hxxps://drive[.]google[.]com/file/d/1zmVExGpsH2FKwcXGAn2dygrOLXfX-edX/view?usp=sharing

Analysis

max time kernel
137s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
07-09-2024 00:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1zmVExGpsH2FKwcXGAn2dygrOLXfX-edX/view?usp=sharing

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
6	drive.google.com
9	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 19 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	insensetime4.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	insensetime4.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	insensetime4.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	insensetime4.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	insensetime4.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	insensetime4.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	insensetime4.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	insensetime4.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	insensetime4.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	insensetime4.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	insensetime4.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	insensetime4.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	insensetime4.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	insensetime4.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	insensetime4.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	insensetime4.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	insensetime4.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	insensetime4.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	insensetime4.exe

System Time Discovery 1 TTPs 4 IoCs

Adversary may gather the system time and/or time zone settings from a local or remote system.

discovery

System Time Discovery

T1124

pid	Process
2104	insensetime4.exe
5660	insensetime4.exe
6852	insensetime4.exe
9788	insensetime4.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	msedge.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	msedge.exe

Enumerates system info in registry 2 TTPs 8 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Kills process with taskkill 4 IoCs

evasion

pid	Process
8688	taskkill.exe
2996	taskkill.exe
5948	taskkill.exe
3768	taskkill.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
4836	msedge.exe
4836	msedge.exe
3368	msedge.exe
3368	msedge.exe
3984	identity_helper.exe
3984	identity_helper.exe
5556	msedge.exe
5556	msedge.exe
6108	msedge.exe
6108	msedge.exe
3796	msedge.exe
3796	msedge.exe
5764	msedge.exe
5764	msedge.exe
5764	msedge.exe
5764	msedge.exe
704	msedge.exe
704	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	5948	taskkill.exe
Token: SeShutdownPrivilege	2144	insensetime4.exe
Token: SeCreatePagefilePrivilege	2144	insensetime4.exe
Token: SeShutdownPrivilege	4280	insensetime4.exe
Token: SeCreatePagefilePrivilege	4280	insensetime4.exe
Token: SeShutdownPrivilege	2144	insensetime4.exe
Token: SeCreatePagefilePrivilege	2144	insensetime4.exe
Token: SeShutdownPrivilege	4280	insensetime4.exe
Token: SeCreatePagefilePrivilege	4280	insensetime4.exe
Token: 33	4180	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4180	AUDIODG.EXE
Token: SeShutdownPrivilege	2144	insensetime4.exe
Token: SeCreatePagefilePrivilege	2144	insensetime4.exe
Token: SeShutdownPrivilege	4280	insensetime4.exe
Token: SeCreatePagefilePrivilege	4280	insensetime4.exe
Token: SeShutdownPrivilege	2144	insensetime4.exe
Token: SeCreatePagefilePrivilege	2144	insensetime4.exe
Token: SeShutdownPrivilege	4280	insensetime4.exe
Token: SeCreatePagefilePrivilege	4280	insensetime4.exe
Token: SeShutdownPrivilege	2144	insensetime4.exe
Token: SeCreatePagefilePrivilege	2144	insensetime4.exe
Token: SeShutdownPrivilege	4280	insensetime4.exe
Token: SeCreatePagefilePrivilege	4280	insensetime4.exe
Token: SeShutdownPrivilege	2144	insensetime4.exe
Token: SeCreatePagefilePrivilege	2144	insensetime4.exe
Token: SeDebugPrivilege	3768	taskkill.exe
Token: SeShutdownPrivilege	4280	insensetime4.exe
Token: SeCreatePagefilePrivilege	4280	insensetime4.exe
Token: SeShutdownPrivilege	2144	insensetime4.exe
Token: SeCreatePagefilePrivilege	2144	insensetime4.exe
Token: SeShutdownPrivilege	4280	insensetime4.exe
Token: SeCreatePagefilePrivilege	4280	insensetime4.exe
Token: SeShutdownPrivilege	2144	insensetime4.exe
Token: SeCreatePagefilePrivilege	2144	insensetime4.exe
Token: SeShutdownPrivilege	4280	insensetime4.exe
Token: SeCreatePagefilePrivilege	4280	insensetime4.exe
Token: SeShutdownPrivilege	2144	insensetime4.exe
Token: SeCreatePagefilePrivilege	2144	insensetime4.exe
Token: SeShutdownPrivilege	4280	insensetime4.exe
Token: SeCreatePagefilePrivilege	4280	insensetime4.exe
Token: SeShutdownPrivilege	6252	insensetime4.exe
Token: SeCreatePagefilePrivilege	6252	insensetime4.exe
Token: SeShutdownPrivilege	2144	insensetime4.exe
Token: SeCreatePagefilePrivilege	2144	insensetime4.exe
Token: SeShutdownPrivilege	4280	insensetime4.exe
Token: SeCreatePagefilePrivilege	4280	insensetime4.exe
Token: SeShutdownPrivilege	6252	insensetime4.exe
Token: SeCreatePagefilePrivilege	6252	insensetime4.exe
Token: SeShutdownPrivilege	2144	insensetime4.exe
Token: SeCreatePagefilePrivilege	2144	insensetime4.exe
Token: SeShutdownPrivilege	4280	insensetime4.exe
Token: SeCreatePagefilePrivilege	4280	insensetime4.exe
Token: SeShutdownPrivilege	6252	insensetime4.exe
Token: SeCreatePagefilePrivilege	6252	insensetime4.exe
Token: SeShutdownPrivilege	2144	insensetime4.exe
Token: SeCreatePagefilePrivilege	2144	insensetime4.exe
Token: SeShutdownPrivilege	4280	insensetime4.exe
Token: SeCreatePagefilePrivilege	4280	insensetime4.exe
Token: SeShutdownPrivilege	6252	insensetime4.exe
Token: SeCreatePagefilePrivilege	6252	insensetime4.exe
Token: SeShutdownPrivilege	2144	insensetime4.exe
Token: SeCreatePagefilePrivilege	2144	insensetime4.exe
Token: SeShutdownPrivilege	4280	insensetime4.exe
Token: SeCreatePagefilePrivilege	4280	insensetime4.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe
3796	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3368 wrote to memory of 1420	3368	msedge.exe	83
PID 3368 wrote to memory of 1420	3368	msedge.exe	83
PID 3368 wrote to memory of 2656	3368	msedge.exe	84
PID 3368 wrote to memory of 2656	3368	msedge.exe	84
PID 3368 wrote to memory of 2656	3368	msedge.exe	84
PID 3368 wrote to memory of 2656	3368	msedge.exe	84
PID 3368 wrote to memory of 2656	3368	msedge.exe	84
PID 3368 wrote to memory of 2656	3368	msedge.exe	84
PID 3368 wrote to memory of 2656	3368	msedge.exe	84
PID 3368 wrote to memory of 2656	3368	msedge.exe	84
PID 3368 wrote to memory of 2656	3368	msedge.exe	84
PID 3368 wrote to memory of 2656	3368	msedge.exe	84
PID 3368 wrote to memory of 2656	3368	msedge.exe	84
PID 3368 wrote to memory of 2656	3368	msedge.exe	84
PID 3368 wrote to memory of 2656	3368	msedge.exe	84
PID 3368 wrote to memory of 2656	3368	msedge.exe	84
PID 3368 wrote to memory of 2656	3368	msedge.exe	84
PID 3368 wrote to memory of 2656	3368	msedge.exe	84
PID 3368 wrote to memory of 2656	3368	msedge.exe	84
PID 3368 wrote to memory of 2656	3368	msedge.exe	84
PID 3368 wrote to memory of 2656	3368	msedge.exe	84
PID 3368 wrote to memory of 2656	3368	msedge.exe	84
PID 3368 wrote to memory of 2656	3368	msedge.exe	84
PID 3368 wrote to memory of 2656	3368	msedge.exe	84
PID 3368 wrote to memory of 2656	3368	msedge.exe	84
PID 3368 wrote to memory of 2656	3368	msedge.exe	84
PID 3368 wrote to memory of 2656	3368	msedge.exe	84
PID 3368 wrote to memory of 2656	3368	msedge.exe	84
PID 3368 wrote to memory of 2656	3368	msedge.exe	84
PID 3368 wrote to memory of 2656	3368	msedge.exe	84
PID 3368 wrote to memory of 2656	3368	msedge.exe	84
PID 3368 wrote to memory of 2656	3368	msedge.exe	84
PID 3368 wrote to memory of 2656	3368	msedge.exe	84
PID 3368 wrote to memory of 2656	3368	msedge.exe	84
PID 3368 wrote to memory of 2656	3368	msedge.exe	84
PID 3368 wrote to memory of 2656	3368	msedge.exe	84
PID 3368 wrote to memory of 2656	3368	msedge.exe	84
PID 3368 wrote to memory of 2656	3368	msedge.exe	84
PID 3368 wrote to memory of 2656	3368	msedge.exe	84
PID 3368 wrote to memory of 2656	3368	msedge.exe	84
PID 3368 wrote to memory of 2656	3368	msedge.exe	84
PID 3368 wrote to memory of 2656	3368	msedge.exe	84
PID 3368 wrote to memory of 4836	3368	msedge.exe	85
PID 3368 wrote to memory of 4836	3368	msedge.exe	85
PID 3368 wrote to memory of 3976	3368	msedge.exe	86
PID 3368 wrote to memory of 3976	3368	msedge.exe	86
PID 3368 wrote to memory of 3976	3368	msedge.exe	86
PID 3368 wrote to memory of 3976	3368	msedge.exe	86
PID 3368 wrote to memory of 3976	3368	msedge.exe	86
PID 3368 wrote to memory of 3976	3368	msedge.exe	86
PID 3368 wrote to memory of 3976	3368	msedge.exe	86
PID 3368 wrote to memory of 3976	3368	msedge.exe	86
PID 3368 wrote to memory of 3976	3368	msedge.exe	86
PID 3368 wrote to memory of 3976	3368	msedge.exe	86
PID 3368 wrote to memory of 3976	3368	msedge.exe	86
PID 3368 wrote to memory of 3976	3368	msedge.exe	86
PID 3368 wrote to memory of 3976	3368	msedge.exe	86
PID 3368 wrote to memory of 3976	3368	msedge.exe	86
PID 3368 wrote to memory of 3976	3368	msedge.exe	86
PID 3368 wrote to memory of 3976	3368	msedge.exe	86
PID 3368 wrote to memory of 3976	3368	msedge.exe	86
PID 3368 wrote to memory of 3976	3368	msedge.exe	86
PID 3368 wrote to memory of 3976	3368	msedge.exe	86
PID 3368 wrote to memory of 3976	3368	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1zmVExGpsH2FKwcXGAn2dygrOLXfX-edX/view?usp=sharing
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffff40046f8,0x7ffff4004708,0x7ffff4004718
  2⤵
  PID:1420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,18364669410767263446,16756429755209383725,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2312 /prefetch:2
  2⤵
  PID:2656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,18364669410767263446,16756429755209383725,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,18364669410767263446,16756429755209383725,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8
  2⤵
  PID:3976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,18364669410767263446,16756429755209383725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,18364669410767263446,16756429755209383725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:2592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,18364669410767263446,16756429755209383725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4148 /prefetch:1
  2⤵
  PID:3988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,18364669410767263446,16756429755209383725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
  2⤵
  PID:2120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2156,18364669410767263446,16756429755209383725,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5628 /prefetch:8
  2⤵
  PID:4328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,18364669410767263446,16756429755209383725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
  2⤵
  PID:1064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,18364669410767263446,16756429755209383725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6412 /prefetch:1
  2⤵
  PID:1272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,18364669410767263446,16756429755209383725,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6428 /prefetch:1
  2⤵
  PID:800
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,18364669410767263446,16756429755209383725,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6756 /prefetch:8
  2⤵
  PID:4284
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,18364669410767263446,16756429755209383725,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6756 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,18364669410767263446,16756429755209383725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7064 /prefetch:1
  2⤵
  PID:5200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,18364669410767263446,16756429755209383725,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6332 /prefetch:1
  2⤵
  PID:5208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2156,18364669410767263446,16756429755209383725,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6828 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,18364669410767263446,16756429755209383725,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
  2⤵
  PID:5784

