:1632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,13706612849856270864,10852145301276273346,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:3468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,13706612849856270864,10852145301276273346,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,13706612849856270864,10852145301276273346,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2960 /prefetch:8
  2⤵
  PID:2556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13706612849856270864,10852145301276273346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:1824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13706612849856270864,10852145301276273346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
  2⤵
  PID:1556
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,13706612849856270864,10852145301276273346,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5376 /prefetch:8
  2⤵
  PID:4792
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,13706612849856270864,10852145301276273346,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5376 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13706612849856270864,10852145301276273346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
  2⤵
  PID:3464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13706612849856270864,10852145301276273346,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
  2⤵
  PID:4504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2072,13706612849856270864,10852145301276273346,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4140 /prefetch:8
  2⤵
  PID:2172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13706612849856270864,10852145301276273346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
  2⤵
  PID:1472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13706612849856270864,10852145301276273346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1
  2⤵
  PID:1484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13706612849856270864,10852145301276273346,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
  2⤵
  PID:4524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2072,13706612849856270864,10852145301276273346,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6040 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13706612849856270864,10852145301276273346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2772 /prefetch:1
  2⤵
  PID:2976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13706612849856270864,10852145301276273346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
  2⤵
  PID:1824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13706612849856270864,10852145301276273346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13706612849856270864,10852145301276273346,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
  2⤵
  PID:4788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2072,13706612849856270864,10852145301276273346,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5732 /prefetch:8
  2⤵
  PID:2392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2072,13706612849856270864,10852145301276273346,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5616 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13706612849856270864,10852145301276273346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6148 /prefetch:1
  2⤵
  PID:892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13706612849856270864,10852145301276273346,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6376 /prefetch:1
  2⤵
  PID:4324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13706612849856270864,10852145301276273346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6264 /prefetch:1
  2⤵
  PID:1216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13706612849856270864,10852145301276273346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2288 /prefetch:1
  2⤵
  PID:5044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13706612849856270864,10852145301276273346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6156 /prefetch:1
  2⤵
  PID:4152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13706612849856270864,10852145301276273346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2772 /prefetch:1
  2⤵
  PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2072,13706612849856270864,10852145301276273346,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3392 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:4068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13706612849856270864,10852145301276273346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7164 /prefetch:1
  2⤵
  PID:3800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13706612849856270864,10852145301276273346,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7092 /prefetch:1
  2⤵
  PID:3860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13706612849856270864,10852145301276273346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6952 /prefetch:1
  2⤵
  PID:4792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2072,13706612849856270864,10852145301276273346,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6004 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:4676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,13706612849856270864,10852145301276273346,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=212 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13706612849856270864,10852145301276273346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
  2⤵
  PID:1592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13706612849856270864,10852145301276273346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
  2⤵
  PID:3928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13706612849856270864,10852145301276273346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7120 /prefetch:1
  2⤵
  PID:3200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2072,13706612849856270864,10852145301276273346,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5516 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:2840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2072,13706612849856270864,10852145301276273346,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7188 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:4772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2072,13706612849856270864,10852145301276273346,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3400 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:2008

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1780

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2848

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4832

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4980

C:\Program Files\Java\jre-1.8\bin\javaw.exe
"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Local\Temp\Temp1_Mod.zip\Mod\voicechat-forge-1.19.2-2.5.18.jar"
1⤵
PID:3628

C:\Program Files\Java\jre-1.8\bin\javaw.exe
"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Local\Temp\Temp1_Mod.zip\Mod\travelerscompass-1.19.2-2.0.4.1-forge.jar"
1⤵
PID:680

C:\Program Files\Java\jre-1.8\bin\javaw.exe
"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Local\Temp\Temp1_Mod.zip\Mod\soundphysics-fabric-1.19.2-1.0.15.jar"
1⤵
PID:3272

C:\Program Files\Java\jre-1.8\bin\javaw.exe
"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Local\Temp\Temp1_Mod.zip\Mod\soundphysics-fabric-1.19.2-1.0.15.jar"
1⤵
PID:2672

