Overview

overview

8

Static

static

1

URLScan

urlscan

1

http://brick-hill.com

windows11-21h2-x64

8

Analysis

  • max time kernel
    85s
  • max time network
    88s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    12/09/2024, 05:52

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    http://brick-hill.com

Score
8/10
defense_evasiondiscoveryupx

Malware Config

Signatures

  • Downloads MZ/PE file
  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • Executes dropped EXE 7 IoCs
  • Loads dropped DLL 24 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 5 IoCs
  • Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

    When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

    defense_evasion
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 7 IoCs
  • NTFS ADS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 13 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 55 IoCs
  • Suspicious use of SendNotifyMessage 22 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://brick-hill.com
    1⤵
    • Enumerates system info in registry
    • Modifies registry class
    • NTFS ADS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:5016
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffef9733cb8,0x7ffef9733cc8,0x7ffef9733cd8
      2⤵
        PID:2464
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1852,10491698874716248592,1390947929639846072,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1848 /prefetch:2
        2⤵
          PID:1088
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1852,10491698874716248592,1390947929639846072,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:1612
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1852,10491698874716248592,1390947929639846072,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2504 /prefetch:8
          2⤵
            PID:3756
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10491698874716248592,1390947929639846072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3112 /prefetch:1
            2⤵
              PID:4980
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10491698874716248592,1390947929639846072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3128 /prefetch:1
              2⤵
                PID:2536
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10491698874716248592,1390947929639846072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1
                2⤵
                  PID:3892
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1852,10491698874716248592,1390947929639846072,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5172 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:2200
                • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1852,10491698874716248592,1390947929639846072,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5616 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:4616
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10491698874716248592,1390947929639846072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
                  2⤵
                    PID:748
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10491698874716248592,1390947929639846072,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
                    2⤵
                      PID:800
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10491698874716248592,1390947929639846072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3848 /prefetch:1
                      2⤵
                        PID:2260
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10491698874716248592,1390947929639846072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
                        2⤵
                          PID:1644
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10491698874716248592,1390947929639846072,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
                          2⤵
                            PID:2436
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10491698874716248592,1390947929639846072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1
                            2⤵
                              PID:3120
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1852,10491698874716248592,1390947929639846072,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5792 /prefetch:8
                              2⤵
                                PID:1072
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1852,10491698874716248592,1390947929639846072,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6056 /prefetch:8
                                2⤵
                                • Subvert Trust Controls: Mark-of-the-Web Bypass
                                • NTFS ADS
                                • Suspicious behavior: EnumeratesProcesses
                                PID:3448
                              • C:\Users\Admin\Downloads\BrickHillSetup.exe
                                "C:\Users\Admin\Downloads\BrickHillSetup.exe"
                                2⤵
                                • Executes dropped EXE
                                • System Location Discovery: System Language Discovery
                                PID:3976
                                • C:\Users\Admin\AppData\Local\Temp\is-1SHD9.tmp\BrickHillSetup.tmp
                                  "C:\Users\Admin\AppData\Local\Temp\is-1SHD9.tmp\BrickHillSetup.tmp" /SL5="$7006C,810935,780288,C:\Users\Admin\Downloads\BrickHillSetup.exe"
                                  3⤵
                                  • Executes dropped EXE
                                  • Drops file in Program Files directory
                                  • System Location Discovery: System Language Discovery
                                  • Modifies registry class
                                  • Suspicious behavior: EnumeratesProcesses
                                  • Suspicious use of FindShellTrayWindow
                                  PID:4124
                                  • C:\Program Files (x86)\Brick Hill\legacy_autoupdater.exe
                                    "C:\Program Files (x86)\Brick Hill\legacy_autoupdater.exe"
                                    4⤵
                                    • Executes dropped EXE
                                    • System Location Discovery: System Language Discovery
                                    • Suspicious use of AdjustPrivilegeToken
                                    PID:2296
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10491698874716248592,1390947929639846072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
                                2⤵
                                  PID:1816
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10491698874716248592,1390947929639846072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
                                  2⤵
                                    PID:4300
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10491698874716248592,1390947929639846072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1236 /prefetch:1
                                    2⤵
                                      PID:2668
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10491698874716248592,1390947929639846072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6320 /prefetch:1
                                      2⤵
                                        PID:4556
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10491698874716248592,1390947929639846072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6352 /prefetch:1
                                        2⤵
                                          PID:1392
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10491698874716248592,1390947929639846072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6820 /prefetch:1
                                          2⤵
                                            PID:340
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10491698874716248592,1390947929639846072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6960 /prefetch:1
                                            2⤵
                                              PID:3184
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10491698874716248592,1390947929639846072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6944 /prefetch:1
                                              2⤵
                                                PID:2820
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10491698874716248592,1390947929639846072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7236 /prefetch:1
                                                2⤵
                                                  PID:3728
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10491698874716248592,1390947929639846072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7248 /prefetch:1
                                                  2⤵
                                                    PID:5036
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10491698874716248592,1390947929639846072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7244 /prefetch:1
                                                    2⤵
                                                      PID:1528
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10491698874716248592,1390947929639846072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7672 /prefetch:1
                                                      2⤵
                                                        PID:652
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10491698874716248592,1390947929639846072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7680 /prefetch:1
                                                        2⤵
                                                          PID:2092
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10491698874716248592,1390947929639846072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7812 /prefetch:1
                                                          2⤵
                                                            PID:364
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10491698874716248592,1390947929639846072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8528 /prefetch:1
                                                            2⤵
                                                              PID:5272
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10491698874716248592,1390947929639846072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8540 /prefetch:1
                                                              2⤵
                                                                PID:5280
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10491698874716248592,1390947929639846072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8796 /prefetch:1
                                                                2⤵
                                                                  PID:5288
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10491698874716248592,1390947929639846072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8804 /prefetch:1
                                                                  2⤵
                                                                    PID:5296
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10491698874716248592,1390947929639846072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9060 /prefetch:1
                                                                    2⤵
                                                                      PID:5304
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10491698874716248592,1390947929639846072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9200 /prefetch:1
                                                                      2⤵
                                                                        PID:5316
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10491698874716248592,1390947929639846072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
                                                                        2⤵
                                                                          PID:5748
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10491698874716248592,1390947929639846072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6940 /prefetch:1
                                                                          2⤵
                                                                            PID:5952
                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10491698874716248592,1390947929639846072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2472 /prefetch:1
                                                                            2⤵
                                                                              PID:1068
                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10491698874716248592,1390947929639846072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8120 /prefetch:1
                                                                              2⤵
                                                                                PID:4564
                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10491698874716248592,1390947929639846072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
                                                                                2⤵
                                                                                  PID:5680
                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10491698874716248592,1390947929639846072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9452 /prefetch:1
                                                                                  2⤵
                                                                                    PID:1180
                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10491698874716248592,1390947929639846072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8700 /prefetch:1
                                                                                    2⤵
                                                                                      PID:5512
                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10491698874716248592,1390947929639846072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8720 /prefetch:1
                                                                                      2⤵
                                                                                        PID:248
                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10491698874716248592,1390947929639846072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8256 /prefetch:1
                                                                                        2⤵
                                                                                          PID:1664
                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10491698874716248592,1390947929639846072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8872 /prefetch:1
                                                                                          2⤵
                                                                                            PID:5252
                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10491698874716248592,1390947929639846072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8080 /prefetch:1
                                                                                            2⤵
                                                                                              PID:3572
                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10491698874716248592,1390947929639846072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7308 /prefetch:1
                                                                                              2⤵
                                                                                                PID:6108
                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10491698874716248592,1390947929639846072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6676 /prefetch:1
