hxxps://drive[.]google[.]com/file/d/1zmVExGpsH2FKwcXGAn2dygrOLXfX-edX/view?usp=sharing

Analysis

max time kernel
247s
max time network
204s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
06-09-2024 02:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1zmVExGpsH2FKwcXGAn2dygrOLXfX-edX/view?usp=sharing

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
5	drive.google.com
8	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 24 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	insensetime4.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	insensetime4.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	insensetime4.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	insensetime4.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	insensetime4.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	insensetime4.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	insensetime4.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	insensetime4.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	insensetime4.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	insensetime4.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	insensetime4.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	insensetime4.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	insensetime4.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	insensetime4.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	insensetime4.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	insensetime4.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	insensetime4.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	insensetime4.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	insensetime4.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	insensetime4.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	insensetime4.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	insensetime4.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	insensetime4.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	insensetime4.exe

System Time Discovery 1 TTPs 4 IoCs

Adversary may gather the system time and/or time zone settings from a local or remote system.

discovery

System Time Discovery

T1124

pid	Process
3096	insensetime4.exe
7352	insensetime4.exe
10128	insensetime4.exe
4220	insensetime4.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Kills process with taskkill 3 IoCs

evasion

pid	Process
5828	taskkill.exe
7012	taskkill.exe
8516	taskkill.exe

Suspicious behavior: EnumeratesProcesses 21 IoCs

pid	Process
4256	msedge.exe
4256	msedge.exe
4716	msedge.exe
4716	msedge.exe
4132	identity_helper.exe
4132	identity_helper.exe
5548	msedge.exe
5548	msedge.exe
6228	msedge.exe
6228	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
7876	msedge.exe
7876	msedge.exe
8540	insensetime4.exe
8540	insensetime4.exe
1992	insensetime4.exe
1992	insensetime4.exe
5288	insensetime4.exe
5288	insensetime4.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	5828	taskkill.exe
Token: SeShutdownPrivilege	4840	insensetime4.exe
Token: SeCreatePagefilePrivilege	4840	insensetime4.exe
Token: SeShutdownPrivilege	5924	insensetime4.exe
Token: SeCreatePagefilePrivilege	5924	insensetime4.exe
Token: SeShutdownPrivilege	4840	insensetime4.exe
Token: SeCreatePagefilePrivilege	4840	insensetime4.exe
Token: 33	2672	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2672	AUDIODG.EXE
Token: SeShutdownPrivilege	5924	insensetime4.exe
Token: SeCreatePagefilePrivilege	5924	insensetime4.exe
Token: SeShutdownPrivilege	4840	insensetime4.exe
Token: SeCreatePagefilePrivilege	4840	insensetime4.exe
Token: SeShutdownPrivilege	5924	insensetime4.exe
Token: SeCreatePagefilePrivilege	5924	insensetime4.exe
Token: SeShutdownPrivilege	4840	insensetime4.exe
Token: SeCreatePagefilePrivilege	4840	insensetime4.exe
Token: SeShutdownPrivilege	5924	insensetime4.exe
Token: SeCreatePagefilePrivilege	5924	insensetime4.exe
Token: SeShutdownPrivilege	4840	insensetime4.exe
Token: SeCreatePagefilePrivilege	4840	insensetime4.exe
Token: SeDebugPrivilege	7012	taskkill.exe
Token: SeShutdownPrivilege	5924	insensetime4.exe
Token: SeCreatePagefilePrivilege	5924	insensetime4.exe
Token: SeShutdownPrivilege	4840	insensetime4.exe
Token: SeCreatePagefilePrivilege	4840	insensetime4.exe
Token: SeShutdownPrivilege	6940	insensetime4.exe
Token: SeCreatePagefilePrivilege	6940	insensetime4.exe
Token: SeShutdownPrivilege	5924	insensetime4.exe
Token: SeCreatePagefilePrivilege	5924	insensetime4.exe
Token: SeShutdownPrivilege	4840	insensetime4.exe
Token: SeCreatePagefilePrivilege	4840	insensetime4.exe
Token: SeShutdownPrivilege	6940	insensetime4.exe
Token: SeCreatePagefilePrivilege	6940	insensetime4.exe
Token: SeShutdownPrivilege	5924	insensetime4.exe
Token: SeCreatePagefilePrivilege	5924	insensetime4.exe
Token: SeShutdownPrivilege	4840	insensetime4.exe
Token: SeCreatePagefilePrivilege	4840	insensetime4.exe
Token: SeShutdownPrivilege	6940	insensetime4.exe
Token: SeCreatePagefilePrivilege	6940	insensetime4.exe
Token: SeShutdownPrivilege	5924	insensetime4.exe
Token: SeCreatePagefilePrivilege	5924	insensetime4.exe
Token: SeShutdownPrivilege	4840	insensetime4.exe
Token: SeCreatePagefilePrivilege	4840	insensetime4.exe
Token: SeShutdownPrivilege	6940	insensetime4.exe
Token: SeCreatePagefilePrivilege	6940	insensetime4.exe
Token: SeShutdownPrivilege	5924	insensetime4.exe
Token: SeCreatePagefilePrivilege	5924	insensetime4.exe
Token: SeShutdownPrivilege	4840	insensetime4.exe
Token: SeCreatePagefilePrivilege	4840	insensetime4.exe
Token: SeShutdownPrivilege	6940	insensetime4.exe
Token: SeCreatePagefilePrivilege	6940	insensetime4.exe
Token: SeShutdownPrivilege	5924	insensetime4.exe
Token: SeCreatePagefilePrivilege	5924	insensetime4.exe
Token: SeShutdownPrivilege	4840	insensetime4.exe
Token: SeCreatePagefilePrivilege	4840	insensetime4.exe
Token: SeShutdownPrivilege	6940	insensetime4.exe
Token: SeCreatePagefilePrivilege	6940	insensetime4.exe
Token: SeDebugPrivilege	8516	taskkill.exe
Token: SeShutdownPrivilege	5924	insensetime4.exe
Token: SeCreatePagefilePrivilege	5924	insensetime4.exe
Token: SeShutdownPrivilege	4840	insensetime4.exe
Token: SeCreatePagefilePrivilege	4840	insensetime4.exe
Token: SeShutdownPrivilege	6940	insensetime4.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe
4716	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4716 wrote to memory of 4440	4716	msedge.exe	83
PID 4716 wrote to memory of 4440	4716	msedge.exe	83
PID 4716 wrote to memory of 664	4716	msedge.exe	84
PID 4716 wrote to memory of 664	4716	msedge.exe	84
PID 4716 wrote to memory of 664	4716	msedge.exe	84
PID 4716 wrote to memory of 664	4716	msedge.exe	84
PID 4716 wrote to memory of 664	4716	msedge.exe	84
PID 4716 wrote to memory of 664	4716	msedge.exe	84
PID 4716 wrote to memory of 664	4716	msedge.exe	84
PID 4716 wrote to memory of 664	4716	msedge.exe	84
PID 4716 wrote to memory of 664	4716	msedge.exe	84
PID 4716 wrote to memory of 664	4716	msedge.exe	84
PID 4716 wrote to memory of 664	4716	msedge.exe	84
PID 4716 wrote to memory of 664	4716	msedge.exe	84
PID 4716 wrote to memory of 664	4716	msedge.exe	84
PID 4716 wrote to memory of 664	4716	msedge.exe	84
PID 4716 wrote to memory of 664	4716	msedge.exe	84
PID 4716 wrote to memory of 664	4716	msedge.exe	84
PID 4716 wrote to memory of 664	4716	msedge.exe	84
PID 4716 wrote to memory of 664	4716	msedge.exe	84
PID 4716 wrote to memory of 664	4716	msedge.exe	84
PID 4716 wrote to memory of 664	4716	msedge.exe	84
PID 4716 wrote to memory of 664	4716	msedge.exe	84
PID 4716 wrote to memory of 664	4716	msedge.exe	84
PID 4716 wrote to memory of 664	4716	msedge.exe	84
PID 4716 wrote to memory of 664	4716	msedge.exe	84
PID 4716 wrote to memory of 664	4716	msedge.exe	84
PID 4716 wrote to memory of 664	4716	msedge.exe	84
PID 4716 wrote to memory of 664	4716	msedge.exe	84
PID 4716 wrote to memory of 664	4716	msedge.exe	84
PID 4716 wrote to memory of 664	4716	msedge.exe	84
PID 4716 wrote to memory of 664	4716	msedge.exe	84
PID 4716 wrote to memory of 664	4716	msedge.exe	84
PID 4716 wrote to memory of 664	4716	msedge.exe	84
PID 4716 wrote to memory of 664	4716	msedge.exe	84
PID 4716 wrote to memory of 664	4716	msedge.exe	84
PID 4716 wrote to memory of 664	4716	msedge.exe	84
PID 4716 wrote to memory of 664	4716	msedge.exe	84
PID 4716 wrote to memory of 664	4716	msedge.exe	84
PID 4716 wrote to memory of 664	4716	msedge.exe	84
PID 4716 wrote to memory of 664	4716	msedge.exe	84
PID 4716 wrote to memory of 664	4716	msedge.exe	84
PID 4716 wrote to memory of 4256	4716	msedge.exe	85
PID 4716 wrote to memory of 4256	4716	msedge.exe	85
PID 4716 wrote to memory of 3120	4716	msedge.exe	86
PID 4716 wrote to memory of 3120	4716	msedge.exe	86
PID 4716 wrote to memory of 3120	4716	msedge.exe	86
PID 4716 wrote to memory of 3120	4716	msedge.exe	86
PID 4716 wrote to memory of 3120	4716	msedge.exe	86
PID 4716 wrote to memory of 3120	4716	msedge.exe	86
PID 4716 wrote to memory of 3120	4716	msedge.exe	86
PID 4716 wrote to memory of 3120	4716	msedge.exe	86
PID 4716 wrote to memory of 3120	4716	msedge.exe	86
PID 4716 wrote to memory of 3120	4716	msedge.exe	86
PID 4716 wrote to memory of 3120	4716	msedge.exe	86
PID 4716 wrote to memory of 3120	4716	msedge.exe	86
PID 4716 wrote to memory of 3120	4716	msedge.exe	86
PID 4716 wrote to memory of 3120	4716	msedge.exe	86
PID 4716 wrote to memory of 3120	4716	msedge.exe	86
PID 4716 wrote to memory of 3120	4716	msedge.exe	86
PID 4716 wrote to memory of 3120	4716	msedge.exe	86
PID 4716 wrote to memory of 3120	4716	msedge.exe	86
PID 4716 wrote to memory of 3120	4716	msedge.exe	86
PID 4716 wrote to memory of 3120	4716	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1zmVExGpsH2FKwcXGAn2dygrOLXfX-edX/view?usp=sharing
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcb34c46f8,0x7ffcb34c4708,0x7ffcb34c4718
  2⤵
  PID:4440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,11008184483319567060,12542413264107637989,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
  2⤵
  PID:664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,11008184483319567060,12542413264107637989,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,11008184483319567060,12542413264107637989,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:8
  2⤵
  PID:3120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,11008184483319567060,12542413264107637989,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:1840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,11008184483319567060,12542413264107637989,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:1584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,11008184483319567060,12542413264107637989,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
  2⤵
  PID:1208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,11008184483319567060,12542413264107637989,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:1
  2⤵
  PID:2372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2072,11008184483319567060,12542413264107637989,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6056 /prefetch:8
  2⤵
  PID:2032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,11008184483319567060,12542413264107637989,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
  2⤵
  PID:3492
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,11008184483319567060,12542413264107637989,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6444 /prefetch:8
  2⤵
  PID:1420
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,11008184483319567060,12542413264107637989,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6444 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,11008184483319567060,12542413264107637989,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6452 /prefetch:1
  2⤵
  PID:3580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,11008184483319567060,12542413264107637989,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6240 /prefetch:1
  2⤵
  PID:2536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,11008184483319567060,12542413264107637989,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6348 /prefetch:1
  2⤵
  PID:5220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,11008184483319567060,12542413264107637989,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6316 /prefetch:1
  2⤵
  PID:5228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2072,11008184483319567060,12542413264107637989,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6816 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,11008184483319567060,12542413264107637989,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
  2⤵
  PID:5632