C:\Program Files\Java\jre-1.8\bin\javaw.exe
"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Local\Temp\Temp1_Mod.zip\Mod\FarmersDelight-1.19.2-1.2.4.jar"
1⤵
PID:4748

C:\Program Files\Java\jre-1.8\bin\javaw.exe
"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Local\Temp\Temp1_Mod.zip\Mod\do-a-barrel-roll-2.6.2+1.19.2-forge.jar"
1⤵
PID:2004

C:\Program Files\Java\jre-1.8\bin\javaw.exe
"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Local\Temp\Temp1_Mod.zip\Mod\create-1.19.2-0.5.1.f.jar"
1⤵
PID:4900

C:\Program Files\Java\jre-1.8\bin\javaw.exe
"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Local\Temp\Temp1_Mod.zip\Mod\better-end-2.1.7.jar"
1⤵
PID:2952

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
96c5cf2199b6e5c14655c46df29d50cd

SHA1
494ad02a2db43b2b9e57dd92f14172ebcfa02b76

SHA256
111588a10fac7cbb428accf1a8cbcacc9e8a04854a79c63544c26eb0311b07a7

SHA512
bd82805baaa96acfe33e4ba68dcdd0d5281e3810f216cc0b082bc4d82726c8f3b5fa1161c87cba78c7a7497a838cca6b493200c7bb4d5419a9f258b3df5dc923

Download Submit
C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
e5ff3c697a61630edfc3c8f075c53a39

SHA1
6fbec479f65311401706f39f2f99f0c29a68f155

SHA256
afca24856ffaf898803ad22a80c0c56e7f7fdf314e9195469bd05aaecef1c427

SHA512
e29b753804c1d6e8deba1ad9e355eed0461d8ca5111ee37dfd4721f32a707792d64f4fb7d50f825bcb4804d16d48d303a7f673cbfed849b403bf6f42e4321fa2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
04b60a51907d399f3685e03094b603cb

SHA1
228d18888782f4e66ca207c1a073560e0a4cc6e7

SHA256
87a9d9f1bd99313295b2ce703580b9d37c3a68b9b33026fdda4c2530f562e6a3

SHA512
2a8e3da94eaf0a6c4a2f29da6fec2796ba6a13cad6425bb650349a60eb3204643fc2fd1ab425f0251610cb9cce65e7dba459388b4e00c12ba3434a1798855c91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9622e603d436ca747f3a4407a6ca952e

SHA1
297d9aed5337a8a7290ea436b61458c372b1d497

SHA256
ace0e47e358fba0831b508cd23949a503ae0e6a5c857859e720d1b6479ff2261

SHA512
f774c5c44f0fcdfb45847626f6808076dccabfbcb8a37d00329ec792e2901dc59636ef15c95d84d0080272571542d43b473ce11c2209ac251bee13bd611b200a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
69KB

MD5
7d5e1b1b9e9321b9e89504f2c2153b10

SHA1
37847cc4c1d46d16265e0e4659e6b5611d62b935

SHA256
adbd44258f3952a53d9c99303e034d87c5c4f66c5c431910b1823bb3dd0326af

SHA512
6f3dc2c523127a58def4364a56c3daa0b2d532891d06f6432ad89b740ee87eacacfcea6fa62a6785e6b9844d404baee4ea4a73606841769ab2dfc5f0efe40989

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
41KB

MD5
56f174c66017ab795bc292f0dfb7403f

SHA1
52c626b29df9853e0ac3b8979c0d76590cce74cd

SHA256
a841b227cdf47dac8eaae576323de1045bfd5ad59cd3862bf262de54ec478ce0

SHA512
da3aedaa37673c24a9e8e7baab7e7597929013d0087b945b3303d524ae576b61278b2455ad77c02ad17b67dcfffdca6f1a9b04c85bf43c5bcaa1aacebbdba97c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
1.2MB