                                                                                                2⤵
                                                                                                  PID:2092
                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10491698874716248592,1390947929639846072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6664 /prefetch:1
                                                                                                  2⤵
                                                                                                    PID:2768
                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10491698874716248592,1390947929639846072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
                                                                                                    2⤵
                                                                                                      PID:5332
                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10491698874716248592,1390947929639846072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9148 /prefetch:1
                                                                                                      2⤵
                                                                                                        PID:5356
                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10491698874716248592,1390947929639846072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9176 /prefetch:1
                                                                                                        2⤵
                                                                                                          PID:5364
                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10491698874716248592,1390947929639846072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6584 /prefetch:1
                                                                                                          2⤵
                                                                                                            PID:5372
                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10491698874716248592,1390947929639846072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9848 /prefetch:1
                                                                                                            2⤵
                                                                                                              PID:5792
                                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10491698874716248592,1390947929639846072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9976 /prefetch:1
                                                                                                              2⤵
                                                                                                                PID:3448
                                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10491698874716248592,1390947929639846072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10232 /prefetch:1
                                                                                                                2⤵
                                                                                                                  PID:4588
                                                                                                                • C:\Program Files (x86)\Brick Hill\legacy_autoupdater.exe
                                                                                                                  "C:\Program Files (x86)\Brick Hill\legacy_autoupdater.exe" brickhill.legacy://client/undefined/54.221.122.123/42480
                                                                                                                  2⤵
                                                                                                                  • Executes dropped EXE
                                                                                                                  • System Location Discovery: System Language Discovery
                                                                                                                  • Suspicious use of AdjustPrivilegeToken
                                                                                                                  PID:5316
                                                                                                                  • C:\Users\Admin\AppData\Roaming\Brick Hill\Player.exe
                                                                                                                    "C:\Users\Admin\AppData\Roaming\Brick Hill\Player.exe" undefined/54.221.122.123/42480
                                                                                                                    3⤵
                                                                                                                    • Executes dropped EXE
                                                                                                                    • Loads dropped DLL
                                                                                                                    • System Location Discovery: System Language Discovery
                                                                                                                    • Suspicious use of SetWindowsHookEx
                                                                                                                    PID:5788
                                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10491698874716248592,1390947929639846072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8444 /prefetch:1
                                                                                                                  2⤵
                                                                                                                    PID:5412
                                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10491698874716248592,1390947929639846072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9712 /prefetch:1
                                                                                                                    2⤵
                                                                                                                      PID:5676
                                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10491698874716248592,1390947929639846072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=216 /prefetch:1
                                                                                                                      2⤵
                                                                                                                        PID:4528
                                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10491698874716248592,1390947929639846072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10368 /prefetch:1
                                                                                                                        2⤵
                                                                                                                          PID:2904
                                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10491698874716248592,1390947929639846072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10984 /prefetch:1
                                                                                                                          2⤵
                                                                                                                            PID:6296
                                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10491698874716248592,1390947929639846072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9136 /prefetch:1
                                                                                                                            2⤵
                                                                                                                              PID:6352
                                                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10491698874716248592,1390947929639846072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8352 /prefetch:1
                                                                                                                              2⤵
                                                                                                                                PID:6420
                                                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10491698874716248592,1390947929639846072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9172 /prefetch:1
                                                                                                                                2⤵
                                                                                                                                  PID:7124
                                                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10491698874716248592,1390947929639846072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8128 /prefetch:1
                                                                                                                                  2⤵
                                                                                                                                    PID:5800
                                                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10491698874716248592,1390947929639846072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7468 /prefetch:1
                                                                                                                                    2⤵
                                                                                                                                      PID:5124
                                                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10491698874716248592,1390947929639846072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10476 /prefetch:1
                                                                                                                                      2⤵
                                                                                                                                        PID:5912
                                                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10491698874716248592,1390947929639846072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9976 /prefetch:1
                                                                                                                                        2⤵
                                                                                                                                          PID:5676
                                                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10491698874716248592,1390947929639846072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6632 /prefetch:1
                                                                                                                                          2⤵
                                                                                                                                            PID:6776
                                                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10491698874716248592,1390947929639846072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6976 /prefetch:1
                                                                                                                                            2⤵
                                                                                                                                              PID:7056
                                                                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10491698874716248592,1390947929639846072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9024 /prefetch:1
                                                                                                                                              2⤵
                                                                                                                                                PID:3892
                                                                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10491698874716248592,1390947929639846072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8556 /prefetch:1
                                                                                                                                                2⤵
                                                                                                                                                  PID:1900
                                                                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10491698874716248592,1390947929639846072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9272 /prefetch:1
                                                                                                                                                  2⤵
                                                                                                                                                    PID:5972
                                                                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10491698874716248592,1390947929639846072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6404 /prefetch:1
                                                                                                                                                    2⤵
                                                                                                                                                      PID:6096
                                                                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10491698874716248592,1390947929639846072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7580 /prefetch:1
                                                                                                                                                      2⤵
                                                                                                                                                        PID:6540
                                                                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10491698874716248592,1390947929639846072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8196 /prefetch:1
                                                                                                                                                        2⤵
                                                                                                                                                          PID:2976
                                                                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10491698874716248592,1390947929639846072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
                                                                                                                                                          2⤵
                                                                                                                                                            PID:1644
                                                                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10491698874716248592,1390947929639846072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9500 /prefetch:1
                                                                                                                                                            2⤵
                                                                                                                                                              PID:796
                                                                                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10491698874716248592,1390947929639846072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9704 /prefetch:1
                                                                                                                                                              2⤵
                                                                                                                                                                PID:4600
                                                                                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10491698874716248592,1390947929639846072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9740 /prefetch:1
                                                                                                                                                                2⤵
                                                                                                                                                                  PID:3808
                                                                                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10491698874716248592,1390947929639846072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10988 /prefetch:1
                                                                                                                                                                  2⤵
                                                                                                                                                                    PID:4500
                                                                                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10491698874716248592,1390947929639846072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6532 /prefetch:1
                                                                                                                                                                    2⤵
                                                                                                                                                                      PID:6156
                                                                                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10491698874716248592,1390947929639846072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1100 /prefetch:1
                                                                                                                                                                      2⤵
                                                                                                                                                                        PID:3496
                                                                                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10491698874716248592,1390947929639846072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10444 /prefetch:1
                                                                                                                                                                        2⤵
                                                                                                                                                                          PID:2416
                                                                                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10491698874716248592,1390947929639846072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10976 /prefetch:1
                                                                                                                                                                          2⤵
                                                                                                                                                                            PID:5708
                                                                                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10491698874716248592,1390947929639846072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9716 /prefetch:1
                                                                                                                                                                            2⤵
                                                                                                                                                                              PID:4136
                                                                                                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10491698874716248592,1390947929639846072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11240 /prefetch:1
                                                                                                                                                                              2⤵
                                                                                                                                                                                PID:4968
                                                                                                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10491698874716248592,1390947929639846072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6716 /prefetch:1
                                                                                                                                                                                2⤵
                                                                                                                                                                                  PID:4564
                                                                                                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10491698874716248592,1390947929639846072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10004 /prefetch:1
                                                                                                                                                                                  2⤵
                                                                                                                                                                                    PID:6248
                                                                                                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10491698874716248592,1390947929639846072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10032 /prefetch:1
                                                                                                                                                                                    2⤵
                                                                                                                                                                                      PID:6260
                                                                                                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10491698874716248592,1390947929639846072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8680 /prefetch:1
                                                                                                                                                                                      2⤵
                                                                                                                                                                                        PID:5172
                                                                                                                                                                                      • C:\Program Files (x86)\Brick Hill\legacy_autoupdater.exe
                                                                                                                                                                                        "C:\Program Files (x86)\Brick Hill\legacy_autoupdater.exe" brickhill.legacy://client/undefined/54.221.122.123/42480
                                                                                                                                                                                        2⤵
                                                                                                                                                                                        • Executes dropped EXE
                                                                                                                                                                                        • System Location Discovery: System Language Discovery
                                                                                                                                                                                        • Suspicious use of AdjustPrivilegeToken
                                                                                                                                                                                        PID:5896
                                                                                                                                                                                        • C:\Users\Admin\AppData\Roaming\Brick Hill\Player.exe
                                                                                                                                                                                          "C:\Users\Admin\AppData\Roaming\Brick Hill\Player.exe" undefined/54.221.122.123/42480
                                                                                                                                                                                          3⤵
                                                                                                                                                                                          • Executes dropped EXE
                                                                                                                                                                                          • Loads dropped DLL
                                                                                                                                                                                          • System Location Discovery: System Language Discovery
                                                                                                                                                                                          • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                          PID:4232
                                                                                                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10491698874716248592,1390947929639846072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10168 /prefetch:1
                                                                                                                                                                                        2⤵
                                                                                                                                                                                          PID:2092
                                                                                                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10491698874716248592,1390947929639846072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=96 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9544 /prefetch:1
                                                                                                                                                                                          2⤵
                                                                                                                                                                                            PID:5664
                                                                                                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10491698874716248592,1390947929639846072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8756 /prefetch:1
                                                                                                                                                                                            2⤵
                                                                                                                                                                                              PID:5364
                                                                                                                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10491698874716248592,1390947929639846072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=98 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8376 /prefetch:1
                                                                                                                                                                                              2⤵
                                                                                                                                                                                                PID:6080
                                                                                                                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10491698874716248592,1390947929639846072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7816 /prefetch:1
                                                                                                                                                                                                2⤵
                                                                                                                                                                                                  PID:3156
                                                                                                                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,10491698874716248592,1390947929639846072,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7916 /prefetch:1
                                                                                                                                                                                                  2⤵
                                                                                                                                                                                                    PID:5940
                                                                                                                                                                                                • C:\Windows\System32\CompPkgSrv.exe
                                                                                                                                                                                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                    PID:2272
                                                                                                                                                                                                  • C:\Windows\System32\CompPkgSrv.exe
                                                                                                                                                                                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                                                                                                                    1⤵
                                                                                                                                                                                                      PID:1784