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:728

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2740

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2536

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\insense time 4\insense time 4\funny.bat" "
1⤵
PID:5544
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /S /D /c" md 4201 "
  2⤵
  PID:5636
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /S /D /c" start insensetime4.exe"
  2⤵
  PID:5644
- - C:\Users\Admin\Downloads\insense time 4\insense time 4\insensetime4.exe
    insensetime4.exe
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of AdjustPrivilegeToken
    PID:4840
  - - C:\Users\Admin\Downloads\insense time 4\insense time 4\insensetime4.exe
      "C:\Users\Admin\Downloads\insense time 4\insense time 4\insensetime4.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\insense time 4" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1644 --field-trial-handle=1772,i,7605909421136647550,4172184307850403639,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      PID:5268
  - - C:\Users\Admin\Downloads\insense time 4\insense time 4\insensetime4.exe
      "C:\Users\Admin\Downloads\insense time 4\insense time 4\insensetime4.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\insense time 4" --mojo-platform-channel-handle=2132 --field-trial-handle=1772,i,7605909421136647550,4172184307850403639,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
      4⤵
      System Location Discovery: System Language Discovery
      System Time Discovery
      PID:4220
  - - C:\Users\Admin\Downloads\insense time 4\insense time 4\insensetime4.exe
      "C:\Users\Admin\Downloads\insense time 4\insense time 4\insensetime4.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\insense time 4" --app-path="C:\Users\Admin\Downloads\insense time 4\insense time 4\resources\app" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2460 --field-trial-handle=1772,i,7605909421136647550,4172184307850403639,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
      4⤵
      System Location Discovery: System Language Discovery
      PID:4632
  - - C:\Users\Admin\Downloads\insense time 4\insense time 4\insensetime4.exe
      "C:\Users\Admin\Downloads\insense time 4\insense time 4\insensetime4.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --user-data-dir="C:\Users\Admin\AppData\Roaming\insense time 4" --mojo-platform-channel-handle=3012 --field-trial-handle=1772,i,7605909421136647550,4172184307850403639,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
      4⤵
      System Location Discovery: System Language Discovery
      PID:5204
  - - C:\Users\Admin\Downloads\insense time 4\insense time 4\insensetime4.exe
      "C:\Users\Admin\Downloads\insense time 4\insense time 4\insensetime4.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\insense time 4" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2556 --field-trial-handle=1772,i,7605909421136647550,4172184307850403639,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:5288
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /S /D /c" md 5622 "
  2⤵
  PID:5664
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /S /D /c" start chromebomb.html"
  2⤵
  PID:5672
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Downloads\insense time 4\insense time 4\chromebomb.html
    3⤵
    PID:5712
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0x9c,0x128,0x7ffcb34c46f8,0x7ffcb34c4708,0x7ffcb34c4718
      4⤵
      PID:4304
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,14387393774150732398,11993950574544601933,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:7876
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /S /D /c" md 19601 "
  2⤵
  PID:5800
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /S /D /c" start funny.bat"
  2⤵
  PID:5804
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /K funny.bat
    3⤵
    PID:5772
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /S /D /c" md 4208 "
      4⤵
      PID:5320
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /S /D /c" start insensetime4.exe"
      4⤵
      PID:5328
    - - C:\Users\Admin\Downloads\insense time 4\insense time 4\insensetime4.exe
        