MD5
32f58aaf5a515bdbb3d13f72879d2bf0

SHA1
1742585148dcce5d9a85464fdc5b25f394e4736b

SHA256
b2be2096fe98a9b55d92512ae7859e8ba6a54be03afd7eb454b220f9ed888ec8

SHA512
28c693e9a85da7cd7441209c60c4da4b9b6b7da7555c86c2039387b470c453a474a07597069959cccc2840360f76dbb307f88a77e52248adcf8de71ab99cbe19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
43KB

MD5
209af4da7e0c3b2a6471a968ba1fc992

SHA1
2240c2da3eba4f30b0c3ef2205ce7848ecff9e3f

SHA256
ecc145203f1c562cae7b733a807e9333c51d75726905a3af898154f3cefc9403

SHA512
09201e377e80a3d03616ff394d836c85712f39b65a3138924d62a1f3ede3eac192f1345761c012b0045393c501d48b5a774aeda7ab5d687e1d7971440dc1fc35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
73KB

MD5
7322a4b055089c74d35641df8ed19efa

SHA1
b9130bf21364c84ac5ed20d58577f5213ec957a1

SHA256
c27e6cbe88590ba6a04271b99d56aa22212ccf811a5d17a544ee816530d5fd44

SHA512
bad26b076fa0888bf7680f416b39417abe0c76c6366b87e5a420f7bc5a881cc81f65b3ef4af4ba792aa6030bcf08bdc56b462775f38c4dbf48ff4d842c971bea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
c33ffb5abbf71c186fd77fdebd9adb97

SHA1
aa56eeb8300720afb45a480393464cbdafad36e5

SHA256
cd38a488123d806a30f84dd91e5aeb8ced64da904d99fd58fb37b4e7306cae32

SHA512
f3a761b40ca9273f2581b0e415ff293ae680aa535ed52100bfb51b9910c753e521b9739ac8b37b487885b191824d0acb5f937e1e333c54393570865f59a53639

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
1816acd811bfca4231f72b40f6d26dc6

SHA1
ce6869c9e02a6871004792aba628968586bc708c

SHA256
32fd3d198393f36e2b3dae199b1dfe60525f7215fc2497f71fe1aa11ee459884

SHA512
59e0f3e6605a9d24a0a3f4f8063c8d3c5dde624d31797cc8267cdd4f23e2824b2563ffa0c4829a9fb83a4db641336b8a80848719ad2f1eb23ffef2e8d42124a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1015B

MD5
5928bbf96b716e0a8bfa2c94c57baa3b

SHA1
a2bd237b1ad7cf28391f6ec09096a4c077098e04

SHA256
cef0ef5721f971ee318872915f8b8f63bf73e17e647bee176233ac36b90f42b8

SHA512
43f4e17fc317c0852d52d488553503f6d7b65b3053f1eda0f7d8347e4a03ef27a17658ddd1004d11f30ee7c67b9e5c3faea347ebe426ab0f07977cedc1970a5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
2bde917a5c6b7df6153173a2c8e93783

SHA1
3dee0bb7e9deffddda3bac2fb8f08e4c568e9131

SHA256
f54569be447a7d76d19a3a0c2ca33dadda96ee6009a11e1c404ac7c313d13644

SHA512
c92ac094ec3272be09e7a4fe4fc57b31d15c3531afd27d592b45c9aba0b6ca0f37c5c6fafbf7e63d1d04486b73f2c76b31bec1d9448a25eea645831df9f70a35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
df81c96d00880fe79bfd46cddd36813c

SHA1
23fb0aa54f9a5b7be7655d001fe4886ef39fb55b

SHA256
b88e48a10bfb7a058ee6f339886ee33b41a0410f0dc45cabb24bdb4a065a4dd4

SHA512
6dd2bab9700f4ea3eb5ec92425e92d02fd41f728f4b90058147680f4aa76f065dda4d9e643fb1d3867e6640234a89a7309c49cac1c07fd96fc311628eb667d91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
bc77384d7f83a3039126174604246db1

