95dbd294f511335bb0b368c487abe48e8d72aa4b165cba94d32cef71a5e46916

Analysis

max time kernel
1092s
max time network
1093s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
21-08-2024 19:34

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

sandboxie-5-69-6.exe
Size

2.9MB
MD5

f52f352a4def55c78779707efc001f3e
SHA1

efcce55e998886319858ef83cb3ceeb86dc23eb6
SHA256

95dbd294f511335bb0b368c487abe48e8d72aa4b165cba94d32cef71a5e46916
SHA512

9faeb5435b9f68a718b89dde2152437368b722183f9ee2b66d1a6650e703e862707d6b288487a5224aab5918116a5380e2408ef9ef08dc8e2fd06a14ae28d5bf
SSDEEP

49152:094iRfnCtFDyfWcyGAGTidbcW+/MVuiz1Py1v1GkfEgVAmm/S:0942fILBGAI4x+/a51snbmmH

Score

8^/10

defense_evasion discovery

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 1 IoCs

pid	Process
480	PCToaster.exe

Loads dropped DLL 3 IoCs

pid	Process
3120	sandboxie-5-69-6.exe
3120	sandboxie-5-69-6.exe
3120	sandboxie-5-69-6.exe

Modifies file permissions 1 TTPs 2 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
1428	takeown.exe
2052	takeown.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\V:	takeown.exe
File opened (read-only)	\??\E:	mountvol.exe
File opened (read-only)	\??\X:	mountvol.exe
File opened (read-only)	\??\Z:	mountvol.exe
File opened (read-only)	\??\T:	mountvol.exe
File opened (read-only)	\??\U:	mountvol.exe
File opened (read-only)	\??\M:	mountvol.exe
File opened (read-only)	\??\N:	mountvol.exe
File opened (read-only)	\??\P:	mountvol.exe
File opened (read-only)	\??\R:	mountvol.exe
File opened (read-only)	\??\L:	mountvol.exe
File opened (read-only)	\??\O:	mountvol.exe
File opened (read-only)	\??\S:	mountvol.exe
File opened (read-only)	\??\W:	mountvol.exe
File opened (read-only)	\??\V:	takeown.exe
File opened (read-only)	\??\B:	mountvol.exe
File opened (read-only)	\??\I:	mountvol.exe
File opened (read-only)	\??\K:	mountvol.exe
File opened (read-only)	\??\Y:	mountvol.exe
File opened (read-only)	\??\A:	mountvol.exe
File opened (read-only)	\??\G:	mountvol.exe
File opened (read-only)	\??\J:	mountvol.exe
File opened (read-only)	\??\Q:	mountvol.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
155	raw.githubusercontent.com
156	raw.githubusercontent.com
188	camo.githubusercontent.com
266	raw.githubusercontent.com

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\PCToaster.exe:Zone.Identifier	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	sandboxie-5-69-6.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	PCToaster.exe

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	vds.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	vds.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	vds.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	vds.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Kills process with taskkill 1 IoCs

evasion

pid	Process
2568	taskkill.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2842058299-443432012-2465494467-1000\{D4CC6AA9-3DC0-4A2A-8F10-F062D8375C3C}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings	msedge.exe

NTFS ADS 6 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 105666.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\butterfly-master.zip:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 57502.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\PCToaster.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 384849.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\super mario 64 installer.bat:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 22 IoCs

pid	Process
1416	msedge.exe
1416	msedge.exe
256	msedge.exe
256	msedge.exe
3052	msedge.exe
3052	msedge.exe
472	identity_helper.exe
472	identity_helper.exe
4992	msedge.exe
4992	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4904	msedge.exe
4792	msedge.exe
4792	msedge.exe
896	msedge.exe
896	msedge.exe
3244	msedge.exe
3244	msedge.exe
4316	msedge.exe
4316	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 45 IoCs

pid	Process
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	1428	takeown.exe
Token: SeDebugPrivilege	2568	taskkill.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe
256	msedge.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
3676	MiniSearchHost.exe
5108	javaw.exe
5108	javaw.exe
5108	javaw.exe
5108	javaw.exe
1796	PickerHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 256 wrote to memory of 4316	256	msedge.exe	86
PID 256 wrote to memory of 4316	256	msedge.exe	86
PID 256 wrote to memory of 2980	256	msedge.exe	87
PID 256 wrote to memory of 2980	256	msedge.exe	87
PID 256 wrote to memory of 2980	256	msedge.exe	87
PID 256 wrote to memory of 2980	256	msedge.exe	87
PID 256 wrote to memory of 2980	256	msedge.exe	87
PID 256 wrote to memory of 2980	256	msedge.exe	87
PID 256 wrote to memory of 2980	256	msedge.exe	87
PID 256 wrote to memory of 2980	256	msedge.exe	87
PID 256 wrote to memory of 2980	256	msedge.exe	87
PID 256 wrote to memory of 2980	256	msedge.exe	87
PID 256 wrote to memory of 2980	256	msedge.exe	87
PID 256 wrote to memory of 2980	256	msedge.exe	87
PID 256 wrote to memory of 2980	256	msedge.exe	87
PID 256 wrote to memory of 2980	256	msedge.exe	87
PID 256 wrote to memory of 2980	256	msedge.exe	87
PID 256 wrote to memory of 2980	256	msedge.exe	87
PID 256 wrote to memory of 2980	256	msedge.exe	87
PID 256 wrote to memory of 2980	256	msedge.exe	87
PID 256 wrote to memory of 2980	256	msedge.exe	87
PID 256 wrote to memory of 2980	256	msedge.exe	87
PID 256 wrote to memory of 2980	256	msedge.exe	87
PID 256 wrote to memory of 2980	256	msedge.exe	87
PID 256 wrote to memory of 2980	256	msedge.exe	87
PID 256 wrote to memory of 2980	256	msedge.exe	87
PID 256 wrote to memory of 2980	256	msedge.exe	87
PID 256 wrote to memory of 2980	256	msedge.exe	87
PID 256 wrote to memory of 2980	256	msedge.exe	87
PID 256 wrote to memory of 2980	256	msedge.exe	87
PID 256 wrote to memory of 2980	256	msedge.exe	87
PID 256 wrote to memory of 2980	256	msedge.exe	87
PID 256 wrote to memory of 2980	256	msedge.exe	87
PID 256 wrote to memory of 2980	256	msedge.exe	87
PID 256 wrote to memory of 2980	256	msedge.exe	87
PID 256 wrote to memory of 2980	256	msedge.exe	87
PID 256 wrote to memory of 2980	256	msedge.exe	87
PID 256 wrote to memory of 2980	256	msedge.exe	87
PID 256 wrote to memory of 2980	256	msedge.exe	87
PID 256 wrote to memory of 2980	256	msedge.exe	87
PID 256 wrote to memory of 2980	256	msedge.exe	87
PID 256 wrote to memory of 2980	256	msedge.exe	87
PID 256 wrote to memory of 1416	256	msedge.exe	88
PID 256 wrote to memory of 1416	256	msedge.exe	88
PID 256 wrote to memory of 1696	256	msedge.exe	89
PID 256 wrote to memory of 1696	256	msedge.exe	89
PID 256 wrote to memory of 1696	256	msedge.exe	89
PID 256 wrote to memory of 1696	256	msedge.exe	89
PID 256 wrote to memory of 1696	256	msedge.exe	89
PID 256 wrote to memory of 1696	256	msedge.exe	89
PID 256 wrote to memory of 1696	256	msedge.exe	89
PID 256 wrote to memory of 1696	256	msedge.exe	89
PID 256 wrote to memory of 1696	256	msedge.exe	89
PID 256 wrote to memory of 1696	256	msedge.exe	89
PID 256 wrote to memory of 1696	256	msedge.exe	89
PID 256 wrote to memory of 1696	256	msedge.exe	89
PID 256 wrote to memory of 1696	256	msedge.exe	89
PID 256 wrote to memory of 1696	256	msedge.exe	89
PID 256 wrote to memory of 1696	256	msedge.exe	89
PID 256 wrote to memory of 1696	256	msedge.exe	89
PID 256 wrote to memory of 1696	256	msedge.exe	89
PID 256 wrote to memory of 1696	256	msedge.exe	89
PID 256 wrote to memory of 1696	256	msedge.exe	89
PID 256 wrote to memory of 1696	256	msedge.exe	89

