e1a651f7d6afbf26e69b1f0dc3477ec80615cf824437e00b18267a6bc989f253

Analysis

max time kernel
493s
max time network
460s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
01/10/2024, 02:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eVOL v21/hack/loader.exe
Size

580KB
MD5

eb297cd79cc0c4b92adb688affbb9efd
SHA1

ffa7aed54ece6612ba7e591fc062b942eb0405bf
SHA256

7684812dd545ef5bd833207baf17a9fb4540b6bb42354ce87e2e5e70847c43f3
SHA512

e919779f42e67e8cb0aac4e78a07d0cec95da7b36959a2bfa350630a7e63d3e37b53a7273ec3717adf697afdbb6553858833f073a5e566ef13af037dc0d2155e
SSDEEP

6144:B6TwqEUgOZoP8MVNgntk6hnI4v9DeFbduWX:BbkroUMrgtk6hBVybgWX

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-786284298-625481688-3210388970-1000\Control Panel\International\Geo\Nation	loader.exe

Executes dropped EXE 7 IoCs

pid	Process
4040	winrar-x64-701.exe
4804	winrar-x64-701.exe
2564	winrar-x64-701.exe
2104	winrar-x64-701.exe
5632	winrar-x64-701.exe
1656	winrar-x64-701.exe
6040	winrar-x64-701.exe

Loads dropped DLL 5 IoCs

pid	Process
5964	taskmgr.exe
5964	taskmgr.exe
4080	taskmgr.exe
3188	taskmgr.exe
5416	taskmgr.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	loader.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	explorer.exe

Checks SCSI registry key(s) 3 TTPs 15 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133722241197004004"	chrome.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2960	loader.exe
2960	loader.exe
2960	loader.exe
2960	loader.exe
2960	loader.exe
2960	loader.exe
2960	loader.exe
2960	loader.exe
2960	loader.exe
2960	loader.exe
2960	loader.exe
2960	loader.exe
2960	loader.exe
2960	loader.exe
2960	loader.exe
2960	loader.exe
2960	loader.exe
2960	loader.exe
2960	loader.exe
2960	loader.exe
2960	loader.exe
2960	loader.exe
2960	loader.exe
2960	loader.exe
2960	loader.exe
2960	loader.exe
2960	loader.exe
2960	loader.exe
2960	loader.exe
2960	loader.exe
2960	loader.exe
2960	loader.exe
2960	loader.exe
2960	loader.exe
2960	loader.exe
2960	loader.exe
2960	loader.exe
2960	loader.exe
2960	loader.exe
2960	loader.exe
2960	loader.exe
2960	loader.exe
2960	loader.exe
2960	loader.exe
2960	loader.exe
2960	loader.exe
2960	loader.exe
2960	loader.exe
2960	loader.exe
2960	loader.exe
2960	loader.exe
2960	loader.exe
2960	loader.exe
2960	loader.exe
2960	loader.exe
2960	loader.exe
2960	loader.exe
2960	loader.exe
2960	loader.exe
2960	loader.exe
2960	loader.exe
2960	loader.exe
2960	loader.exe
2960	loader.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
3984	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3984	chrome.exe
Token: SeCreatePagefilePrivilege	3984	chrome.exe
Token: SeShutdownPrivilege	3984	chrome.exe
Token: SeCreatePagefilePrivilege	3984	chrome.exe
Token: SeShutdownPrivilege	3984	chrome.exe
Token: SeCreatePagefilePrivilege	3984	chrome.exe
Token: SeShutdownPrivilege	3984	chrome.exe
Token: SeCreatePagefilePrivilege	3984	chrome.exe
Token: SeShutdownPrivilege	3984	chrome.exe
Token: SeCreatePagefilePrivilege	3984	chrome.exe
Token: SeShutdownPrivilege	3984	chrome.exe
Token: SeCreatePagefilePrivilege	3984	chrome.exe
Token: SeShutdownPrivilege	3984	chrome.exe
Token: SeCreatePagefilePrivilege	3984	chrome.exe
Token: SeShutdownPrivilege	3984	chrome.exe
Token: SeCreatePagefilePrivilege	3984	chrome.exe
Token: SeShutdownPrivilege	3984	chrome.exe
Token: SeCreatePagefilePrivilege	3984	chrome.exe
Token: SeShutdownPrivilege	3984	chrome.exe
Token: SeCreatePagefilePrivilege	3984	chrome.exe
Token: SeShutdownPrivilege	3984	chrome.exe
Token: SeCreatePagefilePrivilege	3984	chrome.exe
Token: SeShutdownPrivilege	3984	chrome.exe
Token: SeCreatePagefilePrivilege	3984	chrome.exe
Token: SeShutdownPrivilege	3984	chrome.exe
Token: SeCreatePagefilePrivilege	3984	chrome.exe
Token: SeShutdownPrivilege	3984	chrome.exe
Token: SeCreatePagefilePrivilege	3984	chrome.exe
Token: SeShutdownPrivilege	3984	chrome.exe
Token: SeCreatePagefilePrivilege	3984	chrome.exe
Token: SeShutdownPrivilege	3984	chrome.exe
Token: SeCreatePagefilePrivilege	3984	chrome.exe
Token: SeShutdownPrivilege	3984	chrome.exe
Token: SeCreatePagefilePrivilege	3984	chrome.exe
Token: SeShutdownPrivilege	3984	chrome.exe
Token: SeCreatePagefilePrivilege	3984	chrome.exe
Token: SeShutdownPrivilege	3984	chrome.exe
Token: SeCreatePagefilePrivilege	3984	chrome.exe
Token: SeShutdownPrivilege	3984	chrome.exe
Token: SeCreatePagefilePrivilege	3984	chrome.exe
Token: SeShutdownPrivilege	3984	chrome.exe
Token: SeCreatePagefilePrivilege	3984	chrome.exe
Token: SeShutdownPrivilege	3984	chrome.exe
Token: SeCreatePagefilePrivilege	3984	chrome.exe
Token: SeShutdownPrivilege	3984	chrome.exe
Token: SeCreatePagefilePrivilege	3984	chrome.exe
Token: SeShutdownPrivilege	3984	chrome.exe
Token: SeCreatePagefilePrivilege	3984	chrome.exe
Token: SeShutdownPrivilege	3984	chrome.exe
Token: SeCreatePagefilePrivilege	3984	chrome.exe
Token: SeShutdownPrivilege	3984	chrome.exe
Token: SeCreatePagefilePrivilege	3984	chrome.exe
Token: SeShutdownPrivilege	3984	chrome.exe
Token: SeCreatePagefilePrivilege	3984	chrome.exe
Token: SeShutdownPrivilege	3984	chrome.exe
Token: SeCreatePagefilePrivilege	3984	chrome.exe
Token: SeShutdownPrivilege	3984	chrome.exe
Token: SeCreatePagefilePrivilege	3984	chrome.exe
Token: SeShutdownPrivilege	3984	chrome.exe
Token: SeCreatePagefilePrivilege	3984	chrome.exe
Token: SeShutdownPrivilege	3984	chrome.exe
Token: SeCreatePagefilePrivilege	3984	chrome.exe
Token: SeShutdownPrivilege	3984	chrome.exe
Token: SeCreatePagefilePrivilege	3984	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2960	loader.exe
2960	loader.exe
2960	loader.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
2960	loader.exe
3984	chrome.exe
3984	chrome.exe
3984	chrome.exe
3984	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2960	loader.exe
2960	loader.exe
2960	loader.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
2960	loader.exe
3984	chrome.exe
3984	chrome.exe
3984	chrome.exe
3984	chrome.exe
3984	chrome.exe
3984	chrome.exe
3984	chrome.exe
3984	chrome.exe
3984	chrome.exe
3984	chrome.exe
3984	chrome.exe
3984	chrome.exe
3984	chrome.exe
3984	chrome.exe
3984	chrome.exe
3984	chrome.exe
3984	chrome.exe
3984	chrome.exe
3984	chrome.exe
3984	chrome.exe
3984	chrome.exe
3984	chrome.exe
3984	chrome.exe
3984	chrome.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe
5964	taskmgr.exe