SHA1
c564202f5a05c243bf0826a90b7851c98da925af

SHA256
f9505fd14bb0480f0d556e569777baa3a364536413989633169214458dddeb73

SHA512
8d9caf6e5da6178f820c80ff55837cd6f9e1994aae3558358213251bf5a6c9b7d4118896e8e13e331fc2457f341bec7c5375e71017bbae3d12facd3c017cf3c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
9ee956c56611358ca21434321e8ea8fc

SHA1
f239f369911ecc127d9c9b2e7d581bbac40b15dd

SHA256
139d9dfc8f18cdaa924c41c4b0d157881cf5a7ff1ac61b8293529ba7ef47dc5b

SHA512
6c9ed3cbdd349173e15673d1ebd6f3b4e978b9e1c4a231d9eeb92cce792ac7726f038dbd78a9a53cdf600a4977b1d7c4deb72fe56a058ce2ccbc463002bb06ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0caaaeade0f25946b0e7cfcd07e10f47

SHA1
5ea1d8ef6933260f20c4881694e2225b71e90ccc

SHA256
9640b0859aa4db8a8d78839f51643eeba6d3ea163ab4cf69d64d49936f39a252

SHA512
c6669294b54353efb9afe6b4af95b985f5464e7bf3e226b2d3a07581959a6a5d4c259dcb846a1aca510ca737a141ddce9e431be3e1eedb8ba01d51b1f14d7155

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
4a0ed32c168e68d4970ac6612a12ceb3

SHA1
5c0e34570d3c06c785051f7cd583baa2b9d95a3e

SHA256
672f60772bf654bda9372724f13ffbdd1eae2e1aba917f5572954e77ae9b04f9

SHA512
1aacb7f215529e4790f85ef6fd710c7b87192ce96780dec040ef362c24afae3451a5f83f51f6b10d857b1d7998b4eb28d6d3a72e3ba7cd9e3c8780b3d92eb6ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7921ebeab1c6a776da59f6bad8c63385

SHA1
004ede35c539f95583d77a7beebfb34a4249e5d9

SHA256
5166590a189bb9d2daa568a6daa6f039d0e15fe97e837634f8b1658fe7a017f1

SHA512
483966a89e4697b84932297105f66a33d77a1db2bb76af0c794f37fcff9a7027b909b5c00e71fd7736296b8120dafb4794775c546ba635f1389c2d17944a5f72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b85311c164b0f525f244ebab2470316e

SHA1
de596d03f0e7585145177f51ea15181fbd5f5e84

SHA256
6b86606fc5c4bf74206e64590d5d6d0f5b1e3b33a473da590229926c906f469b

SHA512
2026bae3d5c592f6e91d28b0c1c808e3d057e728cdafbba4005ffc85bfae821fff8a1efc770779f232402fc475255b1535baded9a5e20b96864c7fab5a1c02fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
cad76d88e627fdd3a1c307df5a4a615a

SHA1
c99b5db17e349078dd7d5e7f275c91db24c6ec62

SHA256
159e21a1e8cd690610e8aa726c346fc38d6851c633e0678bb392620d3b7a4088

SHA512
21c452539d5883260bd856397057621a68118497a36a893e4dc287da02a3deaac9af28fd7599d1eedc7396520ba4e01bf282a91cfabf78cc7115166084fa97fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
7bdefc4697928b8f91bf7f4467407d7f

SHA1
a771602a8a52dc3ca2505056b81eb2dafa634514

SHA256
8033a5905e31911869a4ff9d7d335c3c1a0330e420712611b3cc48b08a4bd08e

SHA512
b417ced012c3e785d1fdf979b321fe730685f7ea0efc9dabceed904ba6b1461cd99cedf80754f7d6b92dbb878286f6c93f2967d48f7edda5605fe6d12442e3d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f1241cbb53ba27fbbd107bedeba3116b