Views/modifies file attributes 1 TTPs 1 IoCs

evasion

Hidden Files and Directories

T1564.001

pid	Process
3736	attrib.exe

C:\Users\Admin\AppData\Local\Temp\sandboxie-5-69-6.exe
"C:\Users\Admin\AppData\Local\Temp\sandboxie-5-69-6.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:3120

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc65913cb8,0x7ffc65913cc8,0x7ffc65913cd8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1948,15233255678873399825,10102350138226899592,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1984 /prefetch:2
  2⤵
  PID:2980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1948,15233255678873399825,10102350138226899592,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1948,15233255678873399825,10102350138226899592,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2564 /prefetch:8
  2⤵
  PID:1696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,15233255678873399825,10102350138226899592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:3592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,15233255678873399825,10102350138226899592,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:2520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,15233255678873399825,10102350138226899592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:1
  2⤵
  PID:1964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,15233255678873399825,10102350138226899592,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4060 /prefetch:1
  2⤵
  PID:1056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1948,15233255678873399825,10102350138226899592,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4008 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,15233255678873399825,10102350138226899592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
  2⤵
  PID:2384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,15233255678873399825,10102350138226899592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
  2⤵
  PID:1212
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1948,15233255678873399825,10102350138226899592,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4964 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,15233255678873399825,10102350138226899592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1
  2⤵
  PID:4672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,15233255678873399825,10102350138226899592,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4064 /prefetch:1
  2⤵
  PID:428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,15233255678873399825,10102350138226899592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2704 /prefetch:1
  2⤵
  PID:3372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,15233255678873399825,10102350138226899592,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
  2⤵
  PID:3052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,15233255678873399825,10102350138226899592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1
  2⤵
  PID:3412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,15233255678873399825,10102350138226899592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:1
  2⤵
  PID:4524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,15233255678873399825,10102350138226899592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6240 /prefetch:1
  2⤵
  PID:3676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,15233255678873399825,10102350138226899592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1
  2⤵
  PID:3644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,15233255678873399825,10102350138226899592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6520 /prefetch:1
  2⤵
  PID:1472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,15233255678873399825,10102350138226899592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6688 /prefetch:1
  2⤵
  PID:4288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1948,15233255678873399825,10102350138226899592,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6116 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:4992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1948,15233255678873399825,10102350138226899592,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6872 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,15233255678873399825,10102350138226899592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6824 /prefetch:1
  2⤵
  PID:4372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,15233255678873399825,10102350138226899592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
  2⤵
  PID:2200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1948,15233255678873399825,10102350138226899592,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4860 /prefetch:8
  2⤵
  PID:936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1948,15233255678873399825,10102350138226899592,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6176 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,15233255678873399825,10102350138226899592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
  2⤵
  PID:2196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,15233255678873399825,10102350138226899592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,15233255678873399825,10102350138226899592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6176 /prefetch:1
  2⤵
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,15233255678873399825,10102350138226899592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4552 /prefetch:1
  2⤵
  PID:3472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,15233255678873399825,10102350138226899592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3556 /prefetch:1
  2⤵
  PID:4832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,15233255678873399825,10102350138226899592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
  2⤵
  PID:4668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,15233255678873399825,10102350138226899592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7412 /prefetch:1
  2⤵
  PID:2004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,15233255678873399825,10102350138226899592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7552 /prefetch:1
  2⤵
  PID:3324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,15233255678873399825,10102350138226899592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7360 /prefetch:1
  2⤵
  PID:3704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,15233255678873399825,10102350138226899592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7528 /prefetch:1
  2⤵
  PID:3684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,15233255678873399825,10102350138226899592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8024 /prefetch:1
  2⤵
  PID:2660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,15233255678873399825,10102350138226899592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8128 /prefetch:1
  2⤵
  PID:3504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,15233255678873399825,10102350138226899592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7428 /prefetch:1
  2⤵
  PID:2140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,15233255678873399825,10102350138226899592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8052 /prefetch:1
  2⤵
  PID:1404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,15233255678873399825,10102350138226899592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1
  2⤵
  PID:3396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,15233255678873399825,10102350138226899592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7636 /prefetch:1
  2⤵
  PID:3328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1948,15233255678873399825,10102350138226899592,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7244 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,15233255678873399825,10102350138226899592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7740 /prefetch:1
  2⤵
  PID:2724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,15233255678873399825,10102350138226899592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7508 /prefetch:1
  2⤵
  PID:1468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1948,15233255678873399825,10102350138226899592,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6476 /prefetch:8
  2⤵
  PID:1880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,15233255678873399825,10102350138226899592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6396 /prefetch:1
  2⤵
  PID:772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,15233255678873399825,10102350138226899592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:1
  2⤵
  PID:476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,15233255678873399825,10102350138226899592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8140 /prefetch:1
  2⤵
  PID:4272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,15233255678873399825,10102350138226899592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7924 /prefetch:1
  2⤵
  PID:3312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,15233255678873399825,10102350138226899592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7492 /prefetch:1
  2⤵
  PID:1208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,15233255678873399825,10102350138226899592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1040 /prefetch:1
  2⤵
  PID:2956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,15233255678873399825,10102350138226899592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7488 /prefetch:1
  2⤵
  PID:2312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,15233255678873399825,10102350138226899592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
  2⤵
  PID:5104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,15233255678873399825,10102350138226899592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6592 /prefetch:1
  2⤵
  PID:728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1948,15233255678873399825,10102350138226899592,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8052 /prefetch:8
  2⤵
  PID:2020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1948,15233255678873399825,10102350138226899592,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7148 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:3244