Suspicious use of SetWindowsHookEx 20 IoCs

pid	Process
4040	winrar-x64-701.exe
4040	winrar-x64-701.exe
4804	winrar-x64-701.exe
4804	winrar-x64-701.exe
4804	winrar-x64-701.exe
2564	winrar-x64-701.exe
2564	winrar-x64-701.exe
2564	winrar-x64-701.exe
2104	winrar-x64-701.exe
2104	winrar-x64-701.exe
2104	winrar-x64-701.exe
5632	winrar-x64-701.exe
5632	winrar-x64-701.exe
5632	winrar-x64-701.exe
1656	winrar-x64-701.exe
1656	winrar-x64-701.exe
1656	winrar-x64-701.exe
6040	winrar-x64-701.exe
6040	winrar-x64-701.exe
6040	winrar-x64-701.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2960 wrote to memory of 1492	2960	loader.exe	92
PID 2960 wrote to memory of 1492	2960	loader.exe	92
PID 2960 wrote to memory of 1492	2960	loader.exe	92
PID 2376 wrote to memory of 5112	2376	explorer.exe	94
PID 2376 wrote to memory of 5112	2376	explorer.exe	94
PID 5112 wrote to memory of 1792	5112	msedge.exe	96
PID 5112 wrote to memory of 1792	5112	msedge.exe	96
PID 5112 wrote to memory of 2972	5112	msedge.exe	97
PID 5112 wrote to memory of 2972	5112	msedge.exe	97
PID 5112 wrote to memory of 2972	5112	msedge.exe	97
PID 5112 wrote to memory of 2972	5112	msedge.exe	97
PID 5112 wrote to memory of 2972	5112	msedge.exe	97
PID 5112 wrote to memory of 2972	5112	msedge.exe	97
PID 5112 wrote to memory of 2972	5112	msedge.exe	97
PID 5112 wrote to memory of 2972	5112	msedge.exe	97
PID 5112 wrote to memory of 2972	5112	msedge.exe	97
PID 5112 wrote to memory of 2972	5112	msedge.exe	97
PID 5112 wrote to memory of 2972	5112	msedge.exe	97
PID 5112 wrote to memory of 2972	5112	msedge.exe	97
PID 5112 wrote to memory of 2972	5112	msedge.exe	97
PID 5112 wrote to memory of 2972	5112	msedge.exe	97
PID 5112 wrote to memory of 2972	5112	msedge.exe	97
PID 5112 wrote to memory of 2972	5112	msedge.exe	97
PID 5112 wrote to memory of 2972	5112	msedge.exe	97
PID 5112 wrote to memory of 2972	5112	msedge.exe	97
PID 5112 wrote to memory of 2972	5112	msedge.exe	97
PID 5112 wrote to memory of 2972	5112	msedge.exe	97
PID 5112 wrote to memory of 2972	5112	msedge.exe	97
PID 5112 wrote to memory of 2972	5112	msedge.exe	97
PID 5112 wrote to memory of 2972	5112	msedge.exe	97
PID 5112 wrote to memory of 2972	5112	msedge.exe	97
PID 5112 wrote to memory of 2972	5112	msedge.exe	97
PID 5112 wrote to memory of 2972	5112	msedge.exe	97
PID 5112 wrote to memory of 2972	5112	msedge.exe	97
PID 5112 wrote to memory of 2972	5112	msedge.exe	97
PID 5112 wrote to memory of 2972	5112	msedge.exe	97
PID 5112 wrote to memory of 2972	5112	msedge.exe	97
PID 5112 wrote to memory of 2972	5112	msedge.exe	97
PID 5112 wrote to memory of 2972	5112	msedge.exe	97
PID 5112 wrote to memory of 2972	5112	msedge.exe	97
PID 5112 wrote to memory of 2972	5112	msedge.exe	97
PID 5112 wrote to memory of 2972	5112	msedge.exe	97
PID 5112 wrote to memory of 2972	5112	msedge.exe	97
PID 5112 wrote to memory of 2972	5112	msedge.exe	97
PID 5112 wrote to memory of 2972	5112	msedge.exe	97
PID 5112 wrote to memory of 2972	5112	msedge.exe	97
PID 5112 wrote to memory of 2972	5112	msedge.exe	97
PID 5112 wrote to memory of 2788	5112	msedge.exe	98
PID 5112 wrote to memory of 2788	5112	msedge.exe	98
PID 5112 wrote to memory of 3216	5112	msedge.exe	99
PID 5112 wrote to memory of 3216	5112	msedge.exe	99
PID 5112 wrote to memory of 3216	5112	msedge.exe	99
PID 5112 wrote to memory of 3216	5112	msedge.exe	99
PID 5112 wrote to memory of 3216	5112	msedge.exe	99
PID 5112 wrote to memory of 3216	5112	msedge.exe	99
PID 5112 wrote to memory of 3216	5112	msedge.exe	99
PID 5112 wrote to memory of 3216	5112	msedge.exe	99
PID 5112 wrote to memory of 3216	5112	msedge.exe	99
PID 5112 wrote to memory of 3216	5112	msedge.exe	99
PID 5112 wrote to memory of 3216	5112	msedge.exe	99
PID 5112 wrote to memory of 3216	5112	msedge.exe	99
PID 5112 wrote to memory of 3216	5112	msedge.exe	99
PID 5112 wrote to memory of 3216	5112	msedge.exe	99
PID 5112 wrote to memory of 3216	5112	msedge.exe	99