SHA1
dd95b8e8fc5b7f8fdcbf88a1530fbbeeda24866f

SHA256
1ad35080edb837daac0503f4f1238cf7ee3045a830e5fd9ec3e648ea615a03cf

SHA512
fadc87e45560a3b613e2b3ff66b73d38418bf34775a0720a9e1915f70299ea53e853b1c6992e8f9a56e5c245be52edb461c58e69122910eded417beaa12a58b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
21726f4419c6040f42dafaba7b0a9b67

SHA1
4574a7d9d640ef9111cdda15e5263cc21f41e0ec

SHA256
aa1f9b86f4371696d5f76c793b9f16c6ab19e5b24d6217696e984890d259e880

SHA512
4ec304030c24cfaad146aca478460fc9425faed4f5b7774840162d5d7844eb248420220a6a8a6e8ed65b2b2f6bf2dd499eb6d310f778d270fdc3c92c0274eeff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1c66a82c6a59796726f655fefa9602e2

SHA1
8581a73bb37028c9b6477ff40e6b337a4536a0cb

SHA256
976d08c73a6535361a6aab7682a7ea6684cafc6392effaf753757fb2b11aa740

SHA512
4e916e90bd937b9e3c8462775d5129b909f85b68171790e3ebc14bfc0db27c34d22f1c6eb5b267f20786b0852ebd547e7f1499a15e9128e00c8b8ae2853017ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\32cadb2b6d359d069dd3f3d132c212a43d223701\index.txt

Filesize
35B

MD5
343859b4ad03856a60d076c8cd8f22c3

SHA1
7954a27de3329b4c5eefd4bdcb8450823881aad6

SHA256
8c79b653c087618aa7395d5e75198da7d3b04c08654c39e56b1027f9ef269c2f

SHA512
58014a4e7f2b4b0d446fae3570196b8fb95d0d1b70bdab0dd34a74d6c62cd8d7ca494a486f19c1a829988a3af83a08d401f18d1769ce1799a02ee09807234254

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\32cadb2b6d359d069dd3f3d132c212a43d223701\index.txt~RFe5ae36c.TMP

Filesize
99B

MD5
f3bc8de76789ab2ef9e940b7b01faa4c

SHA1
96c0c95b618f94def23114ceadb3ce936a1d7dba

SHA256
f583c175f0aa0a782dace747b300fd90e783f93ed468a070449954ea915d2f59

SHA512
5fbd2403d47ce37f98e2223ff4cc6b25b87d145a5cc7fb1c6bb4dd725d2bdfddb02cbf0346d34e07efeb79b4d7a547134cfec4c975be826bc4327f4df05299b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
240B

MD5
9e268c765d45709b0a86057559ca33ff

SHA1
d1cc5fad3970ea4faae35aeaddeaff13ba6735a3

SHA256
ccbbb124eafa31be6b66f0aa2ed37a19075d34dee2d21c12862da37b7b60c8bc

SHA512
902a07d55421a1b6a47b6f743faffdcd8492772cb9bcf350f1bf8ce4b2fd4b3d1b8b071c8d182abe19944a9aa99c167552c801203f99a723333a8cb00c525daf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5b14ad.TMP

Filesize
48B

MD5
b08e480c62b3406713601430a1894263

SHA1
a321eb08424882bfe114f82f53a36524524109dc

SHA256
fa98db6746abbb06c716bfb8c0e1c9a7566efe529953dcd9c0e29e69c2272085

SHA512
12daff3a52d85b822582ef5cf0bae794aec437951cb601335f92aff466ef82b82709f8c431304a454df69fdb055f9f52d9cb3372172fb48ef050aca04e63ab5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
af3cd6315e9a48bf3744c441cb20b93d

SHA1
cdd237b942cb75b8a107d04328972f600d90fc4b

SHA256
2f12f1edb58619ed81a4dcaf7d177bee17e789471395472a12776c6aabcb5093

SHA512
8873218bd50329777406f1e4b9f319027fc6e82225201d9a7f172e52a11d53d036a5d6bbfcaa08f10fbc4924e85ef6456498e92a9fe8f8d11f057a0ecd4067b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3aac16809851d868280bd52e96e5a6cb