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2028

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2188

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2964

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1868

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\super mario 64 installer.bat" "
1⤵
PID:2720

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3676

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:4232

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\super mario 64 installer.bat" "
1⤵
PID:1736

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\super mario 64 installer.bat" "
1⤵
PID:4248

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\super mario 64 installer.bat" "
1⤵
PID:1556

C:\Windows\System32\NOTEPAD.EXE
"C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\Downloads\super mario 64 installer.bat
1⤵
PID:1612

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\super mario 64 installer.bat" "
1⤵
PID:5104

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_butterfly-master.zip\butterfly-master\CMakeLists.txt
1⤵
PID:1376

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\Temp1_butterfly-master.zip\butterfly-master\html\index.html
1⤵
PID:1040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc65913cb8,0x7ffc65913cc8,0x7ffc65913cd8
  2⤵
  PID:1724

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\Temp1_butterfly-master.zip\butterfly-master\html\index.html
1⤵
PID:2120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffc65913cb8,0x7ffc65913cc8,0x7ffc65913cd8
  2⤵
  PID:1332

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x00000000000004D0
1⤵
PID:2948

C:\Users\Admin\Downloads\PCToaster.exe
"C:\Users\Admin\Downloads\PCToaster.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:480
- C:\Program Files\Java\jre-1.8\bin\javaw.exe
  "C:\Program Files\Java\jre-1.8\bin\javaw.exe" -jar "C:\Users\Admin\Downloads\PCToaster.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:5108
- - C:\Windows\SYSTEM32\attrib.exe
    attrib +h C:\Users\Admin\Downloads\scr.txt
    3⤵
    - Views/modifies file attributes
    PID:3736
- - C:\Windows\SYSTEM32\diskpart.exe
    diskpart /s C:\Users\Admin\Downloads\scr.txt
    3⤵
    PID:1460
- - C:\Windows\SYSTEM32\takeown.exe
    takeown /f V:\Boot /r
    3⤵
    - Modifies file permissions
    - Enumerates connected drives
    - Suspicious use of AdjustPrivilegeToken
    PID:1428
- - C:\Windows\SYSTEM32\takeown.exe
    takeown /f V:\Recovery /r
    3⤵
    - Modifies file permissions
    - Enumerates connected drives
    PID:2052
- - C:\Windows\SYSTEM32\taskkill.exe
    taskkill /im lsass.exe /f
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:2568
- - C:\Windows\SYSTEM32\mountvol.exe
    mountvol A: /d
    3⤵
    - Enumerates connected drives
    PID:3948
- - C:\Windows\SYSTEM32\mountvol.exe
    mountvol B: /d
    3⤵
    - Enumerates connected drives
    PID:1364
- - C:\Windows\SYSTEM32\mountvol.exe
    mountvol D: /d
    3⤵
    PID:4808
- - C:\Windows\SYSTEM32\mountvol.exe
    mountvol E: /d
    3⤵
    - Enumerates connected drives
    PID:4712
- - C:\Windows\SYSTEM32\mountvol.exe
    mountvol F: /d
    3⤵
    PID:3396
- - C:\Windows\SYSTEM32\mountvol.exe
    mountvol G: /d
    3⤵
    - Enumerates connected drives
    PID:644
- - C:\Windows\SYSTEM32\mountvol.exe
    mountvol H: /d
    3⤵
    PID:5076
- - C:\Windows\SYSTEM32\mountvol.exe
    mountvol I: /d
    3⤵
    - Enumerates connected drives
    PID:3472
- - C:\Windows\SYSTEM32\mountvol.exe
    mountvol J: /d
    3⤵
    - Enumerates connected drives
    PID:4796
- - C:\Windows\SYSTEM32\mountvol.exe
    mountvol K: /d
    3⤵
    - Enumerates connected drives
    PID:1700
- - C:\Windows\SYSTEM32\mountvol.exe
    mountvol L: /d
    3⤵
    - Enumerates connected drives
    PID:3108
- - C:\Windows\SYSTEM32\mountvol.exe
    mountvol M: /d
    3⤵
    - Enumerates connected drives
    PID:560
- - C:\Windows\SYSTEM32\mountvol.exe
    mountvol N: /d
    3⤵
    - Enumerates connected drives
    PID:1132
- - C:\Windows\SYSTEM32\mountvol.exe
    mountvol O: /d
    3⤵
    - Enumerates connected drives
    PID:4668
- - C:\Windows\SYSTEM32\mountvol.exe
    mountvol P: /d
    3⤵
    - Enumerates connected drives
    PID:2288
- - C:\Windows\SYSTEM32\mountvol.exe
    mountvol Q: /d
    3⤵
    - Enumerates connected drives
    PID:112
- - C:\Windows\SYSTEM32\mountvol.exe
    mountvol R: /d
    3⤵
    - Enumerates connected drives
    PID:4604
- - C:\Windows\SYSTEM32\mountvol.exe
    mountvol S: /d
    3⤵
    - Enumerates connected drives
    PID:372
- - C:\Windows\SYSTEM32\mountvol.exe
    mountvol T: /d
    3⤵
    - Enumerates connected drives
    PID:2036
- - C:\Windows\SYSTEM32\mountvol.exe
    mountvol U: /d
    3⤵
    - Enumerates connected drives
    PID:436
- - C:\Windows\SYSTEM32\mountvol.exe
    mountvol V: /d
    3⤵
    PID:720
- - C:\Windows\SYSTEM32\mountvol.exe
    mountvol W: /d
    3⤵
    - Enumerates connected drives
    PID:3776
- - C:\Windows\SYSTEM32\mountvol.exe
    mountvol X: /d
    3⤵
    - Enumerates connected drives
    PID:232
- - C:\Windows\SYSTEM32\mountvol.exe
    mountvol Y: /d
    3⤵
    - Enumerates connected drives
    PID:2884
- - C:\Windows\SYSTEM32\mountvol.exe
    mountvol Z: /d
    3⤵
    - Enumerates connected drives
    PID:1160
- - C:\Windows\SYSTEM32\mountvol.exe
    mountvol C: /d
    3⤵
    PID:1812

C:\Windows\System32\vdsldr.exe
C:\Windows\System32\vdsldr.exe -Embedding
1⤵
PID:4804

