discordrat | hxxps://mega[.]nz/file/lflQiLYT#B9rAhBOJRa9Yw1UpfYTYzX6DIjCCMytKdNiDYFwmjA8

Analysis

max time kernel
297s
max time network
300s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
10-12-2024 16:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://mega.nz/file/lflQiLYT#B9rAhBOJRa9Yw1UpfYTYzX6DIjCCMytKdNiDYFwmjA8

Score

10^/10

discordrat defense_evasion discovery persistence phishing rat rootkit spyware stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTMxNjA4MzM4MDg0NDIzNjkxMA.GSyIeh.rWHubRlTEbJ76Mg0qUQDOgbcDx8mfCSnC9_BKs
server_id
1316080985305256081

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat

Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs

description	pid	Process	procid_target
PID 3688 created 604	3688	Hello123.exe	5

Downloads MZ/PE file
A potential corporate email address has been identified in the URL: [email protected]
phishing

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	wmiprvse.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	wmiprvse.exe

Executes dropped EXE 1 IoCs

pid	Process
3688	Hello123.exe

Indicator Removal: Clear Windows Event Logs 1 TTPs 1 IoCs

Clear Windows Event Logs to hide the activity of an intrusion.

defense_evasion

Clear Windows Event Logs

T1070.001

description	ioc	Process
File opened for modification	C:\Windows\System32\Winevt\Logs\Microsoft-Windows-AppxPackaging%4Operational.evtx	svchost.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Legitimate hosting services abused for malware hosting/C2 1 TTPs 28 IoCs

Web Service

T1102

flow	ioc
427	discord.com
229	discord.com
349	discord.com
60	discord.com
86	discord.com
240	discord.com
463	discord.com
55	discord.com
58	discord.com
62	raw.githubusercontent.com
239	discord.com
52	discord.com
428	discord.com
77	discord.com
95	discord.com
267	discord.com
277	discord.com
315	discord.com
360	discord.com
61	raw.githubusercontent.com
66	discord.com
462	discord.com
91	discord.com
51	discord.com
67	discord.com
85	raw.githubusercontent.com
59	discord.com
63	discord.com

Drops file in System32 directory 8 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Office\16.0\officeclicktorun.exe_Rules.xml	OfficeClickToRun.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A	OfficeClickToRun.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A	OfficeClickToRun.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\FB0D848F74F70BB2EAA93746D24D9749	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\WebCache\V01.chk	DllHost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776	svchost.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3688 set thread context of 4116	3688	Hello123.exe	111

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\0829769f-434d-4697-9eed-a78230507d85.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20241210165351.pma	setup.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 8 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	SystemSettings.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	SystemSettings.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	SystemSettings.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000	SystemSettings.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	SystemSettings.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	SystemSettings.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID	SystemSettings.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	SystemSettings.exe

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Component Information	wmiprvse.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	wmiprvse.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	wmiprvse.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	wmiprvse.exe
Key queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	wmiprvse.exe
Key security queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	wmiprvse.exe

Enumerates system info in registry 2 TTPs 24 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	wmiprvse.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	SystemSettings.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	SystemSettings.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Internet Explorer settings 1 TTPs 13 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\c92acd8e_0\{219ED5A0-9CBF-4F3A-B927-37C9E5C5F14F}\3 = 04000000000000000000803f000000000000000000000000	svchost.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\c92acd8e_0\{219ED5A0-9CBF-4F3A-B927-37C9E5C5F14F}\4 = 0420000000000000180000000000000000000000000000000000803f0000803f	svchost.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\c92acd8e_0\{219ED5A0-9CBF-4F3A-B927-37C9E5C5F14F}\5 = 0b0000000000000000000000000000000000000000000000	svchost.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\88c34bd0_0\{219ED5A0-9CBF-4F3A-B927-37C9E5C5F14F}\5 = 0b0000000000000000000000000000000000000000000000	svchost.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\18ae2d12_0\{219ED5A0-9CBF-4F3A-B927-37C9E5C5F14F}\3 = 04000000000000000000803f000000000000000000000000	svchost.exe
Key created	\REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\88c34bd0_0\{219ED5A0-9CBF-4F3A-B927-37C9E5C5F14F}	svchost.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\88c34bd0_0\{219ED5A0-9CBF-4F3A-B927-37C9E5C5F14F}\3 = 04000000000000000000803f000000000000000000000000	svchost.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\88c34bd0_0\{219ED5A0-9CBF-4F3A-B927-37C9E5C5F14F}\4 = 0420000000000000180000000000000000000000000000000000803f0000803f	svchost.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\18ae2d12_0\{219ED5A0-9CBF-4F3A-B927-37C9E5C5F14F}\4 = 0420000000000000180000000000000000000000000000000000803f0000803f	svchost.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\18ae2d12_0\{219ED5A0-9CBF-4F3A-B927-37C9E5C5F14F}\5 = 0b0000000000000000000000000000000000000000000000	svchost.exe
Key created	\REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\c92acd8e_0\{219ED5A0-9CBF-4F3A-B927-37C9E5C5F14F}	svchost.exe
Key created	\REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\88c34bd0_0	svchost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\88c34bd0_0\ = "{2}.\\\\?\\hdaudio#func_01&ven_8086&dev_0022&subsys_80860022&rev_1001#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\\elineouttopo/00010001\|\\Device\\HarddiskVolume2\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe%b{00000000-0000-0000-0000-000000000000}"	svchost.exe

Modifies data under HKEY_USERS 19 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe	OfficeClickToRun.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\IdentityCRL\AppData\82864fa0-ed49-4711-8395-a0e6003dca1f\FirstParty = "1"	svchost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor\ULSTagIds0 = "5804129,7202269,17110992,41484365,39965824,7153487,17110988,508368333,17962391,17962392,3462423,3702920,3700754,3965062,4297094,7153421,18716193,7153435,7202265,20502174,6308191,18407617"	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.default\Software\Microsoft\IdentityCRL\AppData\82864fa0-ed49-4711-8395-a0e6003dca1f	svchost.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133783231201670199"	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	svchost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\RulesEndpoint = "https://nexusrules.officeapps.live.com/nexus/rules?Application=officeclicktorun.exe&Version=16.0.12527.20470&ClientId={C2C5C930-ED4B-4A58-B011-C97B23288330}&OSEnvironment=10&MsoAppId=37&AudienceName=Production&AudienceGroup=Production&AppVersion=16.0.12527.20470&"	OfficeClickToRun.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry	OfficeClickToRun.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\MICROSOFT\OFFICE\16.0\COMMON\CLIENTTELEMETRY\RULESMETADATA\OFFICECLICKTORUN.EXE\ULSMONITOR	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata	OfficeClickToRun.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesLastModified\officeclicktorun.exe_queried = "1733849610"	OfficeClickToRun.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesLastModified\officeclicktorun.exe = "Tue, 10 Dec 2024 16:53:31 GMT"	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0	OfficeClickToRun.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor\ULSCategoriesSeverities = "1329 10,1329 50,1329 15,1329 100,1329 6"	OfficeClickToRun.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	OfficeClickToRun.exe

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	Explorer.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	Explorer.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.Search_cw5n1h2txyewy\WasEverActivated = "1"	sihost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.MicrosoftEdge.Stable_8wekyb3d8bbwe\WasEverActivated = "1"	sihost.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4020	chrome.exe
4020	chrome.exe
3688	Hello123.exe
3688	Hello123.exe
4116	dllhost.exe
4116	dllhost.exe
4116	dllhost.exe
4116	dllhost.exe
4116	dllhost.exe
4116	dllhost.exe
4116	dllhost.exe
4116	dllhost.exe
3688	Hello123.exe
4116	dllhost.exe
4116	dllhost.exe
4116	dllhost.exe
4116	dllhost.exe
4116	dllhost.exe
4116	dllhost.exe
4116	dllhost.exe
4116	dllhost.exe
4116	dllhost.exe
4116	dllhost.exe
3688	Hello123.exe
4116	dllhost.exe
4116	dllhost.exe
4116	dllhost.exe
4116	dllhost.exe
4116	dllhost.exe
4116	dllhost.exe
4116	dllhost.exe
4116	dllhost.exe
4116	dllhost.exe
4116	dllhost.exe
3688	Hello123.exe
4116	dllhost.exe
4116	dllhost.exe
4116	dllhost.exe
4116	dllhost.exe
4116	dllhost.exe
4116	dllhost.exe
4116	dllhost.exe
4116	dllhost.exe
4116	dllhost.exe
4116	dllhost.exe
3688	Hello123.exe
4116	dllhost.exe
4116	dllhost.exe
4116	dllhost.exe
4116	dllhost.exe
4116	dllhost.exe
4116	dllhost.exe
4116	dllhost.exe
4116	dllhost.exe
3688	Hello123.exe
4116	dllhost.exe
4116	dllhost.exe
4116	dllhost.exe
4116	dllhost.exe
4116	dllhost.exe
4116	dllhost.exe
4116	dllhost.exe
4116	dllhost.exe
4116	dllhost.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3676	Explorer.EXE

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 50 IoCs

pid	Process
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
5732	msedge.exe
5732	msedge.exe
5732	msedge.exe
5732	msedge.exe
5732	msedge.exe
5732	msedge.exe
5732	msedge.exe
5732	msedge.exe
5732	msedge.exe
5732	msedge.exe
5732	msedge.exe
5732	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
6264	msedge.exe
6264	msedge.exe
6264	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
5964	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: 33	1556	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1556	AUDIODG.EXE
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeDebugPrivilege	3688	Hello123.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe
Token: SeCreatePagefilePrivilege	4020	chrome.exe
Token: SeShutdownPrivilege	4020	chrome.exe

Suspicious use of FindShellTrayWindow 62 IoCs

pid	Process
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
5732	msedge.exe
3676	Explorer.EXE
3676	Explorer.EXE
3676	Explorer.EXE
3676	Explorer.EXE
5732	msedge.exe
5732	msedge.exe
5732	msedge.exe
5504	msedge.exe
3676	Explorer.EXE
4588	SystemSettings.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
5504	msedge.exe
4020	chrome.exe
6264	msedge.exe
6264	msedge.exe
2336	msedge.exe
2336	msedge.exe
5964	msedge.exe
5964	msedge.exe
2868	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
3676	Explorer.EXE
3676	Explorer.EXE
3676	Explorer.EXE
3676	Explorer.EXE
3676	Explorer.EXE
3676	Explorer.EXE
3676	Explorer.EXE
3676	Explorer.EXE
3676	Explorer.EXE
3676	Explorer.EXE
3676	Explorer.EXE
3676	Explorer.EXE
3676	Explorer.EXE
3676	Explorer.EXE
3676	Explorer.EXE
3676	Explorer.EXE
3676	Explorer.EXE
3676	Explorer.EXE
3676	Explorer.EXE
3676	Explorer.EXE
3676	Explorer.EXE
3676	Explorer.EXE
3676	Explorer.EXE
3676	Explorer.EXE
3676	Explorer.EXE
3676	Explorer.EXE
3676	Explorer.EXE
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
4020	chrome.exe
3676	Explorer.EXE
3676	Explorer.EXE
3676	Explorer.EXE
3676	Explorer.EXE
3676	Explorer.EXE

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4588	SystemSettings.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4020 wrote to memory of 4404	4020	chrome.exe	82
PID 4020 wrote to memory of 4404	4020	chrome.exe	82
PID 4020 wrote to memory of 1488	4020	chrome.exe	83
PID 4020 wrote to memory of 1488	4020	chrome.exe	83
PID 4020 wrote to memory of 1488	4020	chrome.exe	83
PID 4020 wrote to memory of 1488	4020	chrome.exe	83
PID 4020 wrote to memory of 1488	4020	chrome.exe	83
PID 4020 wrote to memory of 1488	4020	chrome.exe	83
PID 4020 wrote to memory of 1488	4020	chrome.exe	83
PID 4020 wrote to memory of 1488	4020	chrome.exe	83
PID 4020 wrote to memory of 1488	4020	chrome.exe	83
PID 4020 wrote to memory of 1488	4020	chrome.exe	83
PID 4020 wrote to memory of 1488	4020	chrome.exe	83
PID 4020 wrote to memory of 1488	4020	chrome.exe	83
PID 4020 wrote to memory of 1488	4020	chrome.exe	83
PID 4020 wrote to memory of 1488	4020	chrome.exe	83
PID 4020 wrote to memory of 1488	4020	chrome.exe	83
PID 4020 wrote to memory of 1488	4020	chrome.exe	83
PID 4020 wrote to memory of 1488	4020	chrome.exe	83
PID 4020 wrote to memory of 1488	4020	chrome.exe	83
PID 4020 wrote to memory of 1488	4020	chrome.exe	83
PID 4020 wrote to memory of 1488	4020	chrome.exe	83
PID 4020 wrote to memory of 1488	4020	chrome.exe	83
PID 4020 wrote to memory of 1488	4020	chrome.exe	83
PID 4020 wrote to memory of 1488	4020	chrome.exe	83
PID 4020 wrote to memory of 1488	4020	chrome.exe	83
PID 4020 wrote to memory of 1488	4020	chrome.exe	83
PID 4020 wrote to memory of 1488	4020	chrome.exe	83
PID 4020 wrote to memory of 1488	4020	chrome.exe	83
PID 4020 wrote to memory of 1488	4020	chrome.exe	83
PID 4020 wrote to memory of 1488	4020	chrome.exe	83
PID 4020 wrote to memory of 1488	4020	chrome.exe	83
PID 4020 wrote to memory of 2776	4020	chrome.exe	84
PID 4020 wrote to memory of 2776	4020	chrome.exe	84
PID 4020 wrote to memory of 3744	4020	chrome.exe	85
PID 4020 wrote to memory of 3744	4020	chrome.exe	85
PID 4020 wrote to memory of 3744	4020	chrome.exe	85
PID 4020 wrote to memory of 3744	4020	chrome.exe	85
PID 4020 wrote to memory of 3744	4020	chrome.exe	85
PID 4020 wrote to memory of 3744	4020	chrome.exe	85
PID 4020 wrote to memory of 3744	4020	chrome.exe	85
PID 4020 wrote to memory of 3744	4020	chrome.exe	85
PID 4020 wrote to memory of 3744	4020	chrome.exe	85
PID 4020 wrote to memory of 3744	4020	chrome.exe	85
PID 4020 wrote to memory of 3744	4020	chrome.exe	85
PID 4020 wrote to memory of 3744	4020	chrome.exe	85
PID 4020 wrote to memory of 3744	4020	chrome.exe	85
PID 4020 wrote to memory of 3744	4020	chrome.exe	85
PID 4020 wrote to memory of 3744	4020	chrome.exe	85
PID 4020 wrote to memory of 3744	4020	chrome.exe	85
PID 4020 wrote to memory of 3744	4020	chrome.exe	85
PID 4020 wrote to memory of 3744	4020	chrome.exe	85
PID 4020 wrote to memory of 3744	4020	chrome.exe	85
PID 4020 wrote to memory of 3744	4020	chrome.exe	85
PID 4020 wrote to memory of 3744	4020	chrome.exe	85
PID 4020 wrote to memory of 3744	4020	chrome.exe	85
PID 4020 wrote to memory of 3744	4020	chrome.exe	85
PID 4020 wrote to memory of 3744	4020	chrome.exe	85
PID 4020 wrote to memory of 3744	4020	chrome.exe	85
PID 4020 wrote to memory of 3744	4020	chrome.exe	85
PID 4020 wrote to memory of 3744	4020	chrome.exe	85
PID 4020 wrote to memory of 3744	4020	chrome.exe	85
PID 4020 wrote to memory of 3744	4020	chrome.exe	85
PID 4020 wrote to memory of 3744	4020	chrome.exe	85

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Windows\system32\winlogon.exe
winlogon.exe
1⤵
PID:604
- C:\Windows\system32\dwm.exe
  "dwm.exe"
  2⤵
  PID:920
- C:\Windows\System32\dllhost.exe
  C:\Windows\System32\dllhost.exe /Processid:{625e614c-26df-4a41-9757-858be9dbafcb}
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4116

C:\Windows\system32\lsass.exe
C:\Windows\system32\lsass.exe
1⤵
PID:684

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch -p -s LSM
1⤵
PID:976

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s lmhosts
1⤵
PID:460

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService
1⤵
PID:752

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s TimeBrokerSvc
1⤵
PID:1028

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s gpsvc
1⤵
PID:1100

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s EventLog
1⤵
- Indicator Removal: Clear Windows Event Logs
PID:1116

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s Schedule
1⤵
PID:1240
- C:\Windows\system32\taskhostw.exe
  taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
  2⤵
  PID:2940

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s nsi
1⤵
PID:1276

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s ProfSvc
1⤵
PID:1312

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s Dhcp
1⤵
PID:1352

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s DispBrokerDesktopSvc
1⤵
PID:1452

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s EventSystem
1⤵
PID:1504

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p -s Themes
1⤵
PID:1520

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s UserManager
1⤵
PID:1616
- C:\Windows\system32\sihost.exe
  sihost.exe
  2⤵
  - Modifies registry class
  PID:2804

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s NlaSvc
1⤵
PID:1672

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s SENS
1⤵
PID:1732

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s AudioEndpointBuilder
1⤵
PID:1792

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalService -p -s netprofm
1⤵
PID:1808

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p
1⤵
- Modifies Internet Explorer settings
PID:1940
- C:\Windows\system32\AUDIODG.EXE
  C:\Windows\system32\AUDIODG.EXE 0x508 0x520
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:1556

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k NetworkService -p -s Dnscache
1⤵
PID:1468

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p
1⤵
PID:672

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p
1⤵
PID:1784

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k appmodel -p -s StateRepository
1⤵
PID:1896

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p -s ShellHWDetection
1⤵
PID:2100

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s Winmgmt
1⤵
PID:2108

C:\Windows\System32\spoolsv.exe
C:\Windows\System32\spoolsv.exe
1⤵
PID:2308

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s LanmanWorkstation
1⤵
PID:2424

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -s RmSvc
1⤵
PID:2440

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted -p -s PolicyAgent
1⤵
PID:2636

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s IKEEXT
1⤵
PID:2644

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc
1⤵
PID:2812

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k NetworkService -p -s CryptSvc
1⤵
- Drops file in System32 directory
PID:2904

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s TokenBroker
1⤵
PID:2960

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s LanmanServer
1⤵
PID:2968

C:\Windows\sysmon.exe
C:\Windows\sysmon.exe
1⤵
PID:3004

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s TrkWks
1⤵
PID:3012

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s WpnService
1⤵
PID:3024

C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\unsecapp.exe -Embedding
1⤵
PID:3272

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s CDPSvc
1⤵
PID:3532

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://mega.nz/file/lflQiLYT#B9rAhBOJRa9Yw1UpfYTYzX6DIjCCMytKdNiDYFwmjA8
  2⤵
  - Drops file in Windows directory
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:4020
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x224,0x228,0x22c,0x1f8,0x230,0x7ffbb269cc40,0x7ffbb269cc4c,0x7ffbb269cc58
    3⤵
    PID:4404
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1880,i,2939039872610885952,14509746773231974587,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=1852 /prefetch:2
    3⤵
    PID:1488
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2136,i,2939039872610885952,14509746773231974587,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2172 /prefetch:3
    3⤵
    PID:2776
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2244,i,2939039872610885952,14509746773231974587,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2452 /prefetch:8
    3⤵
    PID:3744
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3112,i,2939039872610885952,14509746773231974587,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3148 /prefetch:1
    3⤵
    PID:4232
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3128,i,2939039872610885952,14509746773231974587,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3172 /prefetch:1
    3⤵
    PID:1948
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4376,i,2939039872610885952,14509746773231974587,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3684 /prefetch:8
    3⤵
    PID:3444
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4836,i,2939039872610885952,14509746773231974587,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4844 /prefetch:8
    3⤵
    PID:648
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5064,i,2939039872610885952,14509746773231974587,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5624 /prefetch:8
    3⤵
    PID:3576
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5632,i,2939039872610885952,14509746773231974587,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5676 /prefetch:8
    3⤵
    PID:2272
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5688,i,2939039872610885952,14509746773231974587,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5692 /prefetch:1
    3⤵
    PID:2448
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4928,i,2939039872610885952,14509746773231974587,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5784 /prefetch:8
    3⤵
    PID:2652
- - C:\Users\Admin\Downloads\Hello123.exe
    "C:\Users\Admin\Downloads\Hello123.exe"
    3⤵
    - Suspicious use of NtCreateUserProcessOtherParentProcess
    - Executes dropped EXE
    - Suspicious use of SetThreadContext
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:3688
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pornhub.com/gaysex
      4⤵
      PID:5600
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pornhub.com/gaysex
      4⤵
      Enumerates system info in registry
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of FindShellTrayWindow
      PID:5732
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x160,0x164,0x168,0x13c,0x16c,0x7ffbaf1346f8,0x7ffbaf134708,0x7ffbaf134718
        5⤵
        
        PID:5760
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,14432401335125182354,9462992306437568539,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
        5⤵
        
        PID:6000
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,14432401335125182354,9462992306437568539,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
        5⤵
        
        PID:6012
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,14432401335125182354,9462992306437568539,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2772 /prefetch:8
        5⤵
        
        PID:6072
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,14432401335125182354,9462992306437568539,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
        5⤵
        
        PID:1428
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,14432401335125182354,9462992306437568539,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
        5⤵
        
        PID:4588
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,14432401335125182354,9462992306437568539,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4192 /prefetch:1
        5⤵
        
        PID:5340
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,14432401335125182354,9462992306437568539,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5820 /prefetch:8
        5⤵
        
        PID:2132
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
        5⤵
        Drops file in Program Files directory
        
        PID:3308
      - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2a4,0x2d4,0x7ff67b2d5460,0x7ff67b2d5470,0x7ff67b2d5480
        6⤵
        
        PID:5740
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,14432401335125182354,9462992306437568539,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5820 /prefetch:8
        5⤵
        
        PID:1600
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,14432401335125182354,9462992306437568539,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
        5⤵
        
        PID:6716
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,14432401335125182354,9462992306437568539,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:1
        5⤵
        
        PID:6728
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,14432401335125182354,9462992306437568539,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
        5⤵
        
        PID:7160
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,14432401335125182354,9462992306437568539,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6164 /prefetch:1
        5⤵
        
        PID:2184
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,14432401335125182354,9462992306437568539,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6416 /prefetch:1
        5⤵
        
        PID:6456
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,14432401335125182354,9462992306437568539,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6616 /prefetch:1
        5⤵
        
        PID:6464
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2088,14432401335125182354,9462992306437568539,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6448 /prefetch:8
        5⤵
        
        PID:6528
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,14432401335125182354,9462992306437568539,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
        5⤵
        
        PID:4528
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,14432401335125182354,9462992306437568539,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1
        5⤵
        
        PID:6868
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,14432401335125182354,9462992306437568539,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3820 /prefetch:1
        5⤵
        
        PID:7148
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://youareanidiot/
      4⤵
      PID:6888
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffbaf1346f8,0x7ffbaf134708,0x7ffbaf134718
        5⤵
        
        PID:6968
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pornhub.com/lanarhodes
      4⤵
      PID:6196
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffbaf1346f8,0x7ffbaf134708,0x7ffbaf134718
        5⤵
        
        PID:6792
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pornhub.com/lanarhoades
      4⤵
      Enumerates system info in registry
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of FindShellTrayWindow
      PID:5504
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffbaf1346f8,0x7ffbaf134708,0x7ffbaf134718
        5⤵
        
        PID:7048
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,3044065194393325589,14996676565988698057,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
        5⤵
        
        PID:6376
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2184,3044065194393325589,14996676565988698057,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
        5⤵
        
        PID:1400
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2184,3044065194393325589,14996676565988698057,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3076 /prefetch:8
        5⤵
        
        PID:5408
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,3044065194393325589,14996676565988698057,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
        5⤵
        
        PID:5332
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,3044065194393325589,14996676565988698057,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
        5⤵
        
        PID:6652
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,3044065194393325589,14996676565988698057,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
        5⤵
        
        PID:4016
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,3044065194393325589,14996676565988698057,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5656 /prefetch:8
        5⤵
        
        PID:6540
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,3044065194393325589,14996676565988698057,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5656 /prefetch:8
        5⤵
        
        PID:6504
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,3044065194393325589,14996676565988698057,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4436 /prefetch:1
        5⤵
        
        PID:6024
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,3044065194393325589,14996676565988698057,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6028 /prefetch:1
        5⤵
        
        PID:5644
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,3044065194393325589,14996676565988698057,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
        5⤵
        
        PID:2188
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,3044065194393325589,14996676565988698057,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3996 /prefetch:1
        5⤵
        
        PID:6340
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,3044065194393325589,14996676565988698057,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
        5⤵
        
        PID:6900
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://howtokillyourself.com/
      4⤵
      PID:5912
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffbaf1346f8,0x7ffbaf134708,0x7ffbaf134718
        5⤵
        
        PID:5892
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://marijuanaforsale.com/
      4⤵
      Enumerates system info in registry
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of FindShellTrayWindow
      PID:6264
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x16c,0x170,0x174,0x148,0x178,0x7ffbaf1346f8,0x7ffbaf134708,0x7ffbaf134718
        5⤵
        
        PID:6032
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,18367714716718895097,5465806202662118626,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
        5⤵
        
        PID:5976
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,18367714716718895097,5465806202662118626,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
        5⤵
        
        PID:5256
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,18367714716718895097,5465806202662118626,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2980 /prefetch:8
        5⤵
        
        PID:1788
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,18367714716718895097,5465806202662118626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
        5⤵
        
        PID:1560
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,18367714716718895097,5465806202662118626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
        5⤵
        
        PID:5924
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,18367714716718895097,5465806202662118626,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
        5⤵
        
        PID:6820
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,18367714716718895097,5465806202662118626,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5628 /prefetch:8
        5⤵
        
        PID:5316
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,18367714716718895097,5465806202662118626,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5628 /prefetch:8
        5⤵
        
        PID:4612
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://gaysex.com/
      4⤵
      Enumerates system info in registry
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of FindShellTrayWindow
      PID:2336
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffbaf1346f8,0x7ffbaf134708,0x7ffbaf134718
        5⤵
        
        PID:220
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,17075310558763206572,10649834472288056667,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
        5⤵
        
        PID:4628
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,17075310558763206572,10649834472288056667,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 /prefetch:3
        5⤵
        
        PID:60
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,17075310558763206572,10649834472288056667,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
        5⤵
        
        PID:2768
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17075310558763206572,10649834472288056667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
        5⤵
        
        PID:3136
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17075310558763206572,10649834472288056667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
        5⤵
        
        PID:1152
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17075310558763206572,10649834472288056667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
        5⤵
        
        PID:4812
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17075310558763206572,10649834472288056667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
        5⤵
        
        PID:5216
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,17075310558763206572,10649834472288056667,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5520 /prefetch:8
        5⤵
        
        PID:6464
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,17075310558763206572,10649834472288056667,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5520 /prefetch:8
        5⤵
        
        PID:2984
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://twixydox.com/
      4⤵
      Enumerates system info in registry
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of FindShellTrayWindow
      PID:5964
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffbaf1346f8,0x7ffbaf134708,0x7ffbaf134718
        5⤵
        
        PID:6332
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,1123404549890796950,2459054412569408038,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
        5⤵
        
        PID:5044
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,1123404549890796950,2459054412569408038,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3
        5⤵
        
        PID:4556
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,1123404549890796950,2459054412569408038,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2992 /prefetch:8
        5⤵
        
        PID:6188
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,1123404549890796950,2459054412569408038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3568 /prefetch:1
        5⤵
        
        PID:692
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,1123404549890796950,2459054412569408038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3576 /prefetch:1
        5⤵
        
        PID:6596
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,1123404549890796950,2459054412569408038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4508 /prefetch:1
        5⤵
        
        PID:2800
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,1123404549890796950,2459054412569408038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3776 /prefetch:1
        5⤵
        
        PID:5736
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,1123404549890796950,2459054412569408038,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5468 /prefetch:8
        5⤵
        
        PID:6100
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,1123404549890796950,2459054412569408038,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5468 /prefetch:8
        5⤵
        
        PID:1284
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,1123404549890796950,2459054412569408038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4516 /prefetch:1
        5⤵
        
        PID:4156
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://virus.com/download
      4⤵
      Enumerates system info in registry
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of FindShellTrayWindow
      PID:2868
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffbaf1346f8,0x7ffbaf134708,0x7ffbaf134718
        5⤵
        
        PID:4148
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,10276377649749475103,12705802465393141646,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
        5⤵
        
        PID:6672
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,10276377649749475103,12705802465393141646,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
        5⤵
        
        PID:3096
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,10276377649749475103,12705802465393141646,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
        5⤵
        
        PID:3692
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10276377649749475103,12705802465393141646,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3576 /prefetch:1
        5⤵
        
        PID:1208
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10276377649749475103,12705802465393141646,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3588 /prefetch:1
        5⤵
        
        PID:1856
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10276377649749475103,12705802465393141646,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
        5⤵
        
        PID:60
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,10276377649749475103,12705802465393141646,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5232 /prefetch:8
        5⤵
        
        PID:6056
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,10276377649749475103,12705802465393141646,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5232 /prefetch:8
        5⤵
        
        PID:4032
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10276377649749475103,12705802465393141646,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4392 /prefetch:1
        5⤵
        
        PID:6916
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10276377649749475103,12705802465393141646,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3692 /prefetch:1
        5⤵
        
        PID:5812
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10276377649749475103,12705802465393141646,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
        5⤵
        
        PID:568
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10276377649749475103,12705802465393141646,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
        5⤵
        
        PID:1580
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10276377649749475103,12705802465393141646,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
        5⤵
        
        PID:2184
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10276377649749475103,12705802465393141646,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1
        5⤵
        
        PID:6832
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2160,10276377649749475103,12705802465393141646,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5808 /prefetch:8
        5⤵
        
        PID:3444
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10276377649749475103,12705802465393141646,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
        5⤵
        
        PID:6372
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10276377649749475103,12705802465393141646,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
        5⤵
        
        PID:4052
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10276377649749475103,12705802465393141646,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
        5⤵
        
        PID:2736
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10276377649749475103,12705802465393141646,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
        5⤵
        
        PID:5508
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://bigbooty/
      4⤵
      PID:3760
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x164,0x168,0x16c,0x140,0x170,0x7ffbaf1346f8,0x7ffbaf134708,0x7ffbaf134718
        5⤵
        
        PID:1544
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4880,i,2939039872610885952,14509746773231974587,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4932 /prefetch:1
    3⤵
    PID:1256
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5888,i,2939039872610885952,14509746773231974587,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5848 /prefetch:1
    3⤵
    PID:1528
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5392,i,2939039872610885952,14509746773231974587,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=6120 /prefetch:8
    3⤵
    PID:5312

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc
1⤵
PID:3800

C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\RuntimeBroker.exe -Embedding
1⤵
PID:388

C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\RuntimeBroker.exe -Embedding
1⤵
PID:2896

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
1⤵
PID:4396

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc
1⤵
PID:2000

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s WinHttpAutoProxySvc
1⤵
- Modifies data under HKEY_USERS
PID:392

C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
1⤵
- Drops file in System32 directory
- Modifies data under HKEY_USERS
PID:4936

C:\Windows\system32\SppExtComObj.exe
C:\Windows\system32\SppExtComObj.exe -Embedding
1⤵
PID:3452

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager
1⤵
PID:2124

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc
1⤵
- Modifies data under HKEY_USERS
PID:2528

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
1⤵
- Drops file in System32 directory
PID:3184

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe" -ServerName:InputApp.AppXk0k6mrh4r2q0ct33a9wgbez0x7v9cz5y.mca
1⤵
PID:4656

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
1⤵
PID:3232

C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
1⤵
PID:1164

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4540

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv
1⤵
PID:2876

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4004

C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\servicing\TrustedInstaller.exe
1⤵
PID:2380

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s UsoSvc
1⤵
PID:3836

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s PcaSvc
1⤵
PID:4348

C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\RuntimeBroker.exe -Embedding
1⤵
PID:1020

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5284

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5264

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
1⤵
PID:5428

C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\RuntimeBroker.exe -Embedding
1⤵
PID:5548

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo
1⤵
PID:5164

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k appmodel -p -s camsvc
1⤵
PID:5972

C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\RuntimeBroker.exe -Embedding
1⤵
PID:5148

C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
1⤵
- Checks BIOS information in registry
- Checks processor information in registry
- Enumerates system info in registry
PID:6216

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s BthAvctpSvc
1⤵
PID:6348

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1136

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5708

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
1⤵
PID:4108

C:\Windows\ImmersiveControlPanel\SystemSettings.exe
"C:\Windows\ImmersiveControlPanel\SystemSettings.exe" -ServerName:microsoft.windows.immersivecontrolpanel
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:4588

C:\Windows\system32\ApplicationFrameHost.exe
C:\Windows\system32\ApplicationFrameHost.exe -Embedding
1⤵
PID:7008

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
1⤵
PID:5720

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3284

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2880

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1844

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6268

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1464

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1844

C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\RuntimeBroker.exe -Embedding
1⤵
PID:648

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:640

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5728

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

T1070

Clear Windows Event Logs

T1070.001

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Microsoft\Windows\AppRepository\StateRepository-Machine.srd-wal

Filesize
54KB

MD5
25ca6d9cb5c20549a1f2586a48129532

SHA1
c39b1322dc400aa635004c4b7c5250a0814e3f62

SHA256
805824bf42a704a03c1b6dbede2b62a6f15e47b849ad2e6bd0d9952e8e110aef

SHA512
fb30ea83c1fd44d486659401a8d2d019607688ae00a8ac5ac39598234ced03a1fdd4d3559b85e2de72705b79e020073b895e00825d90728700f6a43f1932c4a2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
328B

MD5
d4af8c832ad55a5cee0e24d95979bed4

SHA1
a52298a51f48060d6edf83d100c9a90187ed8c45

SHA256
c862aea86fbf7097405062a23291a7219f3f14207ae40e9943ccfb2c0f13996f

SHA512
12bc8deb000ffb52b91f40595dbba2dfee7a832ef29a8d7b1036a86d7b977b626a85d107ca39c31c0f84c3e114f87f6c698ef6eb160c8f163da5ec79f6ad2676

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\FB0D848F74F70BB2EAA93746D24D9749

Filesize
330B

MD5
846b3475803e00b92af443b33af9095d

SHA1
694878decadc8940ac287470ee25f8325bccdf26

SHA256
a7c2f2e109a659c2400ab85b7aa818ba90606cb1bf855fc4e6df80988dcd24eb

SHA512
ab4a570b64e20f3a0435cbfb8eb513265be5ce24f64d19af7f98025765878e35b52b04169c20d7b4e25bdae58cb0a2ac317eebf10adbbbe8d07cf0cb38fc6305

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
692510eccff029c33acb53bd42aa5689

SHA1
5a74cbf04cccecfdbfcb463951c90bc257b451f4

SHA256
f68fd861cc201e52121d4301f464b1b2ab762622564a4b5b34227fb8656f02a1

SHA512
41ecc43652eb76cb7cb9f653fc3a48a027e51f70a1e6971912e74909a38bc3f7356ec9c1440ca90dedabeb76164b342da5dc9ff9629a77aabb4cf3e575cb7647

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
5e91499c82dedf60c8f1422efe52bf91

SHA1
682be3087e97da47418d350423d71fd445d7704d

SHA256
3dedb24039cd32d3c19af00153f1326517a2482d4b744116459c04dc74e66ec6

SHA512
c116382cff44f3cbc2ce1148c420b37a5a02c29878b0ea999f366972870e1d8ade21e6cb09f1a05c658691764c577f29b5d280838a4887fbb2981db4cb520834

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\p\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
242c89ecad19c2f9322d16334bc8ebb1

SHA1
69db698db091b67b3e628992d05e65b503529af2

SHA256
cb86a92fdb10b1705593f7dca85c17b518aada65fcc5062c00fa1859dd307f28

SHA512
96273b7d51d4ac07a28d32956ad2bd2fedc4c233448365be1f5c6f11a0c97f94831b4af2ada24b23cd761dca405d35631f030e8c8ad420328e366b4a41629247

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
13f55aeb5cb65f2b94aefdf1226f2783

SHA1
65cdb6098ad17abe44e771459c74695980bc7c4a

SHA256
6e4d212d496067abc177393bc50b26ddf1ca9535a9b49bc03075fdb3df5bd068

SHA512
4d0a7fc0764651f728497a0a8b3fd754754413359ee964d33350f6f1aba5d593cb44f98c699cbc154517d6b2e3b7306404d2d15a0271d68c8ed039f60f172d42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
ec2eb45b557ecfefbb3ca7bf5890d98a

SHA1
c33ea4e66ea6c7e42cb8ecbe83c33666ff7324f9

SHA256
daab4add6d42e924a4d67fca0e2dd1f2337da3a873c562b94b9b2968c80cfea0

SHA512
9da30c85cc2bf48ca0bcb4d5d31f98594681c187f1982034c9001aab744b12abee2deccf5ab9c4f5fa89499fa80260bec40debb75523a20d6024afe024815010

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
1848b821eedcfe98ed0c8d592fe46235

SHA1
01d5f7920b65dc585d1112336891aa3691cc7f02

SHA256
18530d6d929e6656b9b793e521f3dd26373473735f77e971ef03e32466ff1d82

SHA512
1bd203a9fc05bb252e5ecea3afeb23c475f332df3453b5ab4697959e9da4afd54461d4886e44f985ebb032a9f8055a5ac5228217e6dd5f906b06058d602eba50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
360ae47fd50fa703b8115daa27d8d322

SHA1
94ff54a033768457e2e430fa236eb7476f349e52

SHA256
6905dc316917ff1e8d0678db97e7f8bc60f76d12b19316de5ed3529e470754bb

SHA512
83d33b23ec4d39d98cf92d333b82482dfc74c4422084045cfb4dcfa1ee12b008bdc92a13ceae3aaca328b9e87eede0d909ccfb6f789a340e07851d723c47acb6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c6ecff0a54309ca98ebfcfb3685f7d38

SHA1
3f89a3e4768fa9bff7fff000bf4d49919c03840d

SHA256
8d680ef2552129a7fdb95d103114eeaa2a560d77a15972bfd9352aa71dfa73e6

SHA512
002d27d67850439b87199a8302c58347643864206ffe4526b221b67a44c10c4c15a4cc5ceb40653b1ab9e6bcc045cce6487f8150293fd9772e3a52400aa08a96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e1459c8e1d335d91a6c227d425ebec02

SHA1
4b3d991683bcac3d548c47be10904019381f58cd

SHA256
f32b77569fff4b1938472cdb3e51d46fc93698face46ea85e9caa935c17fffa2

SHA512
b440b25c3d84c5167e7980b891c3bff70404c77f01c78898fa3f5956ac33e91c08e7ea49512936f88eb9e3013c8b711f04554ec2114dbff36e9eb2dd8c356c6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
17b6f72cfa7a6de57ecbd84ef3b85069

SHA1
a3e37e28109bcc58e148ab76114b3793c2c06de6

SHA256
490b35ebea5315d048abfcc3303f6fb51a929298be66c7f7e9cc5efd8be31a45

SHA512
f33da13120c842c804b9fc0f358487513a8acd7ea39eb75abea5333054ac9c6f867b6c6d5dca6194e80fe98ec5eaec8ddb96c41c7b0d3a72631c54811e34f330

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b4ff186677abf4bc9b0d5419ebdea36c

SHA1
ae9c29c583f6c12ff5b0c829408522343dbdb35c

SHA256
287c15c7b45433e13516eda491860a527e6089d6c6f99fcd9dc151365351ef13

SHA512
0656a9f335dc778a8391e95d7b711daa47b317a603c405b0b87e9c51ae65b4a507395338732a02f9223313288cdd3da325f7556407ad6985bca220fa9d6cbd22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5568344c953f30e08b59ea13fb21701b

SHA1
e6b84ea914f750b7e6af7cef292b5437a56fb2d3

SHA256
c880d6dc980c56e5f7837eb470042d3a25269e6e7b55a7385c87b97bf5e12840

SHA512
76153a016e612f357415799e12065b5f78ebebb10352012a7a427e6f4573e3cf1ee9f89254979051f3e12529a1afdcc835f6ebcc308fb0d81283434a8e8919ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f5d8bae347c1d95bcc5d69dedcad6bd7

SHA1
faeb99fe9fa1081b8aa24c563fff47aacd143fdb

SHA256
40e306756c92bea6b990dddd88863ccc82d638ae960e6588f7a0e081664ddf7b

SHA512
3c8bc8c3dfad4c4b473f1b0f50c59b8b3a96948b80c887f90ddaadb1e22acb1f22749f92016e6c11a4ab6528e6658d3a7f44c1b1ca51a6df77d36fc7df6fcc39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8f7bce7139e930a3d9678475f1892ea8

SHA1
85b54cc7ea8d996b5b86491891731ddf931c62c4

SHA256
2e4b8db44265835e7a85dc42253d90911f36a3b030091eac41fc247fb974dc52

SHA512
1ac463dc2735edd8cd1578bfa9a251f933522d274fe1163e31702f49983be52a95861f2fe85026d135b2b51629183f1df29e3b2793809299dfc3b29d0a788431

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e3f540babf1ae95456461e6bf132114f

SHA1
c45b2740317d759205de9e246e0392eafde2bd1c

SHA256
4cfe8b31e504a441eaa29575ace13eacb585dd4d735b7a22c4e9abdd2e55fb41

SHA512
2f2e021e2f67d8c082a4a69cc7c05d465202a127af166742521a554c141f389a77605944da5c45226b3b5a30df89d715edae6d963e083edaa0f66465588b6c40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
39f52f88b78c1721526e202f15fc717a

SHA1
27660615a8b9d7f2ca00fb81a74562d70d19b950

SHA256
e68f6aff18f5feaf3b7f68de0917411cab44f63122fbf3adf49eab0a37fa91fa

SHA512
cd44202a13099e4ba1baf2a475583fa8967d53898891a67f5cc41c243833accad8bff342baccfcbdeeb14641a5d4951ce48b1c458a5b5ce289c098865ead998a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
420abbf822495876ecf58397e3141199

SHA1
3769467473a90efcae9f4ef27604407cdea4a5c7

SHA256
ea681a6708860d809fcad822e97bee521f4e01776c3cfc063bf6e826a9d4dee5

SHA512
10782c8a8deee66fdaa9cb234d4998ae9bb6cbda3a86471a4daa0ea698c5d0ca36588d6d9a2824f8e73ab40baf2a07a8727fa1c51ff2ef5fce97eb7e5c3b6cbe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
166b945944b21da896aa82b1d05851f5

SHA1
7e411666414b546a3e880a292cac3314a8842d9b

SHA256
6c3b8a207a5c562508704ef2ecbe2be21ee78d601404345269e9bbf8f23a88df

SHA512
ddf5c792039e4122e52dca4923202a0f7516663db49fadd85408021a82b0ee9867c35a8eac30e932b01bde395c6ee9ec2eb6b792c4d5b5bac442abf8c6d1ee5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8e8ce2611f99e83ca9a172f4d4812957

SHA1
009ad1e867c21536acd0db00d7bea727fc640343

SHA256
6a51be9a1ab47a70a6165a645ad2c7ddcfda0607d645f2f8f5af452c59d0e3bb

SHA512
90762b2127d23e556162aa4d88ff433ecd34548e66d4624475e53140b10de19cfd5131848a0aa16f44c88320e38a65af2cedc025c9977aa07e85a9e38f625dbb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0c9b372f78a9e7f517000b2b3de1cbdd

SHA1
3400751b3fcd016fa7f8529ddd08979a77bddfee

SHA256
8ff6cd14e772e84d015fcf3a9cc28129f8305bc68832903c42e567c885daab60

SHA512
4fd4815cd6a8968f50450cd37062d7efee6e4f3991c5e11cf344030c8dafb0b34e9f0d7088b3999665869de85968211caffa8d7037a37e0f05a3f1930f78bac9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4b9b4b857f81450aafc7834e8d8a7343

SHA1
a4497f53a036ca07ccc2b6d4129d4b4d8ae184da

SHA256
254f04498ef50914a24b98ab0f415c3f7b2e4f0ca96577089ff79ee481f32e31

SHA512
69f6cf595b2d920649b65a1c5c23ff97c2ac539c0f4f0e12768298bcee4eca87c50b04d9519db1ac3dc0acfaff6dca1a08af9119e02680ebe332e71dabdf4dbf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
403da3e25649a5639c1337c0b6b3edab

SHA1
9ac7d187bfe000a0a64664e45cb9a182d2a59f8c

SHA256
400a24fb618b5a6eae153a376a2113bbb8002b6e388e3f7efeeed303b57ca8cb

SHA512
bbfb8d46ef51aafd8eff707eb4e0b80867c0ea41ff91a1b925fac72d4728cf89365923987ba6e87d9e7f068dc9cf2b239ec8cb52e3e749a783a7a7cfba8f771e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
8c9efadb75bfcb97b220fef3c48ff399

SHA1
150af54571dc0d261ed1fbfc63b61155c3e7fd6d

SHA256
436a2b99322345a096525a11a69f745a3f212b8908348eed664cbc6daa4d2c2b

SHA512
ea7c96f35d176793cb678f640c9e2f0daf18407b761332b0b7b7857bb34934e940604f1812c089b8a91317fd8aa5749ed705dbd08eb4052523a227afde7d1352

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
118KB

MD5
7969f65c7c9d3f33f49f5a971c057b67

SHA1
cff2582728e9baeb5743df18d53845cfc6c07a97

SHA256
5af14a83887f88b449d8df2dec541c4be649286ab58ecce99a0f80c94df0f3c4

SHA512
b208253f137c9f0b21da437b7300df8e7081fed8a8d5063d20a0c26251a19f207d08c56e38ef8fc14fc036369981882a0f9e7c25b5a50f2884610db54da3e921

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
118KB

MD5
b8c45079b44cff650ea9876ca3fa574f

SHA1
8682ec9f11ca55ff1cbe6d9062b43365180583ac

SHA256
c32cb8b795c24ced92d19a56aa0d6ac822abf153f6a3c632b8421b7a1440c598

SHA512
11cbdfd0178a7f0d68d0a6fc60a4724aabe71dbbf9d556aa9028ff36d1f12ae6d2547605538cd0f7bdce9313bb200d253fb229639183b5f4fb9dcdaae6456930

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
118KB

MD5
5a02543add495b1e406631fded613c49

SHA1
37c43db227b45c167cf3a3f9096d5c11ca007d4c

SHA256
db053f92af70aa9c898e2d30c2da01a0e91ca88222086be080cea68d033d1b10

SHA512
f00a6ca799e85c748a352cbea887910bdafffcb8189dbc34235cd1e9b6d764f134fbccdfcb987656f34bbe8468cfdd93baffe6c3abd5717f3d3bd16fe111e150

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
42c2215e4394e3906958d61ded8158cb

SHA1
c3032dc78ff4d32d1ea532d3687ce4d15a23ea5a

SHA256
7af0c570d97a2e83e35cde38e0fb8b03fbd66687321ec9b5c350b87aeb9e6db7

SHA512
a37100a25eac8e19891817b707a46aefdb57ab718374fca294811097781ae12479b0fea826982f535b0a0358e0349d8e9845b17feb196690f54df7b6ff907619

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b6d9057ecf712c62d2c09325ed63bbbc

SHA1
98615402da2fbe615d0fa4f30043d57a2280995f

SHA256
9675970792017fcbb2df47d84dc805e3b7f07f75ddee4530b16d986e6cc5ceb7

SHA512
16c968f4cd30dcf4e7d4bca349816550b1407337b04e50b75168eaec410fd399eca2c1fe9ff0a7ab5b2acc8eae015809f37f74eef38a63e3a3f1eed2e5f31080

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e4031fe26552591cf64e93a576d50eb8

SHA1
1a28983fdf4add7ad019c2791c4884ae2b66a995

SHA256
40ef8760c34cb54e6bd1d23b203b3f6c7d5a246254883cebf21885ed0c439b5f

SHA512
f8e8a7a9b4e4ff3d8ed6135d87cdf864eb1f2920ef8db9aa4a6cbed6d8cbf2ad4c069ee39bb5d1bf9548757100e19931e3a20301ffe7d945d30613948a5049ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e68d4e7e8b0fb2c9deb82ba9ca90d362

SHA1
459349c5e2d4eff3744aaad356245f75d3130da3

SHA256
652c59a81108a57923e4db4c56f9c3b9c2eeb73a6ab0617de8979ca7acc94df4

SHA512
f0069f0ee117d1b3e67ed68fad2738734eee69995313c22076573976ef7962f3b3eb255bf5666a2ea949b1f14c1e209436b12f1078f38b0d554ec7794c3ff4c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5e2db3a4eb51aeefc24be303be1e3815

SHA1
045340f09991d6a3e839c33a0dff8597475399b5

SHA256
798f9183fcc74b6c937c2f6de7bc8a72d81238de95266a007c60fa3e019f2ca2

SHA512
494cb76188b045fbfe551ab59a19c21dbb6801a96e1cca27604a134347c885446f634fb9d411b0ccb926dc547ff3201465a9fd941201e2cec87d1e36934b1ae9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e915a8d5596b98f10261aac2246f9462

SHA1
a76f6e10940446cc35f15db985aecd5b330488d9

SHA256
7a1d08d5f26b25eaf9bede74e5018a73ce8c5c5eeaf3638ee7ca8743d5f4f271

SHA512
5582c35c5b103fc7601f030eb31a09e36e397d7937860a9db0e2f11160eafef45f7391b8104badd48c446d6762ea6c1ac374d9ec4abc42393f192ba41a235732

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fccab8a2a3330ebd702a08d6cc6c1aee

SHA1
2d0ea7fa697cb1723d240ebf3c0781ce56273cf7

SHA256
fa39b46c6f11977f5a2e6f4cd495db424063320fbac26a2eae7466e82ffeb712

SHA512
5339b52bad5dff926b66044067aa3e1a6147c389a27ebd89b0f16e1267621d7ce7af9810010bee81cba7b08c77a33ede8ef4675fe049b9fb2ed510fcaef93d6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9d533e1f93a61b94eea29bf4313b0a8e

SHA1
96c1f0811d9e2fbf408e1b7186921b855fc891db

SHA256
ae95a7d192b6dfed1a8a5611850df994c63ba2038018901d59ef4dae64b74ed3

SHA512
b10de657d0cef4255e96daa1b6ad0c99c70b16c13b8e86790ea226e37e9ded1a8f8bed1e137f976d86ebc3ea9a4b5eb67ce2f5b0200025d35dc8e94c947ff3f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
27KB

MD5
cacfb74b6db8ec937cadbd7a4e239694

SHA1
059f1501f9536c549448169c293d0fa1e3d00031

SHA256
3c21c8fd28579bd102c6d48522db328a689c5c8c6048453bb736a1f0d27567cc

SHA512
4765d09795339da2afcd22f305b9c595921b6071f8766bfc0285ab6e8e1589a0c262bd86f20caed7258bc2fedfe6e81a1f649dfe25bbaa75569340c8c7ba0c1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
65KB

MD5
555fb839b2818643762b36188cb49f57

SHA1
7697a2a0fa512c6f99198b040670fc4edc2ac99c

SHA256
7aef838877764f39d90366e054cfb460600da52cf45c40cc88d832e93ebeefa5

SHA512
5c0746a0abbac2f31f40515717791eda3e863e4b436d4e350abeb0fff94af51e91a818e48ebc7158300a0d82e719d95f087b75cd2669d98f9a9181387efcee46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
36KB

MD5
28afe735c8cf73a6c88376fbd85508c1

SHA1
34fdee7096fb2cb28594ce2d5ff63e41f09c22cd

SHA256
22de5e30581bae29ba36f0a045e9901d996880838619b2af86d16a9a2c055111

SHA512
4b64d34859ebd25287e5d15ad2e622abe7222c38200f34f9e46b6e0673982a6f7384cba8353fcfe55f4ce7370f0ac4fd6126f4acfc5d42c7ddb0ca306dfad250

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
27KB

MD5
97b3853e604e15860dcd1d48f05a9eb0

SHA1
d172e25377735feb663ef112e930df33105517bf

SHA256
b05f7cb18e1db7ef264ebc5aaf6bfef84500e6324025cbb63d143d3d97c605f0

SHA512
0d8d13f5e895320706e1812903b8e9278b8ec1e6eed6ccf13b6d7715de5b726dde8be86f34e9e046bf68512c4e958da503a3e2d70a0c9648c5d90ffa7752adf4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
29KB

MD5
cf776b128a74f76a26e70ddd68b46b61

SHA1
24c15fb603cd4028483a5efb1aecb5a78b004a97

SHA256
346cbe6774bf3bf9f3a5aacf287f859103045b0dcd4a32839b00be9f391259fc

SHA512
20751f34d1a3a63e580581d36902928c7780dde70fafa75b87e406965f2dde501b9821cd45c824584d1ece21566eb5fa501d1effdfafff0b2e27ec806bce8f32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
86KB

MD5
513515c2a5e70eb35791fd043bee0489

SHA1
6483885f7c180a89703fc3c0bdd897242ccf0b30

SHA256
e0ed4fb25aa0ac219b0bcd0da94efb013680297d5c7af877b6a46041ac953916

SHA512
12a44142d54071c4975d2d5a4d4356de3ceb120dce7cff7ea353609b3b4d731aceb5fe91c9eef66dfd5de99a4aba7bc987960d90d45b028a39b4b092820ebd9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
29KB

MD5
b383dd6e693dc3addb2ca3701e54b537

SHA1
7cc39761fb08298fa1dc523e50c3ab1567d878d4

SHA256
d9ee8c027a6512c04826df678e56b8c7f938cb34c4ac54e8689c4b7eb27dda64

SHA512
a9482c50e32135c0f84246059b9aca3d4676cc4aa72bb8a28f6563a78c79da8ccbe929ea6312fe46f7901e01a9060450b69da42b4840efa7de98e14c398379e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
31KB

MD5
8c0b632f031880c1c7647e128201c085

SHA1
57605ab2670f01b0405b937e779750351ec4e6ff

SHA256
c78933dd772498c8b41611ad3c96a80ba48e95a4dc1ddfe18c5bdd498b6fb42a

SHA512
bf61f9eb4384a294f1f95bed6f406b33ba98a2456a291fb315f80e3e217a49918add84354f52f9f5d56fbe45472756e7bad8c8c453f2bef7c8a970645aaa094d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
105KB

MD5
674ea2425bb58d8e65d071b9961db3c9

SHA1
59f5d32eef1fcd23686bb8639db4c662fbf442fb

SHA256
2c0c6470d5d570308036975409f0043c980dbef501cf9248e554eb6a51218b1c

SHA512
c26121a425172c92a7b458286ccf338b5bf0a806acb8e556ec1c514a462ca032410b22b37b0bc94038248c8933a83f1b932893d7ff92e8f301ccfbf236e859a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
29KB

MD5
f85e85276ba5f87111add53684ec3fcb

SHA1
ecaf9aa3c5dd50eca0b83f1fb9effad801336441

SHA256
4b0beec41cb9785652a4a3172a4badbdaa200b5e0b17a7bcc81af25afd9b2432

SHA512
1915a2d4218ee2dbb73c490b1acac722a35f7864b7d488a791c96a16889cd86eee965174b59498295b3491a9783facce5660d719133e9c5fb3b96df47dde7a53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000065

Filesize
215KB

MD5
2be38925751dc3580e84c3af3a87f98d

SHA1
8a390d24e6588bef5da1d3db713784c11ca58921

SHA256
1412046f2516b688d644ff26b6c7ef2275b6c8f132eb809bd32e118208a4ec1b

SHA512
1341ffc84f16c1247eb0e9baacd26a70c6b9ee904bc2861e55b092263613c0f09072efd174b3e649a347ef3192ae92d7807cc4f5782f8fd07389703d75c4c4e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
00db0a09bd0071af3a946c33763d3835

SHA1
cb1f39c0de87fab350cb93f1483bfb9bca61329e

SHA256
8f93a2206bf3c31bae3e724625b2b3460e1779696f2ae8ace97afc0d6270067e

SHA512
3b914a5f16423eeea3a9a849196f12a044d7979c0b9379411ca7fbeb4dc737d10b53bacb215600c933f0eed4469e5b2784fc8fe244c1bd92e3faf46b8eedcb3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
abd6f1b5ece2d46ba1e1beb5fc073522

SHA1
c619f7062cd07c83b83d67c6108e3cca5ebeb7b4

SHA256
eaefdc276d850349d195cea901a760a1fb48c8b10d02f9fbdedbd22cc3eaf163

SHA512
56b1be8578fc2a6959a987a0ba696ce832e731a68621f536ee6fc655acf9a22ff702243d1d7f674187753af61c862cf66620a973b93b5c17e6dca6253ce3e175

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
4460405b81a22e1ff03bcaa4c2b9535c

SHA1
a39b6f582ec954fa5adf00bf4d65d9380848cbe7

SHA256
4046cd6387e6c7c0103439107e739cabab7bc845f82bb092f010ff36c21487a3

SHA512
102588d4135ddc585d847554e46a8a69c5341af8fc42aaf78a3da144d8d903355b47b1489a49f61496f7ed385251657a223035f1865446d6ab91fc34b987a0fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
89c63c0291e4e3bbad4fe301921707a1

SHA1
0bc6f14904d3227444321f9971f6d889a6a1c1fc

SHA256
41307c3f0efc112a59abdbe7d63e49d75b4d2d4ce34b937915b5196362e68e80

SHA512
8e1cc92c4702de8ea97eb5610928ac6f6fc3c0a586dc13168c9f9dc20dadc801332fcfcbe2309618d5b9dda6b95ff33dedc957773962a584132d9e845aa99009

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
5dc52f0f48372cd5d20580ebd381d418

SHA1
3de899df9ee6160ebcc0a235ab7f1a69677c1750

SHA256
94a1b3ab7cc1812d6360f150f8273c4b728a7f495c744480f193df89e57fcd86

SHA512
c0c30a68d38377d0bee5ee936aa38f1a55ac9b590f002727b261b6e406da788c73ef828899b3a79e7b98533fcba0b065f8f297cd3f158151579dea3675aac8af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe59c133.TMP

Filesize
48B

MD5
311e99b1836c6d760d410865d120a309

SHA1
0fdeb38593529e430a9572a4a5bead36ea689690

SHA256
db99434aa647f0c1cac692771687f234af8e60861782bff53245ead8988359af

SHA512
9c9d9581e61792f2bb2164d0e3e66b5c1da6d371060eab64e5748af764366c001a3b312cfd65b99f458f9e3dfbd60b1f328dc38b5c78789b732fa776cce67987

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
d42455f81aa414ff221a1fc1642e9f28

SHA1
cf9c0e5e3e8fd86d7671950c0710d74dbbd35109

SHA256
f65e3327f12ad43e6c6033b3d3377887d6fe68a46c5257c045fd7583d17702f8

SHA512
bd9e661a299a1d01a3d26043928a18dad2b732e262cc3c43071bf4e3de3930873b9f5a5ed316217af7fd83a1217cfb7bc0f90c558fec4554bf2271174dc148dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
772329593686b83848b13b05266a2915

SHA1
d68d93af1b6724744298972073414ce25ea1cf52

SHA256
14bb95ba9a69a8452d0d611abe771242be8c5a57c20ea81caed44277bc438e42

SHA512
cb0f97426ea863da0909dbbdc503033f0ddc654245722b4ee1181619fa0a3afe6aa5be05d4df81778617d34a0f92078c0f1a8934e39d9d4c9c93542fb13e167f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
4fd810c05ea2a9feb250eb8795fd0a79

SHA1
d42ce267d6e2cc2a07b148201519f499e8b6d83e

SHA256
d32cd98938f37cc2ac524992d8d8ea00ab6ddefdcb785b1108ee61b63380b73b

SHA512
b77f1fd387372a61037c10d220f4db20c56270e3e3d7c5b2da85f24a0f9262e0929f7288cdd12994f8548968aab2c5cba59af773271a9cae61453c1066016578

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
828a5af81442086ac890a49dff87c9dd

SHA1
6479cfcfa11ad9f6b749cce36fbf6cb93d75ce9c

SHA256
4d9fe2e1689fd627f6533f3631a1ce7cad2686e356f4201d9c0a08f07d98d1bf

SHA512
ce77a8ce948afd58b26394224ca1827e18680f60383e041d7aa4de0608fc6255cb450e79a6b39c556043a5db490a9fded087f701a0bc74b33a18b5389af1cee0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
bf4de19b2dbed9892e61230060bfaaaf

SHA1
e85bd8769e861a0dd67b050ebda27c8979d004b1

SHA256
b09b5eef2cec7c4cc9091befad9a67b84ce5575a32aa7b7fa7034f694006fcbf

SHA512
7dc4471c6319d37920e423cc94048fa780dec803f448f688e87fb8308a607926741c7bef831da130258fe20fd11c0c8d4f27011fd40842de17f279fb45b8fd7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
2c7ea582c65432631f4c1a7a4356c258

SHA1
ae49073bd475a2d6da34756c94bc6d7864c0b5b4

SHA256
3492017ff13209be1785a880e9c8cca0a0d22234478f7dff5ec75f52ece82da7

SHA512
9a09ab8e5573f7442251c3f3dd0efd951e9349b510f524bfc9cf7b0b8910447d858f3f9d57dcede1089ef940fb2472461656a4c59a8a94eb5908377e3f239c6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
626b52f0cba95909bdcac8b1e9d22cc1

SHA1
3f1baef76be93cf45b59853eb142ab0bf80694c3

SHA256
f75153d06bf440357cb704eef0ec51a38e1c8ec13d56f7a068571b8af43acf58

SHA512
ea68d10816c4033077ddc602868af7102f7b307ce16d60328f165434c74bb3af5354f4bd0f48d719dbe269100b00cf0d2ee9d231bd1beba1fd9fa4f4401e45da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
38fdd2c006bc558c3195cd1a143c9270

SHA1
f2f090326d21495cb679c43d5f794c403bba6345

SHA256
fb9a08fbc337449437c135a0600c0ea479cbccc28d22e5596df287cac157a2d1

SHA512
4862e136d306791b686c42a9a94564a72620c7a84e4264ea6298154f39b2a69c01fef3c43ff154fb159a304d5c24da2a053f434d5ed01d3ba93a0340cc1d4291

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
327f76c6ed70bcce82101d5e6db7ee6d

SHA1
a8f45cdc74b4fbb151246449647ea8b6f067aae3

SHA256
62fd1c2d2545558b555f4d100751f0aafb287a42c8655e027c6d473e81427390

SHA512
6380bc59d8f06607ab992a4d90a6d4e02727e94fe31688f8623ebdd162aeb526b8115b3029fff4b2cb39dcc960ce2dbfcf7757a3cc0b512e4559b528a38a45b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
f6f8c3fb683aad4de67e77d2fafb31b7

SHA1
c96a385999ba982b673f0e0bb5df42a5d11a8e47

SHA256
41b3287f1aba6ce48cefa42f78076333afcce1b4adf7164aa2d3e6f203a79279

SHA512
179490cb2c4c4e17701fa40f23ba6dc2ae4ab3ca1d4c32080c47f994ccb5f06416ee5c5ac99078c6e5cea6c0ac8e0b30a273ce57a64f54f248cbb4cd108f1122

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
145a19c7b8c12f5b680ef5ea52e2d526

SHA1
c6382c54194b2127aa15f6734ad659b0cf1f0119

SHA256
fba97178bd65358b2ce61e292f40541a73cb51cc84ea1e19fba8711ecd7ebb68

SHA512
a41807b76cbe77762dc12d269a7d87778c26ffed4cdad28d2b587e4e5239bb78979808c67a508f7d8ee3aec45868d094a6fa34c3708118425a5a4842de7e34af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0576782bdb574e6105198daab403d5ec

SHA1
c0823c58eb9b2f7e9a54dd1d6c93bbe9e3d56583

SHA256
a4c67f201039074e5c1ef1ba8c8689ed0e14fb43d66eaf732f082ede09bd636f

SHA512
b30b81b451d3fd936f3fa6c19f410a7420ef92e9337978f1d27ceaa3e4ebba8a246d9cbdd69cabe33e600b3ecb329db3f2f3701c8701f839e1f9ebd76b5bf008

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
055171ed9d23ba3453da19d976739364

SHA1
2642dc487e59c6971aefe661891310009b76af79

SHA256
bae0181aae913bbdb5d5d89ac1fb39260870cdb4dac8e2594036d8bd96b14897

SHA512
9182c8a2229ebdc041748e8f247b7dcee73f5b7977bcbbae878b81e9d6721738436ec1f9bdf696c581e46cda760939776dae46ce9b0a0a67303ff6ac6f0bf094

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
7f7cf425f5b84283ddf16b4a23daee51

SHA1
d280ceb313ea786928d5da96cf2253bc0e73f57e

SHA256
0330063e299fa72ba683ab372e739b05cbcef86c6b3a915f5e3c2f02b45fd5e4

SHA512
e7cfe518438e6f5264e6d572fa335b1656650f626d0473c70fdc4594db27f20ca4e806153066c3b8dc4cff75622818be858e1729a25c6a073ef0b7756bba114e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
368c350ad7c7730af72070c9b48081a5

SHA1
f27c8559c521504811c9ea166736ceca50857f38

SHA256
ed885771c521f9572f8a6aea0068cf0c58a876bd7884e148cfaf21fcb3eb32e3

SHA512
faa7dde35fb36a92db3a937f44202c4f150f99a4d22b4015757765b70ee1a31aa111bf8a0a017e9e112f4dc606c6770836b9608abdc22939b514afab1c8ba779

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
65b930c50bdead06125feed5a7fcef8a

SHA1
c0150b3a82ff16d09e040f03948d8435c1251fb6

SHA256
8c1d2ff67b14f576267a12f96bb51a135308f3927e0e24c6c61eed1cebaf67b8

SHA512
41d02432b6917a873804dc42e1c35977c7e05759718966f1f2286f398bc0d632dbf5a417d0af2dd8e070d5444328a988585cb96586383d796b7676e7dfe03a71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
3c0a940553802e294a6981bcd0bcf9cc

SHA1
1f665dc6fdde78ff588b501c030a991373a3bf47

SHA256
e7e485d9d06f7b8ae960f50b3221d292407af36a56ec219a429c1d84a30de486

SHA512
9e2012a06ac3764a5e3837139fc213b2d816f9b680513dbf0ebd8959644369968feef45bdbab9065726011bf6d8f880d4bf35accd62d845fb04e1f3cd2b427b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
dc3763fa3cc337ba96ed10b9ca030314

SHA1
33d5bbe2b05c4b2a074a10e75523d1c0087c035b

SHA256
5cec97836989b38b2c769d7321b67f20b9e2dcdec96a7d76240faadcad785436

SHA512
948ca4d8b688f0c4e1f93036df413fc79411a805e1d0d0abdea064358f1a723ff7fcd4f2ac8e436ccecee6ba3497afb5be9b5efe91c3bb29ff64a1df7c7ff47f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
f17426cbb54e2cbfb4068d9541665fc6

SHA1
04ecde5b54be028b65e7fffc499a6b44a417009b

SHA256
2dfbc9efd758d7fd44dd830b73333b16fd3563f342a3babe6329bf6c5ad0130a

SHA512
2687cfb57c65cfec3d325afb1f5071e34988180f48763c14bb502f48ab71a0b439ac18d21b4bce736e9d2547027fd962b88f65f26056b4aeda87274b595a52c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
dc468ba34daa08998ec3ec11645d459c

SHA1
c7225a351e61377ee3e16ca34c546f98289b7e80

SHA256
eccf0c5320e550a1b39fc7d961f09cfd1e5e77bee371b6ce5d5fe8ee3bd51550

SHA512
865e37eb0ca2b757456c3cc9a6a8e243f9ee967f37a470f93685ee3d5123850a1883151d553b83213195ef90ab3cfa0f3ebab4b224dd6e85dd57e3f4369ddde5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
4097c86f21bfcb039bf53c9cb4956fd3

SHA1
fdce7e1a75d512e28215a2a79de9d62677f284ad

SHA256
0cbfbcb0e88c58cda38642315074486ac2d85dad029a1f12d1f20a7498d13616

SHA512
7f1c591c0b81249efd708df7b7b287f0a2be84f99b45930d6d956fa4e1ec22173ea5c7e1f9b7d77bd28a4a532b32fe38484f49bbb03cf02efa6f1a9f98a7f02e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
2d225c39c32b43080e137284c8f95bc3

SHA1
207abadf878987aefea88f96af402d6b90fa6f41

SHA256
d300112dfcf9e933657fb8a0e3ffa5e565fb147d44c133cabee40161437e4d4f

SHA512
58d7c1367f4f62beaa6361b7f37cc3f0e225f835a4fa252306de8376053f53855941ac66b3c65924df2cda55033f2e1938f8226ce0697258c1c440f7f6deb23b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
a1441b521f7b085689eff55a3f8eb43b

SHA1
28ab1f0a5f6d432f7f5e7a06181ed3fa710b444d

SHA256
734588a655d38fa313db6197adab347b53d3fc7aee141b0b3dd8cadc3bd35d0f

SHA512
cd5782d5fe2f574dfb0f0cd3a5a6c3f2e59422daf5e633f658001018820e1c9658043f74cfc01959d54622f361641bd982f4ddcdf6470c0d4486c9e0a06534ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
4a6419c31cf04714c88a291ea9303532

SHA1
09e7e6831105d15e58140aa8b716a3ca166d527b

SHA256
9452f09642ec511bf418943579ca6b3b3fbd775834b5f658496f30f73955cb19

SHA512
ca8bf9a109b425d4183d3b8abe835da812e95f29ee758139daa16d265cc11388adf2a9a59d0d3395452cbb06c55606448438bbd0f4444d74f4fd617070c9aeb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
ed659b1d7a51e558246bd24f62fff931

SHA1
84685d6f04379c290e4261ff04e9e1879d54d42c

SHA256
23fafd9073812d5ff8b523b84bc981e4cb410bebbf3675db2b29cfac0dae9690

SHA512
1c3203328583241895db9fb165fcfd595f642e218ee3a453ab6873cbac10ddab693cd2f913bab15c8bb7b5a12c5768b3dfcb278aad754dec1fbffe66b81843cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
7ec09c7cbd7cb0b8a777b3a9e2a1892e

SHA1
3b07979e57b6c93be7d5a6cd8fa954dee91bd8dd

SHA256
a623633f34a241b0dbc9fd26f34446d716955f94e90b2ff9ac8b9df801bdae5e

SHA512
5fff0a38a3b6e4b29d402eef2650011e4d9df514e0624767c84ea31cb73cbba10c7e0b5711cb487976d637f0f60a85c431cf0db54b519411245684c116c07b7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
342e14b25123646b492fb816dc6a5fac

SHA1
bfa0d9fa116d7724bd883e32575a98e4d8210e19

SHA256
d5acfcbd1ac31fe748c70c7b5536ae82ffaf0d68f21dd9a2bd26de14e37c1a52

SHA512
e5925a85f3b9c4f2e7c923983e22b30824136665fd29d2fe7332ed1a9a6e8d8873277732364f593212b53889a4bd826fbd89936eeed44cbee33c3b87e185fc1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe598a93.TMP

Filesize
48B

MD5
5898eaa0753c5e4a1555b856e55fd392

SHA1
3145003fe900ce730a5e4e74ef1b6160db450472

SHA256
6283b9270a52cd361b57cd2e11c3a28bba83a4e9c7040575ae5e94701b20c162

SHA512
cc29e612542c2335d1d211284c15350682c5bea717a7618d2cfad2aa9c85bf61408a251d5822ec83780f2160a9496187d34580690fee7e252c3b1cb395718f02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8d38d3e73c13480cfa1ffee27cc9a6a8

SHA1
34997f7cdf491027fd3dee5fd5f5c9d55273a568

SHA256
bf70cc00c4c6c5652d63f33c60d2a0123fc8652fccc5cf3da9e15c9ac1491eda

SHA512
8b9f0c75e10b3e01b324b757b59244ec5bbd76c0cdb71b932134983173efbaca1ef4e734e1974fab842fa26de3503e5db87f97ac77b620e45185a7705342b59d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f8ceedfe87833d5a50c1060fe9f504be

SHA1
883a104ef0e27096c692316b533eb617e72deee7

SHA256
18d5e121d05809654979911ac54cc0eb673bd9f290a44c480766da005db6e718

SHA512
bef4282f552ffd7629b6d14387a8906f24a2d9d09dd868083f27f7d6d7fd773faa3c505c666c57320cef8b97a605cc4c05847e6eb6aaf8940032c7e2c7c61009

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
df8fad077e7d1f88089f9106904c0aee

SHA1
b0d396b00370d274ab566ad9f73658febe09978c

SHA256
4feeb9ba123150fc2a4b5f2bb03db8547b119dd0b0f1f23f423c9e4f8f88c2b7

SHA512
8f0a7070fd21af45943c3733c2c979e5910dc50660ede406100ac6dc67a7244b3cc6eac977de4b696aba80e08f1ae4b0c5b231afde7286aa2099234ab952bf20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
eb62a4a7fcf380e40c6f7f07e4d05760

SHA1
527eda0c54dfff06207518c8f23b6f0b04c51339

SHA256
e5583a928ed3bbfc0356300cf3f46f435daba29677b109c788cfeeb4672cb57b

SHA512
2b7bcc00e14c4dcbd3379c9c25db7e047bb5418b3dae39cd3ac3c5763f17bcb17d9811141baaa9da09387b39a263683f1713646ede76ee7e092e4851aecaaf96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3a6b9b942dfe697309f663ec0c039ab9

SHA1
6f72b82553f513fc5ff1031560eea1ce63c463b8

SHA256
015ee0fefcdf23a61f337d8d8720b4acb4ef727519fbbde398b65da922372481

SHA512
f4c0f26a406cd1a45a0375f7d46a59d72e9e8c9cc9a101aefda3467db575dc2eba91e1a1322adc31873268937ec3657b6e9e2392c3750ec5a88d83ee587ea740

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c4a04409925280dac98dedd9067d4704

SHA1
c49254f3be24886fb9fd800df08fee4d80ddd07b

SHA256
732977736ab1f96eb04cf70293db8eb0a92f4b81cd268c8c3b46573cca171a53

SHA512
fb8da938330fa28219584687cd5ba31b7f7b7664f350ff36bd2bff91d555f1db1d65b213e65c9f856b8b91991dd3079a640fdd1c21490d9789c66408eed367f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7fee29d0a456429f1a3d40173319c1ae

SHA1
243c7cb061ee2138b84b675ba088f719a3179324

SHA256
b9e974bf90429fa13ca8471ad0937afca56ad5b94e9c44f7f24cecd898503def

SHA512
ebae77690d1b65f7889d6b953a50404f3295148fc021899d7b049e27fdab5c8d32c02c62bfbe24e7760a47dbe4d64db9144e6bf5e4f983c7ffd929285b26d664

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
fb886d3bd9663c446738b498dab0d762

SHA1
cef3822149e7ae67d79a7ac0e18deafc3dc1780a

SHA256
1c8a0754eba862234a29455bbcb3ce9682b0c338017f9cbae2706ea0ca238ccb

SHA512
02cc26986ac0cdea9a7e08c94fc99153beb5bbbff985f2473b91f56054f2bfc83eda65cdeefcb871cd5e4d59e915f9c1909ef6a847cde780452f58d8c80982d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
c3fe7ab0aaf6d733454c3785574cb7ad

SHA1
69b416ef0d3f019127f60353ae395164586df388

SHA256
8e765052d7d49eed71bb849e7116c71f05ae1d31c0fbcfc4cbf20aec8a0134bb

SHA512
9a4d9aacf1184763ad9e12d04e3d41d66dc4a74e95bd631fd5964211a1056f00968d40efd7a046942a43c06667f33651a4d654b6c8b2494e323e2124d7996a72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe598db0.TMP

Filesize
535B

MD5
b73253f06235259754ec976c49e513d2

SHA1
f0809a6983cb3a6faf44dd159fc614096f40a8c6

SHA256
df2797153323c15817eccd0457bb55668b1b5ca68008a3f6ce383800e29ba5af

SHA512
ff2301265b6451f38277e944b110e8198286ea5fd8ce5a1d9de6b40a3c709d550ec8f2d8ffd336d9651deeaa4028b948cb209f3f0f7cd7cef7515f5fa89b9e2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
ab6ab31fbc80601ffb8ed2de18f4e3d3

SHA1
983df2e897edf98f32988ea814e1b97adfc01a01

SHA256
eaab30ed3bde0318e208d83e6b0701b3ee9eb6b11da2d9fbab1552e8e4ce88f8

SHA512
41b42e6ab664319d68d86ce94a6db73789b2e34cba9b0c02d55dfb0816af654b02284aa3bfd9ae4f1a10e920087615b750fb2c54e9b3f646f721afb9a0d1aea3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
589c49f8a8e18ec6998a7a30b4958ebc

SHA1
cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e

SHA256
26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8

SHA512
e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
60e3f691077715586b918375dd23c6b0

SHA1
476d3eab15649c40c6aebfb6ac2366db50283d1b

SHA256
e91d13722e31f9b06c5df3582cad1ea5b73547ce3dc08b12ed461f095aad48ee

SHA512
d1c146d27bbf19362d6571e2865bb472ce4fe43dc535305615d92d6a2366f98533747a8a70a578d1f00199f716a61ce39fac5cab9dd67e9c044bc49e7343130e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\ed782cc8-0bc9-499e-86ef-04a36c21e00e.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
3808644c58be2316a66d144c213cde44

SHA1
357c30598d54bd5586fabdbcc23c89456f22ebd5

SHA256
7b54a976ab53ed66d02e22d31792d6ea9c29f4cb1538c34209ef6c3d35efc417

SHA512
13fda4f899c3a147bf91f35aa7be9259ea2c70e0b2b00e293a4d1256cd5c5f05d95db3842058fe56ce25667b624e0cc20b8ea9c5e4957669f01d95c8f4dc0f40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
495d010f39fa345819fffd20443fd13a

SHA1
433294b75465d5992a3e8788f9e822a248f15111

SHA256
d8851e05f487ec953444ecf92ebcf30ac901e1f606e2c8b57871a16a84ce4bf2

SHA512
e4e195d5a8c94feb816b70564da6b2087a40cde1996591e0ebbb74b29eba3735c615c3be2e4bbc3ed28272cc3bd59cf69d30ea496c4534d5a3e4150a54ad2172

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Browser

Filesize
120B

MD5
a397e5983d4a1619e36143b4d804b870

SHA1
aa135a8cc2469cfd1ef2d7955f027d95be5dfbd4

SHA256
9c70f766d3b84fc2bb298efa37cc9191f28bec336329cc11468cfadbc3b137f4

SHA512
4159ea654152d2810c95648694dd71957c84ea825fcca87b36f7e3282a72b30ef741805c610c5fa847ca186e34bde9c289aaa7b6931c5b257f1d11255cd2a816

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b19458e260f1384d7af86370b83b56a1

SHA1
29d44e151722d44ecb0d2b1763690cf6eb5ecd09

SHA256
7171cf30b7098830b3c8c873fac735b89a6052326e45885b89c7da6ae7e44ed2

SHA512
0ce7bffa1131d3b315fad99d89471906e74a859ce5444cd67dcf879d822be1792c2d7b5a2113c629340ef0ae2b4ba34cf7e2f26fd74d5bd4e6b287c26b25bd5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
020928e7cba4503566cd390c84ab3238

SHA1
30ab59c1d3ae1fa611b21706b1f99a4fa9f4b518

SHA256
34a3c0fece0d371101372f13063d6e6616b94924f46c0526fc51eb2a7b950398

SHA512
9dad61a3cdad6e4b9ebc50d8e0550e8fe910982adba622ec3c0f6f84566657752e58ba974a6a7ad61d99ae26bf1ca08a5e361cfa57316baec779c50011fbbf06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
59009371cd4b17a5eb237fd27e8f31f4

SHA1
0a81f62c2b8a13065fb672e8cfd3062941929807

SHA256
accf032429fcb6ec9d2ba6f69bf4ac03e10337bdc777fe4cc1526299f0aa9355

SHA512
8fda6f474214017350f73b3ec9d3451c15eb5342d013ecffb57d4695a9588443d0b1f8cc94ed9a5e5a30824592d8ce12b20a67efdd65491d6a7524528a7a086a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
73ecb806cd06873aebddb0a3e56846fc

SHA1
8888f2dc87846e5750d836593a9428f23c4ba63e

SHA256
cdd7382a6e72d2d0cb50d01fb80819ff1ccb732d99d9e76365e3e510e48cea89

SHA512
1957429f675d38812d5390015ee6691c7530bde07dbf83e12db9e749d764d2416db34862540d09b54590b822f7b6f486823cea72b10c98c5ef2ba27813365f2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c2a838d8fbb610d3c7c7a9f5db0db41c

SHA1
b86811d602047653902cb0731abe3de6cec1e2cf

SHA256
0c726298d74835273a72351c9a79e3d8d16feb2ff959d66b5a9a87522d307f16

SHA512
38a7ed6c7e89ec95670702a94d14e5c19a9fabe8b4447789e72681e58bd4cff50db1516f04cba7d150b1226054848c6a6fdaef1607bcccb3cd7032e8e9f07f7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
76a12ef12fe620d71ea3205869943de4

SHA1
ac38b7c35cedb80d2c5343c2f4de2d82575887e2

SHA256
4db301c567191bbe2e183a1e1c4516cd2df9cab18d72130b3cdf0a89f714a968

SHA512
82fd18ffd17b0397fa8224573c4cb9bf8a60ef3ec08cfd6652fc5b3edb0014189304b59b8d40de9ef97815d6e705988611ba9452c098d97ba6742898332f9ea0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
586d922afa6a30053e4a7f2b6f7203dd

SHA1
ed59f5e2180e73038c7f2440a6be0911b13ec60a

SHA256
c1da28174690c3aaad21cba90e6608051409a159b1829a75b2eb0a8768d944c0

SHA512
388a37892b444662cdd5b8d68138965dde2f5fcc8f7114d00e7917760895f4f5686121a54b56d55417ffcd8c05a52cb57fe211ff4c19238e5a7bbb9f3c6a7220

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
33b9e564e1589804e07a926a949a97c6

SHA1
75a0d31f9dc32ef31c9c01828369e0369578ceb9

SHA256
2a034de0601ff0b51816214fa672427ac571bb161ebd9198beea8a46cf9bc8f8

SHA512
b36bada9cd5f9847dc24083baffaa2193b95311cd612e3811df6ae8165859c9cda7fa2c51c892e54585405a906be3a435bf0eca1014e730b9c31c52367a3a5af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\edgeSettings

Filesize
81B

MD5
f222079e71469c4d129b335b7c91355e

SHA1
0056c3003874efef229a5875742559c8c59887dc

SHA256
e713c1b13a849d759ebaa6256773f4f1d6dfc0c6a4247edaa726e0206ecacb00

SHA512
e5a49275e056b6628709cf6509a5f33f8d1d1e93125eaa6ec1c7f51be589fd3d8ea7a59b9639db586d76a994ad3dc452c7826e4ac0c8c689dd67ff90e33f0b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\edgeSettings_2.0-2f9188b68640dbf72295f9083a21d674a314721ef06f82db281cbcb052ff8ec1

Filesize
126KB

MD5
6698422bea0359f6d385a4d059c47301

SHA1
b1107d1f8cc1ef600531ed87cea1c41b7be474f6

SHA256
2f9188b68640dbf72295f9083a21d674a314721ef06f82db281cbcb052ff8ec1

SHA512
d0cdb3fa21e03f950dbe732832e0939a4c57edc3b82adb7a556ebd3a81d219431a440357654dfea94d415ba00fd7dcbd76f49287d85978d12c224cbfa8c1ad8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\synchronousLookupUris

Filesize
40B

MD5
6a3a60a3f78299444aacaa89710a64b6

SHA1
2a052bf5cf54f980475085eef459d94c3ce5ef55

SHA256
61597278d681774efd8eb92f5836eb6362975a74cef807ce548e50a7ec38e11f

SHA512
c5d0419869a43d712b29a5a11dc590690b5876d1d95c1f1380c2f773ca0cb07b173474ee16fe66a6af633b04cc84e58924a62f00dcc171b2656d554864bf57a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\synchronousLookupUris_638343870221005468

Filesize
57B

MD5
3a05eaea94307f8c57bac69c3df64e59

SHA1
9b852b902b72b9d5f7b9158e306e1a2c5f6112c8

SHA256
a8ef112df7dad4b09aaa48c3e53272a2eec139e86590fd80e2b7cbd23d14c09e

SHA512
6080aef2339031fafdcfb00d3179285e09b707a846fd2ea03921467df5930b3f9c629d37400d625a8571b900bc46021047770bac238f6bac544b48fb3d522fb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\topTraffic

Filesize
29B

MD5
52e2839549e67ce774547c9f07740500

SHA1
b172e16d7756483df0ca0a8d4f7640dd5d557201

SHA256
f81b7b9ce24f5a2b94182e817037b5f1089dc764bc7e55a9b0a6227a7e121f32

SHA512
d80e7351e4d83463255c002d3fdce7e5274177c24c4c728d7b7932d0be3ebcfeb68e1e65697ed5e162e1b423bb8cdfa0864981c4b466d6ad8b5e724d84b4203b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\topTraffic_638004170464094982

Filesize
450KB

MD5
e9c502db957cdb977e7f5745b34c32e6

SHA1
dbd72b0d3f46fa35a9fe2527c25271aec08e3933

SHA256
5a6b49358772db0b5c682575f02e8630083568542b984d6d00727740506569d4

SHA512
b846e682427cf144a440619258f5aa5c94caee7612127a60e4bd3c712f8ff614da232d9a488e27fc2b0d53fd6acf05409958aea3b21ea2c1127821bd8e87a5ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

Filesize
28KB

MD5
0f68b21ff8cf0a7105ef2a25106ab22d

SHA1
35d92cdc31c2e14559c455fb9161a9d160750a6f

SHA256
fc1c620df8d6ba112d30081f0a04623c5e63abe4e9059030024c4248ad455afa

SHA512
e03fb26eb8e6efcda211c9273f7d82a06aabe720a2f12e1a308909509a2529ff9340a03fee2a64fac9b9169c0cac3353336be15d5bf7cb94bee9cb7055c6df8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

Filesize
28KB

MD5
4f2858039047be2d491ff13634a21e10

SHA1
208b4c21441970e729dadf6d3da33e92b1cc0f30

SHA256
7cb492f3d6dbba90af0973e649a2f1cc371845f97d2c7f0bfc48c2d6e821e65f

SHA512
76193147be70a3984b12b36d92bbf7bc983341a37d8e9bf97c7ee729f785698b1e6664a7ad6ce350c890d9fec328834dd4b62ea40cc12e639859863bef1e68d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

Filesize
28KB

MD5
2bf58acc4eb7c87685e0893640b5ddab

SHA1
5089b89e700b00d97299c162707159038cc43be5

SHA256
542f3415e5c0a95a4c846f2aeac9ee9b88cb05a727ad3bba9774ef3ec75d487c

SHA512
e1732a833e882ed2eb5a0eb2474370d015937c0628699e66b00d8ff7106fa421158edd7d39d909939fe109bb13b0483ab99bc9ccfd962d4c697e7ac625967b4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

Filesize
28KB

MD5
bc722939fcd8af97631a2c445edd1b6e

SHA1
0083a37d4eab53d70b99c843a19dc93aea57c1cc

SHA256
80c8012b685d92a8ebc467da95b085f621393f0bcf30dc984bd548ab31abb1f5

SHA512
248130cd4c385fcb4d43b02ed92ad9c263498255ae079ba19a883c0abb42ae665e710ceeb623133e0dab9e44897a6b19be974974f0663b0a3abb4b586464285a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
25a9136dc3c252e52082b3797cb95d41

SHA1
c1eeb86d90a653295ea4ef6616926240f11bb17f

SHA256
4bc08bdd3c0e873bc12f90ac25851e89463a77fe61afc6f71f2d00e4cc2771f3

SHA512
77aa087388e591fb02665598c97657de1a46c5419911e2427ada632b0a75f9c934b8e32a5f5606eda16f727a550fca902969d88f6c10bb7ee44e956e87f1fc3d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
3da1aa22f8dd823c6f3eb443d9a9271f

SHA1
38fd89c0e755bd4ef5a04a0efa600dc05a35e50a

SHA256
c1b548be2b2797ce6980e3718a815fcfac670c949cf04441d3f76d8f60d1b17c

SHA512
b61e98adc3364d82159f838844b200ce7849f167ccd69c4609e0ec7a906a35b2cced1f2fbf11d3c4804e010fa500b4471155480172f74c87827569fc9f94293b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\f18460fded109990.customDestinations-ms

Filesize
24B

MD5
4fcb2a3ee025e4a10d21e1b154873fe2

SHA1
57658e2fa594b7d0b99d02e041d0f3418e58856b

SHA256
90bf6baa6f968a285f88620fbf91e1f5aa3e66e2bad50fd16f37913280ad8228

SHA512
4e85d48db8c0ee5c4dd4149ab01d33e4224456c3f3e3b0101544a5ca87a0d74b3ccd8c0509650008e2abed65efd1e140b1e65ae5215ab32de6f6a49c9d3ec3ff

Download Submit
C:\Users\Admin\Downloads\Hello123.exe

Filesize
78KB

MD5
2099bf3591c6a671b2cd90ac27cc0c33

SHA1
c088f96a29c9b44af4966afae4a4755160a638ec

SHA256
d06acfbd8300baeaeaeaabf630c693e4cdb96c5a2bf407c0ed6f962810975226

SHA512
1b1e38742ef34433f6ad99fbb364ee9c74d603814e6a381819a4441a2f7c5c69605199057145127716e81b1bfe8e389797bd417467b6e56c7ff9aa3be313a260

Download Submit
memory/460-312-0x00007FFB8FFD0000-0x00007FFB8FFE0000-memory.dmp

Filesize
64KB

Download
memory/460-311-0x00000216E36C0000-0x00000216E36EA000-memory.dmp

Filesize
168KB

Download
memory/604-298-0x000002870A940000-0x000002870A963000-memory.dmp

Filesize
140KB

Download
memory/604-305-0x00007FFB8FFD0000-0x00007FFB8FFE0000-memory.dmp

Filesize
64KB

Download
memory/604-304-0x000002870A970000-0x000002870A99A000-memory.dmp

Filesize
168KB

Download
memory/684-301-0x00007FFB8FFD0000-0x00007FFB8FFE0000-memory.dmp

Filesize
64KB

Download
memory/684-300-0x000001B1D9980000-0x000001B1D99AA000-memory.dmp

Filesize
168KB

Download
memory/752-324-0x000001CEC6D40000-0x000001CEC6D6A000-memory.dmp

Filesize
168KB

Download
memory/752-325-0x00007FFB8FFD0000-0x00007FFB8FFE0000-memory.dmp

Filesize
64KB

Download
memory/920-317-0x00007FFB8FFD0000-0x00007FFB8FFE0000-memory.dmp

Filesize
64KB

Download
memory/920-316-0x000001CDB3810000-0x000001CDB383A000-memory.dmp

Filesize
168KB

Download
memory/976-308-0x00007FFB8FFD0000-0x00007FFB8FFE0000-memory.dmp

Filesize
64KB

Download
memory/976-307-0x00000169DF3A0000-0x00000169DF3CA000-memory.dmp

Filesize
168KB

Download
memory/1028-328-0x00007FFB8FFD0000-0x00007FFB8FFE0000-memory.dmp

Filesize
64KB

Download
memory/1028-327-0x00000249CE1D0000-0x00000249CE1FA000-memory.dmp

Filesize
168KB

Download
memory/1100-330-0x000002940B060000-0x000002940B08A000-memory.dmp

Filesize
168KB

Download
memory/1100-331-0x00007FFB8FFD0000-0x00007FFB8FFE0000-memory.dmp

Filesize
64KB

Download
memory/1116-333-0x000001E8FA3D0000-0x000001E8FA3FA000-memory.dmp

Filesize
168KB

Download
memory/1116-334-0x00007FFB8FFD0000-0x00007FFB8FFE0000-memory.dmp

Filesize
64KB

Download
memory/1240-337-0x00007FFB8FFD0000-0x00007FFB8FFE0000-memory.dmp

Filesize
64KB

Download
memory/1240-336-0x000002785F060000-0x000002785F08A000-memory.dmp

Filesize
168KB

Download
memory/1276-340-0x00007FFB8FFD0000-0x00007FFB8FFE0000-memory.dmp

Filesize
64KB

Download
memory/1276-339-0x0000022FCAD90000-0x0000022FCADBA000-memory.dmp

Filesize
168KB

Download
memory/1312-344-0x0000029C31BA0000-0x0000029C31BCA000-memory.dmp

Filesize
168KB

Download
memory/1312-345-0x00007FFB8FFD0000-0x00007FFB8FFE0000-memory.dmp

Filesize
64KB

Download
memory/1352-348-0x00007FFB8FFD0000-0x00007FFB8FFE0000-memory.dmp

Filesize
64KB

Download
memory/1352-347-0x000001ECB9930000-0x000001ECB995A000-memory.dmp

Filesize
168KB

Download
memory/3688-198-0x0000015198530000-0x0000015198A58000-memory.dmp

Filesize
5.2MB

Download
memory/3688-209-0x00007FFBACE33000-0x00007FFBACE35000-memory.dmp

Filesize
8KB

Download
memory/3688-219-0x00007FFBACE30000-0x00007FFBAD8F2000-memory.dmp

Filesize
10.8MB

Download
memory/3688-194-0x00007FFBACE33000-0x00007FFBACE35000-memory.dmp

Filesize
8KB

Download
memory/3688-197-0x00007FFBACE30000-0x00007FFBAD8F2000-memory.dmp

Filesize
10.8MB

Download
memory/3688-289-0x0000015198A60000-0x0000015198A9E000-memory.dmp

Filesize
248KB

Download
memory/3688-220-0x00000151FFD90000-0x00000151FFE06000-memory.dmp

Filesize
472KB

Download
memory/3688-221-0x0000015198150000-0x0000015198162000-memory.dmp

Filesize
72KB

Download
memory/3688-290-0x00007FFBCFF50000-0x00007FFBD0148000-memory.dmp

Filesize
2.0MB

Download
memory/3688-223-0x00000151FFF40000-0x00000151FFFEA000-memory.dmp

Filesize
680KB

Download
memory/3688-196-0x00000151FFAC0000-0x00000151FFC82000-memory.dmp

Filesize
1.8MB

Download
memory/3688-195-0x00000151FD4E0000-0x00000151FD4F8000-memory.dmp

Filesize
96KB

Download
memory/3688-291-0x00007FFBCFC80000-0x00007FFBCFD3D000-memory.dmp

Filesize
756KB

Download
memory/3688-222-0x00000151FFA50000-0x00000151FFA6E000-memory.dmp

Filesize
120KB

Download
memory/4116-294-0x00007FFBCFF50000-0x00007FFBD0148000-memory.dmp

Filesize
2.0MB

Download
memory/4116-295-0x00007FFBCFC80000-0x00007FFBCFD3D000-memory.dmp

Filesize
756KB

Download
memory/4116-296-0x0000000140000000-0x0000000140040000-memory.dmp

Filesize
256KB

Download
memory/4116-293-0x0000000140000000-0x0000000140040000-memory.dmp

Filesize
256KB

Download
memory/4116-292-0x0000000140000000-0x0000000140040000-memory.dmp

Filesize
256KB

Download