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2996

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3128

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2564

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\insense time 4\insense time 4\funny.bat" "
1⤵
PID:5024
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /S /D /c" md 4724 "
  2⤵
  PID:2132
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /S /D /c" start insensetime4.exe"
  2⤵
  PID:3560
- - C:\Users\Admin\Downloads\insense time 4\insense time 4\insensetime4.exe
    insensetime4.exe
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of AdjustPrivilegeToken
    PID:2144
  - - C:\Users\Admin\Downloads\insense time 4\insense time 4\insensetime4.exe
      "C:\Users\Admin\Downloads\insense time 4\insense time 4\insensetime4.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\insense time 4" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1692 --field-trial-handle=1780,i,11763426981272459926,11967651573232420011,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      PID:2192
  - - C:\Users\Admin\Downloads\insense time 4\insense time 4\insensetime4.exe
      "C:\Users\Admin\Downloads\insense time 4\insense time 4\insensetime4.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\insense time 4" --mojo-platform-channel-handle=2128 --field-trial-handle=1780,i,11763426981272459926,11967651573232420011,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
      4⤵
      System Location Discovery: System Language Discovery
      System Time Discovery
      PID:2104
  - - C:\Users\Admin\Downloads\insense time 4\insense time 4\insensetime4.exe
      "C:\Users\Admin\Downloads\insense time 4\insense time 4\insensetime4.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\insense time 4" --app-path="C:\Users\Admin\Downloads\insense time 4\insense time 4\resources\app" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2452 --field-trial-handle=1780,i,11763426981272459926,11967651573232420011,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
      4⤵
      System Location Discovery: System Language Discovery
      PID:2784
  - - C:\Users\Admin\Downloads\insense time 4\insense time 4\insensetime4.exe
      "C:\Users\Admin\Downloads\insense time 4\insense time 4\insensetime4.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --user-data-dir="C:\Users\Admin\AppData\Roaming\insense time 4" --mojo-platform-channel-handle=2968 --field-trial-handle=1780,i,11763426981272459926,11967651573232420011,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
      4⤵
      System Location Discovery: System Language Discovery
      PID:5620
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /S /D /c" md 2777 "
  2⤵
  PID:4748
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /S /D /c" start chromebomb.html"
  2⤵
  PID:2340
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Downloads\insense time 4\insense time 4\chromebomb.html
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of SendNotifyMessage
    PID:3796
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffff40046f8,0x7ffff4004708,0x7ffff4004718
      4⤵
      Checks processor information in registry
      Enumerates system info in registry
      Suspicious behavior: EnumeratesProcesses
      PID:5764
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1880,9544247282053070077,4113904949739499113,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1936 /prefetch:2
      4⤵
      PID:6096
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1880,9544247282053070077,4113904949739499113,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2524 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:6108
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1880,9544247282053070077,4113904949739499113,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2924 /prefetch:8
      4⤵
      PID:4600
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,9544247282053070077,4113904949739499113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
      4⤵
      PID:5200
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,9544247282053070077,4113904949739499113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
      4⤵
      PID:4304
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,9544247282053070077,4113904949739499113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2232 /prefetch:1
      4⤵
      PID:5808
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,9544247282053070077,4113904949739499113,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
      4⤵
      PID:7808
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /S /D /c" md 14664 "
  2⤵
  PID:5084
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /S /D /c" start funny.bat"
  2⤵
  PID:4660
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /K funny.bat
    3⤵
    PID:5900
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /S /D /c" md 4728 "
      4⤵
      PID:6040
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /S /D /c" start insensetime4.exe"
      4⤵
      PID:6116
    - - C:\Users\Admin\Downloads\insense time 4\insense time 4\insensetime4.exe
        
        insensetime4.exe
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious use of AdjustPrivilegeToken
        
        PID:4280
      - C:\Users\Admin\Downloads\insense time 4\insense time 4\insensetime4.exe
        
        "C:\Users\Admin\Downloads\insense time 4\insense time 4\insensetime4.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\insense time 4" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1632 --field-trial-handle=1912,i,10327601443770136633,9346431980108567605,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:1568
      - C:\Users\Admin\Downloads\insense time 4\insense time 4\insensetime4.exe
        
        "C:\Users\Admin\Downloads\insense time 4\insense time 4\insensetime4.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\insense time 4" --mojo-platform-channel-handle=2128 --field-trial-handle=1912,i,10327601443770136633,9346431980108567605,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
        6⤵
        System Location Discovery: System Language Discovery
        System Time Discovery
        
        PID:5660
      - C:\Users\Admin\Downloads\insense time 4\insense time 4\insensetime4.exe
        
        "C:\Users\Admin\Downloads\insense time 4\insense time 4\insensetime4.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\insense time 4" --app-path="C:\Users\Admin\Downloads\insense time 4\insense time 4\resources\app" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2380 --field-trial-handle=1912,i,10327601443770136633,9346431980108567605,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
        6⤵
        System Location Discovery: System Language Discovery
        
        PID:2028
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /S /D /c" md 13526 "
      4⤵
      PID:460
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /S /D /c" start chromebomb.html"
      4⤵
      PID:5952
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Downloads\insense time 4\insense time 4\chromebomb.html
        5⤵
        
        PID:3780
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffff40046f8,0x7ffff4004708,0x7ffff4004718
        6⤵
        
        PID:3896
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /S /D /c" md 32528 "
      4⤵
      PID:1976
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /S /D /c" start funny.bat"
      4⤵
      PID:2116
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K funny.bat
        5⤵
        
        PID:5836
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" md 4747 "
        6⤵
        
        PID:3888
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" start insensetime4.exe"
        6⤵
        
        PID:2088
        
        C:\Users\Admin\Downloads\insense time 4\insense time 4\insensetime4.exe
        
        insensetime4.exe
        7⤵
        System Location Discovery: System Language Discovery
        Suspicious use of AdjustPrivilegeToken
        
        PID:6252
        
        C:\Users\Admin\Downloads\insense time 4\insense time 4\insensetime4.exe
        
        "C:\Users\Admin\Downloads\insense time 4\insense time 4\insensetime4.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\insense time 4" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1624 --field-trial-handle=2008,i,6310047903095148745,15793700306666380489,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6840
        
        C:\Users\Admin\Downloads\insense time 4\insense time 4\insensetime4.exe
        
        "C:\Users\Admin\Downloads\insense time 4\insense time 4\insensetime4.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\insense time 4" --mojo-platform-channel-handle=2068 --field-trial-handle=2008,i,6310047903095148745,15793700306666380489,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
        8⤵
        System Location Discovery: System Language Discovery
        System Time Discovery
        
        PID:6852
        
        C:\Users\Admin\Downloads\insense time 4\insense time 4\insensetime4.exe
        
        "C:\Users\Admin\Downloads\insense time 4\insense time 4\insensetime4.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\insense time 4" --app-path="C:\Users\Admin\Downloads\insense time 4\insense time 4\resources\app" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2388 --field-trial-handle=2008,i,6310047903095148745,15793700306666380489,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:6888
        
        C:\Users\Admin\Downloads\insense time 4\insense time 4\insensetime4.exe
        
        "C:\Users\Admin\Downloads\insense time 4\insense time 4\insensetime4.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --user-data-dir="C:\Users\Admin\AppData\Roaming\insense time 4" --mojo-platform-channel-handle=2908 --field-trial-handle=2008,i,6310047903095148745,15793700306666380489,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
        8⤵
        System Location Discovery: System Language Discovery
        
        PID:2208
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" md 12480 "
        6⤵
        
        PID:1456
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" start chromebomb.html"
        6⤵
        
        PID:4900
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Downloads\insense time 4\insense time 4\chromebomb.html
        7⤵
        
        PID:7672
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffff40046f8,0x7ffff4004708,0x7ffff4004718
        8⤵
        
        PID:7712
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" md 8641 "
        6⤵
        
        PID:7864
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" start funny.bat"
        6⤵
        
        PID:6608
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K funny.bat
        7⤵
        
        PID:8344
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" md 4783 "
        8⤵
        
        PID:8972
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" start insensetime4.exe"
        8⤵
        
        PID:9024
        
        C:\Users\Admin\Downloads\insense time 4\insense time 4\insensetime4.exe
        
        insensetime4.exe
        9⤵
        System Location Discovery: System Language Discovery
        
        PID:8760
        
        C:\Users\Admin\Downloads\insense time 4\insense time 4\insensetime4.exe
        
        "C:\Users\Admin\Downloads\insense time 4\insense time 4\insensetime4.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\insense time 4" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1640 --field-trial-handle=2012,i,16278357174845340091,15097248148991011553,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:9752
        
        C:\Users\Admin\Downloads\insense time 4\insense time 4\insensetime4.exe
        
        "C:\Users\Admin\Downloads\insense time 4\insense time 4\insensetime4.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\insense time 4" --mojo-platform-channel-handle=2204 --field-trial-handle=2012,i,16278357174845340091,15097248148991011553,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
        10⤵
        System Location Discovery: System Language Discovery
        System Time Discovery
        
        PID:9788
        
        C:\Users\Admin\Downloads\insense time 4\insense time 4\insensetime4.exe
        
        "C:\Users\Admin\Downloads\insense time 4\insense time 4\insensetime4.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\insense time 4" --app-path="C:\Users\Admin\Downloads\insense time 4\insense time 4\resources\app" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2408 --field-trial-handle=2012,i,16278357174845340091,15097248148991011553,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:9816
        
        C:\Users\Admin\Downloads\insense time 4\insense time 4\insensetime4.exe
        
        "C:\Users\Admin\Downloads\insense time 4\insense time 4\insensetime4.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --user-data-dir="C:\Users\Admin\AppData\Roaming\insense time 4" --mojo-platform-channel-handle=2900 --field-trial-handle=2012,i,16278357174845340091,15097248148991011553,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:10268
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" md 32409 "
        8⤵
        
        PID:9828
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" start chromebomb.html"
        8⤵
        
        PID:9988
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Downloads\insense time 4\insense time 4\chromebomb.html
        9⤵
        
        PID:11008
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffff40046f8,0x7ffff4004708,0x7ffff4004718
        10⤵
        
        PID:10996
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,15234545406932258429,16528164927441577184,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
        10⤵
        
        PID:6036
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,15234545406932258429,16528164927441577184,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
        10⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:704
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" md 8539 "
        8⤵
        
        PID:11100
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" start funny.bat"
        8⤵
        
        PID:11092
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K funny.bat
        9⤵
        
        PID:11076
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" md 4822 "
        10⤵
        
        PID:2072
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" start insensetime4.exe"
        10⤵
        
        PID:3160
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im "explorer.exe"
        8⤵
        Kills process with taskkill
        
        PID:2996
        
        C:\Windows\system32\cmd.exe
        
        cmd.exe
        8⤵
        
        PID:11200
        
        C:\Windows\system32\cmd.exe
        
        cmd.exe
        8⤵
        
        PID:11240
        
        C:\Windows\system32\cmd.exe
        
        cmd.exe
        8⤵
        
        PID:10516
        
        C:\Windows\system32\cmd.exe
        
        cmd.exe
        8⤵
        
        PID:10920
        
        C:\Windows\system32\cmd.exe
        
        cmd.exe
        8⤵
        
        PID:10672
        
        C:\Windows\system32\cmd.exe
        
        cmd.exe
        8⤵
        
        PID:1948
      - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im "explorer.exe"
        6⤵
        Kills process with taskkill
        
        PID:8688
      - C:\Windows\system32\cmd.exe
        
        cmd.exe
        6⤵
        
        PID:9160
      - C:\Windows\system32\cmd.exe
        
        cmd.exe
        6⤵
        
        PID:8704
      - C:\Windows\system32\cmd.exe
        
        cmd.exe
        6⤵
        
        PID:9264
      - C:\Windows\system32\cmd.exe
        
        cmd.exe
        6⤵
        
        PID:9372
      - C:\Windows\system32\cmd.exe
        
        cmd.exe
        6⤵
        
        PID:9496
      - C:\Windows\system32\cmd.exe
        
        cmd.exe
        6⤵
        
        PID:10084
      - C:\Windows\system32\cmd.exe
        
        cmd.exe
        6⤵
        
        PID:9644
      - C:\Windows\system32\cmd.exe
        
        cmd.exe
        6⤵
        
        PID:10252
      - C:\Windows\system32\cmd.exe
        
        cmd.exe
        6⤵
        
        PID:10540
      - C:\Windows\system32\cmd.exe
        
        cmd.exe
        6⤵
        
        PID:10836
      - C:\Windows\system32\cmd.exe
        
        cmd.exe
        6⤵
        
        PID:10500
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im "explorer.exe"
      4⤵
      Kills process with taskkill
      Suspicious use of AdjustPrivilegeToken
      PID:3768
  - - C:\Windows\system32\cmd.exe
      cmd.exe
      4⤵
      PID:6288
  - - C:\Windows\system32\cmd.exe
      cmd.exe
      4⤵
      PID:6316
  - - C:\Windows\system32\cmd.exe
      cmd.exe
      4⤵
      PID:6440
  - - C:\Windows\system32\cmd.exe
      cmd.exe
      4⤵
      PID:6596
  - - C:\Windows\system32\cmd.exe
      cmd.exe
      4⤵
      PID:6756
  - - C:\Windows\system32\cmd.exe
      cmd.exe
      4⤵
      PID:6772
  - - C:\Windows\system32\cmd.exe
      cmd.exe
      4⤵
      PID:6952
  - - C:\Windows\system32\cmd.exe
      cmd.exe
      4⤵
      PID:7292
  - - C:\Windows\system32\cmd.exe
      cmd.exe
      4⤵
      PID:7396
  - - C:\Windows\system32\cmd.exe
      cmd.exe
      4⤵
      PID:7612
  - - C:\Windows\system32\cmd.exe
      cmd.exe
      4⤵
      PID:7824
  - - C:\Windows\system32\cmd.exe
      cmd.exe
      4⤵
      PID:7992
  - - C:\Windows\system32\cmd.exe
      cmd.exe
      4⤵
      PID:8028
  - - C:\Windows\system32\cmd.exe
      cmd.exe
      4⤵
      PID:8076
  - - C:\Windows\system32\cmd.exe
      cmd.exe
      4⤵
      PID:7312
  - - C:\Windows\system32\cmd.exe
      cmd.exe
      4⤵
      PID:8232
  - - C:\Windows\system32\cmd.exe
      cmd.exe
      4⤵
      PID:8352
  - - C:\Windows\system32\cmd.exe
      cmd.exe
      4⤵
      PID:8440
  - - C:\Windows\system32\cmd.exe
      cmd.exe
      4⤵
      PID:8568
  - - C:\Windows\system32\cmd.exe
      cmd.exe
      4⤵
      PID:8588
  - - C:\Windows\system32\cmd.exe
      cmd.exe
      4⤵
      PID:8808
  - - C:\Windows\system32\cmd.exe
      cmd.exe
      4⤵
      PID:8932
  - - C:\Windows\system32\cmd.exe
      cmd.exe
      4⤵
      PID:9076
  - - C:\Windows\system32\cmd.exe
      cmd.exe
      4⤵
      PID:8216
  - - C:\Windows\system32\cmd.exe
      cmd.exe
      4⤵
      PID:9108
  - - C:\Windows\system32\cmd.exe
      cmd.exe
      4⤵
      PID:9408
  - - C:\Windows\system32\cmd.exe
      cmd.exe
      4⤵
      PID:9524
  - - C:\Windows\system32\cmd.exe
      cmd.exe
      4⤵
      PID:9552
  - - C:\Windows\system32\cmd.exe
      cmd.exe
      4⤵
      PID:9560
  - - C:\Windows\system32\cmd.exe
      cmd.exe
      4⤵
      PID:9840
  - - C:\Windows\system32\cmd.exe
      cmd.exe
      4⤵
      PID:9900
  - - C:\Windows\system32\cmd.exe
      cmd.exe
      4⤵
      PID:10448
  - - C:\Windows\system32\cmd.exe
      cmd.exe
      4⤵
      PID:10720
  - - C:\Windows\system32\cmd.exe
      cmd.exe
      4⤵
      PID:11168
  - - C:\Windows\system32\cmd.exe
      cmd.exe
      4⤵
      PID:10960
- C:\Windows\system32\taskkill.exe
  taskkill /f /im "explorer.exe"
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:5948
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:5220
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:5580
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:4436
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:1800
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:4172
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:228
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:3704
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:4580
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:2584
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:1980
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:4972
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:1188
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:3220
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:4324
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:1244
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:5420
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:5072
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:2256
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:5112
- - C:\Windows\System32\Conhost.exe
    \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    3⤵
    PID:5084
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:5980
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:4836
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:608
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:5684
- - C:\Windows\System32\Conhost.exe
    \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    3⤵
    PID:1976
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:1956
- - C:\Windows\System32\Conhost.exe
    \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    3⤵
    PID:460
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:6176
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:6300
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:6340
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:6352
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:6548
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:6720
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:828
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:5432
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:6788
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:6904
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:7284
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:7620
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:7700
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:7832
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:7984
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:8008
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:8060
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:7304
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:7768
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:7592
- - C:\Windows\System32\Conhost.exe
    \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    3⤵
    PID:4900
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:8244
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:8448
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:8480
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:8600
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:8708
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:8816
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:8832
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:8964
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:9012
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:9144
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:8828
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:9348
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:9460
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:9596
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:9912
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:10232
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:10424
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:10440
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:10652
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:10912
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:10316
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:10548
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:10676
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:10700
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:10776

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4664

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1236

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3ec 0x49c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4180

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:7080

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:9512

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Time Discovery

T1124

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9b008261dda31857d68792b46af6dd6d

SHA1
e82dc88e2d1da2df7cb19d79a0346b9bb90d52b3

SHA256
9ac598d4f8170f7e475d84103aead9e3c23d5f2d292741a7f56a17bde8b6f7da

SHA512
78853091403a06beeec4998e2e3a4342111895ffd485f7f7cd367741a4883f7a25864cba00a6c86f27dc0c9ce9d04f08011ecc40c8ae9383d33274739ac39f10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
42a35bcabd69ad3963896791b8775d19

SHA1
b73d9840977c8e229f2f5c26a353e5775a16152e

SHA256
099ab7552c56556192c7fb5a634453f0225fcb6c30f0717e107bf8630cde7aa5

SHA512
d8ab8b0e870961e035b90b20781c66f9c23f90cc2e97d3eb657a70d64a0c1ecef7853053d6a83842d36fe0795b9fb6bdb167b0e8a016473e062cbb83ff55d9dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
26765ae01f684e494133667e78b130f2

SHA1
3990aedd696fdc1821578a22988e5e7d34ffe42c

SHA256
84fed24481c4750f30b39825418d88b4a8140b7e57affeb1099e59a5ae6e072a

SHA512
d2d0c05926322a456b8821ab249d396c704bfb4ae9951f9432078165542ebe77bd9140167ba7797bdd37f7c6458adc3ba1cc30e25b02f1f1c5cfe1a0f4218c96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0446fcdd21b016db1f468971fb82a488

SHA1
726b91562bb75f80981f381e3c69d7d832c87c9d

SHA256
62c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222

SHA512
1df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
8d1fcf19359063fc70279dcfc08beaad

SHA1
11a40f68e6886f85cf0ea0dd26539129ef35c103

SHA256
f7e634e0bb4928dd0bf73e4f4c0505b3b93009a1f98f44db7ca2c4025b5df006

SHA512
0405eb53b5b8d7f28f37031a2d8a4359df692b313e81e8137cc80c40614518cc83d3e4f3f83fa52a42c23dd496eeedc62315074c1dcb70ff462685c9899a7b3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
dcddce0813641cd9a6fc45f242c1b9e1

SHA1
e6f6d9b92eab262d2c7bb8ff529016c9556c9327

SHA256
f7116c381149a7454e5b6320f3f099ef8fc5e9bb4e7416a505b0bcd95ec0338a

SHA512
36515437951c30482713ec9001d25234afb2f97ccb5f12a0700c0eb4f78f6cbb85e3f9a8ea9d0bcd4cf10dcb7f19e44c279adbbc5239cf37f084999ced209a4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
28KB

MD5
857055d835dd81925e799a67d3745905

SHA1
184e56b3a81691a9ed61cad07309a8580b6ab57f

SHA256
5710ccc9acb0331d1d56bd397b571ed0742cc28df5547c76b9c886139d268594

SHA512
b0246bd32d6cb9a90c4b2c02b91f1ba74c43f8ac6e01810aef68e51006d72376e031ec78d33798474bbe9fb878e56057f0a8c4a47040dad955bc76a709dee93a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
acd7f67d31bc8ff834bc3536a7683589

SHA1
1e627903fb42b76e93afa4da72a4ea59f6c750d7

SHA256
728ad3b17bf2495375536b6dd5e2606b269f5e71a7e375545196d6beefe4d5f4

SHA512
e68d1d9f872ad421263681ec549f536d1bc6cb3eaa9086d66320b4d80c954f38515e025db86884ea3114235fe909d1261e1b50a5d0662632b16c96d501dc2fd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
0e62736a8bc679df50a5661aa5a5a3f9

SHA1
4aa852ec24eb32f0056c7815a6fb6e40dc7dc868

SHA256
cd8e7be49eb75ffdd6b4eb3521f61bdd3e5ebbaf65cbecfba14e534def6d47fc

SHA512
f8223fc69c75bca94f59cafa618430616757553f393f78ee191c16b0a7bae6ad6360973642532d8e01e47385de6e7f9ea1e68916a3735ed75660c2595b10c78c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
1KB

MD5
eddbea3833aef0512e6b3bf43d25c1cb

SHA1
f40cb47fc8fc543d5903daf5730839bcc4ad6f84

SHA256
9fcd662da6d74129a59ed1a79885920fc078e9e4894b54935310d11bd02661c8

SHA512
7666a22c3ec2e63a8b9025e6bcf7dc9a2cb1deeb78ea3297ef2f078ace362a6f03e4bcfbe74bb2852e000a414a53db6a3ebfefbaeec8025fd93f7342f7fe3831

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

Filesize
28KB

MD5
28afd086f59c45b882fec9a62c1068e0

SHA1
8217ac98f20ff4946dd2eea24959c261d40747e2

SHA256
22491aa9883ffa5d5c15694c4bda3ee7df329f77fd0a5cea8da67bf2bd75873a

SHA512
e00ebc9223df28cee710f376431b80364259ed53c6c8ba87b6f94e4e3b141f0fe9577a7859776458d83764988f16d781738f36e0242437eaabe3e522ad72f3c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
95B

MD5
e747f00bc750c8b5438d17c626546063

SHA1
42fdc138eb2e3f5b19b21426a0cf9aa08fc2578b

SHA256
eb8ea32b91057259f2cb40d6f8fc63367a39685486fa045bd0d4cd57b4613b06

SHA512
40ac77e5937d6a79f104bd309e7e6e5593bf3c03f02efdbda375df04a7cd26afa3a7f677e7184919e25673a53663bcf36364b5e277d499d97046837fccbdf4a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
896385b96aa7959761dfb074f559d6e6

SHA1
e114bbeeea390f5fe26111b5ecd1e06ffb8c4284

SHA256
4a81ddab91bdc6d9b653a9ec923c1d1d77532ac2977857261c5e5ed0978524b0

SHA512
c1f73601c3f7029cd18f9c162a3dd4a4e4bbee9e97fdf1dc70d58c9562dbc64f24384a1275c0cf5b25222cc54acb2c6997dc06f4e579ce36a12fa51ba0c4c445

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
fe08fb4fbdf756ff1a9081d1ca2f1e0d

SHA1
682c76ab7feb7fd97fc214c44f988b3550b507e9

SHA256
3c6dbaf2ca64e4533114de6c124c06b4b04a3fd2308bf8c94a228d96aad69785

SHA512
b10692c41b9b721a291f710fd2c4f141a0b0be7f83c1b3e15ece8ce5ff58c410abf1943cf837c8cbb7b63285c6c42d8254273106beb678e3ff31d962a84dab28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
de58918057a701c6d0cfb1b8ab977d4a

SHA1
d86b8a1804cc8fbab43408d62e0f48bac28e9e03

SHA256
b04a711ab76d7e06573cbe4588d22c84b8495394c5b6b82491a412a3bd67cd53

SHA512
5f2819f3ae55bd653c70d9c41888b79f4ab8db3a7898218c9507c03442ed1b6ff5931a4bbd84467f7e76250b3fb21661e823992631c3df4502591e1278b78239

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c5c6c1e7c901c0fb0e79a6166be38dc2

SHA1
d33a178aa4091626c37d99e11c7406c04ddf96e7

SHA256
a90834660085d15c16db33f5407c90fc1d96f8b604e18071e69aee0ce47bda8b

SHA512
814fe24a32137ea3e7d89ec2109ece7e8c9c97a919b65bb25992890f94cd63ec47735885da24cd82b15c2a567b3e6cb02719548628cd2819e81470a9d9523e6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0d922e38a81036760b077c110ddc400f

SHA1
5cb5917176e326323d1a9ee6e1c435ac140db2a9

SHA256
2ea3323f32e8131a1a9cf3ce8794e9f29f4ed6005a05bb3b546184275e9f43f2

SHA512
fbdffb049e00bea883d55291900010d43a1128c23ab6ccb7f2f52c8107585e53d2c6182abfab377ec83fbdfaaa90ebefd40079b566055cf34a44c1dbd3a55b7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d7bb6a1069fdf90322ccba3a2c56fb5c

SHA1
3ba6a920a83ceca6499b729f1c19dcb8300e4017

SHA256
347ed8c05d62069a5a79eec7b14a050573eb1ef5f5ab0165c3ecb1ef180b54b6

SHA512
28fab78b36b8ed80ea5a8cd086213db8d66e198981341e122914c2ba95be7f7ef68e0ff7cd0fa38ccf6b355f76f01b3270f3c933ed5201dce8aa2f2a0ab5f424

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
842b962148d7d8eadff04933f6611e12

SHA1
3daec71c7a49ee805dd544103dc64eab8e0ff20a

SHA256
8c9997b1d9c1d3d4215bcb45969a12dd8501f93c29196fd97359330fcf17fa5d

SHA512
66fc07d7aaa2e9644fcfe9bd77f7bd6f28fd465c80641023fe1bea8bf1d92f05dc22454477ebe9a132b1f3e5b1f3bd8376af9005d1f351c924135a9530a6992f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
616B

MD5
970d40d6e05e4b5368eecf97892e127b

SHA1
66a07159368e82998843b236e45db533dc6addf7

SHA256
a66b5c4d95c201f4c64b9345cd422c23f56425d188d83eb3e6e90553134b8ab8

SHA512
b856e5170819dac3c8174f3a6f99b53687cebb0faf08a8266165bfc9e221085af99b3e6cde3966c712df2353e1d82df181c9e1f21931eff8b5e104de5879960a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
7088c057fb504bdb3e1840fe0a2f10a4

SHA1
18ec9fc99eb852ffbc731f5d5065c610195acbbc

SHA256
8dadcc7dd3974fb79abb49f9816891efc9e84e54ea6c3d68e97a28c0ed376fc7

SHA512
f44c73a4e0e18c839a9655729c74cba91dd223f9637335129bfe8765bc2dbfeb013c7088426a322c566f08d9222ab162c92b46b561bb747637dc0f2bde7b2d2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13370144198210637

Filesize
22KB

MD5
4d5345d7784510067e747eed9ff749cb

SHA1
9e50e80a157a75d9d8b8d90fd9789634b153b708

SHA256
66677e7909cb28a9727e1e61671ab34fa438e1adf059be02432125480ffa6970

SHA512
f2b69603f7939a31325ca00f87edb87fb0677daa7a363678c5ed4ca6c69975eed9dc3277124d8b8a54b135caf2c9944909389d4fb516aa3ae2adcd1a46a19d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13370144198407637

Filesize
7KB

MD5
49530cf4886a46fcfd781bc708fe908a

SHA1
d40794af769fa8818f10eb1dd78dd7d115bd432a

SHA256
f809262dd4be65a4e68a04685a58718886aec572081ac3f23695a7f1be6f584b

SHA512
3d345d940d15061b53c5a5915c583dff9b7288cf2918ae0429a9d6a162ebba90ebe7868c55654b638db1812fce968e3e10af692a8cdbb03110e3810cf5a7d3c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
184B

MD5
53c45bc4f9948c42cbfc3a0783aaffae

SHA1
7734484535cc229d24e1364ab43f01692d60395a

SHA256
90cc44e719c5bb3cf1b40e248327736adbb0c71347c74f27c766c18484ea5d7b

SHA512
f21a2228de320fd1eae2c5439d0f193908258cbc4a1134b3494c040282bcedd01483302537dba5916e7884cafd07177267d6b4c5d9a962b00b76b9f96fa2de12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
2346de25cce98e6c15167af1269d1cde

SHA1
f368f700f8dbe670e1d377def842fa251c4fc8c4

SHA256
71b39e48240723a36fb01e81c92af6319b573d4e9006e9d450847de651fa12d0

SHA512
56d1baafe7db861b22e5d1d0e3350a3302eedc280c3544f64f547d26eccc7bd1acfe3c299e4ad3a6063e81ce46d24fdfded385e51648189cb093a48cf17420ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
ee74b4d335cc7e0359074ecb405a93a8

SHA1
234e6e4c56c28e2736acc61566e9c40af4de4fb6

SHA256
b726e9d9984243b0d890b8277f818019b821f5a625531d5534bb261aecc64139

SHA512
57005c3c5417e3bf62d3ba2346365faabb603dd4490afab16d5f4d2358512bd82ea4d19347949579a188efb2a8065a7750ac562f1fac04c7bf77d5eeb2608a61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
f95fbabf3ba7aaacc980c413bd97d546

SHA1
68f8368ad607b81ce70085b6d6b35c362eb00451

SHA256
9fc9e5ff5f01f948c73dddfac989542a0d2cb2ef8a9a39a23f2799005cbfda87

SHA512
4326786f07d47d7e208629611f5372829c9200360b679f98c814c10fd5884bd97145db1bfd2f2dcad232b39d80d596bc6b146ab4c6be3630b082091ec4514da4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
7978a66f0d49aa44b09ddaa443f65399

SHA1
a7217ecae633aafb86a7044a8f79fc157fce7025

SHA256
b19662593920e75de18b78385e46647d6f969b40d417cd540004424b8b517220

SHA512
c38a1b469ae4bb54aed26d20009787965baf05b141078814fb7af23d6a0f46d6dc3fa88fcb9a6c11ef342c1fc63e1912c54289486f707c1920b278d6e1da053e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
28KB

MD5
b9d71454a88b357e5b7045fd995c9440

SHA1
e6c3ea0e45646513c0df0bf2df4c2dd811c59ece

SHA256
c56660580829a43472a18bf53860263aae92c2b2c2a3fb4388b536558378bd34

SHA512
ad1f911599f8aee12c2886464e8df810bee8c9e6b2ae7c227622c55007a7cf1a60da2373db88fc92238cb68e866debffcfcdad911e5bcba2a504294725678739

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
ceee73431e241a41523a86b42bf43e62

SHA1
1c200a0947396978ced6e06e1394f8fd0d34ba4a

SHA256
a384add598ad113a539b2a10ed822bc39186f26b7c8ca3a831b4f075dbf2febf

SHA512
90ecc6f87bc63d48054b08ceef015c4bf03fa7e4b80d3d0b223b292dc76c9fb05d83dac07981e0fde11349a42398c7e118f14d168e612da6f686c42a143f6ef4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
594B

MD5
e1e7dd6b88b031f0473ace56c6103102

SHA1
173b17f8fa9eaa7769c6117479a141fa249f127b

SHA256
7cc855fee897eb5189db030e32abe1a0beff1fb62fd169400f4d2904dfde64f0

SHA512
a1abb51cb2e510504a715fe60f27f9cfe37efe97e7096f9d65d65b3f93dc55844beefa8c63a93d7a767e42856b17fec1bf44a76ce1f41fc50a26a74d264fca25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
f26fbb2f6f6a3a8cd4fd58af3cf5fb55

SHA1
46250396500c8fd55d054ad3d4c1d1c4c5ce553e

SHA256
b87f2c523d0fe9e484bd8b21540dac382ac27d9242353a4b68390e6f9b78b8df

SHA512
44c6e28b27266d8ea94b88aa7533fb52d47a08bfcec206b8c5648ea3d33c299dea9be85ac4565d8bdd68698105c29a0ce5585b2ed11c727793ee19741bff31e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
109389bb774d660d86f895f46532b65d

SHA1
f9b04adcc0487b6b0da0bac23f87d2c8e8899bcb

SHA256
8dcf9dccb2bd13e0e4ba02977335180e693d492b220ce594e60f0e4b0a7f27fa

SHA512
b52725ede46f98eb951b602327c4efd3c7e738be91b258288c79394d56320cf0461f8f8eea1161636992ac411fb8c0c12af5fc2db2e5c3beeb32f9d16a0b1789

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
c7a5801aecf27f0040fffe7ad99f8697

SHA1
a9e438fd4ee7948d30ef5ab70cdf5e47813fe302

SHA256
58c2a48d40c6c59ee307e1da4c9abe91e91ddaf4e091db6f6bc0f9fe16a4ac41

SHA512
79df3129b38d6efd63b700e5da431db1e7b90ae0f41560288dfb8436e26848bc4991cb4ea64165cb97183c002d7bc007af8779dcbe3a21d25ab8bb3e32a23f84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
851d112903c5057c6e6a51d907d0de61

SHA1
9454fc78118faf478dcc3d5943bfe64303b89814

SHA256
b9c32306fb555fd4afacc475a4185554b9e8810d1a0a986b983de8e8fb5775d1

SHA512
ef0cd5f43ba29c2b2a54f081dea9e37189bd3b45e7e1533bf8d904387259a961c3246fec4f21c56e02fc0ab3bab4ab346a107282bdddb8ee16e6e7b5806609e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001

Filesize
17KB

MD5
6bc4851424575eaf03ebe2efee6073ab

SHA1
2d014fe2feb929d03a46322645a94556ca5c9e96

SHA256
abaded8e235fdf329521806af30a1cc7701eaca3fe2efccb9da760ec6d8e5e4e

SHA512
af3b7d93fa2243475d74d4bd7f918ce2706bf6eca28029b9e49869f5f793e483efaafdfab1fed6306d5fc77a5ed3b27097b27448cd04560bed4df6fa3268ccf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000002

Filesize
17KB

MD5
fc97b88a7ce0b008366cd0260b0321dc

SHA1
4eae02aecb04fa15f0bb62036151fa016e64f7a9

SHA256
6388415a307a208b0a43b817ccd9e5fcdda9b6939ecd20ef4c0eda1aa3a0e49e

SHA512
889a0db0eb5ad4de4279b620783964bfda8edc6b137059d1ec1da9282716fe930f8c4ebfadea7cd5247a997f8d4d2990f7b972a17106de491365e3c2d2138175

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c28a09c4b46a25aaa6a05fc56f00f34b

SHA1
6951c3a3462fbdd1388f467aa7d32e61abe96c73

SHA256
dfa54c9ca4b264c6fb2ef88e45e7c597cb56a67bb46afe8bb838c34720ee3a2b

SHA512
5bea558a8ec4ed539c418ef7f10a8264bf06303d54e54a6743532945de2870c46dbe85cac159222fcd73b95b8977043dbdfedf2519590ca4361a811e8ff0d619

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e629dc9055966e987ce4dea965185c9a

SHA1
470d94d97771d5ede01443f8270c6b0715c63cfe

SHA256
233282efb9503e497e549c0dfcbd78ac81f93521c830982384982f4bb2fe4ddd

SHA512
84251536b40ed93987dfb95c93674090a47f791218dd49f60fece4cd9873f47602dcba918a1c0b478e714ff61770474428023658ee5efd2e038330bbbef33e47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
5a0a85e154211470776a2849c89d4927

SHA1
d5b7c505494cc358071a9fb8cd92c76829da315b

SHA256
0a2cce4ca614bc2e43aeb2c998be36f30bd6d333ed06c35080bcd033e3d523ee

SHA512
a6965cb0b13bf9cfc7a4067933b8165656f9bf1e8c4ccbf0ca0fd546354b7f15f789350e79e85e96308149fa94306987cccf67db12412a10871f9d720a94500c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
dd964825dce1c27b79a4828a54eaa908

SHA1
98ee12e62ba77728b019c2b0171d44c48323b517

SHA256
d0cf169fecebeaf9bf4229dfd3224e08e18b41ec34f676bbaf157fb470af88a1

SHA512
ac2b5f071113cca97a6afd429d4884205f40a28aa8ccf865249126e307dd68ae68337c4a8672817153c66097fc0e6b51e407465d3cc6e1146eca5e29d1fcc6f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
fd6c766deeefbf272e3035a8341ce371

SHA1
eee4b10d09c41d408a9a35adab22194cbc93d81a

SHA256
28126df03472ad9b3f228c12fc46cb26e3df9c408b9dabb860559aa55e1d0e2f

SHA512
349c44c96679554d4f344bcaf4c356923320d96ca18f4d6836b79e21615b14e0d1888c468c0a8385b2eb4e85663e224557cd31af6bf654c74479f2e87dea382b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
9d822207b191fe0809c483cffcb72aaf

SHA1
d2f3278033a1b5440b6581db10ed8cc3e4679112

SHA256
0a5739335a9cf90998daad6502db0d338f3b04e86a4e01a8c5480b46acd64002

SHA512
a9a6c32a1e870fb3cd29ff1e763c4e2e90033fb1d205da5e8670d229d698cded59e229d5ec60a272f36f553437f48096d6c75ed659d913f2400d37ff4a0c333a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres

Filesize
2KB

MD5
63d38f90bded93fcc45a9fe4fc8a193d

SHA1
28c59b14c35fd72ce1902c19a461438faec2eabd

SHA256
932601fb1a549c73ef938acde80bbbf48f956a6a22d71c6bbbdba113d47a29c1

SHA512
c7cca0c6b5bacae8e6fdeb038d0961d74638b46ae312a864795b9bd8b648aabe920bf18ad6ea885e91032f3b083b4589b82140c0091ffa057574a1c815ad52e3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\insense time 4\510cf3b3-d863-4ee0-b37f-f6d65cff4859.tmp

Filesize
57B

MD5
58127c59cb9e1da127904c341d15372b

SHA1
62445484661d8036ce9788baeaba31d204e9a5fc

SHA256
be4b8924ab38e8acf350e6e3b9f1f63a1a94952d8002759acd6946c4d5d0b5de

SHA512
8d1815b277a93ad590ff79b6f52c576cf920c38c4353c24193f707d66884c942f39ff3989530055d2fade540ade243b41b6eb03cd0cc361c3b5d514cca28b50a

Download Submit
C:\Users\Admin\AppData\Roaming\insense time 4\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
d0152250410a077c69c6910799022490

SHA1
fa03dc1f62bad057797531c33282d7b30a7f0e54

SHA256
64b5cb1d58340ebc63f84b9ffed3469f8bbc630b9ed8c824edafb7d06d841b85

SHA512
1ee08707bf669a336c534f96750acf7a600a6a031ad92dec6e01777dfc822798f592862efa46b58a019ac7c4031bac18ac380e4bb8a25e0e279e273cc575970f

Download Submit
C:\Users\Admin\AppData\Roaming\insense time 4\Code Cache\wasm\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Roaming\insense time 4\Code Cache\wasm\index-dir\the-real-index

Filesize
48B

MD5
69cf31542018d2dffee56c3dcbfbd5bf

SHA1
155b80f264af414d16f7de8f97b8816518c163c6

SHA256
13bd03bf89e1330e47aef51b5857d4118cec58aa2fe1ad0a2fc34c5895a8c296

SHA512
82096ee3b18c5f603c05e34763f856b0e6ef72fb752fbeb0e6a63be59a7798a4a5790bf8a38bef7df3a42339d3821a5c44a357567ed84e564b2462619c16ccc0

Download Submit
C:\Users\Admin\AppData\Roaming\insense time 4\GPUCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Roaming\insense time 4\Local State

Filesize
389B

MD5
c0eb50882d91c90b6c8b2e8fc6182c99

SHA1
8e44d9dd6ae9bfbf9062209775c14dc5eb22e2fe

SHA256
48be8ee2eb3bf5835f2702a210da52a02a69631f60ca7d1e39c52fa3965013d2

SHA512
add3a330a3d6f946bfc00fcc24f2a2ab68f1e66befc55852eeaa6a8ea11d9fa5ea95fc091d8c6dab858a70b1c33bdda77d028ed75318b944a347cbc615d282e3

Download Submit
C:\Users\Admin\AppData\Roaming\insense time 4\Local State

Filesize
389B

MD5
bc0543da027be33d04f7bbba9675d762

SHA1
45157c94021ab81277e20ba10c1257c1e0daae66

SHA256
667a30351e523599403107fb361d720e6f281cc1dbf47a526e9f30d1d2768fe6

SHA512
590ddbdee6cb813415b54bc040b1782ebe22d7d718245069038ceb105ed38cb9c07fae4fa32a5c1cb46c6726c3d5d79cf6e9adecc7ebbd97a30c20c11fe84d2a

Download Submit
C:\Users\Admin\AppData\Roaming\insense time 4\Network\4f84980b-93c8-45c9-9112-e0548e2b2fd9.tmp

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Roaming\insense time 4\Network\TransportSecurity

Filesize
203B

MD5
0c35c7d77dd705da389e31ec2314ae45

SHA1
00ff1e521c7907e34a7fe7b166729d0dbab0c9ce

SHA256
97b192b7d8f07c7b7e2823c3361a0f8dd72c36864f493d2ca8a1b106f3b0d458

SHA512
7a666228a1e9e43e70efe6271bd0fafaf3af26fd898c23535b12f956703a52b16dca0bd92023b87d37888bda376b5c6f376e11ef97edab4f795a5defaed3053f

Download Submit
C:\Users\Admin\AppData\Roaming\insense time 4\Network\TransportSecurity

Filesize
203B

MD5
d074e065bb83a2d9760f51beaf328cf0

SHA1
8776bdba9439399d4f5dc2e172a459931410c9fc

SHA256
1e0216ff757c2cbc0794e31be3930e04d330e0232d575f10a51e0e7d220e8d27

SHA512
78bf81decab0921b3042a32c44638795677f4133206fe5557d1d6954f65ae29e6a1e5482ebb7cb09d0a9a173aa10ba72f03cf83cd0316e666198594aebc7288c

Download Submit
C:\Users\Admin\AppData\Roaming\insense time 4\Preferences

Filesize
86B

MD5
d11dedf80b85d8d9be3fec6bb292f64b

SHA1
aab8783454819cd66ddf7871e887abdba138aef3

SHA256
8029940de92ae596278912bbbd6387d65f4e849d3c136287a1233f525d189c67

SHA512
6b7ec1ca5189124e0d136f561ca7f12a4653633e2d9452d290e658dfe545acf6600cc9496794757a43f95c91705e9549ef681d4cc9e035738b03a18bdc2e25f0

Download Submit
C:\Users\Admin\AppData\Roaming\insense time 4\blob_storage\f9a85a8a-1ecc-43aa-b5db-87dfb9e31616\0

Filesize
5.8MB

MD5
01bbf8154570c625d30d2d3e59ff1d69

SHA1
27cdab1b7c0e8f857e50b5eb181fd3930b92225d

SHA256
ccd2663cb9c3d58ec0ca2542fa02287a1eae025fd67f7fec4c8945a50fad5993

SHA512
9107fdca5c86d7c73533476e8512c53ccd9dcb64f0f637adad37f30edea340c7e90ce6d37b7426aecde4e052b2b4c7dcaacceb50bcaf982353e22edef803cd7c

Download Submit
C:\Users\Admin\AppData\Roaming\insense time 4\blob_storage\f9a85a8a-1ecc-43aa-b5db-87dfb9e31616\10

Filesize
3.6MB

MD5
506e9bbbdcc56437e4a56f4337266a9d

SHA1
820289c0874e93d07a35e876b9320ca1a23c44d0

SHA256
729010181bfdbdc343cf9bbdd0e9deb917a558e9eab62bc57000d5592299cdc6

SHA512
f73402e912840207f09ed5d8e32e6de7b16486513f1f2db3a1e38f2f61753cd869d3b09da511ca2dcd6fb7d795401dd16cff68a390b805599d758d6f45d7a813

Download Submit
memory/2144-606-0x00007FF802AF0000-0x00007FF802CE5000-memory.dmp

Filesize
2.0MB

Download
memory/2144-607-0x00007FF801520000-0x00007FF801579000-memory.dmp

Filesize
356KB

Download