C:\Windows\System32\vds.exe
C:\Windows\System32\vds.exe
1⤵
- Checks SCSI registry key(s)
PID:5024

C:\Windows\System32\PickerHost.exe
C:\Windows\System32\PickerHost.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:1796

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
228fefc98d7fb5b4e27c6abab1de7207

SHA1
ada493791316e154a906ec2c83c412adf3a7061a

SHA256
448d09169319374935a249b1fc76bcf2430b4e1436611f3c2f3331b6eafe55a2

SHA512
fa74f1cc5da8db978a7a5b8c9ebff3cd433660db7e91ce03c44a1d543dd667a51659ba79270d3d783d52b9e45d76d0f9467458df1482ded72ea79c873b2a5e56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
026e0c65239e15ba609a874aeac2dc33

SHA1
a75e1622bc647ab73ab3bb2809872c2730dcf2df

SHA256
593f20dfb73d2b81a17bfcc1f246848080dfc96898a1a62c5ddca62105ed1292

SHA512
9fb7644c87bdd3430700f42137154069badbf2b7a67e5ac6c364382bca8cba95136d460f49279b346703d4b4fd81087e884822a01a2a38901568a3c3e3387569

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\6113981f-fa13-404e-bd60-ee54e44cf545.tmp

Filesize
10KB

MD5
3fc51b20d9c85d11d086a0121beca125

SHA1
c0da0546e7282a4ce004972ff7005a6621e0e7f7

SHA256
eeaf5db607256a2eb73754d06ea7791e8db93908d2c88297e4ba771b9be1d455

SHA512
978dd9a4f8faacf4d2f6a2bd1cdc039ba12ab468c7145e87c01511b41dd01ebf77be18d5644c8d0142b921791f339ea0ad1d1b42da5e1e05cbb2d20088cd072e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000042

Filesize
20KB

MD5
dd62255c6e72b80ce88a440481d3d22f

SHA1
17758b8673c033ecf7c194e5d1190bbf9516c825

SHA256
16921001068e64b8ac9935d54eaa1dca108647370c5987443732ecd4f0f56249

SHA512
19cb0414fa378f59229d6296a4165e3a073fb6c6b812969c7015d3f73e7738c70893346740396986c6148ca1fcd5e7a8021aed775c808eb67ee9d1b301f0ee76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004c

Filesize
46KB

MD5
e6b413f75adaa36f72353e3131ea0b6f

SHA1
9c11b8930f6cb7ad44f0992bf0b3aaf2e0319821

SHA256
e0849e30bfdea50cad6c2d80df55bb463b751db3b247a91cc72e8a6ecd4990a8

SHA512
5c5889ff151453958acdfcab1774e66fb4241463a88d32a2ae92e905ea775161168e85e713dfb7a0e404cdd94c93be0e199abef5978c0c014a4bff7fc7d94e83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004d

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004e

Filesize
67KB

MD5
ed124bdf39bbd5902bd2529a0a4114ea

SHA1
b7dd9d364099ccd4e09fd45f4180d38df6590524

SHA256
48232550940208c572ebe487aa64ddee26e304ba3e310407e1fc31a5c9deed44

SHA512
c4d180292afa484ef9556d15db1d3850416a85ad581f6f4d5eb66654991fa90f414029b4ce13ed142271a585b46b3e53701735ee3e0f45a78b67baa9122ba532

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004f

Filesize
41KB

MD5
60f8cd04587a51e31b51d1570d6f889a

SHA1
88574c41d0ab81721b275252464da5c7927a4835

SHA256
27cb4390e32a97375dd4987ae000406933bceba5199f17893711e782333b81cb

SHA512
84c12448ac55dd819749fef9be9919111a3df4bc51e66d2fa9f7376c11c101ed1349cb36aa119aa873cdd6c0c91027e201fbe23c2c83b89bc900a4d9077bcc52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000050

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000051

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000053

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000054

Filesize
1.2MB

MD5
ae79a3e945e45f571fdf9ab94bcab4ee

SHA1
eac343e9f3660f78ea5e2f1bd634c8123f207642

SHA256
039c61c90725ad5a7422c5f00cc6d85ff2c57e3f7697b75ec57668e62fc209f7

SHA512
0bfd27261eae0cc6462b71fce73461639fd1b6071797b29e047b16940ce25e79bb50032c289401fef4a10d22f0b1afd801dc9d29e0dbc085486d5fdeb88cb814

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000059

Filesize
51KB

MD5
657e89614180cadae5bccf3b68504480

SHA1
0fa5bdec7b269923b91592cdab47cc6bf3e95fd0

SHA256
695cec859b64abceaaabf23fe1f082aef4a619992a68a645c3f5ad3b5297cf10

SHA512
ad3aa28f7b0f202ebd20e7e2ddf78a0014abc739cc73d61dab205df9d0a94aae38247a805680bde264b69406bda3b58af59f46c63e9c57c3a13594ff12f4bdb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005a

Filesize
20KB

MD5
4bfdb3e265a3745aecb98decf1bf1a20

SHA1
f9139d5471ee061cb9b2aab7836f471412f30cc0

SHA256
f8489b02807bc7689a7e6b8d99e8157b728a61063b5508d3ebc01cbc9f328f11

SHA512
a33b444a8900edf6964f1af88d09ba758cf4c078ff1354449326628ce536edeee9f690f81c759b22fa0f05890e690fea3f26afad29d4b4722f3916747713b139

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000074

Filesize
16KB

MD5
a2edb5c7eb3c7ef98d0eb329c6fb268f

SHA1
5f3037dc517afd44b644c712c5966bfe3289354c

SHA256
ba191bf3b5c39a50676e4ecae47adff7f404f9481890530cdbf64252fbb1a57e

SHA512
cc5644caf32302521ca5d6fd3c8cc81a6bbf0c44a56c00f0a19996610d65cf40d5bae6446610f05a601f63dea343a9000e76f93a0680cfbf1e4cf15a3563a62c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
4df02db58cd3c56078ece4b26101c88f

SHA1
f8ac00d7b3b5e291aefce6bb797ec9096772dc46

SHA256
70de11f145e7594d2a5a9d0bd290ac2c83b784865742ac338c0bdfb42aebd063

SHA512
6a23088d83052ad87f3b81c7320aaac6138096ae9b2699abb8d90ff0bd5852f07a52bf9aad6c7ad1e1cdd470bc15dd0b561dbf0e2a18569affdf1362de020306

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
1b0f8be4e8a6fc1d299a0ca1cb006212