        insensetime4.exe
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious use of AdjustPrivilegeToken
        
        PID:5924
      - C:\Users\Admin\Downloads\insense time 4\insense time 4\insensetime4.exe
        
        "C:\Users\Admin\Downloads\insense time 4\insense time 4\insensetime4.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\insense time 4" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1616 --field-trial-handle=2096,i,10190741750195359586,16594690007217340799,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:972
      - C:\Users\Admin\Downloads\insense time 4\insense time 4\insensetime4.exe
        
        "C:\Users\Admin\Downloads\insense time 4\insense time 4\insensetime4.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\insense time 4" --mojo-platform-channel-handle=1980 --field-trial-handle=2096,i,10190741750195359586,16594690007217340799,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
        6⤵
        System Location Discovery: System Language Discovery
        System Time Discovery
        
        PID:3096
      - C:\Users\Admin\Downloads\insense time 4\insense time 4\insensetime4.exe
        
        "C:\Users\Admin\Downloads\insense time 4\insense time 4\insensetime4.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\insense time 4" --app-path="C:\Users\Admin\Downloads\insense time 4\insense time 4\resources\app" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2580 --field-trial-handle=2096,i,10190741750195359586,16594690007217340799,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:3492
      - C:\Users\Admin\Downloads\insense time 4\insense time 4\insensetime4.exe
        
        "C:\Users\Admin\Downloads\insense time 4\insense time 4\insensetime4.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --user-data-dir="C:\Users\Admin\AppData\Roaming\insense time 4" --mojo-platform-channel-handle=2984 --field-trial-handle=2096,i,10190741750195359586,16594690007217340799,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2472
      - C:\Users\Admin\Downloads\insense time 4\insense time 4\insensetime4.exe
        
        "C:\Users\Admin\Downloads\insense time 4\insense time 4\insensetime4.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\insense time 4" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2920 --field-trial-handle=2096,i,10190741750195359586,16594690007217340799,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
        6⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:1992
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /S /D /c" md 27119 "
      4⤵
      PID:4860
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /S /D /c" start chromebomb.html"
      4⤵
      PID:3656
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Downloads\insense time 4\insense time 4\chromebomb.html
        5⤵
        Enumerates system info in registry
        Suspicious behavior: EnumeratesProcesses
        Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        Suspicious use of FindShellTrayWindow
        
        PID:2156
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcb34c46f8,0x7ffcb34c4708,0x7ffcb34c4718
        6⤵
        
        PID:808
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=fallback-handler --database="C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --exception-pointers=67929205850112 --process=176 /prefetch:7 --thread=8072
        7⤵
        
        PID:4652
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,5048786012404537371,11546432090540725792,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
        6⤵
        
        PID:6180
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,5048786012404537371,11546432090540725792,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2584 /prefetch:3
        6⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:6228
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,5048786012404537371,11546432090540725792,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2700 /prefetch:8
        6⤵
        
        PID:6236
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,5048786012404537371,11546432090540725792,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
        6⤵
        
        PID:6460
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,5048786012404537371,11546432090540725792,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
        6⤵
        
        PID:6472
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,5048786012404537371,11546432090540725792,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
        6⤵
        
        PID:7816
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,5048786012404537371,11546432090540725792,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4308 /prefetch:1
        6⤵
        
        PID:8524
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /S /D /c" md 22561 "
      4⤵
      PID:6640
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /S /D /c" start funny.bat"
      4⤵
      PID:6808
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K funny.bat
        5⤵
        
        PID:6924
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" md 4221 "
        6⤵
        
        PID:6852
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" start insensetime4.exe"
        6⤵
        
        PID:6916
        
        C:\Users\Admin\Downloads\insense time 4\insense time 4\insensetime4.exe
        
        insensetime4.exe
        7⤵
        System Location Discovery: System Language Discovery
        Suspicious use of AdjustPrivilegeToken
        
        PID:6940
        
        C:\Users\Admin\Downloads\insense time 4\insense time 4\insensetime4.exe
        
        "C:\Users\Admin\Downloads\insense time 4\insense time 4\insensetime4.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\insense time 4" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1600 --field-trial-handle=1944,i,198021059237354583,6569245399850555889,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:7328
        
        C:\Users\Admin\Downloads\insense time 4\insense time 4\insensetime4.exe
        
        "C:\Users\Admin\Downloads\insense time 4\insense time 4\insensetime4.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\insense time 4" --mojo-platform-channel-handle=2144 --field-trial-handle=1944,i,198021059237354583,6569245399850555889,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
        8⤵
        System Location Discovery: System Language Discovery
        System Time Discovery
        
        PID:7352
        
        C:\Users\Admin\Downloads\insense time 4\insense time 4\insensetime4.exe
        
        "C:\Users\Admin\Downloads\insense time 4\insense time 4\insensetime4.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\insense time 4" --app-path="C:\Users\Admin\Downloads\insense time 4\insense time 4\resources\app" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2464 --field-trial-handle=1944,i,198021059237354583,6569245399850555889,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:7368
        
        C:\Users\Admin\Downloads\insense time 4\insense time 4\insensetime4.exe
        
        "C:\Users\Admin\Downloads\insense time 4\insense time 4\insensetime4.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --user-data-dir="C:\Users\Admin\AppData\Roaming\insense time 4" --mojo-platform-channel-handle=3544 --field-trial-handle=1944,i,198021059237354583,6569245399850555889,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:5744
        
        C:\Users\Admin\Downloads\insense time 4\insense time 4\insensetime4.exe
        
        "C:\Users\Admin\Downloads\insense time 4\insense time 4\insensetime4.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\insense time 4" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=824 --field-trial-handle=1944,i,198021059237354583,6569245399850555889,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
        8⤵
        System Location Discovery: System Language Discovery
        Suspicious behavior: EnumeratesProcesses
        
        PID:8540
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" md 4576 "
        6⤵
        
        PID:7864
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" start chromebomb.html"
        6⤵
        
        PID:8104
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Downloads\insense time 4\insense time 4\chromebomb.html
        7⤵
        
        PID:8304
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcb34c46f8,0x7ffcb34c4708,0x7ffcb34c4718
        8⤵
        
        PID:8356
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" md 28482 "
        6⤵
        
        PID:9016
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" start funny.bat"
        6⤵
        
        PID:9028
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K funny.bat
        7⤵
        
        PID:9064
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" md 4244 "
        8⤵
        
        PID:9432
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" start insensetime4.exe"
        8⤵
        
        PID:9460
        
        C:\Users\Admin\Downloads\insense time 4\insense time 4\insensetime4.exe
        
        insensetime4.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:9500
        
        C:\Users\Admin\Downloads\insense time 4\insense time 4\insensetime4.exe
        
        "C:\Users\Admin\Downloads\insense time 4\insense time 4\insensetime4.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\insense time 4" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1604 --field-trial-handle=2232,i,14710257680272749666,13050500216136921742,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:10116
        
        C:\Users\Admin\Downloads\insense time 4\insense time 4\insensetime4.exe
        
        "C:\Users\Admin\Downloads\insense time 4\insense time 4\insensetime4.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\insense time 4" --mojo-platform-channel-handle=1980 --field-trial-handle=2232,i,14710257680272749666,13050500216136921742,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
        10⤵
        System Location Discovery: System Language Discovery
        System Time Discovery
        
        PID:10128
        
        C:\Users\Admin\Downloads\insense time 4\insense time 4\insensetime4.exe
        
        "C:\Users\Admin\Downloads\insense time 4\insense time 4\insensetime4.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\insense time 4" --app-path="C:\Users\Admin\Downloads\insense time 4\insense time 4\resources\app" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2560 --field-trial-handle=2232,i,14710257680272749666,13050500216136921742,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:9364
        
        C:\Users\Admin\Downloads\insense time 4\insense time 4\insensetime4.exe
        
        "C:\Users\Admin\Downloads\insense time 4\insense time 4\insensetime4.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --user-data-dir="C:\Users\Admin\AppData\Roaming\insense time 4" --mojo-platform-channel-handle=3028 --field-trial-handle=2232,i,14710257680272749666,13050500216136921742,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:10292
        
        C:\Users\Admin\Downloads\insense time 4\insense time 4\insensetime4.exe
        
        "C:\Users\Admin\Downloads\insense time 4\insense time 4\insensetime4.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\insense time 4" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2928 --field-trial-handle=2232,i,14710257680272749666,13050500216136921742,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:3312
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" md 14279 "
        8⤵
        
        PID:10412
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" start chromebomb.html"
        8⤵
        
        PID:10428
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Downloads\insense time 4\insense time 4\chromebomb.html
        9⤵
        
        PID:11188
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcb34c46f8,0x7ffcb34c4708,0x7ffcb34c4718
        10⤵
        
        PID:11204
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" md 22459 "
        8⤵
        
        PID:10732
      - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im "explorer.exe"
        6⤵
        Kills process with taskkill
        Suspicious use of AdjustPrivilegeToken
        
        PID:8516
      - C:\Windows\system32\cmd.exe
        
        cmd.exe
        6⤵
        
        PID:9624
      - C:\Windows\system32\cmd.exe
        
        cmd.exe
        6⤵
        
        PID:9816
      - C:\Windows\system32\cmd.exe
        
        cmd.exe
        6⤵
        
        PID:9916
      - C:\Windows\system32\cmd.exe
        
        cmd.exe
        6⤵
        
        PID:3108
      - C:\Windows\system32\cmd.exe
        
        cmd.exe
        6⤵
        
        PID:10304
      - C:\Windows\system32\cmd.exe
        
        cmd.exe
        6⤵
        
        PID:10672
      - C:\Windows\system32\cmd.exe
        
        cmd.exe
        6⤵
        
        PID:10772
      - C:\Windows\system32\cmd.exe
        
        cmd.exe
        6⤵
        
        PID:10976
      - C:\Windows\system32\cmd.exe
        
        cmd.exe
        6⤵
        
        PID:11128
      - C:\Windows\system32\cmd.exe
        
        cmd.exe
        6⤵
        
        PID:4596
      - C:\Windows\system32\cmd.exe
        
        cmd.exe
        6⤵
        
        PID:2804
      - C:\Windows\system32\cmd.exe
        
        cmd.exe
        6⤵
        
        PID:10540
      - C:\Windows\system32\cmd.exe
        
        cmd.exe
        6⤵
        
        PID:11148
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im "explorer.exe"
      4⤵
      Kills process with taskkill
      Suspicious use of AdjustPrivilegeToken
      PID:7012
  - - C:\Windows\system32\cmd.exe
      cmd.exe
      4⤵
      PID:7888
  - - C:\Windows\system32\cmd.exe
      cmd.exe
      4⤵
      PID:7908
  - - C:\Windows\system32\cmd.exe
      cmd.exe
      4⤵
      PID:7916
  - - C:\Windows\system32\cmd.exe
      cmd.exe
      4⤵
      PID:7924
  - - C:\Windows\system32\cmd.exe
      cmd.exe
      4⤵
      PID:7932
  - - C:\Windows\system32\cmd.exe
      cmd.exe
      4⤵
      PID:7940
  - - C:\Windows\system32\cmd.exe
      cmd.exe
      4⤵
      PID:7180
  - - C:\Windows\system32\cmd.exe
      cmd.exe
      4⤵
      PID:7504
  - - C:\Windows\system32\cmd.exe
      cmd.exe
      4⤵
      PID:8204
  - - C:\Windows\system32\cmd.exe
      cmd.exe
      4⤵
      PID:8328
  - - C:\Windows\system32\cmd.exe
      cmd.exe
      4⤵
      PID:8704
  - - C:\Windows\system32\cmd.exe
      cmd.exe
      4⤵
      PID:8812
  - - C:\Windows\system32\cmd.exe
      cmd.exe
      4⤵
      PID:8908
  - - C:\Windows\system32\cmd.exe
      cmd.exe
      4⤵
      PID:8968
  - - C:\Windows\system32\cmd.exe
      cmd.exe
      4⤵
      PID:9116
  - - C:\Windows\system32\cmd.exe
      cmd.exe
      4⤵
      PID:8768
  - - C:\Windows\system32\cmd.exe
      cmd.exe
      4⤵
      PID:9148
  - - C:\Windows\system32\cmd.exe
      cmd.exe
      4⤵
      PID:9028
  - - C:\Windows\system32\cmd.exe
      cmd.exe
      4⤵
      PID:9252
  - - C:\Windows\system32\cmd.exe
      cmd.exe
      4⤵
      PID:9340
  - - C:\Windows\system32\cmd.exe
      cmd.exe
      4⤵
      PID:9544
  - - C:\Windows\system32\cmd.exe
      cmd.exe
      4⤵
      PID:9736
  - - C:\Windows\system32\cmd.exe
      cmd.exe
      4⤵
      PID:9864
  - - C:\Windows\system32\cmd.exe
      cmd.exe
      4⤵
      PID:10016
  - - C:\Windows\system32\cmd.exe
      cmd.exe
      4⤵
      PID:10124
  - - C:\Windows\system32\cmd.exe
      cmd.exe
      4⤵
      PID:10632
  - - C:\Windows\system32\cmd.exe
      cmd.exe
      4⤵
      PID:10692
  - - C:\Windows\system32\cmd.exe
      cmd.exe
      4⤵
      PID:10708
  - - C:\Windows\system32\cmd.exe
      cmd.exe
      4⤵
      PID:10716
  - - C:\Windows\system32\cmd.exe
      cmd.exe
      4⤵
      PID:10844
  - - C:\Windows\system32\cmd.exe
      cmd.exe
      4⤵
      PID:10376
- C:\Windows\system32\taskkill.exe
  taskkill /f /im "explorer.exe"
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:5828
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:1980
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:4456
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:4584
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:2816
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:2544
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:3352
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:5172
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:3616
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:5424
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:5236
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:2736
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:5700
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:5796
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:4264
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:5108
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:6136
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:2884
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:5320
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:4712
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:3804
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:3864
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:2868
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:3508
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:3936
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:5472
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:5992
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:1176
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:2752
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:1432
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:544
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:7020
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:7032
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:7040
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:7048
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:6256
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:6480
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:6920
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:4792
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:7216
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:7644
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:7280
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:7448
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:7468
- - C:\Windows\System32\Conhost.exe
    \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    3⤵
    PID:7012
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:7336
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:8296
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:8320
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:8380
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:8636
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:8724
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:8828
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:8992
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:9136
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:9160
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:2992
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:4272
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:3756
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:9316
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:9416
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:9520
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:9708
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:9952
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:10200
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:10396
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:10452
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:10648
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:10904
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:11080
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:10480
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:11012
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:11080
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:10552
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:11232
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:11140
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:3480
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:11236

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4d0 0x424
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2672

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6684

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:7012

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\f5ae91c6ef674938bd9355ce37ed494a /t 2928 /p 2156
1⤵
PID:7564

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Time Discovery

T1124

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9e3fc58a8fb86c93d19e1500b873ef6f

SHA1
c6aae5f4e26f5570db5e14bba8d5061867a33b56

SHA256
828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4

SHA512
e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bbe020708f5a360984b6027354bdfcc2

SHA1
cf0404811f91b81a7251d500abf36ec9015176cd

SHA256
13a945f21d28b629bd8baefd981a8f41a4958b5137ed9ea2d3d7a9a91f44e1c9

SHA512
73f1fbfb1d2ca7b8df82f5d3d7ff2e3739d4fed9c3ebc49dee981b5d3c687a4680c9addabf59360af8b639b01aa72797bc762ef8cb1a47c887dddbfefdd8e258

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1a95e36ddb9b8e74c2747a3180e14860

SHA1
87cbe63a8378de8876269c08d5faac0df1e9b9f3

SHA256
937e495b0fb0fe818af6d045d649e555db5c16cf5999fb1e37cac3e3d2b87d47

SHA512
9cab35c4c45ba735d55260e484b3289443100b404fdf5836e00314d3a27f5efb264c949d686090aabcdac957e3e034f73b2816ca3f00ad434b87c0739a9d4a7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
27304926d60324abe74d7a4b571c35ea

SHA1
78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1

SHA256
7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de

SHA512
f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
7845717e1b5e74adcd8e36431bad8270

SHA1
c0f8cca7668b02d398e5351ddffe929146ce5033

SHA256
7fdf69a5d5c9cde9b793caeaee042882d1eb4f5636b839cbee3ee6b95fc3b752

SHA512
db348da5b79de5e56fe8327258361f3c8678ca29e7b62e3adfafe096d14d63d44668d402cf6837c9afa57cb0df87a490a9cf4003e7095baf93d156293939fb47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
69dfbecff19a1427e1fef2241c154612

SHA1
6e45e10afd88755930cd1a299eec6d5011ed4b74

SHA256
ebe41f1b82d429aac8af6f0a201933fd1e9ebea3ab7d65863adc757379c80c5a

SHA512
3ef3c41eb82db7278b882af4da10423cb01796ca9d5c8358a4fb533959938be75da516f9f62f1dce306708f5ca08b3bf2c914794789d80776b3e46ec1b073e7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
28KB

MD5
ba48e5edc5db36a173a159f7d215d87c

SHA1
d87bd55d425b430bd3cce643cafb6854f36866ef

SHA256
7879c399295347407818ed9f31df1967c4194235f15b2726675c59120af4ccf0

SHA512
1c765a7158a462b45b47df5655fa0d53c1ac21a78497e064b464915d0a15a562934b7186f3f81bca7a8ec7d96c2535e6964875de49f701f8ee21a63825d734aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
4a9e8941c6558c6e1472417f6ebd850a

SHA1
0d862c44d4d1938470b811af7ca6b8493da655a1

SHA256
5cc8000a4f076b40e36f158705d713dfbea67d0fe3d1c1b17336cf9cd34a4954

SHA512
425c0403b156a36fc3603706a4b27a5f9cdbe071e8f03ca2dbf83005eab44d5631697689975303b1463307a00a5e004bbd4e0f989283dbb40c3b438f6e152c3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
1KB

MD5
05cd4d960b79d386e212805e93d7fa88

SHA1
8e0b73e7496c1c2480d315db54e28c4aa64eaed0

SHA256
4dc074065d91a1e94e63a0dd1ad58e5beb1c8f5c1b65349c884dad377c330557

SHA512
b9c74f4747470bbe1fd17917250fded49ae5dd17139104c28e7c4d931c564a76aa2025d7531b62cd70334cc7239daea7250d92d6f06deb516d29c6eec149f91b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

Filesize
28KB

MD5
ecae9f5b0673d16efb3ad8e5ee232d6e

SHA1
3f2e0e73c8f464c7a2c23585b93ccebfff110e91

SHA256
658ccbf28993481673d556a007e9b5b1d01f3a216d3518271d2e2e744fa49553

SHA512
5801a28dbff6373b82df7b662e40e752cad054ff6fad64a81522d7333e511da49a0a610dd58db75e5fd1b88233822a71669121a89265393e6946d58c0e08583d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
95B

MD5
e747f00bc750c8b5438d17c626546063

SHA1
42fdc138eb2e3f5b19b21426a0cf9aa08fc2578b

SHA256
eb8ea32b91057259f2cb40d6f8fc63367a39685486fa045bd0d4cd57b4613b06

SHA512
40ac77e5937d6a79f104bd309e7e6e5593bf3c03f02efdbda375df04a7cd26afa3a7f677e7184919e25673a53663bcf36364b5e277d499d97046837fccbdf4a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
25376cca9f27796db0241da7d9294418

SHA1
dc2b38f2ae0149d08ef49463a48898cffa35d1b5

SHA256
667dd3eb6b768adcb59e5ca01cdcbb187fa95ebd06e3b2bad0aea2d1c4d116fd

SHA512
afface6572fa2aad0ba07a5f2401b38fa8b999bb3a55db6df2f06e5e99fddc7cd79f34f027eb8f5ad4e478bb2161b2ef380f3f47e58ae6328fda7bc043d09f78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
3f29c6c6a206b15280fd8542794c70fa

SHA1
1a46a7765457f50d5442dcc9e24050f21912a627

SHA256
796b7d528929f847beff6f45285c6b1f514aca7cbd5b6283358c21745e674c47

SHA512
4b10958b7013fc1e57d0d50e8963b67193079903f204dcd84421f3d4fbce342b058a65882ea428cf6ada19856a1ffd0f1f8d808c1354f967775bb57744b5ab6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
447e1d0c1994d6bae58d4759d4ad7fc6

SHA1
744f9022fe6f37a60aca05b85e432abd50a157d9

SHA256
5be9dd98ad134398ef23edd21d2a94218349ec938eb7ef83622b1dbc72358cbe

SHA512
9d0df64bea808a891fcb8cc71098be582d7668d8c265d515e787f0d0b8d0f152043a2ca02b7d65b35958f79d8101a40db86f90e898ae3b3abc1defa314456d18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5a6336db5a5d1ec5c37860eab3feefb4

SHA1
d95984d5112615c9b85e2bf520946c1e8ae0b3d7

SHA256
867beb38af3090cb44f188439cc1a006ce05c3afdf4e7ea2677d60b356561ff0

SHA512
41fa4a0c0719c3a5123639a8327322886c8930e7c8a572cef4331fb4858ed0da35c12f1dd2cf256dbf6bb9e07ad4a9eca21614812d1e9adaf293f57848436c29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e9a432e8cac8a5b5f7111ee0a743ad03

SHA1
90dd5b96cab6e0ce4fd71dd1f28f461ad9327f45

SHA256
30f4eb2f24f1986a9eae9f76fb45a8abf9ca808d13a08fa9eb3744baa9583eda

SHA512
15cf9b8150074fdbb77ebdaab33f9b2454c8afe9b4b4a15d87b259a8907bd057d5146b3c74cd25e8a61bcbb929baf420a4f6fdca077f4aa7e103394bd0360371

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2f3da10677aa4a9ed7e1b6cb22311af3

SHA1
0d747df739d3948080b6eb6863e8bb14740ab5f5

SHA256
d7fc09ac9376734be7c8fd691db2fa310aba9c9a57b571e9d799bc79301aae5e

SHA512
3694b22655dd0db926bfc1702d1e3827caf6a115ab64195dc7156efe76f28ba27e649d0a8fd38386e7c8fb89d2c184557cf1d34978a91104014a99a947680c80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
820e4c83c8b0ad8b364baa78550f5c5b

SHA1
d2439241313b20befd20704769f2129ea0c0835a

SHA256
43f24ead5a18f4220b817af151eb90cc743c4208face953154ac769f0e7fcae3

SHA512
082d6a064cf8d8ea0abdf6cc4d90dec130ff7c1511606193376886cb7ffa0381dc837f6db0b2fe9aa4d500e761c9660b5e211712170d074dd47bf94288b0a268

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
616B

MD5
12189a7e4b6a75f816d87d0355f04250

SHA1
c230c9c5da9144b0172e7da23eb7410dc113f20a

SHA256
91c1a750b73ea3d994d015b29b58f5fbbbf9564d648b9efd889c60125c33aa22

SHA512
8ca25f7c2030c2d2b1a427ad7900247bd8cfb47ad7f35459ff600ae1f71961f8960e8d59df068bc1ddae1fd46b468f068c2a2a6d99c990398c53dcabedcedaac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
5f5bea5e3358a5edd9d4f549200a86bc

SHA1
e6bc3896cdbda1801a5e3bb933ada41191d3272e

SHA256
ed2811fff3b6a19673eab329f5e020f66cf43752ed0cdde9df6ce7ce870aef93

SHA512
6e93467028afd14252555530832e935a54ecb22a9c75acb7247a1445e9296e23204405a2e0a2a3a7bc2fe2f491e679f5572a2829889633787c6f43a389a00794

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13370063775163369

Filesize
22KB

MD5
3a37c11226d000d139532a6db96af19c

SHA1
2fe5100e149f3d27eb9e36b78c60ed6f5ec61f7d

SHA256
a778fc0b1cc2e2db874106587385ea43f14ad7f65a111a2dabf45eb42f7c070c

SHA512
d21f391d4eb6732e4ec4642dc2d776e463a5fe8a311e90c2201f16d4dd75a1619eab1be6f4ebf36d58bdcaaaa84fd52edaa26f19d91093e9df7109c22c81eec1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13370063775290369

Filesize
7KB

MD5
da50581134e36439a96e7caf3998fb1f

SHA1
1c49e7d09acb2f37be5c5aa4ac2e8c5308fe2036

SHA256
526d970c5f1a820ad808d390900454fcff45483e37e953ae41e9ff08ed9078fd

SHA512
402ea3b49601069ffd81b412222cc3318da6e87981079eaa351d34b689b49b8332951998ae4f10f5be10fabeefb586a7e1c638825b03488ecd077df3d4d54bcb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
184B

MD5
1c2cff401d601a64670a3ddb63afe96d

SHA1
9b689008ebf7335347cad4d1b1f15503987158ba

SHA256
431fd9a57b06ea0c2c50a443dfe7da2d5a9e92ddd69407b90ba60e34eef026cc

SHA512
8b684d903e04fc4cf168ee9061e1b91c45ba381afbf00258e7bbd568b2ea759520debf2c91b34fc87413a8a267e99e188cf3223acf7d5c95904c81e03fe4a96a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
90ea5aafdae414f8ac33321143b5cfe4

SHA1
e1e43178f913a9aceb4792f76c56865264158373

SHA256
3d2feb40d1527eb9ec691e7a0743470f5bd73d0dedc74e03a3c6c09f601e7bea

SHA512
440dc470d90f17425da19bc3f34fe9d37de9f2a5665b1b7b61c7b4f3258412b6291e10f34a269d5f3ec83c0ba9727e5f780bd6d0248a9d368751be7b59e75986

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
8f80d66eee228a505ac3045240eeb1fe

SHA1
a6e79eb3d939bc9e5801f853a93cf6d531d7c01e

SHA256
3ac348a557a8d0303e7afab7a012a32d08242bda147bcaa22218ecef8bb0714b

SHA512
4dfd1401686a28a84210a1881f49de8dd3555ead2e277e3fa1b69082f64a2e93021968f4a8cf6bec15dd3096f7523658e02f83f1a48d210250fb4fe06f0ed541

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
90f4977e0bdcf13bbce7090a714f7ef8

SHA1
58427dcf32013b99e2c05dd32e0e9c6fedbedadb

SHA256
3e1ccdeb0144b91261c4badcede69e0abaebc13b940f8d941ead0a32fc85b2f9

SHA512
ac8dcd2194fc4c68a57c97f0f492a08b98161735b5e463def6d6ab2161829f0601e40f761b893a5cf490c15232895501f026de5abb70ffcda185d31de8977134

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
a1176803303f75293b18287604745333

SHA1
c05b6159950e30647e5bd76b1222ba4b27a3eb36

SHA256
474a2055b2a3b9595c867e749d8f890469b012ac7c2c5b0c5f047b91b7df0019

SHA512
5068389dd7e7c8e3f39b53106c0c9d60cd29784750b7b27edc21d416d40cca0d44b4e81478619ed1199e530125142753859c945ab86d6c1f2c13c24b66e870af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
24KB

MD5
91a7f610d3712681e2a4ba666697c0a9

SHA1
5b8f1392c1a27a6443dd687b4cd262621cccc455

SHA256
ee809592effb59a839ee3b843ec45b840bf456096ac39dd63557a03fd6652387

SHA512
1c27a1dc0f90575f93a0ef3e941eeeaca76d4cbe2f4e0e3d97cfc8b44f9db04647e1a2a1692ac2c94a9fae35d94b6330448aae374cfe45a35cbf490fe70d6beb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
74f228d8de1cd2e816a7359c961a23f9

SHA1
1315d37fb11bee63ea83a69dec7c8b942e8a65c8

SHA256
9f17277afeb9fc7e2eef171157d27757ece09cd38c4a7eaebd6c34dce37dff23

SHA512
4ba064bbe7e0ed65cd146a1ccd10b9f82f3c1f19dede4396690e8ef6192766ff342d5d4e0b9447e3c9c32bfc1406030c7b3d5c7d447be4a9fd6afcd96028dd8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
594B

MD5
445029609df1a2a0484ad536c71da1b5

SHA1
6f0ea4c351251d7f1fd138368689cf0b5ecdf187

SHA256
5952af70d9961f20e72f8716dd5751b98fa118585095a9bcc152c730439e06f9

SHA512
f7af6f7eb0830912be3db146ac8f952226cfe5dd06f13760127c73f366ef122f76aa3d2fef9458c78a225f331a377d8a016a5e4ebbe0d8989607b97883d8b6c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
7ebf48c01572c49b55ea79888684b0aa

SHA1
b3f034ab3ea4bb1a876ca3646f9e68ad9738a8e0

SHA256
5cc530d180450ccc0db3ba8e3f815b773fa2af1f4acc4109b07ff9439e134cd3

SHA512
d6908d3cb02d40075cf9a298a1c737e7057f32e9f9a8128e2e8d684bea1ca8439abc7bec44f9350a6a29670a58e682d2feb9e4bfc8d2d24b2ad529ff1a59da13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
4b4e3474ffd0b4081f830550f048c48a

SHA1
fdc3b1194ae047506149e7b4eb04b23315333801

SHA256
6e93484a81ce430feb459d74caae5cffac0f6597203b24c2ecb0f3c1423f6c80

SHA512
65a9b88168d7a9791a5eaa4cb86851e3fbe147190464651708119f3d01061b228148cc7671cfb5e1d4d2a6cad46533f30757b806647ce876dfdbbdbb643c7e9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
78a2ff60f0bdd80719bcd060189bd4d6

SHA1
818c048f0e4ddb493fddcbc36492af44dd7e1a9e

SHA256
357ccd0c32a012c84aa32f32794fbd1e48825fdd08d9c108e85f24dad975c580

SHA512
3d879f23303abaa533f2bac88929420d30cdb0b4de119a5a76d5f65f14181f280e36ea40fd792648c35f31de1d3982882da62cf186fec76b6e7e5b9b4358fd5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
9e97a08bda077adfeb3186ec123ed505

SHA1
92a24d64db483a289e434aee5b9195523ec31d28

SHA256
a12b2db1a71fc9ab2599eef96bcdc212545966ffada22da03906bb1d6101b01e

SHA512
2edb173f2a8dac08e832b836fa9c14e73039704fea9c1ff63b985267a568cf3cf8d975ca44e9c7aa0b273af86169391872de5200fefba8297cee2437b1fea360

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001

Filesize
17KB

MD5
6bc4851424575eaf03ebe2efee6073ab

SHA1
2d014fe2feb929d03a46322645a94556ca5c9e96

SHA256
abaded8e235fdf329521806af30a1cc7701eaca3fe2efccb9da760ec6d8e5e4e

SHA512
af3b7d93fa2243475d74d4bd7f918ce2706bf6eca28029b9e49869f5f793e483efaafdfab1fed6306d5fc77a5ed3b27097b27448cd04560bed4df6fa3268ccf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000002

Filesize
17KB

MD5
fc97b88a7ce0b008366cd0260b0321dc

SHA1
4eae02aecb04fa15f0bb62036151fa016e64f7a9

SHA256
6388415a307a208b0a43b817ccd9e5fcdda9b6939ecd20ef4c0eda1aa3a0e49e

SHA512
889a0db0eb5ad4de4279b620783964bfda8edc6b137059d1ec1da9282716fe930f8c4ebfadea7cd5247a997f8d4d2990f7b972a17106de491365e3c2d2138175

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
ac8834f32ca34551cedc20733ade0a68

SHA1
121831530325134de0cd55986c9b7adfdcccabad

SHA256
b220c42172dbd1fa04185af84ab511e72e93ada9d852f848312a0b84deef7886

SHA512
b2c109eb584b65125f94adb39b0a9b484111320bdfb94952ccad1aea4e7403affa8d9172298f48be153c37787ea118feab921d5dd065b3925fd8cf005fdacc97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
127c49d577525692e3c60657a1f83807

SHA1
18f2de195c27c0b703415d1f212120c31b513134

SHA256
35c7f6a17fa6ad1a36531c04aa35f153c72bf92db6623eabde50eb59a7ae0b60

SHA512
082e01cde78140377f00a9ffc6160c71d60de075743d778ac8fc32fa1d5d185d9a2322260c3455bdd1f067da65c44d13c2e245601e6b870a870aaa43f7be20a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
e95f2907387bf97fba0b9c772b5b7348

SHA1
98b0367681b4d4efd3f25e4498a0b2d64b0e0984

SHA256
58f533c5291ad4dd9d9d6f280a8b0fc774a1d250e39b836c6c318b45435136d3

SHA512
8537908b0b6448d3119de7a22f69aed58a8137bf8b01f4811a3e5b779597a317457b165e63093caa0fd81f4d777a8f6fc50e5d2d4c943e1b94b55ab6e9571ed7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\insense time 4\0478b141-67bf-4814-8158-5c1c24c82f6b.tmp

Filesize
86B

MD5
d11dedf80b85d8d9be3fec6bb292f64b

SHA1
aab8783454819cd66ddf7871e887abdba138aef3

SHA256
8029940de92ae596278912bbbd6387d65f4e849d3c136287a1233f525d189c67

SHA512
6b7ec1ca5189124e0d136f561ca7f12a4653633e2d9452d290e658dfe545acf6600cc9496794757a43f95c91705e9549ef681d4cc9e035738b03a18bdc2e25f0

Download Submit
C:\Users\Admin\AppData\Roaming\insense time 4\Code Cache\wasm\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Roaming\insense time 4\Code Cache\wasm\index-dir\the-real-index

Filesize
48B

MD5
91a6b315e3020f6ce069f3ee691a580f

SHA1
44ca011fdb0aaf2bb5af6b12c73525e389ab15a7

SHA256
cf7ab69cc17de81556e4e96ad8efd6d5da2a2069656329c739e3ebcf2aa09461

SHA512
2a29d52ad220906bc29a88731a0970874b41368dee3ab22d1bc3a1686169a7c9d0353de505cff7d9fd479f6bbb80466f26e8579d74a335e9ae0169dd20bbd829

Download Submit
C:\Users\Admin\AppData\Roaming\insense time 4\DawnCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Roaming\insense time 4\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Roaming\insense time 4\GPUCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Roaming\insense time 4\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Roaming\insense time 4\Local State

Filesize
389B

MD5
bd91b0a4598a3683d7112e69b6fa2198

SHA1
6a4afe58ce460b3fa3935a047ca9a0fbdd74cf69

SHA256
40c8965eb98f4cf1694f8bdc6dbf9c5e051ae74d781573c7eee832a1f93ad1c5

SHA512
ae50e6244e23c02a0b9022ace11c5f90686391028e8c38af34b4becd68d6d5b64b1b5c0b0110953919432275d4662b2ac983f7b53db416956b9d54337c40f01d

Download Submit
C:\Users\Admin\AppData\Roaming\insense time 4\Local State

Filesize
389B

MD5
63e2fd5c2e03f0ac37ac3f2571ecaff4

SHA1
c5c76529064435757a10cad384993b75d5bb99f4

SHA256
faceb2927e4649ef9414e50f8b515f1300b2b2d100a88b048c3c64a52305c338

SHA512
a5518336980291c6d954a8a9da50d366e685c1e12dd2aeacaa687ff7bc6754213fef7626c479eaed43c7e8609956f9596b49bb931a1e37af4a6cc9a19d5b82a8

Download Submit
C:\Users\Admin\AppData\Roaming\insense time 4\Network\Network Persistent State

Filesize
300B

MD5
9b7802cc1f140753a051c09d66e3049c

SHA1
e674499a66aec14fbfe3ea04e88a37bf87cccc55

SHA256
6f201e11c23df6348451e5331714871c508dfbece0bcb600d1883c9665fa7da2

SHA512
0f93cf29c4262a34b56d42037fdd2ce3e753636351511bf89eae8958c0e5959be36b43781aa50cbc64715e038f33d781dd2dc5bee9be0097084756c78169b74c

Download Submit
C:\Users\Admin\AppData\Roaming\insense time 4\Network\Network Persistent State

Filesize
300B

MD5
ab28ef348394ac44fee993058bc62382

SHA1
64706b04da2f21c3b0e58e308b86be79f18f0135

SHA256
d20ef903d73b67d0b4e6a618c4cd9e0f391cda6ce7509cc81f58640126b43b6d

SHA512
add43d205f5c9d7a2f35f961625ef7067a063c557d7e31f41238bef33e15f3837a69b70c0a6618fafa612a94a91442a293fa36ba509c1acc4160ffb25db6ceb6

Download Submit
C:\Users\Admin\AppData\Roaming\insense time 4\Network\Network Persistent State

Filesize
300B

MD5
1728b3356e481137c70c7b1b4bcdf9dd

SHA1
b1375524476309d509a2a5978153c3333c06207a

SHA256
c08642f6d043e2f8b8ba7a7b8320c3a821a0ac4a18183ff1a7f4248f66a41d0e

SHA512
a8ef65a0f0f4f5d69814aa48381d9ab7a333db28d4bbeb07de7f028b8c20d774b51fbe56c62bedd7f0b2ca01a81b50de811e121828f256967cf5c42b599a734e

Download Submit
C:\Users\Admin\AppData\Roaming\insense time 4\Network\Network Persistent State

Filesize
300B

MD5
48c56822a1d0d37c445eccb8558b76ea

SHA1
9342291dd7ab730043161f94fb11e27aaee02a96

SHA256
47da259c39a6b8ecece5664c90477a7a053d5508fbd81423cd43f72ecac04c1c

SHA512
63cb07f51f20ab4802585f2675e697c622205dbece6675bbaca7c564e9353d1afb9fe4e63ff3749da8b0add7c89b6946d7c46f9232308b6a4334526880f0affb

Download Submit
C:\Users\Admin\AppData\Roaming\insense time 4\Network\TransportSecurity

Filesize
203B

MD5
4e5e63f6f7eaf5da438eb2f4af17e394

SHA1
e60b182346d1e7386857588d2a8ca6f14990b0e6

SHA256
7bb3e8fc623926d5e907acda33bc4df5fc66dff68bb445dfb89786cb805763d1

SHA512
b2dd020c0bb1277c99ef2dfbb73f416360929e82affbb8272dfdd7a98ebf79203785da382a7205079a8623d8bd05b5fd24fab3bfca09bcd8d9c3f8a2b5c00ef2

Download Submit
C:\Users\Admin\AppData\Roaming\insense time 4\Network\e9ba5d98-5d84-49de-abc8-394d553ee4b7.tmp

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Roaming\insense time 4\Preferences

Filesize
57B

MD5
58127c59cb9e1da127904c341d15372b

SHA1
62445484661d8036ce9788baeaba31d204e9a5fc

SHA256
be4b8924ab38e8acf350e6e3b9f1f63a1a94952d8002759acd6946c4d5d0b5de

SHA512
8d1815b277a93ad590ff79b6f52c576cf920c38c4353c24193f707d66884c942f39ff3989530055d2fade540ade243b41b6eb03cd0cc361c3b5d514cca28b50a

Download Submit
C:\Users\Admin\AppData\Roaming\insense time 4\Session Storage\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Roaming\insense time 4\Session Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Roaming\insense time 4\blob_storage\ccdb5bb8-f55c-409c-92d8-5f5184c142b4\0

Filesize
5.8MB

MD5
01bbf8154570c625d30d2d3e59ff1d69

SHA1
27cdab1b7c0e8f857e50b5eb181fd3930b92225d

SHA256
ccd2663cb9c3d58ec0ca2542fa02287a1eae025fd67f7fec4c8945a50fad5993

SHA512
9107fdca5c86d7c73533476e8512c53ccd9dcb64f0f637adad37f30edea340c7e90ce6d37b7426aecde4e052b2b4c7dcaacceb50bcaf982353e22edef803cd7c

Download Submit
memory/8540-660-0x000000000F310000-0x000000000F311000-memory.dmp

Filesize
4KB

Download
memory/8540-661-0x000000000F310000-0x000000000F311000-memory.dmp

Filesize
4KB

Download
memory/8540-665-0x000000000F310000-0x000000000F311000-memory.dmp

Filesize
4KB

Download
memory/8540-666-0x000000000F310000-0x000000000F311000-memory.dmp

Filesize
4KB

Download
memory/8540-671-0x000000000F310000-0x000000000F311000-memory.dmp

Filesize
4KB

Download
memory/8540-670-0x000000000F310000-0x000000000F311000-memory.dmp

Filesize
4KB

Download
memory/8540-669-0x000000000F310000-0x000000000F311000-memory.dmp

Filesize
4KB

Download
memory/8540-668-0x000000000F310000-0x000000000F311000-memory.dmp

Filesize
4KB

Download
memory/8540-667-0x000000000F310000-0x000000000F311000-memory.dmp

Filesize
4KB

Download
memory/8540-659-0x000000000F310000-0x000000000F311000-memory.dmp

Filesize
4KB

Download
memory/10732-569-0x00007FF7D9A60000-0x00007FF7D9AC7000-memory.dmp

Filesize
412KB

Download