C:\Users\Admin\AppData\Local\Temp\eVOL v21\hack\loader.exe
"C:\Users\Admin\AppData\Local\Temp\eVOL v21\hack\loader.exe"
1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2960
- C:\Windows\SysWOW64\explorer.exe
  "C:\Windows\System32\explorer.exe" https://www.facebook.com/groups/1628540544084700/
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1492

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
- Suspicious use of WriteProcessMemory
PID:2376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/groups/1628540544084700/
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:5112
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff98b7d46f8,0x7ff98b7d4708,0x7ff98b7d4718
    3⤵
    PID:1792
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,15394666099022997728,13989299386181434338,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
    3⤵
    PID:2972
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,15394666099022997728,13989299386181434338,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
    3⤵
    PID:2788
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,15394666099022997728,13989299386181434338,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
    3⤵
    PID:3216
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15394666099022997728,13989299386181434338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
    3⤵
    PID:4496
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15394666099022997728,13989299386181434338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
    3⤵
    PID:2856
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15394666099022997728,13989299386181434338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4652 /prefetch:1
    3⤵
    PID:376
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,15394666099022997728,13989299386181434338,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 /prefetch:8
    3⤵
    PID:3720
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,15394666099022997728,13989299386181434338,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 /prefetch:8
    3⤵
    PID:2140
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15394666099022997728,13989299386181434338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3648 /prefetch:1
    3⤵
    PID:4120
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15394666099022997728,13989299386181434338,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
    3⤵
    PID:1388
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15394666099022997728,13989299386181434338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
    3⤵
    PID:3288
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15394666099022997728,13989299386181434338,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
    3⤵
    PID:4512
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15394666099022997728,13989299386181434338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
    3⤵
    PID:2136
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15394666099022997728,13989299386181434338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
    3⤵
    PID:4040
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15394666099022997728,13989299386181434338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
    3⤵
    PID:4916
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15394666099022997728,13989299386181434338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1
    3⤵
    PID:3168
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15394666099022997728,13989299386181434338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
    3⤵
    PID:4052
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2060,15394666099022997728,13989299386181434338,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5664 /prefetch:8
    3⤵
    PID:3564
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15394666099022997728,13989299386181434338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
    3⤵
    PID:3052
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15394666099022997728,13989299386181434338,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1
    3⤵
    PID:4040
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15394666099022997728,13989299386181434338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6244 /prefetch:1
    3⤵
    PID:2276
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15394666099022997728,13989299386181434338,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6272 /prefetch:1
    3⤵
    PID:2980
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15394666099022997728,13989299386181434338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2192 /prefetch:1
    3⤵
    PID:4856
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15394666099022997728,13989299386181434338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6712 /prefetch:1
    3⤵
    PID:1388
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15394666099022997728,13989299386181434338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6208 /prefetch:1
    3⤵
    PID:4972
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15394666099022997728,13989299386181434338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6864 /prefetch:1
    3⤵
    PID:1160
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15394666099022997728,13989299386181434338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
    3⤵
    PID:3648
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15394666099022997728,13989299386181434338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7144 /prefetch:1
    3⤵
    PID:4388
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15394666099022997728,13989299386181434338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
    3⤵
    PID:2436
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15394666099022997728,13989299386181434338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1880 /prefetch:1
    3⤵
    PID:1268
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15394666099022997728,13989299386181434338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
    3⤵
    PID:4628
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15394666099022997728,13989299386181434338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1
    3⤵
    PID:864
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15394666099022997728,13989299386181434338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3476 /prefetch:1
    3⤵
    PID:5072
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15394666099022997728,13989299386181434338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6604 /prefetch:1
    3⤵
    PID:4040
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15394666099022997728,13989299386181434338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:1
    3⤵
    PID:2036
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15394666099022997728,13989299386181434338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
    3⤵
    PID:392
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15394666099022997728,13989299386181434338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3508 /prefetch:1
    3⤵
    PID:2464
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15394666099022997728,13989299386181434338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7344 /prefetch:1
    3⤵
    PID:1624
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15394666099022997728,13989299386181434338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7360 /prefetch:1
    3⤵
    PID:5064
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15394666099022997728,13989299386181434338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7612 /prefetch:1
    3⤵
    PID:3016
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15394666099022997728,13989299386181434338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7768 /prefetch:1
    3⤵
    PID:1396
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15394666099022997728,13989299386181434338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7956 /prefetch:1
    3⤵
    PID:4624
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15394666099022997728,13989299386181434338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8284 /prefetch:1
    3⤵
    PID:5176
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15394666099022997728,13989299386181434338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8432 /prefetch:1
    3⤵
    PID:5184
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15394666099022997728,13989299386181434338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8428 /prefetch:1
    3⤵
    PID:5192
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15394666099022997728,13989299386181434338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8736 /prefetch:1
    3⤵
    PID:5328
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,15394666099022997728,13989299386181434338,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=9060 /prefetch:2
    3⤵
    PID:5632
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15394666099022997728,13989299386181434338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7352 /prefetch:1
    3⤵
    PID:5540
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15394666099022997728,13989299386181434338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6636 /prefetch:1
    3⤵
    PID:5344
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15394666099022997728,13989299386181434338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6388 /prefetch:1
    3⤵
    PID:5564
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15394666099022997728,13989299386181434338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8308 /prefetch:1
    3⤵
    PID:5764
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15394666099022997728,13989299386181434338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
    3⤵
    PID:5880
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15394666099022997728,13989299386181434338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3576 /prefetch:1
    3⤵
    PID:5972
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15394666099022997728,13989299386181434338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8696 /prefetch:1
    3⤵
    PID:5948
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15394666099022997728,13989299386181434338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8012 /prefetch:1
    3⤵
    PID:6112
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15394666099022997728,13989299386181434338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7200 /prefetch:1
    3⤵
    PID:6120
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15394666099022997728,13989299386181434338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
    3⤵
    PID:5452
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15394666099022997728,13989299386181434338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8028 /prefetch:1
    3⤵
    PID:772
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15394666099022997728,13989299386181434338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7024 /prefetch:1
    3⤵
    PID:5608
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15394666099022997728,13989299386181434338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
    3⤵
    PID:5356
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15394666099022997728,13989299386181434338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7060 /prefetch:1
    3⤵
    PID:5284
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15394666099022997728,13989299386181434338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8304 /prefetch:1
    3⤵
    PID:5196
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15394666099022997728,13989299386181434338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6676 /prefetch:1
    3⤵
    PID:5380
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15394666099022997728,13989299386181434338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7552 /prefetch:1
    3⤵
    PID:5372
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15394666099022997728,13989299386181434338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7544 /prefetch:1
    3⤵
    PID:5384
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15394666099022997728,13989299386181434338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7768 /prefetch:1
    3⤵
    PID:5548
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15394666099022997728,13989299386181434338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6520 /prefetch:1
    3⤵
    PID:5348
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15394666099022997728,13989299386181434338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8408 /prefetch:1
    3⤵
    PID:4760
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2060,15394666099022997728,13989299386181434338,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8996 /prefetch:8
    3⤵
    PID:940
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15394666099022997728,13989299386181434338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6992 /prefetch:1
    3⤵
    PID:5788
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15394666099022997728,13989299386181434338,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:1
    3⤵
    PID:6108
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2060,15394666099022997728,13989299386181434338,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8704 /prefetch:8
    3⤵
    PID:5564