SHA1
f90cf87036456231e931a83f3cc5ae18ada94b6b

SHA256
8fa762ecce25a0f147969641a5f7b9e6f25c219719382746a91c63b079a37e4b

SHA512
685cc80e13cdffe0e6397001367c17a0e4e27b7862680a5e03599ca1c03a7996ee3d8506c2b6676813be8763dd10e59225f9c3894c248afee69a71c1e08f4c37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
4971cc45e506c79e8aba0a91985b04a0

SHA1
0b3d3de60ffcea5dbb5acbaf71fac8e3f096b170

SHA256
ce0a195b712d2ebe85d3c8fcb036bdd89fc605217b034c02a7c4137b27226e00

SHA512
c0d708fd44e6e506c1400bfbd2bed9f854f1378503152fbd6feb007b6dfa3cc9c78f3186167a67eba2a970de3a203fb4f3bf1a3a41dda5ac00082298a6b2e205

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
618c300e97103b02f18de348517f9d21

SHA1
978315f19d7f62c6affdd871197e7bfa3fbbdd5a

SHA256
be8c331f0b5271506184f7942eeb364a6f5273cae6e697f8a4ed404d8fcbc84b

SHA512
49e264d501ec16c6ee0081a157c0de640a405c7522a9492c9087cd557ca639a84674094f19d30ac9bf5bb5c7f8afcf14bb7209dde394e36d06e8fa77749fca7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
864B

MD5
a5b663ef479577e9c93228ae80270717

SHA1
c01d1452ab2f964cc245690748f9683d6e59b66f

SHA256
f0da65aa529839aa80ff075c509aae06467bb6cfeb406a785631fab86f434bef

SHA512
429c3e95248196af4c6870427324da8d79e4450fe854fbbab5d0cda0e56999cf0577732ebab6cc240bd6787cfb651c851576d6825767991e2c0ccc702a44554a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
7KB

MD5
2f6503138353896b3f8fe0a4cc9ded66

SHA1
c5965f8dead346586bd141052f1dbdb0510a73f4

SHA256
e4a4a924203c400488ed5edab54a59e62b6f71bbb6ee188052afa538fbaf5d13

SHA512
88f85af0784d5c7cf25fb7b81fc261df605be6ba5068a492f86244b157a9500fc12f8d93924a71ea09f5dfe81cff2017b2d89eefdf0f39efcc10e1af9b1655ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1015B

MD5
52849d150d68d73538f5bcab8ec2ee9f

SHA1
40325467993a2000fdd28a92e6644b701336ae33

SHA256
b8507bf0a8c93f5b0d1062d89a40d0cb3b2dd6ffbbae9c260ed41016b3d8f1d2

SHA512
e4cee6cdf7d5f4958f74754b04a5d081647cacaa6699d0cf23cb5810a3c5c1088f044593256f6a328b977231f30295b7e327b51610710d838654c326a0f200ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
edd74576924037551b42e33de1555cfd

SHA1
c111fcaba522e2f17de4e001ba88781894943081

SHA256
ef403fe99fab6754c2c3fb73aef590f4f12584d73f83bc5653c977e1b0cd2765

SHA512
f149c7a0e4ba37968222f6f44db2e44030f85ccdae7f2778ee3ed4fd421577427755bd11f4d556f94861b98d41ea52ae96427134944949f9d151ccdbb18d1986

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
7KB

MD5
272bcc11fb9ce9bbd4cb9b895a030fee

SHA1
554c3e4bc2c00c85f58379151b4b2c2194dae881

SHA256
45777baabab0984a411eb01b073dea593c8e08deb75cffe5b8953c8d765e45d2

SHA512
5c2acd8bab5ee3f5bb30744ad35b47710105590ac4511ea6bd81161414d308ece53bbd0de9191576c414110e4ee8a244214720ccb49f7e2ef9df90f1e74dea5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
b1ad508866a28e61185c64d48c9894ef

SHA1
8cdb1224d4ba4932f2953f8f8618753a5c1e87fb

SHA256
ba278c9cbbc2482b6ab21e99d18b0bafd01ee30b9b4a438a8df7e2edab00cab8

SHA512
0a037c0432f604c5cfe03e74295cfbacc55125eed4e4be94efa40972acc1ce59f01bb0d5977ea96739de5e06878e22c0f85c7394af51c472486739d4aeeca4f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
6c030db6b6f274c910497ba39b294d8e

SHA1
feae3d5d5dcdc897325dd6d79e5c7d33314c54e5

SHA256
0dc57ac1bf5e98e5085ecf2bbeb6f7c6dbfbff3d2391f566c924c493d3267f40

SHA512
3f0de864353429b82d07d1bda4298ca454252042ceb7fbe54bbceae124797d45461357a49c6128ec142d1d88589290a612089c939cf4f75128a93cab2121b38c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e79c10291b083afe1c7bad7d5ac106bf

SHA1
a3c3e6bf21d9daf9f113fcf2252a2d2cc05dae8c

SHA256
78a2604a5958b103bb519a8a0cd630cc5c69744823e88ab38c033ab404e3f29a

SHA512
6e96396c1be472e3cc7676b834b33b2e1c3ba33bd213bf39b9f2128539f7d369b940a1bb27d4166b28f364ae00c25567c4db4d3ab68b3e07d339bd5930c2135f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
34ee03ee2feb15d7c31354a4c5a75f5d

SHA1
9e100446a524036ea81bcecedd63fd17990622de

SHA256
6dcbd2d1ee6d5aa90747e3704d2a747de2336dc126c224514c2befb89d66358e

SHA512
9510d4f6e6726ba392625e8725d2b40e2b4e1ffa34fc36dac0c7e44736297fc2eb95a97930761376297395deebca55e92a14015674335ad878b496c68442db02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
12d4190ea83a4ed57c5f25f0ac3c9119

SHA1
0171ae5d8fdd68d2e760e035582a7aea0f94c211

SHA256
9e2c883f3e12e63088a8b38260405d4c827d76d4c9dad32286f1f9c7749e9178

SHA512
0e53fe0af981c1d7437229bffdfc7f81f435fa277d036e25e6fc5e3347eaa54e96dffac443ffd975ae1c5244e11ab6f00d2640fc2f3019c9320c8037d0229a34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
bd38bccea96a70d0dd4d5cf27039b52e

SHA1
45c5d8d4fa385ba154f3be1a2bb7d1adbf695d88

SHA256
4a2b4127e6c4c6f981efe4af14872069c9c4088cbab654bcd13e538df0918084

SHA512
8465d6bd756a0bf403f6642267f982dd08b9db8ba64cafd5291941740b34284f5fbcdbaa12169467e916a7431874af2b98edd033d87b813a03ea75f4010fbf17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
161b6eb4b1a97b7cb10674586f2e0003