SHA1
8d5e475e2a08785044f815a9763a00d03aad6a86

SHA256
128f5979d99cf036a7bfe1645c2a88ce11ac41490abadbcb752523670963ef81

SHA512
fc99bfdf57b9b363b3efdcd15d54e31707d0580127048223bc1f0bbd33816ecc5d563573110b9befe3a2bd79d36cafbecca637219a498466484c9131bf71b41f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f30f79b5e892c0e6f3785d5204235527

SHA1
07cfc0ebb30059076738bf52b6419ea2725870a2

SHA256
234e05b90619047b75ffa90d52863c4263b07fded1e2559410606fc76e82e174

SHA512
85bbe8314daf097949f66ad2d535af9e0a54f39f2677ce3d67eaf544bc10fc5223a54ef747dc65f51c819ead92a88f76aa6640264b808394a02d48189b5d5210

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe587ae8.TMP

Filesize
370B

MD5
8b60826bca74515f1dc503ba43dc56e0

SHA1
f9b421a73fa396c8b43b68a72a971e6caf3014fa

SHA256
7d474a6fa1c61c23b16c3a03c72b5e0444200a52f074b8ffbc42f7c0b1d3edc6

SHA512
93024976cc6d2de1790712957c8085a8c7fe5d20cfe5abbd32bc9c7a08836b2f61dfcef11b271b8023f6ff2dfd69300af0b8a5e83bc9afcd7be809162b01218c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
32df14cb335955fd8c49351c734966ee

SHA1
b7274355f5c48813887efb7f1543a2d32893401f

SHA256
338083932b21f20ed14b1c95b90981abed91b7112f45aef5ee0736386db73052

SHA512
fb3308950e78bc59163ede31d29cd234eeb597d60239b78b6d4afd62f3e605f239b00f1ac2bc80bc79bbdc6f120b02483c3e9cae25b1daad1e254d7e6d8a6947

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
91d0dd2034123516e42dcf18991ffef8

SHA1
283c9ad28aa67852928e2959f2019d178dc9266e

SHA256
6d68a35b877edd66c5544ffae59ef18e042d5180c4d7bddf14fe90dcbc14de2e

SHA512
c7da594030c7ab17fcd1c25e4fb8da167447ed3998878039a78f08762721f9a9b5b1d3f819e79789a15e948bfb531b4bed3831b561ee11450d72a125bb4f02d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
937c237a2f5ac992f6eff49ea161caa6

SHA1
76f7a086f6167f8b15c04dc53e827225af370d46

SHA256
d9054522d2a222e518e09ea51b733fff81fc0063a8b03cde636a5a9cd1eb8097

SHA512
f025882173a53845ee94f04294c5bc42403cbf1135dfa9536562f5a95caeb45ae7b77eb609b5b28ae5cf39f314f74a9fc5a16c2b37134097df88bc5af1f3e50a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
29081497e0c592a5ac1709680feff2a4

SHA1
b038b57ec5025296ac9bc5520a55b2ade16ed1fd

SHA256
ac124381cb5d247e0a496e7d99e4ae3ff3ec6e8c1683a411e49ec1be07415c53

SHA512
e9eda8a1e6cbf3f5310eb2001e648ad96faf3ef8d4ee397a6d3e48a166db895f1157ad9288b5ac2223f6784df5601a4dee869f1788eb167091cf4791f4971cff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
382f9e390a7c82df099bbefbb07ed5db

SHA1
4e8d97b77bc0ce309e50aeaa74845fb44cf3ad5b

SHA256
c0f13c8546cb69fa4bc6556551f510432716a01905d12da84e69af247ca7a9bf

SHA512
f72b9a2a5b870344ce3cf26151394052ea45bde25052249e4efa299591c7ab8954943cd6a7a9ddc43e8ae305ac81ad7edbb7d446db3aa10c9cafa8a582e8db99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
0fe19e529fe3a5eeb1973a3195739330