                                                                                                                                                                                                    Network

                                                                                                                                                                                                          MITRE ATT&CK Enterprise v15

                                                                                                                                                                                                          Replay Monitor

                                                                                                                                                                                                          Loading Replay Monitor...

                                                                                                                                                                                                          Downloads

                                                                                                                                                                                                          • C:\Program Files (x86)\Brick Hill\legacy_autoupdater.exe
                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            739KB

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            89fa4ff754a6c62e9bfeaac61e7faccf

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            eaf18795d6442324429f44cda43d6cc36471f7e4

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            b148fbcefa7934109d472fff2cc37019febb6f7a05db4d78abbf57939b0a691d

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            dcec885762fb86ee5077ce5053d45d30570ffad106f06038f615dc400632a2633cdff1cde48436a325fbc3cf6862d5a2e1ee2f802b6dd7361f74d1a2afcb83c1

                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\legacy_autoupdater.exe.log
                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            1KB

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            ac45cc773216001c355992d869450b47

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            1f19c3839b521e1bf1ec7928f32f45234f38ea40

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            c9c03abe98c496376975747c9b617f5f6e1b50aec09aa8be31aa24e81254901f

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            3d73620a59089bc05d60ae07f0811ddacd1661599eca096cd9927813f86dc9cebac1de221691373601c743250694de43e408a9e607e813fb28260b1509f84574

                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            152B

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            9af507866fb23dace6259791c377531f

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            5a5914fc48341ac112bfcd71b946fc0b2619f933

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            5fb3ec65ce1e6f47694e56a07c63e3b8af9876d80387a71f1917deae690d069f

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            c58c963ecd2c53f0c427f91dc41d9b2a9b766f2e04d7dae5236cb3c769d1f048e4a342ea75e4a690f3a207baa1d3add672160c1f317abfe703fd1d2216b1baf7

                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            152B

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            b0177afa818e013394b36a04cb111278

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            dbc5c47e7a7df24259d67edf5fbbfa1b1fae3fe5

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            ffc2c53bfd37576b435309c750a5b81580a076c83019d34172f6635ff20c2a9d

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            d3b9e3a0a99f191edcf33f3658abd3c88afbb12d7b14d3b421b72b74d551b64d2a13d07db94c90b85606198ee6c9e52072e1017f8c8c6144c03acf509793a9db

                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009
                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            20KB

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            87e8230a9ca3f0c5ccfa56f70276e2f2

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a
                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            45KB

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            b7b49d067946a3510e0d34836a002440

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            ede1447c803a4d7afb215c9077a8660a2258f170

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            fe320ae3627f8ebba929ecb2b92a3c68be9107979fac0c5a045298309a70c5f6

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            9861a1d020b74617e364e0b840828783b79633518648f5fea71a04068a4bb076f8ccdea7f0b96e138befae6f844fdd22a12e3b251a242ea68d37950ee811e1e9

                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019
                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            21KB

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            7b3d6db4a5b2692a025f0b100ab9becb

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            4c2c53a473e9739f540c39f70b0a20ec6b63c7e2

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            df2e1729267ce5d27bc95b85c1d6a5a3abe66f1159d5415745a0bacff9cbe691

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            17ea1a6ee5bde33d2defdc019342332e4dc86d573d5d1244943851fd8bd8f3e4838cbda785105f7fa6c26881eaf199e9c5abe5a834b375c734e47397c6bbe9a1

                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a
                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            140KB

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            a5e641579bf883c511b428d5310b6266

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            828fd9e28da0ed335ddd41727d6558b85f3495e4

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            fa9bfa2e1733fb9a80dd4e56508c0411f580362ca9767073ef10a5516fa176e7

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            490adfc4407389c840545ec0d1cd7494759bebdedcecdca36a14ec2d34d985acd265f44b3e8ae595a2704c78ffe7c66670d20e47bcbc5418c74df180efcb7292

                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d
                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            79KB

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            89feb67b1b4b511072333636643a8d41

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            39cf98a3718a649df59dbe00dbfe77aeafb73126

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            e4fd3b675f06429d53914331ad54756275c5ba5a0ea40e77a6db801a89466a7b

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            74168e562072197b6077e23a4cd7be9d495ea7ff0ee5e56a8d75d47696dacf640574920d4396b4abf58a04b5a871d08f46f37fc5695dbb8a03d1fcb8eff65a16

                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024
                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            16KB

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            89a574ff00e6b0ec61d995d059ce6e65

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            aea09e96808ab77165ffa712eaa58b8f056d0bb6

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            e5c29c139842fd487473d0824f2c01b374680fb35d22fa929686d17896602a44

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            30d0d40bd680e61968273155b740901cdfa66670fc2af6f23e44c6b998b67cc1fcd0b51bd5f9470f209f188e75d071355e592b2a7c97f4bfd15d07d455e0909d

                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025
                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            27KB

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            3a1f329359c56a1d194dd75ab6e9edbc

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            b1a185fe1381c2e1367ff313ae4097028bb27b01

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            3b3ada68bc25c19e07c87ac1f6afad2236b5c75debb617a1fc5e9481a0b5d962

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            66b27f3c30d97b69097ac2d9599684037909bcedfc88236d0580edf05b6e6ce0a9c279b827e67b3a8f19b2edc85a362d2f19415a5ebb3f0867e55fe7e10f3958

                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029
                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            64KB

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            c86e1b32988ffbc37474c5ea5457a62e

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            3b337c4d43ff0b4ff79f9bbcecff8143839c6cfe

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            d94398ba2ed0b438809ec4203c64c002b4a0d960fbd34ab144b78fe7a49323fd

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            58ac67c26bca36a29799d49ed95980a15b1e279282e425ce13620cbe93a8cff74e1c520b896f8e9545a6b7eb8266394547949d88ad96bcf2a879da65521e7f16

                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d
                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            16KB

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            9c6b5ce6b3452e98573e6409c34dd73c

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            de607fadef62e36945a409a838eb8fc36d819b42

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            cd729039a1b314b25ea94b5c45c8d575d3387f7df83f98c233614bf09484a1fc

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            4cfd6cc6e7af1e1c300a363a9be2c973d1797d2cd9b9009d9e1389b418dde76f5f976a6b4c2bf7ad075d784b5459f46420677370d72a0aaacd0bd477b251b8d7

                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035
                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            20KB

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            7a6efb0b900fc08827507a2a51f5f980

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            296f109795db7bb29c27dcd2ac04d5a471d908c8

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            28b3c207cb97133ecaa3b0a2fff710433de5ed5b1b6241bd7c13ab6a80ee1bef

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            42f42aa8c31d522d6775c350e2df25a48c952d1c47e3a45ebb59616f8130771205b824a62d5f69a2c7e25e35d2512d9a8aa850c9e82bba6e2ceb1a1432cd0aea

                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            384B

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            56f5f501acc1025658ed73c58b147792

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            1570a0ebd1f767288cacbdd609938211c57bb35d

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            8e05fab9418b2d31d3f860a199fcdbbab5cc69485c7a774338d68803bdafc8cf

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            f3c55e09c206cf8343992f39e5062e0163abaef6ef253388040a2cc3895b948a527b1c70e6e412a16a50de00aa64ecbd3a536e60421614940c87dd795e7e9fc7

                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            9KB

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            72584f4c8f17e5a9f25e0ec3aabe3833

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            8213859b199af569cba29baed587c56546291486

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            a0bfd862a1c288aa4ef7b568be380e8273db6f2e6911727fb4cf27b21380b0fd

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            b9b4098e578d61cf55fc30df837878db1644d628fb95ddc8c3591bd6e3fd87dae2b9d2b06c04e5655d877afd68a09629f60273a2ad6ce4bf7c3610a1ac6d2b4a

                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            5KB

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            a51e63a2c740821c7b505244c35ce1ff

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            2ce4bf69395c22d758156f7e16954f7677d4da1c

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            f328334f15a66afd04f420101e03954e4f596b0bc9b68148c9fb7b7633a7ea49

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            ea3233fdc5516691a35a34c89fea18dd205791196d6127126d5e4daac1efe62ad23a10e7294fd1ff6a885862c36fd21172a6add934efa311d691358de02a3e37

                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            6KB

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            0859ffa709b944e477ac9af26bdcd3e0

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            ccac3fafc0cc579a909dabf3758651cb77d48d37

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            6068dfe5bbad14b5de08a43e57e5e3bae8a5ef120a5fe3c2a740ce7a91ff3b3f

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            8f51f3c451035510a564bd032c2629498ce7932dd36f4584c6106402929d0678b872a06f679321604658dd0b9a864f83c4acb910d97f0ee70f8c05b2353938aa

                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            14KB

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            71eec70c780f7a083b44472b05aac9aa

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            1ec587da38cd459d1773482375490cd7c00519c8