SHA1
fdf05058c20965620835c127d315457ebcb27295

SHA256
291cd488606437739ee9dba1a5146615c863d692c12aaa2818c4fa9bd0f86e1b

SHA512
2b787299dc2b40ad0c4d666e7f5adb84738109a339e4a722be2c0b151f50ebc852ef47ca5c59b4f407f04d288e0ced08a5c262df7b7211d55aade7c827f24555

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
af5d80b5cfda55fd9a3a68952191616a

SHA1
61b5eeca82e00b232d4407dd6f082d2a168735fe

SHA256
50de1e85da58acb3ec09234321dc599336718694f536cc9f1f847feea32805ba

SHA512
930b8ac5bcfa31e7de08c44651881799a38d64fca0ae6cfd16eb522079be7a825e2f66b28fd6c3cf0ea67cd301834a141c353cdf647aed8fefd72697189979f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5397f1bad877439fca859952dc0a00ac

SHA1
e9ab1ba9381f0da3d08c8532ed19b16fc56d6401

SHA256
885168443f688278c9b1b20bdf65d82826316e1eee01d39f5b76ecac130ba6a9

SHA512
5f584ef816eeef56a308bd291ab62f00b106423f034befde3a48e72c324166c2a523db44accf57b4cefb929af8e76886d22371146d67abe8be08c0f16c401275

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
7be18e89cbdd14af203701107e4068f9

SHA1
a4f707915fe7dc3fcf29c9ce1f077d3fd198aa75

SHA256
60f5ffa166ce3e1a467a0cfdf2b6adc85cdb9c48d2ae0f2f9d3ccf15a965d0a9

SHA512
dbe8ca3c2e915a13df52a86c19e9734d5f9cf060ecdaf4cdb069b0885e207497b084c92efb28e92b02d60329dae66b64189d9928dd03ab90018f2e108099fd1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
0b536769640ee92c03ceb96a25d628b5

SHA1
4b96ac1933c3de024f3a0f5ed4945e4a2c6321af

SHA256
4eb5e0df644b9d7ebdfafe3f9e02b8c046896a982ffa33e7401d449632635e48

SHA512
099653d77f68aa9513d9d6bb68db5836a1751ff917d210ba1267ee6d72e330cd236087ec032f9a1630fc2e8fbb7b9360f698656e8d06deffd67d41a272938d1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
0de54fda98e4f11a942a01d7e1449775

SHA1
db656f7bf814ac27cdc7cb26e05428719991f0d2

SHA256
1d155648cf40e490125732c64d71caa293a22596ae0a4a88f9e914bb5e93b217

SHA512
206b106852ad889d6dd4fef62798eec9175222eb4a2748070a1aa98085784da07f7272399df0a5cbc73ce83f545b28f450077da2613ac18949a27f8470a61a42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
57c1330c0aae87f1fba92625e7d43db9

SHA1
e2f4f56c3c1840c93df683b749e968e1d54708f5

SHA256
6e11b5ba53e35fb5de692a93a573584db7d507961f3b95364e221cd99106ca91

SHA512
0dde5b54a4d214057ef156e36e97af2de33eb09ecffed7c9a64af07e10096c17f1a5d5f3e14fc336d1293addeb59c54174bc33d8af33da0fe824404f6d636cfc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
f9d5330f3920dc52c0e3fe7050e717d1

SHA1
082a420c6dc7f19789e9e150cee1f634a89fd529

SHA256
873f718e3dbfc2150f157940f6e45140292d99502dd781b5ae51e3c39a245689

SHA512
53043eb1fa15df6e8e3b06d96c2c183ea4af597a3b65c14f71d428fe22e050fd3a328c07bca3203a35cca20b1e1321671c47eec8c9a3ecd05c26ad33f5b06765

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
6f80561f472a179d03c284684b516e98

SHA1
15906334cf46fe2d4fa91f19dfe138b2c82edba1

SHA256
858056dbc58310dddf4413236bf04c8572559911d02467b5004ef59d9a3add15

SHA512
28947dc791ed4fd5022472d3db1bba23d81b20d3f75f24cce3f1be5fc788b9f77ff279646a7cb83755107a4a5cf133d3cb5e97ccae004f8758e0e13f38e73c1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
a7c78d4f2f92eae04ddcd93c0307acb7

SHA1
b86f24cf1efad1065405c0206f8b7a4594a3c3d6

SHA256
e179ce3a4e01358da26efcf1aaf1267d0e677e3b1f797ece0e21a9608d298ef8

SHA512
97082945c1a0bc64bcf4e9421c1d6e7a87b5350103fbe9bc2e42ce718b8375b1dc4e1791b0e0d53bc0a37136e9d237e98c35d3f1d085b792368532efd848e54b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
79262375ac2ccc9a7673b2a42a75bf2c

SHA1
5be9ddfea95f3d33ca610616296e7501138fbc57

SHA256
1ec08ee006c94f6975afd84e1bdf8d5f651012df06ac6444e0c965f3028386eb

SHA512
0926cbbe161b940e80f551d82702dd851fdcd3075c8f49b62c5549970fea44fb6de1f9593195c10db8d245ec0076863565959e64e320f5490c5a73afacd65e09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
744ff9a9d207cfe3989a1c770f167f49

SHA1
dd0847fdfa45d62f3054b8a1ad38355aa7ca8064

SHA256
5372c795613288bc2b2ae03534b863a71e41b3328596b54991cb2d2b6058c925

SHA512
c68df3e5d2cfe5c022d973a07b2b20014558334047504a4e5058cca69eb2afe7f0019cf409633ed60a0bfec912be27e46ff6a60eaf074d9877bb5c1484251f1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
7e2f990634281f6707436905d9ba6271

SHA1
77d20b195e2be5aa0804188e4aac7a129b10fc10

SHA256
98f966f8ec2dd88cf0b2778473aa42d209bef3c4cd2a4d96833515ed89a70bf6

SHA512
d1190b40ddcb16f018e349bbc2bc773f87ff88d84d7152f8515f26564f90ff7a7167ede93fcc5223231be02cd5b0a6a58f191e55f265ea92c78f02f2338e3cd2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
0a4037eb5ac10790bf8aecd277ebc6f9

SHA1
39077660cbbae1f1ac311dc7a92b0cd739ba3f31

SHA256
f81aa2ec5b22c051732fc58aec2a1cfd218ab4d63bbe0354f53b636676a2db23

SHA512
f18ecc86445e1e3fef67cbc70e1f3249615ae86c68ae3bb3df0b9a69d235fe796a0a076f6488bd0563e3d6b10f8b2ada5bdc05aa627763059553c31d2020b740

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
98991a9140de2b0ee39ee057567ddcf4