SHA1
c1343aa68b860c1c7d617211377736beaa1fb896

SHA256
f35c98b69af2c0b64b207456218c1a101e35574d84f721e34656d51e57d4f8b1

SHA512
ebb4756930f9613fa8a9ea2ee071722b581f8476eac1af2ec7e7c9e4d07258557831f2300147a57b764f757765ed074730132153c7507c5733970f79953bcbbf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
d19390390cfa92fde049bc93288f0576

SHA1
0c0c123a421c98e3d50c5c8e156e90f6100152d3

SHA256
d698b70238d4fbfe4efddd1becd4b62078e3a82a44fce43f9e86cde246c65cb6

SHA512
2cd2bba789d38742eadc756c5e896ae18c9c20f92d7a3b92972bfcf808f3123e970ddb3df564c92fa138390fc7ccb550cd3c58db1bb3ed9a4165fbf11b1a9cef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
e80a366fc37d47d2157331698eb2f885

SHA1
623e987d02690f534de82d1fc0b5e2c23ce887b5

SHA256
d8142894a1ee04169403e0cceb957d684a2436408c394501a52ad2fcd9908d54

SHA512
ae5a3e34184eb4d7be7187a3b17312a05bbfbbc52faeb29e85d88150bea1b7f4fc573f4ff5212dcf9039b6efe8052b6287363f627678375a5ba2f6349b5015b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3742865bf77a756fbb7adc91e7aec3b6

SHA1
ce88d82f9ea79603d42ccc219e1c52a57c0437db

SHA256
6a03ba8be8ffc01b1d2a0244906c386194eda040c317b502be4c147b4e0ae5eb

SHA512
812be81b0016e270b7477a0582a582f540a4935fcf8675979b1d9c799e82605b2f1aba39e9f87c76fb0563387b6f987a948b8b1b1c941aaad25ad11b4e552538

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
6a76286ff59fc5e28bb08d389c0ca97f

SHA1
8770b530585ffac4e4941f644d38423326bb69e2

SHA256
53fd4e3be0764326eb1d707e7314a118fce75f7d5008c83f11f93ac7dad4acc6

SHA512
636c318a56e0b09876989530115578f88ee5c1d7d02b42746ebf32ca4df7f8eea00c1a225c7910c4d7d315c4991c721cd07fd2eea0581a66c61600ab962c3dcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\LIDWBKOU\voicechat-forge-1.19.2-2.5.18[1].jar

Filesize
7.8MB

MD5
887dd2af1437c9eb91a5ea540f5b28cc

SHA1
0b3f977e2a1309905790edea8cd7670b5f13b119

SHA256
65d4d833d0c204ef8f64d1cad08d714c5cec2883ea3e4a428fedade01d0c558a

SHA512
a752c0331435ea499d978907f7c2f876b8189b61305bb39b4a0db2251fe96e53e82f04f5e3aa01eb046da63ed0e29fc5febaf84d31691ec63c675d8ab55bd9e0

Download Submit
memory/680-1152-0x000001CAC9350000-0x000001CAC9351000-memory.dmp

Filesize
4KB

Download
memory/2004-1200-0x000001AF04180000-0x000001AF04181000-memory.dmp

Filesize
4KB

Download
memory/2672-1176-0x0000021416D30000-0x0000021416D31000-memory.dmp

Filesize
4KB

Download
memory/2952-1233-0x000001FC58AA0000-0x000001FC58AA1000-memory.dmp

Filesize
4KB

Download
memory/3272-1164-0x000001CB50230000-0x000001CB50231000-memory.dmp

Filesize
4KB

Download
memory/3628-1140-0x000001FB44650000-0x000001FB44651000-memory.dmp

Filesize
4KB

Download
memory/4748-1188-0x0000028D0B220000-0x0000028D0B221000-memory.dmp

Filesize
4KB

Download
memory/4900-1212-0x0000020FC8810000-0x0000020FC8811000-memory.dmp

Filesize
4KB

Download