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            2901794175993b89f416388b3c29ac2b616e84e8f3e027459d92b691f9cbfa7b

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            e28c8adb4c31d49dfea77f468c49e11ebc9b20ae03bf733dc0e0eecfa645d16e631b6c4f47ab7d85ee26f8039bf05df1c15bc0c3be41a13fa94971db1af247da

                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            16KB

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            e5901ee139f45004c54aeee11bff7a06

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            843595b240f6458c9c1b04f5c9b6d37a48e62429

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            2a074a27bceba8a861b1a39b146da1a92f9f40f288d46188b0dc7bfabfe1ca14

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            8cb2d43e1d7155963e83f375fccccd3d150f576277401b6dd42e80363964265304cfbab5fc3152887b45ef8a6616ac03cec38052655459cd9a708dad43782ca2

                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            6KB

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            3cdbbcd0ba6325c068d52306c3f73f28

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            884301d6c9d86c99a696b45feaa8238b691101f2

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            e46a7ebd7ac90dfa656284608cbbd6300a90110c3f855a4255eb57e094e944cf

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            3cea96aee3946b3fd9951354374e27f4da19f3536b544a4c4994eca66d58734ddf926bd75fc9c3514b0ed6677bb7be61441fd7c22a126e0e838bf2ee59a0cfb9

                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            3KB

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            ae54b467590d08f24d6e5b3323bf20ca

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            c865d268a2cf07954426d30daca77c070a055231

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            d8e33236b2193c2cd14eb9ccf0f1a4399a2e4b5c1a553e0127283be449a4ae28

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            8684bd9535ac3fd87e729404eebce48bce92f2c038f1aba6e859986d84f51329adfc80629eb0c3933b759027e518caea9e925c7e67f29a1df169e7ded801491d

                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            4KB

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            d4dfac194bc9ba47c09a741290e8bc5c

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            5e48ff83eff39aa0064768734a65f9f7642e33dd

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            e7f636a7c6c56c3c151f786d62e7a4bb6d6ac146eed0bf7494eec76c06cde4bd

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            6346c4f288774f1b7eceed87dbb2d5868491fabb68db5414bb5b8be402a07e8f4d686162478981483c286cccf64b239b5a653cf6c99491175c069c4e8354f4bb

                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            4KB

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            196c8b9befce122939312f034a4a5706

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            494551bf8438e8af468336e883e5f25756899fa5

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            254367bbf9da155be77edc84f440835045651ac1318d0f92b00098ccbbd48a2c

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            7fe12d91422e32246d6ef87125ebf4c0f6376ad3ee1c3d4828d347f216db23db7f0d60da89cf8ce9258a2e3c2d05c0250ba5251d8b627a8d7917f8ae17af2359

                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe588f4b.TMP
                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            203B

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            da59e5af537071c0b2746a145394c19c

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            0faefda0e6b9b035c9dd0c8ac33b19b2b972fb58

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            7330e9aa867f60be88aa6158b8e24ae8ecd82ea35f8ed397a157e47864d42f75

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            c205708da11902f2d7baa9a6fa7044f7f94a41fc82457580adf32df67106e4ff8f6b635171816e431f48e85fd879251fcc68f18dfff474107fe72cc03926e553

                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            16B

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            46295cac801e5d4857d09837238a6394

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            16B

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            206702161f94c5cd39fadd03f4014d98

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            10KB

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            5a091b9ed7ea8f3623c39a3ea106bc0e

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            28ab13b224b96aa27ab151ecae294350f619b60a

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            0105ca645dd9956db44d42a1966d0cfc99113f850059f3bb09dd71ccbf275654

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            13b596f9880fa3f65e65e507c1f3dcdc15354e30c3e86022c87acdd11fef7bdfa9503c733a7189c5c239f5e908b50f48abe41d17976ce5cf4118a33626b706de

                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            10KB

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            21c8fd6864dcf7296f3c3ba71f51ce01

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            36e9b9301adfae22eb47aaf3ee05026e46bceda1

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            989b7ead2d3b83a1f2eaef68df9a88d867ee2936aca3d3d73898eb5eaba9c8f4

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            4afe1029a3a95e585967acf7786feead9eb893359845614213ba981c2c51a1deda4ae6659c301842bd075aa7449aa8b09f9a25b046095fb49bef885a7f88af0e

                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\bbb9e700-9951-4544-bfde-cf6177025991.tmp
                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            10KB

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            a161606876bf8401c743cb0b2db7b761

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            f843e7964e7398fda48de5bef5419149cbf5924b

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            182010fb120ec4c00446a0c3c8c4619e7712091fda37d22473929526ab3c0af8

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            20d40d9b67ad906b01a5c7ba985839c68b6cd05218c32505c83ba194844992505cf6a4413fb2d16e24b65e5cd8d90f287558a0ba161b27696d9728d7bcf2af7e

                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\gm_ttt_10750\BrickHillRPC.dll
                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            20KB

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            0174c6a1164c221133e716bfd4070afa

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            d329248a487186c5f3fc622f567c715a8c2e10ee

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            fb559079764f172e9423d676f6c6f0520762d6440f8c5948cc23efba501e0263

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            fc8f5d8f677d0bca2fcb036e61c5eca5701f79e59ffe26bcc56c3d90444ef1e940d1f4fbcd083f1faf4caf33df7d7855259aef2d653016b10edc41c1d2bd89b7