SHA1
fa085b620ad26d322c7c8800f77f9f2105cce94f

SHA256
299d59fee1a022683eebe49affdd678ab4bd48257fcd74fa9d8fc9d327231809

SHA512
c63c30310dc66603ede8b8e37eb374274b8817f1c607f0790192f23a7b8ddab7c8e0ae9f701efdeb81f66001f5a881d685f4d557ec57cdc412dfd4519ae35879

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
e68fbd7622b181ca2c117613e15fc5bf

SHA1
e67623ebc7518da8b6b5b3eb6894a4e7a382e2ad

SHA256
eeda1b4cdd10d925b6af5dd5e904d7fc090405f0d09a95d3782a3742a1740fb8

SHA512
f71165ae7f6131b0d2888966ff56c27a030745d22d22c1c3b04f315f1f57d23687eee6f421c68aa96d4be6035a1a1992c0700dafa7eadedf33ba0af992f15f3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
fc4941d261af96a58f01c1e458a9c181

SHA1
6ffd4cafb3ad31a1cd5786acbf1ff86be00bbabc

SHA256
9c1e1eab532c29aaadd588ba911aef0e79ea657039c3619d4523e86f8b500451

SHA512
5c22092098fb5ac71724acd46a6bdb42443d445c4b019a00c384b59ea0e4034348993003c0719d7bd984afc102b16119b269bfcd8f188a35b2debf75635a8783

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c3e08d5f13207966d099334d2830362c

SHA1
4d320a1f1fb85f749c0fe02bc054a1404b95cb5c

SHA256
4b55370eeffd577999e9d02a09b0ffb0a70733351918f050fd568423077a2906

SHA512
0e626f8e463a883bb9df737af970b8365b141d5209b232049b7b6fe57631cde80eac05680df21a886c00accefa584fca871942090cce2953ca2452cc19f7807a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
1c631f03e5384ba921895131f23f5c27

SHA1
2359b9bdad97257546c095d90e22dfb91eccaf0e

SHA256
0a4ea2806b736614617fc8612830b71ed65fb8c71ba2c8363f71ac7b3915e226

SHA512
57be2adf36b2ca523f49732ff645e3f733f38f4226b348e611c8bfbc7c860496a349621cc476e845c935ce938bea4c4c84f1e6c71423cb613c59d92176b599ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
81f04508a1a1bb339ce82cc957bc3bfe

SHA1
573ea2902cc11d369478e982410512c57eae4066

SHA256
e724a0e81222a802a09ad2b52cd09577f223ee8f9e3b8f2e5621bf73b200d103

SHA512
176480f8647920050614ee00297d22d12ba0c9d0d9a2f2a27fcafb5452e5d735257755edd0ca23dd319b96865f58a4552c1e4268e8f1d824043988173aaf2259

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5966a0.TMP

Filesize
203B

MD5
f3bbe2f255f8bccbb713ba8091d00aa1

SHA1
19b44da7d627549e66b0d267c1daab604fa57975

SHA256
ede5ac857c313ecdc3f5093f30b7fc1ccab28ab8322f44cffd6545e9070ac646

SHA512
3490f4b74bd41adf9bd9301797c5a00cf15d9c00c55e01b34c9bbf7e57a11263a956e20041a9efd95b3727ece4eb3ffbe98d9be78f54385e99fe0de28ba52753

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
913b6d997042f82f91292a4d0804f3e1

SHA1
bdb5c9c7f2091182161c878e7e27b678b9444bfe

SHA256
aad25e9da4cb6b6fbb0a03657c00bf5964f6389bccb65486eddfa157e1b984ea

SHA512
324151ef9e086dbd4c6a3d8eaab85588d3c43ec903ae221926f8442aa8300c452beb3289afa7ae0ba3e44a6710ea30cc575c92a69d65491babd43185b7ed60f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0e9b6c82021e97e02b033873f3cd31ed

SHA1
8bde8f09b7dbffcdf932fe2f95484eaae0706ac0

SHA256
a53e686f26622afb23fc9878866c41a13bd14f1d401c153b9d51407cb22d73c1

SHA512
75f46e9776192d2e9ea4148d2a29ff1aebc09752bfe591cb854b32646da729ac90db1fdb36599e3246fb82dbe0ec955df8b41f01fb923c04f3302f8db7a7e385

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
87872e0ab4bfccaeb06cc1cbe748f1fc

SHA1
4a2972cf393ea1747a817c3f2e959a80c2d45484

SHA256
8e660199bd6021425108f6809d87cbeab8b30f543ca881eac473e4ab8e3991ca

SHA512
8eb6c1de668369b761aaac8cd256645037358f7063899ee3fadcd456088a783070503de74744055b8ed9e1fe6bb4632beefa06c01daa0b087b06eb1db14f1680

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a82efc65f87a06c24960bbcff2b15142

SHA1
bbb33f980ced24aba18b94b3c135dbc3b2be02ab

SHA256
7750892866d6f8f0b49915f90227deb36bf2efcff1505e343891d4e5274e7aa1

SHA512
b4e27b08a6b70c4bd36e7ab5805f50c6ec279024c1cd901c69c929fc142e80dc626014e2a991243e6d0fe69bd112c7c1bde01dd0eea1f0f3559744f23fcdd448

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f0f77b80a2a8b5f06c50a8223796acc6

SHA1
2d558a36127ab1a6b746cf066501b851bf04562c

SHA256
608459a49cd84b1efad7193b881d5d4a5efb5d62e9ce40369648dd50cd5533ae

SHA512
9ac2ca99b5700566b2771aa95d386654f11e76c0ccaaf36eaf4312c5f6da2ce34948a70bc93e59e2e4cdca1e01ed3935736ad37acabefc60ba6a3ba997edc9b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f6a727273c9b3b4993ded037caa7ddd2

SHA1
9391ce65cae30aef693b5f6d5f185fe383afde42

SHA256
b96f9958c383ad6fae75da6659a8363fd0545e579ac95962a2f692eb375793a6

SHA512
18aabd317ac437a3e1c56c8d11e601874d4eba6a9f076e5ff342bf163b94d18485d17f028b665f97d2b12b9aff25af9931a94ac09798dc8832cc310ffe0d879c

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
9bef7c41d0bb3a44a18c637e03b43e7e

SHA1
f093796be97df77af8a2595d56816f813d2f6558

SHA256
ffb02e89bbf055faff78823c2dfff35172c48a095d8f698bcdb447a86408ebf8

SHA512
7f543a259b79eb4ac25db95bd1059d746acfc192f3d5ddb44d3a63990a2cd31d6b404c0ec3b659457de58a5bad5254680764eaa6a7f6dc35076971f2542750fa

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
41ce6cd728e8893a0387cd1d5aaf201d