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3868

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2316

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff99b23cc40,0x7ff99b23cc4c,0x7ff99b23cc58
  2⤵
  PID:3420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1888,i,11940394126938713745,6281002154704175519,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1880 /prefetch:2
  2⤵
  PID:5460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1988,i,11940394126938713745,6281002154704175519,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2168 /prefetch:3
  2⤵
  PID:5492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2292,i,11940394126938713745,6281002154704175519,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2460 /prefetch:8
  2⤵
  PID:1684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3148,i,11940394126938713745,6281002154704175519,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:5632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3172,i,11940394126938713745,6281002154704175519,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:4836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4556,i,11940394126938713745,6281002154704175519,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4536 /prefetch:1
  2⤵
  PID:1960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4708,i,11940394126938713745,6281002154704175519,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4740 /prefetch:8
  2⤵
  PID:3828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4800,i,11940394126938713745,6281002154704175519,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4808 /prefetch:8
  2⤵
  PID:5400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3740,i,11940394126938713745,6281002154704175519,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4820 /prefetch:1
  2⤵
  PID:2596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5104,i,11940394126938713745,6281002154704175519,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4036 /prefetch:8
  2⤵
  PID:5776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4424,i,11940394126938713745,6281002154704175519,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3188 /prefetch:8
  2⤵
  PID:5908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5116,i,11940394126938713745,6281002154704175519,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3416 /prefetch:1
  2⤵
  PID:3756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3300,i,11940394126938713745,6281002154704175519,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5000 /prefetch:1
  2⤵
  PID:4512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=3224,i,11940394126938713745,6281002154704175519,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3164 /prefetch:8
  2⤵
  PID:4692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4364,i,11940394126938713745,6281002154704175519,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5544 /prefetch:8
  2⤵
  PID:1380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=860,i,11940394126938713745,6281002154704175519,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4856 /prefetch:8
  2⤵
  PID:3064
- C:\Users\Admin\Downloads\winrar-x64-701.exe
  "C:\Users\Admin\Downloads\winrar-x64-701.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5224,i,11940394126938713745,6281002154704175519,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5300 /prefetch:8
  2⤵
  PID:5680

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5364

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4044

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\6eefde9da5584346aa63f6edaa2de8ac /t 4856 /p 4040
1⤵
PID:1456

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2364

C:\Users\Admin\Downloads\winrar-x64-701.exe
"C:\Users\Admin\Downloads\winrar-x64-701.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4804

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Loads dropped DLL
- Checks SCSI registry key(s)
- Suspicious use of SendNotifyMessage
PID:5964

C:\Users\Admin\Downloads\winrar-x64-701.exe
"C:\Users\Admin\Downloads\winrar-x64-701.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2564

C:\Users\Admin\Desktop\winrar-x64-701.exe
"C:\Users\Admin\Desktop\winrar-x64-701.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2104

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\04582161898548e58298244c262c13b6 /t 2336 /p 2104
1⤵
PID:1112

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Loads dropped DLL
- Checks SCSI registry key(s)
PID:4080

C:\Users\Admin\Desktop\winrar-x64-701.exe
"C:\Users\Admin\Desktop\winrar-x64-701.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:5632

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Loads dropped DLL
- Checks SCSI registry key(s)
PID:3188

C:\Users\Admin\Desktop\winrar-x64-701.exe
"C:\Users\Admin\Desktop\winrar-x64-701.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1656

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
PID:1220

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Loads dropped DLL
- Checks SCSI registry key(s)
PID:5416

C:\Users\Admin\Desktop\winrar-x64-701.exe
"C:\Users\Admin\Desktop\winrar-x64-701.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:6040

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
6a48e9bd76f2dfb1818b93186a442b03

SHA1
082559cdd2bc1f52e697f49fddfac29a69d235cb

SHA256
aded6e44fe881f3913a1360b6358d3974281259a386a21362d0eeccbf9d578a7

SHA512
d9371269ebf4be5ce84869e3941f59154492ebaf099107a656bec7871e6c72f95c56c5ffc192b610ac4108c5cdff20063ecd0a123f8cf662e8c69f1c1c218d35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
aa961bfbf7c30bfaa223782e44c7e22b

SHA1
ef8c0efabd6c7fd5c2369b287496f91c398be63c

SHA256
dd7441690d1a5f7895f2f2ee3cd634d5bb65d850d9297d1ef8e18a5935ebec9f

SHA512
72d6210385bd7e6eb1601466eb990b631d8c3ba999b52851a1d7bc6427377076a00a7ed56fe2e27760adaedfdc5b91f135eaf188ad72d2b6630883d14c8f3410

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
d90396efdf37e3f3da57f72f11483b3b

SHA1
2e491cad40ac37fc89b4e59440e08dad68fbf69b

SHA256
ed68ffe55945f1379bcc8810c71a8428d313f9396adf78dc49102635535de36f

SHA512
656c9155e0c538fc9a67fa55c2c9a5664b9dd84c9fe238a6f8b88183565aee628c47659dd2c435a7e47676a06bff71b33238b475a4d1a46da9bfdc95bdfc5d48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
aa4651bdd97f9cdc63268afe2713cf05

SHA1
9b4a08fb0c93fcc6365f6fa369c0ff05768756bc

SHA256
bd72d0eb549a8f5419a32f292fe7cfce353a1dc31bf5f73d5f78a0891e276f57

SHA512
dc1bd5d20e558605762937840c076df5b18e273b8fcd2dc082ec5350885587118ff20948a12e291a74642b88c8fb35cafc4e4a01d9b9d863d7790fdec499d15d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
c9c6b67fb14b7b1fee3600a1946d62c6

SHA1
698b95a95240fa4e4113f4d43833a0ec3b5fc714

SHA256
6032ffe908c8feb38f55e3f3dc6992d152cfc32d33c29553e9ca968bd2daa506

SHA512
7bd7b50614dc4d1e07705bd39d283300335f59c7306a27a32c9136a75d3b7d96b8b20de4b5d96f59c3b9a3f46939a56137d0728cc12ce5504e6a9ad3fa7cdd41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
0c232481a7a306b9ef37867887870327

SHA1
a55b28bf43a4d77626a1b9471380770338a9de4f

SHA256
f64a5e013851aa430be9ea05a87e3f9335561e7a17b0f52be246d94d08646ef3

SHA512
7d6622dc01fe717ce03adc6abba171599b61a138f5725353b4aa4531bc7a26a1540ba0044fbd3736e47bbf14e41f43a90cb7160e9a910da836e51e27c5b0ac15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
1241247988f98ea83e04f01421754ce2

SHA1
ba44382faf828adc574666974a13cf68ea162164

SHA256
54070a375907d48af1019f5324cc3e1c4b0cab0f70150aa2cd7ca3e7bd49e194

SHA512
8387f21f6ec07207c3a464d061073e6af003f4f7f573deaceb8405a20d3d87e67ef9f1c5e4e8c962826121a1653d898c993df953c869b4bc72b707361ed1189b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
a819ac975ee4c405ca7844939adc7c33

SHA1
e34bfb217bc65ac4591773a3e6074475184ce2e3

SHA256
3edf9728878a2f8d56b5f6817878ec57b1be2ee92217e2d5d18f01d1502b5a03

SHA512
5601f73a15d2cf467691581cdeba205dbdaf1721b2e6fe62a4a3f9a62705254e26081d8f87c11325c4206a88584c8c66300aa7229bf7bbee7e39408cc9ac48a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
a7e32049c595fe325ac331ba78079d81

SHA1
75b53cf6e6fe9d86fd2370818c5c3052ab36e6e9

SHA256
44c627d4d368d92f60d624c66d8e445144b0314d2648dcc6efe631a5d876ac22

SHA512
4ee7d5454a10ab263c75c8092af83e8d76f976150ad22c7d222ed8ae25f8500ece334d467163332d637a9517a8d15f9bdb23a86cd3af67ab1dcd761e5045a32d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
690B

MD5
a5a5cb20d7eae6ca42a7f8997be571bb

SHA1
27926eb9a2194435d653fe1543650dbf3d62c9c6

SHA256
0cc328263a727184f12b4646c7061f96074fd353a1d3a63654a3e605790b83aa

SHA512
d789e417a0ede3acf3ef6629ee14e77e6b516baebfe94f4e470fd4a328e8210f4351a41418ae23af81dff8d49bca33259f997d70266292cb4b8bbf4fd3c24d69

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
71e829882d28d40ff9922770d9b03918

SHA1
3cba7d2a08e9fbaa0d8e84f765d1ef16cd75f373

SHA256
3d7c4c53d5a4a88f9e9e65e2c2f65d23b15d3ff8744910a55cdaab1459123e86

SHA512
c9b18407077d9d4ba4ae5fdc4a8be755aced46434fdf80513bda569a505e38831940260f7d6811a751d3bf30b87222a24d59a568f53de40a5da652d35121b167

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
60479947762d304e63507ded319f69cd

SHA1
82994daab3dd71ba7c3f501570e8b8220e507d6d

SHA256
e96af0a6658295abd929ef128096b23914de48dd4762d431edef03f1bbee28c0

SHA512
a53a3b399702c3a7327e073078ff6280d25fcfb2f36480fa79e4034e433523fd9a8bb5a7eeb1b0864e2d927e03d90f5e14afb2a5a8c790039c840cc96b3e2ba3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
ad0174f317813d556ff3c549f7bf2cb0

SHA1
707152e0104418e64a2dfb281c53d4f19b70bb40

SHA256
55a3027d73f8a54b9d044869c1d14761ef7b6f89a6d4b1ba81066562fa77d4a8

SHA512
7acd219ab5d49cf2d493a59e309227f3098892c10ed36e365fab6e97fb1e89a2842ec2a3d34a7d2e250669ea1a447c90c50616c12e4a66b6989f3da889ea086e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
28fbb06dfc820322afbbbba576800014

SHA1
4f21f6cc4cd8f7c247638eda597084f006ab72d6

SHA256
51f26ed5a57c64befb76284789b4b6910d1e795e6eae95ad7da7848a1166c580

SHA512
56ae1aa6da50f895520398c1740a46b2e8e821e417cc311f0dc6dcb18854e447fc567eb26b9143dcbbcc8a65af48c80f21b260ca114aabe1cebee8f1a412d1e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
211KB

MD5
14c9100acc7761f3b46ee5d6d38d82a8

SHA1
b591cd1a1884be641e25093f91c4d7f3007ddb29

SHA256
05ac5cc60929537e25065b1d62eb961d46b14caa4757dd6dd62cbac7e62c236c

SHA512
b92e13453be0fec6c8f91caa9eec1913322596fb5954b2d4e68dcac9bf910d73f8bc27d8efbf88ef2778c565d6984537ff415c91e8072905503db82808a50585

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
211KB

MD5
d5154d4a913336ba5215c51c2336d7da

SHA1
2a484e2d5f882163e51ef1fd1e74e34707c63754

SHA256
3777ac6dcb4b5198890dd38edfd34c1a024e6d8f399f23d8ee2e15f79bdca9d4

SHA512
617b67f5b7ad3e077159313a5a90cccc60221b9154a84c08912511ca841e734f2a2a8e82d11239082c8b7450996fc0c59c722b387866bdd867891d9f090ad90a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
211KB

MD5
1f6ad4c01f3c892089c1d6880e946b41

SHA1
f1f29684fb94abb51e64011be3f4ab89294b0a8a

SHA256
4fcfb02ed30892e0bd8a7595c42b80362979bd8a28e9359b24e3471ea2171cf6

SHA512
44998b91cf0d99d5863ab4f72bbc30f83c93ab76232f5273fbf578a4b53169e19d5f1e0beafeb14847082c417a93ba65f322270b491f55a0a40a6ea8c6f0a888

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7114a6cd851f9bf56cf771c37d664a2

SHA1
769c5d04fd83e583f15ab1ef659de8f883ecab8a

SHA256
d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e

SHA512
33bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
719923124ee00fb57378e0ebcbe894f7

SHA1
cc356a7d27b8b27dc33f21bd4990f286ee13a9f9

SHA256
aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808

SHA512
a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000043

Filesize
30KB

MD5
6fb26b39d8dcf2f09ef8aebb8a5ffe23

SHA1
578cac24c947a6d24bc05a6aa305756dd70e9ac3

SHA256
774379647c0a6db04a0c2662be757a730c20f13b4c03fe0b12d43c0f09e7a059

SHA512
c40f4771c10add1b20efb81ee3b61fc5ede4701587f29a1c2cdde8b6faabd1c76d769bf8b99aa19082012f95d99ba448a472463fb9056acd2e43542e14e605cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004c

Filesize
40KB

MD5
231033f55786b003ec78ed1a1684bb76

SHA1
ebdd2296535d03263c2676308c15572fa7b80873

SHA256
a7f8a28bf0f21fb0e4fd67329c3f03ac14964c93d86ef1faeb1e2dbb333f3fab

SHA512
0b03be4dc6478c86f2016a6700338d221b0e3afb67cdbff85587d675a1a79be5103ccd8505389c92aac858f0b54dd7ed9f3c1e58d4184b27c81a35ca1210acf7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000053

Filesize
27KB

MD5
363786396c2a8c10d176e902868ce580

SHA1
3a7bee5ed9c5ca3ae64e89fd8cefe993de1e3722

SHA256
978fbd6a5f54294cb44c5c91e8be3ca0b6cf777d05034edb0825bb9e448334d1

SHA512
ab603229cdd4047081fcf3d9266e7577ad25a14a0eead465cf47caa7837b137cdd2e62a813dfc1f8de1122338a7cc223478907f9feed04dca49929246ce1bb56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2a31ab07e2d3b862_0

Filesize
341B

MD5
432d7f2c2766c360e1b0b5b5fa045ea8

SHA1
a3332831671844b7504c36791ec4df23bb3f7d91

SHA256
0cd319304fd6cf7af32b3597504f98acd3edb1560279401e1e04110488d6369e

SHA512
9d810f7b1f5ee3c5344c5213418a970c84efddc15f0e9b907c6f724c5e4b88dc31d8f5e8b6957699bf3668414337a21cb32d6a2c09a9ac7dbb6195438c3ea099

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6838b7f2095e4c38_0

Filesize
125KB

MD5
2566582c9b99b30f938633a0f0aa2e9a

SHA1
b3f6c7a75c00c7966a721f54c8c2179b7c329b0c

SHA256
1c7129921d4f25adfa58dffe5cc64d9712f8399c3dc1ba2b8e531abe88bb3a3a

SHA512
e60e7b9473e81eeb63ea68ab637e146c6ad191764158331ee7f59a71b8fa72523fe68815e52e14cf13dfcbb6e5e8d103f52e583253c8decd358429cbdaa6cba7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
4eaa7bdc4662a3cadf743a69506fdf59

SHA1
62a60d161ad982b7537153ff4de28a7a1bd578db

SHA256
05377ec79b4a933970f1579f55642006df9ebb014da8da7ddfba0a3ee9bcf3ff

SHA512
83f57f633fc3b966875d435bf51587d5f2f3179196e17dcff4daa99cf47c39333cdce7581977d389534cee80430e9643c641456e82438df8f2a3af55735e3508

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
356c094cbb7ffefa9b08ac105fce847e

SHA1
1e5a93e828ed5b6b1fa6185998d5c2db2cc78727

SHA256
65258ba41a4f7f7dec45bb446b34f579f2e6b1fe15c4814c163c53f4caaf92ed

SHA512
ce7367daa571c1d2f78d0a257716c4373f5ebc503d23ced8cefefe257d25cac5e60493fbb9c123b9269ec2ae1a7b899d8b5d999078e890f6c45972e71d97d86b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
864B

MD5
38a3cd88c8f8bce8cb293c85f1794773

SHA1
4e87a7774d7906346c613151178a08c4ac9cf8ed

SHA256
ec915d188564dcdb6d7f922215d8edb0a92a41df5451cd8f33ce80138e793018

SHA512
37d19c0472c0a603ac73eba0ed2cc80bbcfca90ce7d18d5c0ba4828920393cd185a17d4c7b4f2f2caa02e3f8d36be81dcb5ec1f2b3fd5cae938e306e4bffa4fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
14KB

MD5
8bb3bfeb01d05109047d231ca90c56ba

SHA1
f0e0f96cb7a81b6feaf12e130a82ee8e92e2a637

SHA256
22e1f6d69f668ee51bbaac8dbe3ab57120a148068d02b341595c0c0e651e3e76

SHA512
6b2a5b60e43daf67fd790983214e350e39b440bd8699bb4376622d41649237099719d992d19297215c91a701aa32e87d3b3b9d5866ac4a0bc5d4bb963440a77d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
842B

MD5
ee94506ca8cfbe71ebc476624319788e

SHA1
1ebe9d5602b25c6afc3042e1155ce9034c181411

SHA256
480d4eb741c6913aa11936f986c73582cfb617f7703fb879910d3cdb40737055

SHA512
bd031cceb80d2b72150e2f8b5a17320435edf8ffd6d205c1be877f45c75bffe0661c54c393959126a075f7d152fbf69ccf7fdda6492e674fcdaf69998392f9bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d75a23246cc99bd26245a1fe697caaab

SHA1
d11a323771f1823d35052efdb698cf74ef543f77

SHA256
cf8291776905865131fdd704a74ff456b0a924ab38af8c29d728313d510852da

SHA512
809573c98fee3c14dfba88e9e2067460b3e31cb32288372b35f08a5b92c94a895e15f5e29e9527274dd592709d6db59a13a035cdbbff2a692da944eee07306e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
d2c6dd64127a9c2c669b6d0a3ac128a7

SHA1
e38685807685894e4c1e71ff4b1180fdd67e7e35

SHA256
6d51353355aa50177bb06ad1e812a53fe1f266cc3c0b23f82b5eb3e9bd489bdc

SHA512
5b28b9f19091b89ce95dbd2321bd49a99edefa9665d3ad2fb6c85210414206dd8faae1bdbdedecd4c0594ca481d6b35180789bcf49ee3e5ddf73dc1efc2b5087

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6d0141cd17b290e5cc6711c88c4318bb

SHA1
ac1a450263cfeb8d4fdb78e7d9d0d8f72b84fa3d

SHA256
57bf6a324b1c8343fb608c817b6a853e5dab8f9980972b8a4b3cf6580cf6255c

SHA512
dab4cf8b8c89463fa2dbe8b1397e4984fe1a579116b449cb28c0cb41c204a34cb46a9d8f039ef8122757bae54338c3e253b57743739472dee93d9ad2f82b2cad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6cbe8fa461c54e722f734e1fb0af1133

SHA1
828407f600f3b1479cf5bde8e95531e4c0b8912e

SHA256
ac9c40672dd9d8cb3bc3265cc1a4f6619012cf157f2559d419569941afbad802

SHA512
db3d1937a876098218c3e6a990cbdfdfac0cedd6673fdf98fc0669c7197bf94f16a5561b389a57ff4b961cbf6c5387677861be0028b7279d990e135234975234

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c9d998c7d39b97debf1a415f92d1f640

SHA1
dd7e887515d6b0b3e3aae05942fc1c34b41f3230

SHA256
c8e8304033d4dafb63232228764394bfb19e6d054352b61bb0f9e1d98ee5257e

SHA512
1a83f2ebb286016497d0e6573b23a619badf3ac7953802f0dcdad745523d16a9c5f355c2dbe0c3179db990852e1d91b3ae379bbc6a288b24582138e6db8d3ca9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
18KB

MD5
57c363a997958549cc6a03dd55f271e6

SHA1
3d7618df6955419ad5839ddf3beae908326aa5a4

SHA256
74abee799529af43a7c6711376967299c2868c684e0fa6c4ec30d464623e2f92

SHA512
16425037f4343ff68b303b0be1d1dc7fbea5eae6ee8ea74ea169ec44a354407a2e66cbde53ffc81788e7dd2747a5f7a8b3fbefeef135bb6801628c3c255f6d97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
09d61716df2eb0cc31fd2b95f0e204a6

SHA1
2863fb03dcfbdd85ae69e72d83d37055ece7ce7b

SHA256
28349ca83697119428da68446dd5e0c3a2ef769eda749d9ef00fb33ddb56083f

SHA512
f1f63c5951e4463d4f39154a67ae1bc0553da2542135302dc1e76c215f0164798806a7d63ffcbdce8274411f48463f000d4e775ced5c26ec1d702f5904e12156

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
18KB

MD5
d756c592c07282bf2619aefa68b5a58d

SHA1
9d755aebd56e467e1bfeb29b7656afae33669e2f

SHA256
8fc9d30ac4f94cfd505b5d48f238712ce9f6c4ae7e47984e4fdc6526af0a8604

SHA512
b47e593c76038d51fa68118417bbfadf986dc7f707b3621bc9bcb9b30ab21bdd5fa0335a003ea21c2a747a344f643dd273f815f27333f020ebeca11f4a81bcb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
77f80add0ad15198d3fa53a58f0517c3

SHA1
681b6496e57b905ea165c7cc8b9664658b5d58cd

SHA256
cd7d5aa468bb10a5d99df372c67baa8224bcfd53ac65de501669ae572bb7bcdf

SHA512
09fe073dacb15893ed93663ac8fee814118edd264fd484cb7dfc8f613714175e5d55b1d386c17760f9fc4cd8871df5bec788f4c59634f0de26db1c48d3ad454a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
8e29da27d0e33d2ff30c3c504633532c

SHA1
c595ceb30f26745f58d42d0be4bc0f7817b36338

SHA256
d50b3334d57f5da173d42796804dde57f8601ba993d221be422c8f81c589ed03

SHA512
2048857d5d01913dd28aea6322852d1f24a383f78488628665de3fb35be2d8ba5f340f46a5d4174eca2cc68e9f1627dfe21bd433bfe9598e3d63ce5528bdf35c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1c9800b1b5782e23e9e2ca3b2183518e

SHA1
52b9e049c20befe2c3e67fe5658ebdce98d40486

SHA256
a808400a7270925b64116e176c8a32c2f8ae550daeeffae43f30c63e226c8a3e

SHA512
e0367d8be245c1487cb975f6549f5ecdf69bc267d92c180bd27a402ef76896dd5477b74b86cfb2a9c945f120e2498e5ee93bb68277f37f9be9082133cafb3c27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
4b430a355582049404d1cc4649424adf

SHA1
47cb8b88c0af1b483a515f86bab8a88019eb4db5

SHA256
0b595b291acf56a7c9fc03962bc440c418c33f2fd7ec918470e41369127e211a

SHA512
f50499fcdc89921e094cf8c5ce95de8dedf6aace248d897ab6ba014252955eb211fbc953947e55e1693893a2453fa55e44e3629481b68591d68d06b5658142b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
61a0c6069d94d2a7bdcbf808766c65a5

SHA1
c9462eae4039076854340a3e9e2b9706c8b69959

SHA256
33abc75339fc6518ff8be5df78cf1aa9454273556e30f97983e0f6b79e1d68c9

SHA512
48f06e38c4024ee23e36a2a7cfa9a790fc46accd867e77c9880843afc1589a2443f09b2b8c0b3a29b2da6ce2d5eb80b6cb5bbdb6dfa7a6d2c3ca077ed4964b10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
150b4357d5fd6d67816ae4ea7f9a660a

SHA1
fcc0aea2e2f1af95eab703b0cf1b87249f9f731f

SHA256
f5adb2157d523f84eb8c1a90156f66da721cb2930531afb23ef6073250257048

SHA512
3bebe6492e05506ed15e00ee73ec517cc859ba6df43af91c4657bd825680f4c93f91db36a384bf9af63d5bd45f879d49f6dd44cbe9da7821bfd855a6208666c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
13f1242b51cf90e50b7e25cb41c5b41e

SHA1
25e8c17b554d1c36af1cb2798483d21720d0276e

SHA256
b83ada0d8c35ab07e17c6d05f3262a81a81c1b7bf24df492edc140536c2b7ddb

SHA512
edfb4a09ebfe96659ad5681b042938c5e92cdb277aea28b291f15d2b6933ee08c47611c655113190f933c4b06eca08ed2a41099374e3eabda34bc06c7097ee25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
dae93e4acebbd7439bb9d8eecb2fef84

SHA1
c0b44c277f62d273a4546fc676ad1ea6b93f4658

SHA256
7fca3e3dc8e2e740690928270bbf6a7fc55f866df6dabcc46ebed174a6b341da

SHA512
a1a7f2e3e74b07dd63ffcabf188ff4496f48f26cf9a61bf94ea98af61a1ac5a522f4e874512abd1a22e71b508a0f6c8d17c72172ff09655795f68db125dbd3e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe589381.TMP

Filesize
705B

MD5
6e45aec8727bab1076b415e35f96d2f6

SHA1
f5f10850c3927c20920b7dcd7d639bcedc393272

SHA256
bb0ab7c8fda89e487c4adf8651a86702a387f7c89af86270a3f08ec424e71f3f

SHA512
4442782e9fe8f551b2e7f27758867c8a0212fa5ee8a28255307725b6c7d255b3df02dd8ad6319e6cceb690c5ac58fb15f3719ec53e93ca2e8a3d6789bb2391a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f99367d4-991b-49df-9815-154902035585.tmp

Filesize
6KB

MD5
8bc4419d88d2a9bf54570647db358968

SHA1
74059dc95826bb9fed0c1cf40c2b620039ddd594

SHA256
2c1a6be807792a62741470160ef187b11fb4376b69d013a750edeb2142bae3f5

SHA512
55dcd216154994f68c8544baad00133bba859dc170ccd489f274ee929537131489cb0fadaa86f6051659fe28fa66ae1321ded8d9c53042e09ec1246f54f3f117

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
08767ec589ad1ce4c6e06e5bb4aa1c3b

SHA1
9d1d4b6a0df3481ba2fb98292387fd14efef5a51

SHA256
9f754ba04b49a2bef91dcaee7c9e8a9a493456ae663b12dec96bd89c525f1542

SHA512
f2a227adfec37af427b76bbe32be80e95bdc51e2c990cd7a837b8d581666ffb5aa13226c5c8b87eda9eebd1edfa7fcb83c509a870daa60fff24c84a51fd68818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
12a2ace7207087e50b5552ad813b6801

SHA1
cdcfb2c82a86122ec27f7659ae4285078304f944

SHA256
511409cf2853d509c41f85104426cb820f927c80b3584da651112b9995ecb73d

SHA512
38a2ac4cc6252ad8779cdac4a16b805ac2ce4acfbc24352cd353db9590c12a20bec6b4de21e60b24c2a9356a133d67bc89146cc946f7f151ea2d51c0fbf77395

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
12KB

MD5
84c4ff38502b5d24f5b6a81d8e563114

SHA1
9921afcc83a9aa2990fda49e0d5b63f8434d5204

SHA256
21fbc10face4467538c7b2d6d99edc4af6eb6d040166523f4b2d7d0c603ba16b

SHA512
8ac61cc4b5e71b9d14447a39f19a32d02c2b831d4dd65208f11e32c933bbad3a4514ab0d1fc447e5fe5cf9ab2503ef4d808271da89cf6236cd36155186fc540f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
15KB

MD5
ca2802b5d09ed3693da36ae3acc0629f

SHA1
ed1315a9aecd94e0382e960fab8409b2d6a44912

SHA256
6f4204083ae6679f9d2e5836434108c918833b945183b025762795cd71b2207a

SHA512
380730a80a18a124f663db2e1e29c69dae4960665e9b46999f97c085fd37af418172fbe26bcc29cea97bbbfdc66cc0c8686027416f7fc8a6ad424f98897a56b2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
14KB

MD5
04e0fd0b82999cfd1c02ef219ec1d0ee

SHA1
a295bf231418413b2468e0da307a3bb5617eb69e

SHA256
ab3c6f9f1a6376f032878a0f22c8dc6670b4d100cdc18fdd6f39d24a230a0e22

SHA512
2c0cc759714bfa86bac9908c4650246855439de65daa3d24e44ba1869db5efd0ba179a6c44c9f8fcb445a49542e10fd7ae89c972013df83cb853e8ee98b46a0b

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 76554.crdownload

Filesize
7.7MB

MD5
24fa1d160132441a53dcda576b8ede3c

SHA1
ca0d17c4c249c3972c2544c417386a3e48912fed

SHA256
8450fe04a027ac801963c6768c8cb775cf4a69daa70ae6a3f18b66fc9290b07d

SHA512
447fa64f6a9d9627af5cd743986af976a57dae3d3184ee6c107fdb062b0bf87923d212fbf706c5b956f79f1885d0abd5c9a0b970447c901c31c1c5fad2e9a0a9

Download Submit
C:\Users\Admin\Downloads\winrar-x64-701.exe

Filesize
3.8MB

MD5
46c17c999744470b689331f41eab7df1

SHA1
b8a63127df6a87d333061c622220d6d70ed80f7c

SHA256
c5b5def1c8882b702b6b25cbd94461c737bc151366d2d9eba5006c04886bfc9a

SHA512
4b02a3e85b699f62df1b4fe752c4dee08cfabc9b8bb316bc39b854bd5187fc602943a95788ec680c7d3dc2c26ad882e69c0740294bd6cb3b32cdcd165a9441b6

Download Submit
memory/3188-1685-0x000001B39A7E0000-0x000001B39A7E1000-memory.dmp

Filesize
4KB

Download
memory/3188-1679-0x000001B39A7E0000-0x000001B39A7E1000-memory.dmp

Filesize
4KB

Download
memory/3188-1680-0x000001B39A7E0000-0x000001B39A7E1000-memory.dmp

Filesize
4KB

Download
memory/3188-1681-0x000001B39A7E0000-0x000001B39A7E1000-memory.dmp

Filesize
4KB

Download
memory/3188-1686-0x000001B39A7E0000-0x000001B39A7E1000-memory.dmp

Filesize
4KB

Download
memory/3188-1688-0x000001B39A7E0000-0x000001B39A7E1000-memory.dmp

Filesize
4KB

Download
memory/3188-1687-0x000001B39A7E0000-0x000001B39A7E1000-memory.dmp

Filesize
4KB

Download
memory/3188-1684-0x000001B39A7E0000-0x000001B39A7E1000-memory.dmp

Filesize
4KB

Download
memory/3188-1683-0x000001B39A7E0000-0x000001B39A7E1000-memory.dmp

Filesize
4KB

Download
memory/4080-1674-0x000001A0D92E0000-0x000001A0D92E1000-memory.dmp

Filesize
4KB

Download
memory/4080-1672-0x000001A0D92E0000-0x000001A0D92E1000-memory.dmp

Filesize
4KB

Download
memory/4080-1667-0x000001A0D92E0000-0x000001A0D92E1000-memory.dmp

Filesize
4KB

Download
memory/4080-1669-0x000001A0D92E0000-0x000001A0D92E1000-memory.dmp

Filesize
4KB

Download
memory/4080-1671-0x000001A0D92E0000-0x000001A0D92E1000-memory.dmp

Filesize
4KB

Download
memory/4080-1676-0x000001A0D92E0000-0x000001A0D92E1000-memory.dmp

Filesize
4KB

Download
memory/4080-1675-0x000001A0D92E0000-0x000001A0D92E1000-memory.dmp

Filesize
4KB

Download
memory/4080-1668-0x000001A0D92E0000-0x000001A0D92E1000-memory.dmp

Filesize
4KB

Download
memory/4080-1673-0x000001A0D92E0000-0x000001A0D92E1000-memory.dmp

Filesize
4KB

Download
memory/5964-1527-0x00000278C9D60000-0x00000278C9D61000-memory.dmp

Filesize
4KB

Download
memory/5964-1528-0x00000278C9D60000-0x00000278C9D61000-memory.dmp

Filesize
4KB

Download
memory/5964-1529-0x00000278C9D60000-0x00000278C9D61000-memory.dmp

Filesize
4KB

Download
memory/5964-1530-0x00000278C9D60000-0x00000278C9D61000-memory.dmp

Filesize
4KB

Download
memory/5964-1531-0x00000278C9D60000-0x00000278C9D61000-memory.dmp

Filesize
4KB

Download
memory/5964-1532-0x00000278C9D60000-0x00000278C9D61000-memory.dmp

Filesize
4KB

Download
memory/5964-1533-0x00000278C9D60000-0x00000278C9D61000-memory.dmp

Filesize
4KB

Download
memory/5964-1521-0x00000278C9D60000-0x00000278C9D61000-memory.dmp

Filesize
4KB

Download
memory/5964-1523-0x00000278C9D60000-0x00000278C9D61000-memory.dmp

Filesize
4KB

Download
memory/5964-1522-0x00000278C9D60000-0x00000278C9D61000-memory.dmp

Filesize
4KB

Download