                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\gm_ttt_10750\Cimg.dll
                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            644KB

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            7545999c70bc6ff0558cdbfea3f7f531

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            cefa2e4bea2186e12b80054cc3f21d1b8a8d47a7

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            3cbfa24bea1af539b2dd8fa27b1d2c73e1d96d045adeefc06537e3e54a2e399d

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            31d283079aec2c6587222423871b7691eb5e88d878e0f6f7d450086b4b9698702849e26500b8f979381b4c910cc3d7d4713caedd35f05c0a36508482148bd775

                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\gm_ttt_10750\Newton.dll
                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            524KB

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            865638c293ffb264c6369c2d47ca1e32

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            8b9a9fa61eb817a4ddc5ab7dc9a72ca3481faa2f

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            e4e180efd3b66db7a668b823627ba58544cdec392b00dd1768ecea82c7c3f246

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            55ab89b0a3ff43a3f63cec295e52c9794ab5fb2aca768a36cf78ae25785411b3113bed6c2db1fae11c1702d529b795f0f7c01cecf4568a41043a6dd0c2bca0a1

                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\gm_ttt_10750\hrt_tmp2\HighResTimer2.dll
                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            88KB

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            e6911cf05c37096e8c55ff88cf625f7a

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            3c5b061fac7b6d290eac0aed670598904569480a

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            cf19b6fb091c1cfdf7e78081d13476ed860a4bae8ad11c623b4fb91836f2c8cf

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            6aed52d865f13d3eb758bb81addef9b80f42a4316e20aed1c4e502beafba84e2d294fa7e96c9c401fed02959ed8c8b8a45065b9a458275c41c38766d0c7c25a5

                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\gm_ttt_21903\D3DX8.dll
                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            241KB

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            8c7c11dbf9cba3bcb065201c560945e3

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            3104c3f99dc23711ad52fc733602a07f0564a494

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            120c8e8fef7ea02713d2966dbad325d631323cb207b11cfa768aeec48f5150cc

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            778f8ff13ebc154ffca26b21937c26da33e075a10671c91fce274e322195841fd33eb764cf21530837e268dce1f59d232920fe45fc239bfcbce14bf737dc3ee0

                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\gm_ttt_21903\d3dmlf81141\d3dmlf.dll
                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            9KB

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            e5e1f22bd872aa3d93ce2037fd907209

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            c1588e96fc1b5d3794f9020d0262c1cc2bd59f2f

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            afe2f30c1b1ee726a917004e92ad1dca45acaebeada53214a737e5154fd4e734

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            a3436129baa2ebc07851b221eccccfeff2cb1c377228eb3c93c4cdeb11c74fdf1f3c4a2623295b687c2e1b6a500f4b8e6736e1ee39807ee9c7844ccf274ea2ab

                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\gm_ttt_21903\gm82\gm82core.dll
                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            132KB

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            efe4868c8973b251be38d1502eff9afb

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            db0e3ca2ac5d0305663de237136d41ee7de176a0

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            a1c76b44b0e8cff5890eaaad49ea4e8457530c9f960002f2582d9405b3677267

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            772d352ed7a2997b073f71e7cea5f40446f046c3e05d528b2d22a83360d30d5e4ac2211e474ed53c2cb1be46ba6cd0656b30e2d03dca896123617b3437f2efb7

                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\gm_ttt_21903\gm82\gm82dx8.dll
                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            225KB

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            225cb01ef383c869d2d46f26b305ef38

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            458bf9ba3ca4b37d1bd8a8801084dddf0eb28d24

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            0e4ddec0003499d91f91a86b756f1832e995d0a6b907fc1ba7fe5c7519898264

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            9ae8788c8993431e12b54967f2f9081ca42032a1ecee46c8d3c234cb9a9ba5ceb2fc0ee1796ac5b0c4745d54c79c96904e4560f1f82cadd6cff9afcbf0ba3d88

                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\gm_ttt_21903\gm82\gm82net.dll
                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            339KB

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            6af90e0b3e9c55587b2f227848d4c2e6

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            9a84fd002056596189d33535b54a435f25b703da

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            8d26eb07280df4e97852ae09cec2ddb6e580afe7f72c39a6ccd8a87ee9b8273a

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            083ce2f04de7feaba2e04ae022d6569b02c0e58a748e0f6389f14d3ae08a385be9433b8130a79dcdaa9f0aa0667cd3a2e1221aaa6effa5996844b7ed1de7f87c

                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Temp\is-1SHD9.tmp\BrickHillSetup.tmp
                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            3.0MB

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            7e06750376491b308c2a6e35eca13b1b

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            36ae9cc7ac76bc97288ff1c36c4aef9cbb8b1e47

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            628a8a5e02456d23de8dec3a952f9e0ae3c464aa4a2ef884242e4486920828ac

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            a77e1d2917a5e77abb25732b056da980107550eb1e801c02f71db6c6941690fc20a4ee52700205d5c1d7f8a981b2b13c7fd6b79b582eeb1ce5f9c97f7e0ffea0

                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Roaming\Brick Hill\Player.ini
                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            165B

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            84c565dc60d50f42209fecf01e39f08f

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            44f2a6558b319e997ff744a8d34ef6d2b734c71b

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            557a7d9a345a02b1a95792ca338c3d285916598f4a887f9e80a4ce1925a84418

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            2cb2eac5bf90dd0e583acd049b66fec6fcad90de624bbd204e0bdfd3f35edef727d361a3f37f91a23a375369af6a7e1e24e8ecf46aa1dd73f259518b7d4bf953

                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                          • C:\Users\Admin\AppData\Roaming\Brick Hill\version
                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            10B

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            d40e2bfd2a8802c4fc7edf43711ff88a

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            ce02401e290a0b6e891cf14646bdcf70a83e330a

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            ce45fa3402aa2c306d022092afc47400efbf1e42e3d27cc1a4bd377b163a2b75

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            a4546c33ec5d961b09d9e2a2d36d57d2a75c889e05397b16b64817a18713f4cc6a29531bd8a6167c55ef012b8eb5704b345e5c20796342ccdd5f9bf85129d61b

                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                          • C:\Users\Admin\Downloads\BrickHillSetup.exe:Zone.Identifier
                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            67B

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            ed2aa96c48e24e38e356ff053e19388e

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            0c6fdbe685fdcc97433900e4e0c10391f6261d56

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            c94f3a92ce9ea0c005cafc6709c3a67abfdcb370a7b1221cb5e68a202b37c50f

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            1e4897aa645033895ae6e73b9d82b24e1e3c6500b7e71c15345a0ad0969baa065c839bd2d102413039b25d8e0accd3b8754e1e61e94f7fe8ed6bb901424266f3

                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                          • C:\Users\Admin\Downloads\Unconfirmed 282061.crdownload
                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            1.6MB

                                                                                                                                                                                                            MD5

                                                                                                                                                                                                            085c248832ef03881059faec18eae7ff

                                                                                                                                                                                                            SHA1

                                                                                                                                                                                                            8477892aadc283f5d000b2c36e4c44c370f59727

                                                                                                                                                                                                            SHA256

                                                                                                                                                                                                            d755331262471b1c5fb7c47ad5e0e5129f8c103f3e5df06120b3f8db61c31aae

                                                                                                                                                                                                            SHA512

                                                                                                                                                                                                            80d3327168c4597554f441cf29360d9ae982bd36afa7e6409c6e2b779eddc7a522f2bdcd190a82517fb445bf7714377f30a79c2cedea168f19139d82cc94c43f

                                                                                                                                                                                                            Download Submit

                                                                                                                                                                                                          • memory/2296-197-0x00000000002B0000-0x000000000036E000-memory.dmp

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            760KB

                                                                                                                                                                                                            Download

                                                                                                                                                                                                          • memory/2296-200-0x00000000050E0000-0x00000000050EA000-memory.dmp

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            40KB

                                                                                                                                                                                                            Download

                                                                                                                                                                                                          • memory/2296-198-0x0000000005350000-0x00000000058F6000-memory.dmp

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            5.6MB

                                                                                                                                                                                                            Download

                                                                                                                                                                                                          • memory/2296-199-0x0000000004F80000-0x0000000005012000-memory.dmp

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            584KB

                                                                                                                                                                                                            Download

                                                                                                                                                                                                          • memory/3976-232-0x0000000000400000-0x00000000004CC000-memory.dmp

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            816KB

                                                                                                                                                                                                            Download

                                                                                                                                                                                                          • memory/3976-182-0x0000000000400000-0x00000000004CC000-memory.dmp

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            816KB

                                                                                                                                                                                                            Download

                                                                                                                                                                                                          • memory/3976-228-0x0000000000400000-0x00000000004CC000-memory.dmp

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            816KB

                                                                                                                                                                                                            Download

                                                                                                                                                                                                          • memory/4124-231-0x0000000000400000-0x0000000000705000-memory.dmp

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            3.0MB

                                                                                                                                                                                                            Download

                                                                                                                                                                                                          • memory/4124-229-0x0000000000400000-0x0000000000705000-memory.dmp

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            3.0MB

                                                                                                                                                                                                            Download

                                                                                                                                                                                                          • memory/4232-932-0x0000000010000000-0x0000000010082000-memory.dmp

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            520KB

                                                                                                                                                                                                            Download

                                                                                                                                                                                                          • memory/4232-974-0x00000000031B0000-0x00000000031C6000-memory.dmp

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            88KB

                                                                                                                                                                                                            Download

                                                                                                                                                                                                          • memory/4232-994-0x0000000008130000-0x00000000081BB000-memory.dmp

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            556KB

                                                                                                                                                                                                            Download

                                                                                                                                                                                                          • memory/4232-1080-0x0000000000400000-0x0000000000998000-memory.dmp

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            5.6MB

                                                                                                                                                                                                            Download

                                                                                                                                                                                                          • memory/5788-535-0x0000000010000000-0x0000000010082000-memory.dmp

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            520KB

                                                                                                                                                                                                            Download

                                                                                                                                                                                                          • memory/5788-573-0x0000000003190000-0x00000000031A6000-memory.dmp

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            88KB

                                                                                                                                                                                                            Download

                                                                                                                                                                                                          • memory/5788-602-0x00000000083B0000-0x000000000843B000-memory.dmp

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            556KB

                                                                                                                                                                                                            Download

                                                                                                                                                                                                          • memory/5788-700-0x0000000000400000-0x0000000000998000-memory.dmp

                                                                                                                                                                                                            Filesize

                                                                                                                                                                                                            5.6MB

                                                                                                                                                                                                            Download