SHA1
c6c5257c73d52968b03fa7a332f61f050229999c

SHA256
c6ff6212cd4c01ff44605a8339568c3ed2b9dd85c7956873ee9db592e24b654d

SHA512
73c40effe3fa0c521cdd5347e85ac142666a5a7b982d96c80f4c08c079d2f5a8d58c12644af20f27b8480040eb74b28d0696be16fc9566c02bf2d60d08839c27

Download Submit
C:\Users\Admin\AppData\Local\Temp\nssB21C.tmp\LangDLL.dll

Filesize
5KB

MD5
4cdaaf5da900a8eaed090cd22b8f8781

SHA1
6c7d9cfd96e66d236b66b8d50d65083a0dbb1b11

SHA256
09477d605677bea48019b896f068ce6c2e89004e5c5f0a86c0276db30c6515a6

SHA512
3797d59aeb908dcd66c63eca76cb2064416d3b66033dc687bc7a9c50e2979c42ac94773f54bc8ec45a9cd69c8056b83a2bca6efcd703f71a4b5f67e166f1e06d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nssB21C.tmp\System.dll

Filesize
10KB

MD5
0ff5120f1afd0f295c2baa0f7192d3f8

SHA1
bde842d5d11005dcb4ff1d4ea97da31865477697

SHA256
4ca5bf1beb4b802914c4d3e2f37861f6ba5ecf969cfeadf5855edf58f647a721

SHA512
e049ffd7aace8d136eee007ee4f8dbc2ae8f3dce79d1c633d9654392240f8215787df8a6d08085257db51f28ff2a8023a13333dda3ea7f9bdc8b9c57b605f0a0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
7005c3d6b3757e1d9ceec677bf92cac5

SHA1
b4976ec5eda75033bc4ed7ba3bf2e58ffdfc898e

SHA256
c2ddb75bc1b7d38521dad6e9020ede2b68d23d624539de74962df8d8519036d0

SHA512
0249914f7ce83f1cdb41fa93214c3adf69fe7d4ab8a241acf7e98f8663f0e855649d218ab483816feab3f8ec01c9938d9f3aec1255b15e13f11d5029a57cbc09

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
90296273f2436365a718fa39c7d2c363

SHA1
471a5b3030b61e2655eb3468f6b4b808b6e69512

SHA256
d6da02b5899a4261da51188e8e48864516d275f0026298a0686bfbb614097e20

SHA512
2d52a78767646cbd5c4a2392fb0fab38a5bcc1b1d69b5355652bfd7cda328c6b4c769b5c5863964e30b7c6e8d7f5ff9a0659695d423e7456b52010a2497aee6b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
90f96db5319dae048223c3f4099a3ec2

SHA1
707f79ef4eec407535b5b6cfe1076fdc0fdb17b2

SHA256
ac075543bd30a9893713eef12947888908854c2211869f3e55b947481a0c64a8

SHA512
7ab9339e0175c0c43e6401b77c060e1e8628e22a757f3d018a5c952c693d84e947608058ea5844ae8620d1bb2fcc91e2684f1e5fae3bd7b536042a4c919fc06d

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 105666.crdownload

Filesize
1.8MB

MD5
50515f156ae516461e28dd453230d448

SHA1
3209574e09ec235b2613570e6d7d8d5058a64971

SHA256
f4afba646166999d6090b5beddde546450262dc595dddeb62132da70f70d14ca

SHA512
14593ca96d416a2fbb6bbbf8adec51978e6c0fb513882d5442ab5876e28dd79be14ca9dd77acff2d3d329cb7733f7e969e784c57e1f414d00f3c7b9d581638e5

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 384849.crdownload

Filesize
146B

MD5
1bbf33fe5b68041f578836ef844674c7

SHA1
68877fe64cd5f3bd605e6fe76776f35bd693366d

SHA256
f4997b548a30addef3ff2f93e567aa94b88fe5b94cc8a3a7ee8a1b583eb80926

SHA512
1e26408abbcfbc9f9f0e8ec78e3896a0f5a1134a185ef5f44e7f94ad8aa497adc0c04a440ad2e46cd018efdc0df6057770cea78f67003384b2dbe1363919d31f

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 57502.crdownload

Filesize
411KB

MD5
04251a49a240dbf60975ac262fc6aeb7

SHA1
e211ca63af2ab85ffab1e5fbbdf28a4ef8f77de0

SHA256
85a58aa96dccd94316a34608ba996656a22c8158d5156b6e454d9d69e6ff38c3

SHA512
3422a231e1dadb68d3567a99d46791392ecf5883fd3bbc2cae19a595364dac46e4b2712db70b61b488937d906413d39411554034ffd3058389700a93c17568d2

Download Submit
C:\Users\Admin\Downloads\butterfly-master.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\super mario 64 installer.bat

Filesize
146B

MD5
5f937264e55397d18cd70d50ead8ff24

SHA1
cab55962bbe605a537d377f2aa14362d7ebfbfd5

SHA256
e97c7fa830555727cf45fa284a133d4ff957e1b26850f59a049f7f6d3586f82a

SHA512
d41c19d07e3d5a325f4d2e48c712c3bcbd84bb10b95e17f5bd5232074b3c50ebd7ec572021f030f0eebda4eac9b74ae94a45f63d8253b4ab275c7aa14c4229b5

Download Submit
C:\Users\Admin\Downloads\super mario 64 installer.bat:Zone.Identifier

Filesize
477B

MD5
deda1e3b6bc56b2571c41a66f6eb98c2

SHA1
9b365e272685a23f568353e2c87cd604d07c4cf2

SHA256
5448a08eab330f6cf65e5e44344682a2c8eb57f934377eab84691e808efa9f4b

SHA512
9c15309d86f231fef2b0356ad82b651dcbe93a00f664e728523e594eacbbde69f82c3ac597890883dd7f104cd2fa0fc1d80b8dc7dd4b5f68639f1ba477355758

Download Submit
memory/480-2076-0x0000000000400000-0x000000000046E000-memory.dmp

Filesize
440KB

Download
memory/5108-2132-0x000001B148720000-0x000001B148721000-memory.dmp

Filesize
4KB

Download
memory/5108-2196-0x000001B148720000-0x000001B148721000-memory.dmp

Filesize
4KB

Download
memory/5108-2110-0x000001B148720000-0x000001B148721000-memory.dmp

Filesize
4KB

Download
memory/5108-2106-0x000001B148720000-0x000001B148721000-memory.dmp

Filesize
4KB

Download
memory/5108-2245-0x000001B148720000-0x000001B148721000-memory.dmp

Filesize
4KB

Download
memory/5108-2267-0x000001B148720000-0x000001B148721000-memory.dmp

Filesize
4KB

Download
memory/5108-2274-0x000001B148720000-0x000001B148721000-memory.dmp

Filesize
4KB

Download
memory/5108-2277-0x000001B148720000-0x000001B148721000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads