crimsonrat | 661dc65d02dc8b717befa8996eeb02cb0445094440693423dfb2da9ab16cf41b

Analysis

max time kernel
356s
max time network
384s
platform
windows11-21h2_x64
resource
win11-20241007-de
resource tags

arch:x64arch:x86image:win11-20241007-delocale:de-deos:windows11-21h2-x64systemwindows
submitted
01-02-2025 13:24

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

run.bat
Size

5.0MB
MD5

68b7f8d79fe5e34157caab1f633355a2
SHA1

189ee5a993510eda4138b3f2cd1e53100e6a4f0e
SHA256

661dc65d02dc8b717befa8996eeb02cb0445094440693423dfb2da9ab16cf41b
SHA512

8e1e8304cfb0963a159ab82aff39e21584e832c7224405e61140698ec578a35146ea12178bd4d7b2676a8980359097d2ab2aa70a0f83195729ae7cae48a41f02
SSDEEP

48:1JJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJJl:n

Score

10^/10

crimsonrat credential_access defense_evasion discovery execution macro macro_on_action persistence rat spyware stealer themida trojan upx

Malware Config

Extracted

Family

crimsonrat

185.136.161.124

Signatures

CrimsonRAT main payload 1 IoCs

resource	yara_rule
behavioral1/files/0x001700000002b22c-4209.dat	family_crimsonrat

CrimsonRat
Crimson RAT is a malware linked to a Pakistani-linked threat actor.
rat crimsonrat
Crimsonrat family
crimsonrat

Process spawned unexpected child process 1 IoCs

This typically indicates the parent process was compromised via an exploit or macro.

description	pid	pid_target	Process	procid_target
Parent C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE is not expected to spawn this process	7572	9176	rundll32.exe	286

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs

defense_evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Solara.exe

Blocklisted process makes network request 1 IoCs

flow	pid	Process
291	7572	rundll32.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 2 IoCs

Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

execution

PowerShell

T1059.001

pid	Process
8508	powershell.exe
8356	powershell.exe

Downloads MZ/PE file 1 IoCs

flow	pid	Process
70	4972	msedge.exe

Office macro that triggers on suspicious action 1 IoCs

Office document macro which triggers in special circumstances - often malicious.

macro macro_on_action

resource	yara_rule
behavioral1/files/0x001700000002b22d-4148.dat	office_macro_on_action

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	Solara.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	Solara.exe

Executes dropped EXE 4 IoCs

pid	Process
8180	BootstrapperNew.exe
7080	Solara.exe
7380	dlrarhsiva.exe
4940	Server.exe

Loads dropped DLL 2 IoCs

pid	Process
7080	Solara.exe
7080	Solara.exe

Reads data files stored by FTP clients 2 TTPs
Tries to access configuration files associated with programs like FileZilla.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Themida packer 17 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
behavioral1/memory/7080-1619-0x0000000180000000-0x000000018111D000-memory.dmp	themida
behavioral1/memory/7080-1620-0x0000000180000000-0x000000018111D000-memory.dmp	themida
behavioral1/memory/7080-1618-0x0000000180000000-0x000000018111D000-memory.dmp	themida
behavioral1/memory/7080-1617-0x0000000180000000-0x000000018111D000-memory.dmp	themida
behavioral1/memory/7080-1716-0x0000000180000000-0x000000018111D000-memory.dmp	themida
behavioral1/memory/7080-1811-0x0000000180000000-0x000000018111D000-memory.dmp	themida
behavioral1/memory/7080-1867-0x0000000180000000-0x000000018111D000-memory.dmp	themida
behavioral1/memory/7080-1889-0x0000000180000000-0x000000018111D000-memory.dmp	themida
behavioral1/memory/7080-1902-0x0000000180000000-0x000000018111D000-memory.dmp	themida
behavioral1/memory/7080-2256-0x0000000180000000-0x000000018111D000-memory.dmp	themida
behavioral1/memory/7080-2709-0x0000000180000000-0x000000018111D000-memory.dmp	themida
behavioral1/memory/7080-2796-0x0000000180000000-0x000000018111D000-memory.dmp	themida
behavioral1/memory/7080-3002-0x0000000180000000-0x000000018111D000-memory.dmp	themida
behavioral1/memory/7080-3296-0x0000000180000000-0x000000018111D000-memory.dmp	themida
behavioral1/memory/7080-3542-0x0000000180000000-0x000000018111D000-memory.dmp	themida
behavioral1/memory/7080-3589-0x0000000180000000-0x000000018111D000-memory.dmp	themida
behavioral1/memory/7080-3652-0x0000000180000000-0x000000018111D000-memory.dmp	themida

Unsecured Credentials: Credentials In Files 1 TTPs
Steal credentials from unsecured files.
credential_access stealer

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\Software\Microsoft\Windows\CurrentVersion\Run\Server = "C:\\Users\\Admin\\Downloads\\The-MALWARE-Repo-master\\RAT\\VanToM-Rat.bat"	VanToM-Rat.bat
Set value (str)	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000\Software\Microsoft\Windows\CurrentVersion\Run\Server = "C:\\Users\\Admin\\AppData\\Roaming\\VanToM Folder\\Server.exe"	Server.exe

Checks whether UAC is enabled 1 TTPs 1 IoCs

defense_evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	Solara.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
31	pastebin.com
102	pastebin.com

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135

AutoIT Executable 2 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
behavioral1/memory/4856-4338-0x0000000000EB0000-0x00000000014ED000-memory.dmp	autoit_exe
behavioral1/memory/4856-4420-0x0000000000EB0000-0x00000000014ED000-memory.dmp	autoit_exe

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
7080	Solara.exe

Suspicious use of SetThreadContext 2 IoCs

description	pid	Process	procid_target
PID 4856 set thread context of 4312	4856	VeryFun.exe	293
PID 4856 set thread context of 7848	4856	VeryFun.exe	294

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/4856-4318-0x0000000000EB0000-0x00000000014ED000-memory.dmp	upx
behavioral1/memory/4856-4338-0x0000000000EB0000-0x00000000014ED000-memory.dmp	upx
behavioral1/memory/2164-4352-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/2164-4418-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/memory/4856-4420-0x0000000000EB0000-0x00000000014ED000-memory.dmp	upx

Drops file in Windows directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\INF\display.PNF	chrome.exe
File opened for modification	C:\Windows\System.ini	VeryFun.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\BootstrapperNew.exe:Zone.Identifier	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	VeryFun.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 10 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
2752	msedgewebview2.exe
8740	msedgewebview2.exe
6584	msedgewebview2.exe
5480	msedgewebview2.exe
5520	msedgewebview2.exe
6536	msedgewebview2.exe
5532	msedgewebview2.exe
8836	msedgewebview2.exe
6964	msedgewebview2.exe
4280	msedgewebview2.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE

Enumerates system info in registry 2 TTPs 15 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133828901633493487"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings	msedge.exe

NTFS ADS 4 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Nicht bestätigt 399658.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\BootstrapperNew.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\The-MALWARE-Repo-master.zip:Zone.Identifier	msedge.exe
File created	C:\Users\Admin\AppData\Roaming\VanToM Folder\Server.exe\:Zone.Identifier:$DATA	VanToM-Rat.bat

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
9176	WINWORD.EXE
9176	WINWORD.EXE

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4972	msedge.exe
4972	msedge.exe
1624	msedge.exe
1624	msedge.exe
772	msedge.exe
772	msedge.exe
7844	msedge.exe
7844	msedge.exe
7916	identity_helper.exe
7916	identity_helper.exe
5748	msedge.exe
5748	msedge.exe
8356	powershell.exe
8356	powershell.exe
8356	powershell.exe
8508	powershell.exe
8508	powershell.exe
8508	powershell.exe
7080	Solara.exe
7080	Solara.exe
7080	Solara.exe
7080	Solara.exe
7080	Solara.exe
7080	Solara.exe
7080	Solara.exe
7080	Solara.exe
7080	Solara.exe
7080	Solara.exe
7080	Solara.exe
6200	msedgewebview2.exe
6200	msedgewebview2.exe
7080	Solara.exe
7080	Solara.exe
7080	Solara.exe
7080	Solara.exe
7080	Solara.exe
7080	Solara.exe
7080	Solara.exe
7080	Solara.exe
7080	Solara.exe
7080	Solara.exe
7080	Solara.exe
7080	Solara.exe
7080	Solara.exe
7080	Solara.exe
7080	Solara.exe
7080	Solara.exe
7080	Solara.exe
7080	Solara.exe
7080	Solara.exe
7080	Solara.exe
7080	Solara.exe
6764	msedge.exe
6764	msedge.exe
4420	msedge.exe
4420	msedge.exe
7080	Solara.exe
7080	Solara.exe
7080	Solara.exe
5556	chrome.exe
5556	chrome.exe
7080	Solara.exe
7080	Solara.exe
7080	Solara.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
7000	msedgewebview2.exe
6764	msedge.exe
6764	msedge.exe
5556	chrome.exe
5556	chrome.exe
5556	chrome.exe
6764	msedge.exe
6764	msedge.exe
6764	msedge.exe
6764	msedge.exe
6764	msedge.exe
6764	msedge.exe
6764	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	8356	powershell.exe
Token: SeDebugPrivilege	8508	powershell.exe
Token: SeDebugPrivilege	8180	BootstrapperNew.exe
Token: SeDebugPrivilege	7080	Solara.exe
Token: SeShutdownPrivilege	5556	chrome.exe
Token: SeCreatePagefilePrivilege	5556	chrome.exe
Token: SeShutdownPrivilege	5556	chrome.exe
Token: SeCreatePagefilePrivilege	5556	chrome.exe
Token: SeShutdownPrivilege	5556	chrome.exe
Token: SeCreatePagefilePrivilege	5556	chrome.exe
Token: SeShutdownPrivilege	5556	chrome.exe
Token: SeCreatePagefilePrivilege	5556	chrome.exe
Token: SeShutdownPrivilege	5556	chrome.exe
Token: SeCreatePagefilePrivilege	5556	chrome.exe
Token: SeShutdownPrivilege	5556	chrome.exe
Token: SeCreatePagefilePrivilege	5556	chrome.exe
Token: SeShutdownPrivilege	5556	chrome.exe
Token: SeCreatePagefilePrivilege	5556	chrome.exe
Token: SeShutdownPrivilege	5556	chrome.exe
Token: SeCreatePagefilePrivilege	5556	chrome.exe
Token: SeShutdownPrivilege	5556	chrome.exe
Token: SeCreatePagefilePrivilege	5556	chrome.exe
Token: SeShutdownPrivilege	5556	chrome.exe
Token: SeCreatePagefilePrivilege	5556	chrome.exe
Token: SeShutdownPrivilege	5556	chrome.exe
Token: SeCreatePagefilePrivilege	5556	chrome.exe
Token: SeShutdownPrivilege	5556	chrome.exe
Token: SeCreatePagefilePrivilege	5556	chrome.exe
Token: SeShutdownPrivilege	5556	chrome.exe
Token: SeCreatePagefilePrivilege	5556	chrome.exe
Token: SeShutdownPrivilege	5556	chrome.exe
Token: SeCreatePagefilePrivilege	5556	chrome.exe
Token: SeShutdownPrivilege	5556	chrome.exe
Token: SeCreatePagefilePrivilege	5556	chrome.exe
Token: SeShutdownPrivilege	5556	chrome.exe
Token: SeCreatePagefilePrivilege	5556	chrome.exe
Token: SeShutdownPrivilege	5556	chrome.exe
Token: SeCreatePagefilePrivilege	5556	chrome.exe
Token: SeShutdownPrivilege	5556	chrome.exe
Token: SeCreatePagefilePrivilege	5556	chrome.exe
Token: SeShutdownPrivilege	5556	chrome.exe
Token: SeCreatePagefilePrivilege	5556	chrome.exe
Token: SeShutdownPrivilege	5556	chrome.exe
Token: SeCreatePagefilePrivilege	5556	chrome.exe
Token: SeShutdownPrivilege	5556	chrome.exe
Token: SeCreatePagefilePrivilege	5556	chrome.exe
Token: SeShutdownPrivilege	5556	chrome.exe
Token: SeCreatePagefilePrivilege	5556	chrome.exe
Token: SeShutdownPrivilege	5556	chrome.exe
Token: SeCreatePagefilePrivilege	5556	chrome.exe
Token: SeShutdownPrivilege	5556	chrome.exe
Token: SeCreatePagefilePrivilege	5556	chrome.exe
Token: SeShutdownPrivilege	5556	chrome.exe
Token: SeCreatePagefilePrivilege	5556	chrome.exe
Token: SeShutdownPrivilege	5556	chrome.exe
Token: SeCreatePagefilePrivilege	5556	chrome.exe
Token: SeShutdownPrivilege	5556	chrome.exe
Token: SeCreatePagefilePrivilege	5556	chrome.exe
Token: SeShutdownPrivilege	5556	chrome.exe
Token: SeCreatePagefilePrivilege	5556	chrome.exe
Token: SeShutdownPrivilege	5556	chrome.exe
Token: SeCreatePagefilePrivilege	5556	chrome.exe
Token: SeShutdownPrivilege	5556	chrome.exe
Token: SeCreatePagefilePrivilege	5556	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
7000	msedgewebview2.exe
6764	msedge.exe
6764	msedge.exe
6764	msedge.exe
6764	msedge.exe
6764	msedge.exe
6764	msedge.exe
6764	msedge.exe
6764	msedge.exe
6764	msedge.exe
6764	msedge.exe
6764	msedge.exe
6764	msedge.exe
6764	msedge.exe
6764	msedge.exe
6764	msedge.exe
6764	msedge.exe
6764	msedge.exe
6764	msedge.exe
6764	msedge.exe
6764	msedge.exe
6764	msedge.exe
6764	msedge.exe
6764	msedge.exe
6764	msedge.exe
6764	msedge.exe
5556	chrome.exe
5556	chrome.exe

Suspicious use of SendNotifyMessage 39 IoCs

pid	Process
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
1624	msedge.exe
6764	msedge.exe
6764	msedge.exe
6764	msedge.exe
6764	msedge.exe
6764	msedge.exe
6764	msedge.exe
6764	msedge.exe
6764	msedge.exe
6764	msedge.exe
6764	msedge.exe
6764	msedge.exe
6764	msedge.exe
5556	chrome.exe
5556	chrome.exe
5556	chrome.exe
5556	chrome.exe
5556	chrome.exe
5556	chrome.exe
5556	chrome.exe
5556	chrome.exe
5556	chrome.exe
5556	chrome.exe
5556	chrome.exe
5556	chrome.exe
7848	cmd.exe
7848	cmd.exe
7848	cmd.exe

Suspicious use of SetWindowsHookEx 16 IoCs

pid	Process
9176	WINWORD.EXE
9176	WINWORD.EXE
9176	WINWORD.EXE
9176	WINWORD.EXE
9176	WINWORD.EXE
9176	WINWORD.EXE
9176	WINWORD.EXE
9176	WINWORD.EXE
9176	WINWORD.EXE
9176	WINWORD.EXE
9176	WINWORD.EXE
4936	VanToM-Rat.bat
4940	Server.exe
4856	VeryFun.exe
4312	cmd.exe
7848	cmd.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3848 wrote to memory of 1624	3848	cmd.exe	78
PID 3848 wrote to memory of 1624	3848	cmd.exe	78
PID 1624 wrote to memory of 5040	1624	msedge.exe	81
PID 1624 wrote to memory of 5040	1624	msedge.exe	81
PID 3848 wrote to memory of 988	3848	cmd.exe	82
PID 3848 wrote to memory of 988	3848	cmd.exe	82
PID 988 wrote to memory of 2708	988	msedge.exe	83
PID 988 wrote to memory of 2708	988	msedge.exe	83
PID 3848 wrote to memory of 3596	3848	cmd.exe	84
PID 3848 wrote to memory of 3596	3848	cmd.exe	84
PID 3596 wrote to memory of 1812	3596	msedge.exe	85
PID 3596 wrote to memory of 1812	3596	msedge.exe	85
PID 1624 wrote to memory of 2752	1624	msedge.exe	86
PID 1624 wrote to memory of 2752	1624	msedge.exe	86
PID 1624 wrote to memory of 2752	1624	msedge.exe	86
PID 1624 wrote to memory of 2752	1624	msedge.exe	86
PID 1624 wrote to memory of 2752	1624	msedge.exe	86
PID 1624 wrote to memory of 2752	1624	msedge.exe	86
PID 1624 wrote to memory of 2752	1624	msedge.exe	86
PID 1624 wrote to memory of 2752	1624	msedge.exe	86
PID 1624 wrote to memory of 2752	1624	msedge.exe	86
PID 1624 wrote to memory of 2752	1624	msedge.exe	86
PID 1624 wrote to memory of 2752	1624	msedge.exe	86
PID 1624 wrote to memory of 2752	1624	msedge.exe	86
PID 1624 wrote to memory of 2752	1624	msedge.exe	86
PID 1624 wrote to memory of 2752	1624	msedge.exe	86
PID 1624 wrote to memory of 2752	1624	msedge.exe	86
PID 1624 wrote to memory of 2752	1624	msedge.exe	86
PID 1624 wrote to memory of 2752	1624	msedge.exe	86
PID 1624 wrote to memory of 2752	1624	msedge.exe	86
PID 1624 wrote to memory of 2752	1624	msedge.exe	86
PID 1624 wrote to memory of 2752	1624	msedge.exe	86
PID 1624 wrote to memory of 2752	1624	msedge.exe	86
PID 1624 wrote to memory of 2752	1624	msedge.exe	86
PID 1624 wrote to memory of 2752	1624	msedge.exe	86
PID 1624 wrote to memory of 2752	1624	msedge.exe	86
PID 1624 wrote to memory of 2752	1624	msedge.exe	86
PID 1624 wrote to memory of 2752	1624	msedge.exe	86
PID 1624 wrote to memory of 2752	1624	msedge.exe	86
PID 1624 wrote to memory of 2752	1624	msedge.exe	86
PID 1624 wrote to memory of 2752	1624	msedge.exe	86
PID 1624 wrote to memory of 2752	1624	msedge.exe	86
PID 1624 wrote to memory of 2752	1624	msedge.exe	86
PID 1624 wrote to memory of 2752	1624	msedge.exe	86
PID 1624 wrote to memory of 2752	1624	msedge.exe	86
PID 1624 wrote to memory of 2752	1624	msedge.exe	86
PID 1624 wrote to memory of 2752	1624	msedge.exe	86
PID 1624 wrote to memory of 2752	1624	msedge.exe	86
PID 1624 wrote to memory of 2752	1624	msedge.exe	86
PID 1624 wrote to memory of 2752	1624	msedge.exe	86
PID 1624 wrote to memory of 2752	1624	msedge.exe	86
PID 1624 wrote to memory of 2752	1624	msedge.exe	86
PID 1624 wrote to memory of 4972	1624	msedge.exe	87
PID 1624 wrote to memory of 4972	1624	msedge.exe	87
PID 1624 wrote to memory of 896	1624	msedge.exe	88
PID 1624 wrote to memory of 896	1624	msedge.exe	88
PID 1624 wrote to memory of 896	1624	msedge.exe	88
PID 1624 wrote to memory of 896	1624	msedge.exe	88
PID 1624 wrote to memory of 896	1624	msedge.exe	88
PID 1624 wrote to memory of 896	1624	msedge.exe	88
PID 1624 wrote to memory of 896	1624	msedge.exe	88
PID 1624 wrote to memory of 896	1624	msedge.exe	88
PID 1624 wrote to memory of 896	1624	msedge.exe	88
PID 1624 wrote to memory of 896	1624	msedge.exe	88

C:\Windows\System32\spoolsv.exe
C:\Windows\System32\spoolsv.exe
1⤵
PID:1976

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3240
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\run.bat"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3848
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://gofile.io/d/AptL1G
    3⤵
    - Enumerates system info in registry
    - NTFS ADS
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:1624
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0x48,0x10c,0x7ffb36b33cb8,0x7ffb36b33cc8,0x7ffb36b33cd8
      4⤵
      PID:5040
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1880,8575513396757651202,18394636806932501791,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1888 /prefetch:2
      4⤵
      PID:2752
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1880,8575513396757651202,18394636806932501791,131072 --lang=de --service-sandbox-type=none --mojo-platform-channel-handle=2372 /prefetch:3
      4⤵
      Downloads MZ/PE file
      Suspicious behavior: EnumeratesProcesses
      PID:4972
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1880,8575513396757651202,18394636806932501791,131072 --lang=de --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8
      4⤵
      PID:896
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8575513396757651202,18394636806932501791,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
      4⤵
      PID:1180
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8575513396757651202,18394636806932501791,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
      4⤵
      PID:552
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8575513396757651202,18394636806932501791,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3824 /prefetch:1
      4⤵
      PID:1776
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8575513396757651202,18394636806932501791,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3980 /prefetch:1
      4⤵
      PID:2604
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8575513396757651202,18394636806932501791,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:1
      4⤵
      PID:480
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8575513396757651202,18394636806932501791,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1
      4⤵
      PID:1780
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8575513396757651202,18394636806932501791,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
      4⤵
      PID:2884
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8575513396757651202,18394636806932501791,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1
      4⤵
      PID:3364
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8575513396757651202,18394636806932501791,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
      4⤵
      PID:4980
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8575513396757651202,18394636806932501791,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
      4⤵
      PID:2188
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8575513396757651202,18394636806932501791,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
      4⤵
      PID:484
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8575513396757651202,18394636806932501791,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1
      4⤵
      PID:1552
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8575513396757651202,18394636806932501791,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6372 /prefetch:1
      4⤵
      PID:3304
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8575513396757651202,18394636806932501791,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6692 /prefetch:1
      4⤵
      PID:5308
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8575513396757651202,18394636806932501791,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6920 /prefetch:1
      4⤵
      PID:5504
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8575513396757651202,18394636806932501791,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7260 /prefetch:1
      4⤵
      PID:5616
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8575513396757651202,18394636806932501791,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7120 /prefetch:1
      4⤵
      PID:5844
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8575513396757651202,18394636806932501791,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6288 /prefetch:1
      4⤵
      PID:5208
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8575513396757651202,18394636806932501791,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7688 /prefetch:1
      4⤵
      PID:6528
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8575513396757651202,18394636806932501791,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8092 /prefetch:1
      4⤵
      PID:6592
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8575513396757651202,18394636806932501791,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8108 /prefetch:1
      4⤵
      PID:6624
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8575513396757651202,18394636806932501791,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8048 /prefetch:1
      4⤵
      PID:6676
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8575513396757651202,18394636806932501791,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
      4⤵
      PID:6692
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8575513396757651202,18394636806932501791,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3476 /prefetch:1
      4⤵
      PID:6740
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8575513396757651202,18394636806932501791,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3548 /prefetch:1
      4⤵
      PID:6888
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8575513396757651202,18394636806932501791,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
      4⤵
      PID:6896
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8575513396757651202,18394636806932501791,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
      4⤵
      PID:6904
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8575513396757651202,18394636806932501791,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8336 /prefetch:1
      4⤵
      PID:6912
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8575513396757651202,18394636806932501791,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9760 /prefetch:1
      4⤵
      PID:6920
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8575513396757651202,18394636806932501791,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9836 /prefetch:1
      4⤵
      PID:6960
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8575513396757651202,18394636806932501791,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10076 /prefetch:1
      4⤵
      PID:6972
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8575513396757651202,18394636806932501791,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8840 /prefetch:1
      4⤵
      PID:6996
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8575513396757651202,18394636806932501791,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9648 /prefetch:1
      4⤵
      PID:5964
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8575513396757651202,18394636806932501791,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10588 /prefetch:1
      4⤵
      PID:7188
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8575513396757651202,18394636806932501791,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10728 /prefetch:1
      4⤵
      PID:7276
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8575513396757651202,18394636806932501791,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10748 /prefetch:1
      4⤵
      PID:7432
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8575513396757651202,18394636806932501791,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10944 /prefetch:1
      4⤵
      PID:7440
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8575513396757651202,18394636806932501791,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10984 /prefetch:1
      4⤵
      PID:7548
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1880,8575513396757651202,18394636806932501791,131072 --lang=de --service-sandbox-type=none --mojo-platform-channel-handle=11412 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:7844
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8575513396757651202,18394636806932501791,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11560 /prefetch:1
      4⤵
      PID:8084
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8575513396757651202,18394636806932501791,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11556 /prefetch:1
      4⤵
      PID:8116
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8575513396757651202,18394636806932501791,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9012 /prefetch:1
      4⤵
      PID:4484
  - - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1880,8575513396757651202,18394636806932501791,131072 --lang=de --service-sandbox-type=none --mojo-platform-channel-handle=11908 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:7916
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1880,8575513396757651202,18394636806932501791,131072 --lang=de --service-sandbox-type=audio --mojo-platform-channel-handle=11332 /prefetch:8
      4⤵
      PID:7924
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8575513396757651202,18394636806932501791,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10948 /prefetch:1
      4⤵
      PID:7328
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8575513396757651202,18394636806932501791,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8632 /prefetch:1
      4⤵
      PID:8944
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8575513396757651202,18394636806932501791,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6752 /prefetch:1
      4⤵
      PID:9036
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8575513396757651202,18394636806932501791,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9032 /prefetch:1
      4⤵
      PID:9044
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8575513396757651202,18394636806932501791,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12488 /prefetch:1
      4⤵
      PID:8160
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8575513396757651202,18394636806932501791,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11720 /prefetch:1
      4⤵
      PID:5568
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8575513396757651202,18394636806932501791,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12580 /prefetch:1
      4⤵
      PID:8676
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8575513396757651202,18394636806932501791,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12920 /prefetch:1
      4⤵
      PID:7880
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8575513396757651202,18394636806932501791,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6316 /prefetch:1
      4⤵
      PID:8572
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1880,8575513396757651202,18394636806932501791,131072 --lang=de --service-sandbox-type=none --mojo-platform-channel-handle=8328 /prefetch:8
      4⤵
      Subvert Trust Controls: Mark-of-the-Web Bypass
      NTFS ADS
      Suspicious behavior: EnumeratesProcesses
      PID:5748
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1880,8575513396757651202,18394636806932501791,131072 --lang=de --service-sandbox-type=icon_reader --mojo-platform-channel-handle=10312 /prefetch:8
      4⤵
      PID:1588
  - - C:\Users\Admin\Downloads\BootstrapperNew.exe
      "C:\Users\Admin\Downloads\BootstrapperNew.exe"
      4⤵
      Executes dropped EXE
      Suspicious use of AdjustPrivilegeToken
      PID:8180
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell" -Command "Get-MpPreference | Select-Object -ExpandProperty ExclusionPath"
        5⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:8356
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        "powershell" -Command "Add-MpPreference -ExclusionPath 'C:\ProgramData\Solara'"
        5⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:8508
    - - C:\ProgramData\Solara\Solara.exe
        
        "C:\ProgramData\Solara\Solara.exe" --bootstrapperPath "C:\Users\Admin\Downloads"
        5⤵
        Identifies VirtualBox via ACPI registry values (likely anti-VM)
        Checks BIOS information in registry
        Executes dropped EXE
        Loads dropped DLL
        Checks whether UAC is enabled
        Suspicious use of NtSetInformationThreadHideFromDebugger
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:7080
      - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --disable-popup-blocking --internet-explorer-integration=none --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --mojo-named-platform-channel-pipe=7080.4340.4400071259732529266
        6⤵
        Enumerates system info in registry
        Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        Suspicious use of FindShellTrayWindow
        
        PID:7000
        
        C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Crashpad --metrics-dir=C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x138,0x7ffb36b33cb8,0x7ffb36b33cc8,0x7ffb36b33cd8
        7⤵
        
        PID:6332
        
        C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1928,15703985433496241392,11545144836498484982,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1984 /prefetch:2
        7⤵
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:8836
        
        C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1928,15703985433496241392,11545144836498484982,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=de --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2224 /prefetch:3
        7⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:6200
        
        C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1928,15703985433496241392,11545144836498484982,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=de --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=1916 /prefetch:8
        7⤵
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:6964
        
        C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1928,15703985433496241392,11545144836498484982,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=de --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3596 /prefetch:1
        7⤵
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:4280
        
        C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1928,15703985433496241392,11545144836498484982,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=de --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=2960 /prefetch:8
        7⤵
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:2752
        
        C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1928,15703985433496241392,11545144836498484982,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=de --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=1768 /prefetch:8
        7⤵
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:8740
        
        C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1928,15703985433496241392,11545144836498484982,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=de --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=5104 /prefetch:8
        7⤵
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:5480
        
        C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1928,15703985433496241392,11545144836498484982,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=de --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=3012 /prefetch:8
        7⤵
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:6584
        
        C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1928,15703985433496241392,11545144836498484982,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4712 /prefetch:2
        7⤵
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:5520
        
        C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1928,15703985433496241392,11545144836498484982,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=de --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=1868 /prefetch:8
        7⤵
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:6536
        
        C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1928,15703985433496241392,11545144836498484982,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch --lang=de --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --mojo-platform-channel-handle=1208 /prefetch:8
        7⤵
        System Network Configuration Discovery: Internet Connection Discovery
        
        PID:5532
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,8575513396757651202,18394636806932501791,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11492 /prefetch:1
      4⤵
      PID:8568
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://wearedevs.net/d/Solara
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:988
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb36b33cb8,0x7ffb36b33cc8,0x7ffb36b33cd8
      4⤵
      PID:2708
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1976,11529575156147170184,1895974716649439190,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1996 /prefetch:2
      4⤵
      PID:3484
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1976,11529575156147170184,1895974716649439190,131072 --lang=de --service-sandbox-type=none --mojo-platform-channel-handle=2068 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:772
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://gofile.io/d/AptL1G
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3596
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb36b33cb8,0x7ffb36b33cc8,0x7ffb36b33cd8
      4⤵
      PID:1812
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://wearedevs.net/d/Solara
    3⤵
    PID:3096
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb36b33cb8,0x7ffb36b33cc8,0x7ffb36b33cd8
      4⤵
      PID:4656
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://gofile.io/d/AptL1G
    3⤵
    PID:784
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0x100,0x110,0x7ffb36b33cb8,0x7ffb36b33cc8,0x7ffb36b33cd8
      4⤵
      PID:4204
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://wearedevs.net/d/Solara
    3⤵
    PID:2368
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb36b33cb8,0x7ffb36b33cc8,0x7ffb36b33cd8
      4⤵
      PID:3064
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://gofile.io/d/AptL1G
    3⤵
    PID:2812
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb36b33cb8,0x7ffb36b33cc8,0x7ffb36b33cd8
      4⤵
      PID:2060
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://wearedevs.net/d/Solara
    3⤵
    PID:5064
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb36b33cb8,0x7ffb36b33cc8,0x7ffb36b33cd8
      4⤵
      PID:1932
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://gofile.io/d/AptL1G
    3⤵
    PID:5204
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffb36b33cb8,0x7ffb36b33cc8,0x7ffb36b33cd8
      4⤵
      PID:5216
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://wearedevs.net/d/Solara
    3⤵
    PID:5760
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb36b33cb8,0x7ffb36b33cc8,0x7ffb36b33cd8
      4⤵
      PID:5772
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://gofile.io/d/AptL1G
    3⤵
    PID:2932
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb36b33cb8,0x7ffb36b33cc8,0x7ffb36b33cd8
      4⤵
      PID:5156
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://wearedevs.net/d/Solara
    3⤵
    PID:5256
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0xfc,0x100,0x104,0x48,0x108,0x7ffb36b33cb8,0x7ffb36b33cc8,0x7ffb36b33cd8
      4⤵
      PID:5340
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://gofile.io/d/AptL1G
    3⤵
    PID:5956
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xc8,0x10c,0x7ffb36b33cb8,0x7ffb36b33cc8,0x7ffb36b33cd8
      4⤵
      PID:5968
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://wearedevs.net/d/Solara
    3⤵
    PID:6088
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xa0,0x10c,0x7ffb36b33cb8,0x7ffb36b33cc8,0x7ffb36b33cd8
      4⤵
      PID:6132
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://gofile.io/d/AptL1G
    3⤵
    PID:6124
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb36b33cb8,0x7ffb36b33cc8,0x7ffb36b33cd8
      4⤵
      PID:6100
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://wearedevs.net/d/Solara
    3⤵
    PID:6244
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb36b33cb8,0x7ffb36b33cc8,0x7ffb36b33cd8
      4⤵
      PID:6256
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://gofile.io/d/AptL1G
    3⤵
    PID:6268
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb36b33cb8,0x7ffb36b33cc8,0x7ffb36b33cd8
      4⤵
      PID:6324
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://wearedevs.net/d/Solara
    3⤵
    PID:6388
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb36b33cb8,0x7ffb36b33cc8,0x7ffb36b33cd8
      4⤵
      PID:6412
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://gofile.io/d/AptL1G
    3⤵
    PID:6420
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb36b33cb8,0x7ffb36b33cc8,0x7ffb36b33cd8
      4⤵
      PID:6432
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://wearedevs.net/d/Solara
    3⤵
    PID:6452
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb36b33cb8,0x7ffb36b33cc8,0x7ffb36b33cd8
      4⤵
      PID:6572
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://gofile.io/d/AptL1G
    3⤵
    PID:6720
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb36b33cb8,0x7ffb36b33cc8,0x7ffb36b33cd8
      4⤵
      PID:6868
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://wearedevs.net/d/Solara
    3⤵
    PID:6884
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb36b33cb8,0x7ffb36b33cc8,0x7ffb36b33cd8
      4⤵
      PID:6424
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://gofile.io/d/AptL1G
    3⤵
    PID:6956
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffb36b33cb8,0x7ffb36b33cc8,0x7ffb36b33cd8
      4⤵
      PID:1008
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://wearedevs.net/d/Solara
    3⤵
    PID:7160
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb36b33cb8,0x7ffb36b33cc8,0x7ffb36b33cd8
      4⤵
      PID:1180
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://gofile.io/d/AptL1G
    3⤵
    PID:5952
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb36b33cb8,0x7ffb36b33cc8,0x7ffb36b33cd8
      4⤵
      PID:7224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe"
  2⤵
  - Drops file in Windows directory
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:5556
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb1718cc40,0x7ffb1718cc4c,0x7ffb1718cc58
    3⤵
    PID:5684
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1708,i,48604500145988176,14113429117222348758,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1704 /prefetch:2
    3⤵
    PID:3176
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2092,i,48604500145988176,14113429117222348758,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2108 /prefetch:3
    3⤵
    PID:4576
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2160,i,48604500145988176,14113429117222348758,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2180 /prefetch:8
    3⤵
    PID:4804
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3116,i,48604500145988176,14113429117222348758,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3140 /prefetch:1
    3⤵
    PID:8972
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3332,i,48604500145988176,14113429117222348758,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3380 /prefetch:1
    3⤵
    PID:7952
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4372,i,48604500145988176,14113429117222348758,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4396 /prefetch:1
    3⤵
    PID:7628
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=872,i,48604500145988176,14113429117222348758,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=212 /prefetch:8
    3⤵
    - Drops file in Windows directory
    PID:4860
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5032,i,48604500145988176,14113429117222348758,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5044 /prefetch:8
    3⤵
    PID:4376
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5108,i,48604500145988176,14113429117222348758,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5116 /prefetch:8
    3⤵
    PID:7600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
  2⤵
  - Enumerates system info in registry
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:6764
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb36b33cb8,0x7ffb36b33cc8,0x7ffb36b33cd8
    3⤵
    PID:6796
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1948,2745390609383530071,17960521874584255887,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1968 /prefetch:2
    3⤵
    PID:5336
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1948,2745390609383530071,17960521874584255887,131072 --lang=de --service-sandbox-type=none --mojo-platform-channel-handle=2020 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4420
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1948,2745390609383530071,17960521874584255887,131072 --lang=de --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:8
    3⤵
    PID:7964
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,2745390609383530071,17960521874584255887,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
    3⤵
    PID:7492
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,2745390609383530071,17960521874584255887,131072 --lang=de --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
    3⤵
    PID:1888
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,2745390609383530071,17960521874584255887,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4900 /prefetch:1
    3⤵
    PID:6072
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,2745390609383530071,17960521874584255887,131072 --lang=de --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3644 /prefetch:1
    3⤵
    PID:8060
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,2745390609383530071,17960521874584255887,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3884 /prefetch:1
    3⤵
    PID:3288
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,2745390609383530071,17960521874584255887,131072 --lang=de --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
    3⤵
    PID:2604
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,2745390609383530071,17960521874584255887,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4320 /prefetch:1
    3⤵
    PID:1712
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1948,2745390609383530071,17960521874584255887,131072 --lang=de --service-sandbox-type=none --mojo-platform-channel-handle=3352 /prefetch:8
    3⤵
    PID:8348
- - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1948,2745390609383530071,17960521874584255887,131072 --lang=de --service-sandbox-type=none --mojo-platform-channel-handle=5544 /prefetch:8
    3⤵
    PID:6676
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,2745390609383530071,17960521874584255887,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
    3⤵
    PID:8844
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,2745390609383530071,17960521874584255887,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1640 /prefetch:1
    3⤵
    PID:8440
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,2745390609383530071,17960521874584255887,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
    3⤵
    PID:3816
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,2745390609383530071,17960521874584255887,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:1
    3⤵
    PID:5380
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,2745390609383530071,17960521874584255887,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3532 /prefetch:1
    3⤵
    PID:5664
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,2745390609383530071,17960521874584255887,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1
    3⤵
    PID:1888
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,2745390609383530071,17960521874584255887,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:1
    3⤵
    PID:1552
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,2745390609383530071,17960521874584255887,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
    3⤵
    PID:8916
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1948,2745390609383530071,17960521874584255887,131072 --lang=de --service-sandbox-type=audio --mojo-platform-channel-handle=6260 /prefetch:8
    3⤵
    PID:4300
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,2745390609383530071,17960521874584255887,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6376 /prefetch:1
    3⤵
    PID:8556
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,2745390609383530071,17960521874584255887,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
    3⤵
    PID:2188
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,2745390609383530071,17960521874584255887,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4016 /prefetch:1
    3⤵
    PID:8292
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,2745390609383530071,17960521874584255887,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3776 /prefetch:1
    3⤵
    PID:3488
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,2745390609383530071,17960521874584255887,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6632 /prefetch:1
    3⤵
    PID:7640
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,2745390609383530071,17960521874584255887,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1
    3⤵
    PID:6872
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,2745390609383530071,17960521874584255887,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6732 /prefetch:1
    3⤵
    PID:3832
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,2745390609383530071,17960521874584255887,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6964 /prefetch:1
    3⤵
    PID:6516
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,2745390609383530071,17960521874584255887,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7384 /prefetch:1
    3⤵
    PID:5668
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,2745390609383530071,17960521874584255887,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7564 /prefetch:1
    3⤵
    PID:5372
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,2745390609383530071,17960521874584255887,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2124 /prefetch:1
    3⤵
    PID:5252
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,2745390609383530071,17960521874584255887,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7884 /prefetch:1
    3⤵
    PID:5688
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,2745390609383530071,17960521874584255887,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3780 /prefetch:1
    3⤵
    PID:9188
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1948,2745390609383530071,17960521874584255887,131072 --lang=de --service-sandbox-type=utility --mojo-platform-channel-handle=8100 /prefetch:8
    3⤵
    PID:7408
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,2745390609383530071,17960521874584255887,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8024 /prefetch:1
    3⤵
    PID:8500
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1948,2745390609383530071,17960521874584255887,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5392 /prefetch:2
    3⤵
    PID:7932
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1948,2745390609383530071,17960521874584255887,131072 --lang=de --service-sandbox-type=none --mojo-platform-channel-handle=2096 /prefetch:8
    3⤵
    - NTFS ADS
    PID:1112
- C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
  "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\RAT\CobaltStrike.doc" /o ""
  2⤵
  - Checks processor information in registry
  - Enumerates system info in registry
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious use of SetWindowsHookEx
  PID:9176
- - C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\SysWOW64\rundll32.exe
    3⤵
    - Process spawned unexpected child process
    - Blocklisted process makes network request
    - System Location Discovery: System Language Discovery
    PID:7572
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\RAT\CrimsonRAT.exe
  "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\RAT\CrimsonRAT.exe"
  2⤵
  PID:8136
- - C:\ProgramData\Hdlharas\dlrarhsiva.exe
    "C:\ProgramData\Hdlharas\dlrarhsiva.exe"
    3⤵
    - Executes dropped EXE
    PID:7380
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\RAT\VanToM-Rat.bat
  "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\RAT\VanToM-Rat.bat"
  2⤵
  - Adds Run key to start application
  - NTFS ADS
  - Suspicious use of SetWindowsHookEx
  PID:4936
- - C:\Users\Admin\AppData\Roaming\VanToM Folder\Server.exe
    "C:\Users\Admin\AppData\Roaming\VanToM Folder\Server.exe"
    3⤵
    - Executes dropped EXE
    - Adds Run key to start application
    - Suspicious use of SetWindowsHookEx
    PID:4940
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\Trojan\VeryFun.exe
  "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\Trojan\VeryFun.exe"
  2⤵
  - Suspicious use of SetThreadContext
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:4856
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\system32\cmd.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:4312
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\system32\cmd.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    PID:7848
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\system32\cmd.exe"
    3⤵
    PID:2492
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\system32\cmd.exe"
    3⤵
    PID:4060
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\system32\cmd.exe"
    3⤵
    PID:2564
- C:\Users\Admin\Downloads\The-MALWARE-Repo-master\Trojan\HMBlocker.exe
  "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\Trojan\HMBlocker.exe"
  2⤵
  PID:2164
- - C:\Windows\SysWOW64\shutdown.exe
    "C:\Windows\System32\shutdown.exe" /r /t 6 /f
    3⤵
    PID:3076
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\System32\cmd.exe" /c REG ADD HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v 2503326475 /t REG_SZ /d "C:\Users\Admin\2503326475\2503326475.exe" /f
    3⤵
    PID:3400
  - - C:\Windows\SysWOW64\reg.exe
      REG ADD HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v 2503326475 /t REG_SZ /d "C:\Users\Admin\2503326475\2503326475.exe" /f
      4⤵
      PID:8368
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\System32\cmd.exe" /c REG ADD HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce /v 2503326475_del /t REG_SZ /d "cmd /c del \"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\Trojan\HMBlocker.exe\"" /f
    3⤵
    PID:7592
  - - C:\Windows\SysWOW64\reg.exe
      REG ADD HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce /v 2503326475_del /t REG_SZ /d "cmd /c del \"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\Trojan\HMBlocker.exe\"" /f
      4⤵
      PID:2464

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2272

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1316

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E4 0x00000000000004E8
1⤵
PID:8068

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:7012

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5400

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6168

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3432

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:7736

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4264

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5864

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
1⤵
PID:4556

C:\Windows\System32\PickerHost.exe
C:\Windows\System32\PickerHost.exe -Embedding
1⤵
PID:8

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa39b9855 /state1:0x41c64e6d
1⤵
PID:7240

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0 /state0:0xa3941055 /state1:0x41c64e6d
1⤵
PID:4688

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0 /state0:0xa3942055 /state1:0x41c64e6d
1⤵
PID:6908

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Virtualization/Sandbox Evasion

T1497

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Network Share Discovery

T1135

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Hdlharas\dlrarhsiva.exe

Filesize
9.1MB

MD5
64261d5f3b07671f15b7f10f2f78da3f

SHA1
d4f978177394024bb4d0e5b6b972a5f72f830181

SHA256
87f51b4632c5fbc351a59a234dfefef506d807f2c173aac23162b85d0d73c2ad

SHA512
3a9ff39e6bc7585b0b03f7327652e4c3b766563e8b183c25b6497e30956945add5684f1579862117e44c6bac2802601fc7c4d2a0daa1824f16c4da1fd6c9c91a

Download Submit
C:\ProgramData\Hdlharas\mdkhm.zip

Filesize
56KB

MD5
b635f6f767e485c7e17833411d567712

SHA1
5a9cbdca7794aae308c44edfa7a1ff5b155e4aa8

SHA256
6838286fb88e9e4e68882601a13fa770f1b510a0a86389b6a29070a129bf2e5e

SHA512
551ba05bd44e66685f359802b35a8c9775792a12844906b4b53e1a000d56624c6db323754331c9f399072790991c1b256d9114a50fb78111652a1c973d2880af

Download Submit
C:\ProgramData\Solara\Solara.exe

Filesize
619KB

MD5
d2ca3d1be2e7b7eec421dbb13e0eca2c

SHA1
d593b18858db389c7dc21dcae857b803240a1b72

SHA256
de4b231a951ee83dcbf696e6f554706c293571eae5739f2744d4cf738fa16171

SHA512
efe77417bb1b32d10451e1254f0356d34a34b8ae13ee7522a17c6cc2ee9739ad608682972e06df1309cc32199eaeda051f76a2ea4b384879df64dc99e5afd91a

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Crashpad\settings.dat

Filesize
152B

MD5
399ed02ec517096e05db0c9d30c8c4c0

SHA1
7ec4ddb83e08940c433b47126fe5f6d84d71f1e7

SHA256
52235b62b45b3ce0b4d00c5f6fd545e422a6c7f4cec23c12716c87913e354c9e

SHA512
5e08b7424536f7f211907b3f899cbf6367e21f575e1e9a994474bcd4787d0841ac6b12ee0c264d2ca7d139aa98a28f246a0a2cc8c832d0ac7c1162e90114b49a

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Network Persistent State

Filesize
930B

MD5
1b30b44c89c14d2286e8e9a299229fee

SHA1
6e914c38cd58e41c975093d6382a97885f7447b8

SHA256
350f1e533eb420ef2ad2f289c87f2cb3ed7ee16e0d08890978948b347b8729e4

SHA512
c0460c64e75b5a15d733ab19e688d7f036a7cfd25fe83b6004bd31dc8b484892c15a9bee8bf059194319e5c6f5e2fd982d650ee9e9d9bd571746027e0b793b75

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Network Persistent State~RFe59d298.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Preferences

Filesize
3KB

MD5
f20c386cdcd41c9d42ef279edce43d98

SHA1
00a83993eba69381d89fe6ea178ee2c0e3bf97f6

SHA256
411ff2c94559eb5703fc35f2e9ccdc344ea0167ff719234a10be36385abec4b0

SHA512
2f3b025cc26ecf1323c5f3729d83ee153fa18fcabf042e90f2ea377f4573c596156ccf7fd7156d68477267fc82267f2e55bf7151863d702b7918184974c4a662

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Preferences

Filesize
3KB

MD5
00d268abc1d4885e3363794a05f537d7

SHA1
94aecab977bc9c7ea957a677901dab30a0ddc8ea

SHA256
da66704f1f95f92224ee7361f3a20ea071f8b2644ddac7c436dca83e41f186e6

SHA512
2e3cc56598f6f256e995a27fe82613c8a8be2290157bd19676fa3806eea21a1f10013b5c9d6edbebd32ec83d884c8dee7222a2f745da2e135816701caab6e16e

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\f6663ec3-a8e7-4c6b-a57e-cdaf2a5a5f89.tmp

Filesize
3KB

MD5
2001d8056c26f9454d963266b2aa9c88

SHA1
a6affda8220626b15fac7ae59a588a217b8df094

SHA256
16621caf3eba9b55e20ecc459022a503d1e1c5527d0a4aed8a8d5a820b5a7d9d

SHA512
571beac01ff5b4a4452d184cbabeaeafd769ad252cc39ae75775820cba9f86181cb9c43dd13bdc866dc604772c261b0c66cdf579c39c1a3a3f1717a46b8b2556

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Local State

Filesize
8KB

MD5
02957c8c98fa7e1e1f53d68fe9295a60

SHA1
0aab3e30b2d5ae57e2318335cc9e7dabbb2f3cdd

SHA256
d05481bb49a76c057b8ea6b70774422dd1bc01b42a6bb182facd0d4334babf77

SHA512
52600aff9b219ebe591f725f16c6721ba2e0af8c43085444d8950a85294b1d89226a62cac247eca69304d673a1bba14405875d4f7022051d627092969892e8f1

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Local State

Filesize
8KB

MD5
59cfe88222940f8d51b2b4bc49a2a79d

SHA1
e75d015e2665e2b246dee6bd85cadd8172c83339

SHA256
108817b226ae19b1f9763c4a2334829064a80b22ab0b17dfcd712acbd2e1ca62

SHA512
8dc5ad4ef1a468376d1493549690f65d3b7f40bb32622eb3520e8fe3fa75abaae5129b3ac86238063d994825fcd08a5cc81d7d2c219b6924e48c51319d8faf5d

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Local State~RFe5909f9.TMP

Filesize
8KB

MD5
0001f891262458dac08e2cd69b6be9ba

SHA1
b0e0a63788aacd711ff22f09e4f3443c3c0d8d1a

SHA256
7d1c73b10772c45035b5041d5ca5829a31fe18201c496ae3baaca12b20c8ba31

SHA512
d6722f831f12f8358a56b716c23c48622860b016fd2ba2c0246dcf6dafd68c3bc12a41c6877de7e082c6fea655217baa65893c499bebc778a044c617b74fa586

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\73925553-d98a-4dcf-bddd-c93a71170c65.tmp

Filesize
9KB

MD5
0c469bc288ae2f71815644aef65737d5

SHA1
26ede10aa2a8f3323c04dea5bbed4f7a0a266596

SHA256
3d68008a8e64871deb3487eb7fb12756c6b7b806d916ab58c4f1222d7b926e67

SHA512
fa587efc3136f6f64c8aa80d21ee0fc15a820391f24fcad0b4f6d3dfde0c9f5868462fadbe73065d55a431d99ecc1b194015b6de1e090d951b71134192dc5003

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
2afc610913795f696a59cae8dc2fef39

SHA1
87419cc1a047c0ac7d2991ebd19ea326ddc65a3b

SHA256
34cf2905bc8a85507f56fed56ded7d55b1ebbc389874d3abedc1e0f18f2329c0

SHA512
9a74ce9ee1e957406813cc42d02a90d87ee6cd7860a970e4d9ad4466b3e7d46fed7e77a04d8eb952f495dc90b08dce2c81407f8686d05f178f82e41be04b60ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
314bfc4dabc55b1d4ecd1e5cad21e458

SHA1
4ff513016e654bfbbd2874da2f518a3e870685a8

SHA256
0bc1a7e1f4a5fbcee9cd4cdba6b0a012b332cd749c2f520e8cf83f373da11d63

SHA512
4c9e98be761d366c8df4aa5e249475027c1e1749a10dfd6d60d0fb98b8c8f4b03e89cc03978ab5bb8ed5fa8894c265ae9773e40b87d1915437ad5987f5e4e0f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
934c131091c60b6542ab6716a0d0bebc

SHA1
1dec3ebd1644989d7743a7ae2cdf55f92aba85da

SHA256
04fa764f0fa6e00d0ce0fedb28108677cc5fd2de18c1f6984a8de0f69057542c

SHA512
4bcbdce5b80b1d53aefa8eedef8d1196519ff6d53539fa629d75eaa311972bbf1d0a2464dea111c18425b2c75d71c3785dbe9e40c53aef11835bc9dacc9fc51c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
c6116d1b0a6ee7546692885d6cc9c4da

SHA1
751cc1999204531cf8e54327867d784338f68a28

SHA256
5d96122de451f6578f0786c11b2ff1a1d6effd648473eba552e4b7aee6424c46

SHA512
a07e8dca2760923598e3e12c21befeac1bb38cf8cf0a8de28cf107f9d012ccc7e92ff068d1e17f6eafc5af1cee2374b197885b2ab745d373f0ff05b4a90dc1b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
4a1a3346f02506205686dc92d74c4adf

SHA1
6422529596e184453b7db91799046551aeca3dea

SHA256
f9f58e84f4568d82f32d15f8817113b8eca201d66c2e67f5c4be779f6b94989c

SHA512
c0b1fc2030889c28c9ccdeedd5f1d8f8410dc024b9c72396d3e1c1b1eedaa4fcc3c98851664d834207bd03316f2e84f4aaf4b1674ef23ad324311a2a6cb86df8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0e8adb3e7b6fc2d84af153de22e8afd6

SHA1
fcc498d8381f3a5eaca77a5c8002b47386fc4421

SHA256
897dec6c336b6d85ad8c96272400efe5758c22550d2c0c56170f454b34092dcb

SHA512
04b3097ce5e460bd6483495941fe1d1e1a214b239dbfa94ba70658cc2df3e9b8ed97e232e79ccff4548d3a709e32bfe164dd0d7f820cafd61b4b1facf92d898f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
467f3386dcecef97da918e4ab8a313b0

SHA1
ebb46927d73b229a64174636bf6fedfe87900bc6

SHA256
2cdb908c4e754ff9b746508b0cc8985bd6ee4a75ad89576e74c9789fca6e5b1f

SHA512
0f75dddc3249441d2e332fa3bc486d1864beed47d97cb6fac03bd10b6b3cead198b491af8d4c80920fd54fa89a48502c9f72a7b8eab22f824bf99920e3867991

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3fc2939f0260098f86a15d5d96443421

SHA1
cd97702c1f4fcda08c5b846db8d2761172724b24

SHA256
e92f379f548492a68d8d0d99e7395e3ed4814b1b4ee54a849dc2cbc7e5c9c90f

SHA512
507b37058fec188363f62679c7bb48f2f09d27fd98bab2fc4ece0a9b535c0384010ccd95ffad0f57a4740d9b66eb731d7fcc2920eeac5fb375d665fb5f65e680

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
020c5a057102300221bc5ca3bb62b317

SHA1
3aea0e83d3b9649d880fe4f3557ffb3339f81464

SHA256
0d6629997adbd56ac4b9df8f033e46d53b77ef29558f4b9855c5e8af2ef6209e

SHA512
bba9d65f9008477f54f5fda7fd650bef686578518309ef05ef172c8a9678c6a7b4f2334cc21680a37a379f1cc65216dd60920f34463a6190a5b59d26301f6eef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
957d7bcdfbd2d8024d0178a50b3c64e0

SHA1
6c3bf84ac184c0e6351f3b763d92dbda79d8f336

SHA256
fe5e498333a4d63da4169e75703ae490acc5eaa7601bd0ac42bbb8894fdaf61d

SHA512
dd8183742eb363d224c7abe0d6d0fa2f379359bd2cc4cbb931fe98e52bd56ba996af7610268e9b228e2b0aaff2429e830f0af20e6117256aa0348bc588281bae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0f5359edb44f123025bf4bd9f75e8aff

SHA1
e3a9608984f7a5d9f579d74071c0c643960826f5

SHA256
176b6284e002c350dbce31ce092eea41a9a336870bb2173d2cc969a03b0bc3e9

SHA512
56af299015e1928e09defd0a7d82e9825dc45faa3e4fd2ae3f4c23910ece7652c49e56a5b7a81047732f6de3436f759c7470a5541a8153c218b8122aafb54ece

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
70a85dc6f5fd812a8b8e97dd539fff55

SHA1
3fa54acbefaf3f6c27f42a6902a8e96ee07148d9

SHA256
771a789d926bf7885aa1f1740f9c0cad492d6d687f63efff86ae177b04a29549

SHA512
0671e915fee9fa8f95e15d65f4618c228c2b772fd4e2b637620ef64c67cf1582abd623cce81601252ad73ffe36a221a84ac4edea92125c25a9885dc955f2f68a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fa3497faedcf055d3d56c7605da649eb

SHA1
459b481375517bbc73e28b28129f600e3bd52342

SHA256
0f1e4cb32f728e51fdc15976c6a6f629fe87ccb8e0b1712824a51b859435c8c9

SHA512
43ed4edb2a6660f02d9215f4c9200bfe9a6d3d852df910abe7c8f766746c541d35488970dcb49972a84ab09a1f99113c26d717503b5f7597112e7f7e58a0161e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a6e25b03ad8b1c01f3cbf987cfc6e169

SHA1
8349771e519a465ee3ee552841491667fab3c26f

SHA256
d6685bfc7021ca7fceffd970fd58b0906d18e9501a3791b63ed7cfd77787d763

SHA512
17de6e9c6708e38fd8441fcd0f22d47bfb5dd080a915efd549a2a1ac9a19256abbbc6910faca293af9b847d18d1bf18bdc059e27b9d55dd48bf0d37368b93cd1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8cbfaf32ff3448a01610f74a594909d4

SHA1
17366f66e6036d55cde207da7748aec1022f91f5

SHA256
f026fb0daa10f27291664177522bfaa2190cbd54fe1e69adfe5095e1e05e2705

SHA512
7f3e46d5cf40207931ed884926711e9c79ef1aced27cef7808c9bdb9be762f846a19a2cd1585cdcb9139ab56b53d27a49c5decd2f135016e7ceae1d5eed17e9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
73db24773abc1618ed02b83a269bd8ae

SHA1
62489a8fc7901731cf655d7f34630b6d5eb7fa7d

SHA256
cb990f842f0b6e1ce08a009fd8e8133cd794297e7e73d8578123a1656454ad2f

SHA512
35c6e46d57116f3ee4c57eaff9b9032dc46a177c2c83d1348d9eab2a461005f26c002c7d594f5d2159410c09b0ca8a475594bc03b57ecfb4a9ac4153ee613b59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
92912591d66cfd7de8ffcb7e797009c4

SHA1
84d538472639216c56ebb2d360a4ae423f0beaa9

SHA256
4099d4d9dbffc15ad72c2725e27f99f8a79fff158a67ae4e1d3eeb5b1377c362

SHA512
b88582ecf3991df1818d1f79a607e3864500532d361b5d26ffdde0f9c9b39b2d6a57e5265e977c5f584fe9610e660b9183e615eb5dcd1ccf1602409ad99c4203

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4f8d74944836bb7c1f76d8ff0a4ef034

SHA1
b35fa6fccdfb7010552ffd7e925bdb98d0ede7ba

SHA256
05f55a7d564b2165e5f6126a65fd6332fc1914c9584f4118fb81b225e925f5f4

SHA512
eb869168f33201667b8e23a06f0a01ea83f724ae97e480186648a4d563352d2ce4d396f725411f9a464e2b3071578decfb7c468bea4d98ef1444565af302a923

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1314d5d43fc3ed526d113c0faf1e1abd

SHA1
faf555a9e13a3c315c59bbe913b93f3f1b792a05

SHA256
44350aee3d62d893b94819866ec5926c519eb8a6b4725f47e0dcbed84a80dc11

SHA512
7ca2eeb97a47d8ecc02494578cd96e4601d4d340723685e8ef296f93add84f6d763f030108ecde3c5a6a1c6914a14eeebca9a7974d3ee0216826abf00b5653c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
71726c9503c054f4c39becfe57222e39

SHA1
ccfe411ec095471ce243f9473b6c833c157349f8

SHA256
57ed9294d2159dbff08b9cd62e00181f069dec94bb480bbce7b53d3487730651

SHA512
38f5246692c9ee6f1f5a00ffd1df3d157595e618f7c7fc8a7dd04c8700037047e917ba668b62e809db11064c2095a1940165c77e7560d1842385b541b7f3904a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9b66f43ce7f0da371a1bbc1bd85ab907

SHA1
58483ccc4e6878bd3b122a53152a008800498e67

SHA256
bd9e74b69478bece6165822f6aa72f8d1dc1e2d105d215dc704f744eb44bc8ab

SHA512
1b70d6602efba6197217541b620be648bb674dece742688a699432c9a27bcd063e4b8ea35afc1a93a3e4af37997e6e496a9a0e46ead3707fe8e26b676d06533a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cc1bdb3504647b865d35f2bc7ba40627

SHA1
b811ccc92f48349e079634ed18f4a88089a81a31

SHA256
52483f69407402a248499946a71b216a901d4fd0305c4a6ef9ffdd2d7454ff83

SHA512
7f55626e97cde0e77bab607c96fa6529d5eb4b2cf974401e681125632fbd480a127ac988c6613ff7e3e7c0299dd574f657041e163331a4dc1c82007bb0aa758d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
75ee47e4199ac85257d9e4cd177e0101

SHA1
5ffc46c36a587dcc65289bea3418e0c8c58a84bf

SHA256
0ec6489d312cd93637cd4b061bab106ab7df677c9bcf5a2d413007deacd95a3b

SHA512
99dd3eb58b769db1795edea8ec8e49d7e93af423d24b62b5c21764dd9c4134d5182816596b835d4d8784c78416eb927c1b5ec6a9d6c444d9a07b6c1ecb945af0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f97037d70f338bb889c06d23c6a2fa0e

SHA1
36b7046569d130b3798fbbc91616fe52ac274a46

SHA256
664022f8caa4b1f4d98b16e3ae64b66deb5178cafcf1052c4698c3b240f5de0c

SHA512
0f1e7f25a03cf6fa664922896452d2425a835d9ac1afb2f2a083d138533d7929d64d6c47d9923539ecd2622d20c55e2cf8abfbd415539c2cce8fd8fa9b808dac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
1d282d6aec1d14390c4eeaebe0412696

SHA1
70d04705c517dbe596edae0987185d75969b4413

SHA256
eed538cefb0f15f6bf4d05037ba1a88531a1bd8ba2fac8ce2f61b659c14f8d58

SHA512
1c02641f39fb597977939d79388f0b6cfd1bfadea7bd5a00edbbd014ec3b48c21360c12e69e267a1f91a610a7bd231afaf747d0741313cc9e53d5fd458292189

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
236KB

MD5
8b754635db18a42a02435e1542ee28ae

SHA1
73742040161b77535b6e1f609b23965ae3e9d8cb

SHA256
ee659aa05f66aa5738266c522c4fba5dfe47f8f219e65fb943f044d48dd69c8d

SHA512
a1b1427d48d2175e86b7e2d57230ae634cb98dad64cf4429b019899a71936f7dc008fe09f38393b5247ed0dc9b515b225536ec321734662d56860e4fb917b468

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
236KB

MD5
9cc7c7620d28b7aac78ebbf236452e85

SHA1
5ce59c53b2f509570f54ef6c158cc704a101897e

SHA256
69ad76600e74e7beacb370ef5f83777fbc6c4e2de970110caa7b74c688205e0f

SHA512
5ccf7bf65effb288a314eb1b907b0ef81bc98250a9e0f0b46e05ffeb3d0823b6f63441e24eabd043ae89436e53f4e07010e340bfe2e0dd5521dfd73e07d43900

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
10f3e3340d97e3cf8b7aed65553b8b52

SHA1
137f13e749f1a507f03ab1e931515a0580dd3a27

SHA256
5037657a0fcd6a2bf9a12eb8367db777a23d00f9b287055a89ddaa9b1300b2c1

SHA512
6aa9549a406b077e897a026ab0a438a9895706adab71a5aa9666d03dc79fa77f9fed7c5a8acddc6b0f7f36b07b53ec553d9be29b22266b97ba1db940645d7f5d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
8d9c4bcb75be519fbd10c06a2b1210c7

SHA1
c09a0162b0e319f1045939cd0b3e6d68ece4f4e8

SHA256
def27ff5d00eb6c57c0034189e592a98e4e807d962aff28e4d75572c8638b461

SHA512
892c445098c538c4ebbee48c70a477d2f3e8644cadc78e9c42dda4fefbf22182c063a7ac45e2c1183397b3651441e7c4469d74feff3875bdf55a882190a08812

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0b5484bb7fd9a48e0553bdeeb6d417bb

SHA1
80891b10d20f991009ac7a4628de21142b749bd7

SHA256
71ec737a7d5eee251f81c457e7b6de98bfbc909164bb1f2c1ce13cfed4af8ea3

SHA512
edd50fa6fe5a192a5e1e19a5a2320b62e8597ebe8ae63a4e0d0ecfcde85c0ed2d2594a1daf26a6cd2b9f09b61052f9acc8fd61ad6811cc2a207a798fb058c4b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7f2c9d73fda0d3fb1e5404fca259a595

SHA1
d898b1d1f8f1b758824c9b04c496df75f60ce0c6

SHA256
a690b50e5d0e8a428c29d6356c381fe714a45979de70d5bdea4f5adc594c1624

SHA512
eedd62b0cdfe18fa0fd7a9641a4a827650e7ea74d171b8da38a827d5332669a798ccbbc40029ea9d2b749879bd904c12dbe6b8495080b428d803a1792a63aacd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c0a1774f8079fe496e694f35dfdcf8bc

SHA1
da3b4b9fca9a3f81b6be5b0cd6dd700603d448d3

SHA256
c041da0b90a5343ede7364ccf0428852103832c4efa8065a0cd1e8ce1ff181cb

SHA512
60d9e87f8383fe3afa2c8935f0e5a842624bb24b03b2d8057e0da342b08df18cf70bf55e41fa3ae54f73bc40a274cf6393d79ae01f6a1784273a25fa2761728b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e11c77d0fa99af6b1b282a22dcb1cf4a

SHA1
2593a41a6a63143d837700d01aa27b1817d17a4d

SHA256
d96f9bfcc81ba66db49a3385266a631899a919ed802835e6fb6b9f7759476ea0

SHA512
c8f69f503ab070a758e8e3ae57945c0172ead1894fdbfa2d853e5bb976ed3817ecc8f188eefd5092481effd4ef650788c8ff9a8d9a5ee4526f090952d7c859f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\32d19745-9b57-455d-89e9-c4a2896217c6.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
26KB

MD5
3db01f3289b7517e321aac642a91c7f3

SHA1
4d54518f6f94dbe3e4e0cd7cc0d13698272d197f

SHA256
45c8217bf1571647763788b5472b9621330f6b065ea3107e2c6340a60ccb73a1

SHA512
69e7726636a206b910a971c00bb9a2a79835e5f98bc588158f62484ae77cfed138f8741e68b6d69ce77830420bb87df46762c51862a80f01d04112a3561673cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
73KB

MD5
856d0e1bb9475281f64cf4aeb311b21e

SHA1
5b22142ee8fcbcede7d378952550e52fef81edec

SHA256
086442c0122574e8b0fa6a139bf7768af8d0d8170cef87e0abce616519b1f4ee

SHA512
c999592d05ee3df0c25b263d3309c29269ad5a842d50bfb80438aa7a47015158cf6e0696095ba8e3ba696bc0e78db1123e2f4ba4e1bf444e74d62422f334c532

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
115KB

MD5
715d593456fa02fe72a008a72398f5be

SHA1
e948290773216dc1b50c2121314a8cf918c22b54

SHA256
c411f11975d26eb04cd2aa3c071181d4b18e489f1fb97060d4176a3531dfb36e

SHA512
1f63209c93a462c2690442c9cf1c3e5a67f2df7a67dfcda2cb81292a2dbb90641aa0ab81c25323a1f2d9f0fa09b3421d136ae5228c47e581c51912ba284de46e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
153KB

MD5
237f4a0afbdb652fb2330ee7e1567dd3

SHA1
69335cd6a6ac82253ea5545899cccde35af39131

SHA256
1f0189e087fcefbf654fad74a3a06668b782c01353a61d5c0b7f0bf23e33c020

SHA512
27e8e1f91507179c207f93a19485738ed5d372a977eb27d44a4ed163013097d38b117c7a5bf4336ecc9862ca514d78ffcd2b8a07e304bbfe1b2cce9c087baa38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
52KB

MD5
65d03b4e08308519b019a5aa50ba54ba

SHA1
57eea338d0f8a23357b685199790045ca5007716

SHA256
58b4b57f8ea7ed093c6c235395ae81773a9808e15e7c248590dc8cc6a3e468ee

SHA512
d08c29c4fcfbe8bde8c0311037b85f585fdac945c9758b685a73a4195084550d4ddccb97e2e792e33c9d10af9600950c130ae202a83c4fc247d1ef1aa0a314ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
134KB

MD5
b7dce894cafd0ad08c714cfc22ccd054

SHA1
dd66df3b8c066bf5699c0df48fb61694685c49f4

SHA256
d19a8ae1800f02e17ecc87df3985daca64b42af0015f60a5debe8f390a0bb270

SHA512
1756f7bc1468d37d090cd29f956ddbc36e137050c4b8dbeb9f35620ec74dac1b448ee457596dddecc03fe460f3fa1056a61da2f1562030a44a2640c157c870c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
31KB

MD5
b987f4658766c9009a5a56c4bf08a37a

SHA1
1cda3b3beb4152ee43d0626be7bbd051fea18c0f

SHA256
443c4dcc4ae43f97261b63ca955bd9148c618960f4d7a3b112063b8dea0a7d5a

SHA512
6dc257f2b4ab7ef548f42c59c17536512802f8b8784980f6c9b5472734a46025bcbf17a402ba0be018665cbddde21ae9bad37fc56f8a6d7f49f7678b0edb21d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
142KB

MD5
2b7c7fe537a33d71a90adefc4fc05dc4

SHA1
5bf93dc5e615112667a4a1ed8ac7205287d0b0ef

SHA256
681f7423fc7509ee9ad31f10f9ce5f8d84ded35df4b07d2b18aff80bf4c70aa6

SHA512
ac65488510c031df66ec318516c939bf821ab1860dce4b004083d297fc8ed1cd23550d13fd1a0d55246568423fe11429f36f313b092b9d3088847e37e833b538

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
77KB

MD5
937a02fab545811b9b8374b5940bc88c

SHA1
2f838b9cc44069a5636242b2c144279ddfb5a7ba

SHA256
b90c4f6aeed202d89856c69f97d24b555e900bbc2b8654c1f482a2ce5ae08ef2

SHA512
5dcdbdc2b0265da5bf7e7372e9d62951373fd7f876a2acf9a426e5b02c7c4018e3e939cfa2e3b1a3d057b85e7c02ec8b503d670886169dbfd9293eba97a37902

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
47KB

MD5
015c126a3520c9a8f6a27979d0266e96

SHA1
2acf956561d44434a6d84204670cf849d3215d5f

SHA256
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

SHA512
02a20f2788bb1c3b2c7d3142c664cdec306b6ba5366e57e33c008edb3eb78638b98dc03cdf932a9dc440ded7827956f99117e7a3a4d55acadd29b006032d9c5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
60KB

MD5
192849ea2df7b17773852f0d6772843b

SHA1
765cf0a075635257067e81a0b065b6644b780c14

SHA256
abc9ffde7ffe11116c025f8cb19dc82eb6af9292118e5015cd6a90aeb63063bc

SHA512
300f13bb6bceaf4d3747dc9d37abc35c2212dd3576f83eb6172b499240335f06eecead9d19aaeae00456de426f94139b34986c3df634aec0d4a4169e994189df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
57KB

MD5
4b0c111a50a94de649e1e6b3268d29e2

SHA1
1efcdc5c6ca769655b5b1e468dba8ff16f54aa95

SHA256
6e0bca0ffd0163cb6a2bedbb1d7f0dff2bb2e3fdb8aef86a5b957abab389142f

SHA512
2b3809b219ddd34cbae3ce6d568d716c1e925136bf8fbe8b4353075f3448ed847328dc6ad296c6a65b093bbceef018bb49d0f35948f317a12ac8d2f865a642a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
54KB

MD5
285c3221f37d34db1c785d271173e142

SHA1
040e7fb76202f2e002e892e2612d488d210f4564

SHA256
5f64aa58a9063bbef908cbfe25a945557631f55081c896b920b67d9b42d32943

SHA512
77b884676de68e99a6e9d757490dc80e165a6170d2cc470df0c47317c895944b052374fa473d83ac04e63bd838881043c91495c271b3680f811bf21868323fdf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
20KB

MD5
4c0e50267e16196f98c0817785a8c125

SHA1
23064de7af9d53d06a82fcfb4cb107731127c437

SHA256
5e5dd8d3d067b5a50d9284de24e90b9538b96938d56b024074ef602ae7d83584

SHA512
86ca6e9de22af6d21ac57a3775cdb4a287ee39c1cf656d9dffca64ed09f13dd54c30f324e2ee322014272d504e5a4c09297ba8b75a742f4ee67e314c80021e54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
20KB

MD5
575407605d22ce25fe1ac19f68564053

SHA1
8a7cc7704f65d85e4946a5a1388b71f89f7958bc

SHA256
49d118ae21d75029f5ccb48e91bffceeae6bfedd953e97df800736dad88b1043

SHA512
a6c9ae80d4db6a5746244a4b7d80f7132d109de6541f06e98523380a8269b78370ecb465cff157f953bb31e061e2407d29f995818ae0956542bcd8f9f9e5546d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
91KB

MD5
9c92b2ef37554c1cb929984ff06b2d75

SHA1
ff419768d7d07a2a411250312c8d08605cc18346

SHA256
d565e0e4f96dddfbc9e60b10bccaa20439fd50d727f9a0dbb6fcdf87dc0cd226

SHA512
979b6b96befd5d15c0b2f9ea45b71765c94f47d37c0366cb9953dae9824bf9bc4ef71fb195e92764492b301bbe3e05029a6044ac7c544ec33fc9686bb54bf014

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003b

Filesize
62KB

MD5
c813a1b87f1651d642cdcad5fca7a7d8

SHA1
0e6628997674a7dfbeb321b59a6e829d0c2f4478

SHA256
df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3

SHA512
af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003c

Filesize
67KB

MD5
69df804d05f8b29a88278b7d582dd279

SHA1
d9560905612cf656d5dd0e741172fb4cd9c60688

SHA256
b885987a52236f56ce7a5ca18b18533e64f62ab64eb14050ede93c93b5bd5608

SHA512
0ef49eeeeb463da832f7d5b11f6418baa65963de62c00e71d847183e0035be03e63c097103d30329582fe806d246e3c0e3ecab8b2498799abbb21d8b7febdc0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003d

Filesize
19KB

MD5
1bd4ae71ef8e69ad4b5ffd8dc7d2dcb5

SHA1
6dd8803e59949c985d6a9df2f26c833041a5178c

SHA256
af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725

SHA512
b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003e

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006d

Filesize
21KB

MD5
35efee590a5abbfb96a546bf3f982a66

SHA1
3300cae500d40a69a48122b1e59fd9ba6c25c178

SHA256
2165053336d447a267d3f503a7e72dac5c84d9a624f0b90393cbabf5fc0657cc

SHA512
fa1469f31cc28f4ad1cf4da71e096eafaceb51e8da194d97fbacc1104e528e0efaab75d26476b70ec2dfc2c2ab31008e8dd7d4b118759b041997f7465ded56a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000074

Filesize
35KB

MD5
0eb09aa03b554f620dfacfb43c487f86

SHA1
b2c9bea035f05fe56dfbed06eb999bb97ea62305

SHA256
bc5b9bdd45b3f3c6b255cb7132c3bf3bedc084a8bb6d027f891276b9726711d0

SHA512
3bd677f535aca5c157d82e810b7513a3db893149001f6764bf6dc5b2eda27fb61cdb5eb3008255ab28e99a2dcc0edb791c599784f0a973640cdc2196dc9169a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000075

Filesize
68KB

MD5
4faf1255ff9a2a1a670db039246c3577

SHA1
9ff47f901800efe5946f19abed99ce7d4b549ead

SHA256
38ff254caeda0806858d81a460d730f1c140f6be9b7889a757ddbeeb132b5d03

SHA512
9eeeaebdde4240a1d7f69cdac028da975833899dca41ce665ee504f1752207bcd5c56ea0c1d4a972d12915dea075025a964ea0aed38135ae19131ce079a91d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000076

Filesize
97KB

MD5
3a5fa9321209c671d5b8225796972949

SHA1
807f95b69f43fb71d346e4530f5594930f17816f

SHA256
528f068f9e2548c79f402f5f9e52b1cbdc114dcc7573a83ad4a2507cb5d6037d

SHA512
ff87f1bdab1e1c47f1fa1360556704d5dcf728c4d614cb1028b604b752d5a13c5897e6432d153371de224a7f7f293fe51bc0e8dc56bf90e26db2c96d7ceead05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000077

Filesize
428KB

MD5
374556bd50bc307b30220aca72743de3

SHA1
1e21fa8d4ad25e85c949e68e1f03f9d5fed88511

SHA256
099d38b74a95dc95b26931f5a13f6373ee577d296c73569df3eb96c8f7af84d7

SHA512
0f51b2999401d1e5e22a70f198fde3ed791d393e83cd8e3de8ec8c35884d68c5b67a2d6e4eec5e413a3b37007469e9eac8307de7e733fcd1e63085b117f0dd4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000c8

Filesize
20KB

MD5
99c59b603e12ae38a2bbc5d4d70c673e

SHA1
50ed7bb3e9644989681562a48b68797c247c3c14

SHA256
0b68cf3fd9c7c7f0f42405091daa1dda71da4a1e92ba17dad29feb00b63ef45f

SHA512
70973ea531ed385b64a3d4cb5b42a9b1145ec884400da1d27f31f79b4597f611dc5d1e32281003132dd22bf74882a937fc504441e5280d055520bfca737cf157

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000c9

Filesize
38KB

MD5
adf2df4a8072227a229a3f8cf81dc9df

SHA1
48b588df27e0a83fa3c56d97d68700170a58bd36

SHA256
2fd56ac4d62fec83843c83054e5548834a19001c077cdb224901237f2e2c0e4c

SHA512
d18ffc9a41157ea96014a503640b3a2a3931f578293e88cc05aa61c8223221d948c05637875d8e3ee5847b6a99341ea22b6a1aee67c170e27bde5e154cf1b9ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ca

Filesize
21KB

MD5
6ff1a4dbde24234c02a746915c7d8b8d

SHA1
3a97be8e446af5cac8b5eaccd2f238d5173b3cb3

SHA256
2faaca6a253d69be3efb96620ba30e53ecb3de12d5285b83ecdba8cbc36e7311

SHA512
f117b822aeb0a434a0750c44cbf4cdf627bfebc0d59e266993a4fcb17a7a0519659e13b3bcf8706eed7d80d0ce33b0ce5915afe5872c37c010a401dd6bb1187b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000cb

Filesize
37KB

MD5
5873d4dc68262e39277991d929fa0226

SHA1
182eb3a0a6ee99ed84d7228e353705fd2605659a

SHA256
722960c9394405f7d8d0f48b91b49370e4880321c9d5445883aec7a2ca842ab4

SHA512
1ec06c216bfe254afbae0b16905d36adc31e666564f337eb260335ef2985b8c36f02999f93ab379293048226624a59832bfb1f2fa69d94a36c3ca2fdeebcdc3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000d7

Filesize
16KB

MD5
686cd4e029335cb803ea8b47ea727bd5

SHA1
acb03acb24c943d81a8e4822466201cc4114692c

SHA256
785ffc242cb18f8e9ccb9ab96c37df3cdf1612a38a325a2a9bcf8164eac6488d

SHA512
a54e055ca8e021757102aa6c7f9045959fa32a7db215595cda8419ac96f75f44e1f5846037e14b6a20d0db51c4b1e974aff1718e16ff5d7650e0b667ca09721c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\02d54bd42e16c9e9_0

Filesize
253B

MD5
444d425d1d12cf513871a1eb8ebba83b

SHA1
2d8af46138e6b324cb87e5438723d8d7f25401d3

SHA256
c2ebd5238a1db0f96e2b9f80893bed125eae0f16b75610cfe3cee8520ea58c7d

SHA512
df1e33fe7a1b2df2fa8240b96a6bcb38a8c6074cefde349ad18d4473f0df740ec059e4417cef4d7353ad7d59acda65adfe2719e0e95e9c8a73ea3c2badbb251d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\03114a5f9aa8edce_0

Filesize
253B

MD5
90c43d3e59acb4fae0acb99bf8046ed7

SHA1
dcfac57714c0001a72b0bd7baa5fc0834834288d

SHA256
3643ec7fca68b43994b1b078fa657eaccfb37237e8bb6d665fe6896f83db8fe6

SHA512
28b780799fadccb4f3f004659ce88fa3a93516f3981d1327b53470ca8ea740c95abcd7c2a9ae0750ec9f08027af8c584a44b3679aa81af28da040a452e08e622

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\300c0d45cbcca3c4_0

Filesize
311B

MD5
cf78c4d07957480c490edc769ded86af

SHA1
6772b14e740b792f7d5ff31396d6ca293fa7abfd

SHA256
cc95e9fbed324e49a8185415a3feaa25555f470571f11c4b71c6e61fd959f148

SHA512
84cc58e31023b5aabbd27920e979aeffbd03b112280657da15487914dcffd1836844ecf742930684f46814adf4f3b5de5378a93e65005d7c764b50db49b63e1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3b7ae11c3218693e_0

Filesize
1KB

MD5
98e25167a69fa814d0d14f7933d223d5

SHA1
207460cf1fddb61ef56dcda6513503f4bbafc230

SHA256
12fdfa88b0d9163d345a905e52147528f4e69e88956364427fd99b9151788e78

SHA512
926ffdbc90a9a514497b3e32610bbaceccba16608d263b7716a44dae69664dcf8659eeab01e674487128579d14595541644016097ff4e1cdd1c4aab9084cccab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3e3de784adb5ecfa_0

Filesize
368B

MD5
8583fd4536f5617309dc3f931764f935

SHA1
9cd5b72ca6210ab800f4ec35ca7d0ce4184697a9

SHA256
ceca9db9e93fa3d229a716a3df3181071e8f4887b3047b9cd191880904154bf8

SHA512
72d2b140b0d90be62c7de14e399f4b2ad3d0f9b3d744a5c2a8a1105d8ca788c6ec56532170ae60e2d6d5c05610eacb5722082d02edf4ba1e09ff65a054311dd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5c31ad92941c8252_0

Filesize
737B

MD5
5f23bfeda1532a8a8b6ee60f50fa23ea

SHA1
8e7f6b283fae231999672aa3abd84dec12410186

SHA256
077f49b0082baad182eac1077a305eeeb1bec7f0efd8219086f8d1f11832de71

SHA512
16cab7c03adf35953281cb5c34870547b9259cd38ac6014099dfbf3e67ac2686bb863dbd9ea84f9a789e5144717ee781e98f7b6c57b799dcbd2abd9c05607823

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\71848a3da7ea1aa8_0

Filesize
301B

MD5
a250a9a1f76a14281fd026bd80c2af77

SHA1
9e7e21d1a0a9361813652a604bd4010cbe7fa20e

SHA256
bfc5ce508e4106296b5fa2ac2def54c316f46a9d8c385e8ac44afbe5d366dcad

SHA512
0d3c9f16f6e86403d50c13530fb0c6c7c96c4f4074b650503a801c8d9fa93565d7fbc8b170a908fc67462a1551e8703e3a4de67d23c7afeb3c214dbb8e26aac5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8255ce6ea9e60b08_0

Filesize
205B

MD5
84aa0e0cef8cc95c7e4c4419605788c9

SHA1
2615c72769341ce2d212a080b77c4a77bc675455

SHA256
b7fc9861ea98fb1618a72f29d29fdfc1864b8df3b604024007b58c2186dd0e0b

SHA512
77f02b5e69d188b3a7ee7f518e896734e942f8291f2ff192f937af7c66eb52a6c172710b4bb6eab18efa38df6e81fff007331fa145cf77aa173d2493016e712c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\825e7f2a737c3ecf_0

Filesize
401KB

MD5
cbffa7a2989cca2f1c6656c8bc0e4dc6

SHA1
392e5e08f7a9b8dfd02cbbfc5c356ddbea5b4188

SHA256
7c41342916631856d8f14cf3da2e8e741093108131ac7d79b6f357b8043fd928

SHA512
1348b7074be6d81ecdabc99a7b68b9c44ac6bd0ddc7f7f66e7010e97a35028f0f1495a9aa34dd141af2d4f12465164fdb3967cf2a051d0185b93cbbec0162752

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8859164788a8d3f8_0

Filesize
311B

MD5
4522658d58fd394114fff935560fb4b0

SHA1
2584a81f5812d59d707feec6812cf7ca47cc00c6

SHA256
245c6fc9f13fb59a1daeaf976919d15268cf5610b902b977eb55c3f352a47bdf

SHA512
a8d4aac8571b18f89be124cf05810f4a1c842ac41c726432b4386e858ed54fc5c627db7ebdffea4b41259e094789bf6278cc9cf1f22ce3ba1e370c4eb65077fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\89a808d9388c3cfc_0

Filesize
155KB

MD5
9d2f704a0583a66c8229664a4f409245

SHA1
7f5261d57b93327a070a3327f6512c57228fd36b

SHA256
a8f0a62d6223d66dc0c85d120c8e91d0ec5b3a3a96fc01c6a8f681f97aff78ee

SHA512
ae4b7de29a1bdd4a153e8ddb2bd11008e38a05c84fc993b8b3a45432a71299bc7bd64e5731f8ccf9212a869cedcad495165363059932cc69b811fd8d71ead1f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9699bdad77f67583_0

Filesize
54KB

MD5
8f4e4644dbe5ca0c236f5e7e8fce5d79

SHA1
cc52b998c1f7c124c89d3c40c6a5bfc3ed842478

SHA256
24dad64d80b00f0a80d0939d0d2c274225a06f140a019f03c6864b85c5e5ffa9

SHA512
4e804450244b95392acb9c0bb06c8be1d7184c319637005b39f69fa66889f4635fd0e3534b383bb76bad9a29057ea620eda4da4e5151b54509949f7641909fb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\cd8b676685363cc1_0

Filesize
94KB

MD5
b3d8c33cdc9db52825860dd44cec66de

SHA1
e2c6fa82d3933b3150c1176e77fedc182e7062f2

SHA256
5848e2818adbd9aa8d79bd17f74b382ef5ae80ddf41a8ad888b6c0d72c52687c

SHA512
8f9183a420692e983d4bfbdaa586de1b79731b396d34a3257c92c4a0fca44d5e6b1fbaa8a7432e060a28efbefbbc5752d023e3b78c863bbdf3b1c8a0ccbfcdf0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d8e0e81de3b3cf2a_0

Filesize
269KB

MD5
9811f4260fed84da17b91a04fee923af

SHA1
b85404a6127fab3f1b6453405d20c06033161f97

SHA256
26513c44f8a4d0866341f241a3ce545fd3d5b2b64d668282c10560f36cba1573

SHA512
e1e537e6793f887ab863f309fbe8467c8e754cf013525f9a2310aa496e3bcd64b99126f4fdf0c1e8c4211f380fe0ba4e3187ff5a644e9ccefcab32ad92efa30f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e0fbd06e41059c13_0

Filesize
240KB

MD5
41aa31c796b036c92569e64bf7cf1695

SHA1
aa0382ca26c44ff951859d43a3ba1a2d7753f5dc

SHA256
fcb73d351c5da4a9bb288b5072ec44e74df4b8f52a0c68d642b105e372b0281c

SHA512
f6d562903a65e33cb80ad6bfd3339476856f376732c31c45e89867fe1cac56d19c4b6eb0e32aaf356ceab3dc8735c45fec9182fcac265ac9460c8792d9f86888

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e49674bb4c9cb85f_0

Filesize
431KB

MD5
7e88d9a347345aa2d30d69039d898b75

SHA1
f8b311ff65e99361e293a09942e1a26c7e464bd8

SHA256
9c706a15e18140f45c6778a39543a5604e79e19bcdc5d919297dbcae3ee18ddb

SHA512
d3336138f4a9ac1d7097a4b4f31f5ac9173edcc72e3e843bcdbae3c40e1f505fd5d8832f57d71fc17803b5b701bd76b248e4fe9c0671aaf92cc24b66dad06cbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e4fbbdc312bd656c_0

Filesize
3KB

MD5
67233c60ab8cba0603c0ce49806ee505

SHA1
189bd523b836b949b86e5cb81204064882a7560d

SHA256
f0699fe893c0491c2f1c76760cce0034d5182a588082a4781b7a46915a0a598b

SHA512
45a481e26fa6c640b5849080c5c6aea1f00950ad2a5533737f5661d9a52ac1c3c24793bc5b8dd8c7e46983aa93f223cf37a643348b233805c0fe035c8fce2d33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ee46582361c18fcb_0

Filesize
264B

MD5
85e82c99817509ef10bd530638051021

SHA1
dfaa9db34919c79908d70f00ddd0fd9b124e8c76

SHA256
48a9bf43213257346c807a311bc51ccd912d6856d34292923905c3ea869f1051

SHA512
5924b7785e3e5cf79ea7a1e31b402c1da15a2b2bdbc76a4299424a956e29b298e782cc6605bc8900a5e3c3387d1968550c16e4f74196822240153805ad0fdd35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\fccae4dbea48fa2e_0

Filesize
72KB

MD5
e20b112687a96b20ad4e39ad21282b21

SHA1
1ee832b261d51483a3bb1ef548aa65e24d7c5c87

SHA256
6c9c7bda921b11e3d56e1885109b453bf8a7a9f722e703654cfc0915a6b6c1b4

SHA512
255cb413e0656aaf7a9754799a4c6d170aee3d317a59471b249d22bae5b248cc570f86dc0681238b8aa5e9ddba5b94a5f4c33c6e96e78a6c76d77f6c99d7ea90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
5027ba73ea3ee410792dac737147dfb1

SHA1
40380666b9b486930daff72e6dfa8422649293c8

SHA256
5182d355dc6e4ea705c53e0aff45fcbceecff4287c23cc65c7132d580aefe330

SHA512
9c22df2520465e97bd635e47b5f5462834eaa4e32c075c18ada7d2c064e3dc053160873d2410539a0c2037190080920034026787bf7cb85ed483d53333266fcb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
11KB

MD5
30612a07b1a216af264a3da3e4d46578

SHA1
779a76b719e5587d7d6a360c346603dc3e924c2c

SHA256
032ea4a2519f5205ae03321d63a0e44547795f39c290cf583d184aed26a8ce07

SHA512
4498b7891363612c627e08d35c720c087831673aa4f3926bfb7d86917fbe7ec1a951b1544dd10e8c00db99ad3018557774844d974fb7dc602a508736fe0bf5f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
605845b2689111d7b7933e2a97ab59f5

SHA1
73cf4aa42a4898a1b57ae0bc8e630e996e0e2275

SHA256
1c7525139a5f890da92a4c3ae5f52f8c37e2cf1ff92e9dd06aae8eaa1436ba3f

SHA512
473fa766dda277f47617e2c918fe70c7ba0190775bdf334dd83773a2e3471366dd4d7fe6b6a93e65c6c0dbebb243e4a4d1f79c128678e08c22f3ba59d345acb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
27b29f6a8d18668cb80a2d6612a531e9

SHA1
26fea9da09bbfc615f423e7014e5801f14a7061b

SHA256
be0417d47406eae8fa2c9f42b07d4aff458fcf8b7d8c6b97cb115d681a9e0e0a

SHA512
4795e82e135f62e87dc7473a2ae28451f928d00b6f7a93fd3355c09080a35ebe9aed2ce8a09311bd8a25a3100845c78ab06b92ecb4a4d4f25d20a39077b25158

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
8KB

MD5
adc9135d79356265cb028d1f8443d012

SHA1
c672112cca712b7d6e3dcc212d1f582368e472ac

SHA256
10de031bf9f7701bbb4e76fa8cb808b6d720e48df73d7b0ec5b74deee2897d8a

SHA512
353980f3f8b6598d169c9dcd73e9849325533e3588a65c236da83f5b5a32898d42575cd07bf3e2d84176521a47c47ee99549762055ee620d9c48e698cc806122

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
7e53e9c55e0de8870d91c20a64dc0d85

SHA1
2466165ac46dc7acbf0ba5b5cc53cdbcfd53ab09

SHA256
3dbe1a4463f288a98797f5528c002905b9bc92adf03fd41bae5c2cf7adb063c8

SHA512
3d63aeb54caca7d784d303217398d3f7e1aeffc8d6b5ad93a2a14f149557de8fee7d82a950784ed7b2b95510bb39ab62827a71b7f36cbc19782cb46cfe08eddc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
402cd37eaaefa53103176fc3cabf68d9

SHA1
a20fff8a2869c0ff58483a194f4babd4488ae088

SHA256
48aaeee41a9c2551a9102a77349af009ec4e180b9b2341cc78a78c8f4922e519

SHA512
9a4fc5189cf7fefb3122d83b6664a2ebdc6d871b4565ac1970c8f041e0ada874b07080dfe1cc7dc17eeb916560b9092092e2984332a50bd9fe94dbe973ca00d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
3ad257a70ecb7a78064c2e351daf2d32

SHA1
58a225e0d0996bbed0e36e92e3b148c15820bcff

SHA256
5f6d8fd29ed4ca62405970a4517481cf74168385d7676fe4122ff571ae05111e

SHA512
dadb972a9e2b1c9d3b7a147ada6e81d8b7531ad152591807bcc35c023734101cf3c4a1154280704f3946ebdc09616498477a290862aa6b373f6b02a63b9ab089

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
86b8f5054c4c32754fb77b1f6f195f18

SHA1
c2dafc0a4baa5d6b21bbbb96b7076bc3ac8b6710

SHA256
827c37ca011b5d0544e51f117df1f6c9081abe72c7f98a7c46951db3929be825

SHA512
fb6961a49c1069b566d29821349cfc29dad800c2c7f2e471a51889bbbd47835d3508cf85a658b03427cc8d869788ab810298835d2bb732629d5f63a4b95c4a63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
a38606e706283c64dd1d1f506723897e

SHA1
bc4c950979bd147d92bfcb485489c9394014bb3d

SHA256
2ccb35fff81bce3a67360f19abf1c8182284c670769985d41068618c5feb6ee6

SHA512
900e39df2c00de2c2ca41805b5808a9d6293bfdf44111c95939c4f90c0b538b2da2c1bac30bccdb1b0af8e34131c5dcaa891e0e37848a2871f91ab1f6f7d4414

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
0205381321e4ef69734e4d976d019fa3

SHA1
43ebe3bcd25159a9cea45374a339f4d5f6e9f894

SHA256
6a5b800bf1b01ca39b05aa6ce534b3e149d7f9bfd0ffbbff80a927d936164adf

SHA512
82b9128814e3b72467dcb9628e9465d846783a6f79c6e27c64c577c522e8b39024b3372354b0591ded3a4270c90ba9468423d6295da0081a51aeb0af6cd5233f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
897b8469a92aa7b295bb35504686bf7f

SHA1
08f078230b304e63c0a9ee2e8cf27dacccd2d94d

SHA256
eae9de842075bec3e5e08103b90f1bcfdcc6790ff17779b579dfdfec48e02324

SHA512
989f1370f320dcdde5e427e7c5e7f845ba69ea13fb981c70028fe3863f8d9b6e5c5766314c908d5f2a976d2857bc4f27be6cc41ed12e4094e22767a0bb099a85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b3074d539a382a91f5476ce892bafdf7

SHA1
c873509b50c65a5c75498075146ee3db877aaa80

SHA256
8fdfb33207a0c057888391d84a4675f42cd6b12cba87a6fcbbe79bd32c79a588

SHA512
662b8cba8c4f86216293b909f743e1768a7342c5849f83bf2a57f0a705908f3b8ab4e8151531fe7e9fedfc6049898d10c0d38a62b892990da5114f5c34c49e37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
d38bfcb1f1de7df72fffe1fe32885ca8

SHA1
131e8dfa7ff1485d92257b7296a457960e084967

SHA256
5df77a4634181b8f7aa1a9e1ed49110067950a3f6868e06cb6cb0a4a44bf83d5

SHA512
4fd89f23f450d64c1d97d06c45549173807b50ad6be164628181bebbea7f8fe9fd305c8777ce97a941f8d28ecfd787535b9ad9356de3659c94c736bf624c568a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
e449a015c75667b993b3c80baf0904d3

SHA1
506449817e9e451c461a4a12cce179edcd43ef7e

SHA256
f2e7e6bc8e59881a9e9f914647cdf23c4d45345f5a87129960df7107c95f3649

SHA512
946b15a48373b8af768f4a97e2ccd39ba9f167342d78cc028eaac67d259d03e77dcdce0621b031e6bf0341c4b28d61f7238c2c197db14d435b67796bf46b7ea0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
da8f520dcaf7af7c6335b2ca442d48e0

SHA1
9b19cd50c1235a143b6e0aed9896a8496cb01a0e

SHA256
bd40af5329f37de9dde3a8fd8ed1d939a04e068e6fcd7195ae45cdddda14101e

SHA512
86563906aa8c1cf3dba5296c4a2432add24e3b757168a1e543bc100fc8ccb7f969da3abce289db8576e1e11f5b94855bcb27ec62645c8fb263f94a48f46d5518

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
9a09c0936f7573f0e5f213aaaba51a2b

SHA1
f8f7ef9dc32369a9435454c600a003d57a0239f3

SHA256
8fb54c86d05ac62926735cfb61aa7497a69f02a070881b80716dd4ee2d706f49

SHA512
aa967d05c17dc4a7cc32b4872f9c356a727c73b947cc2d120864c070ea1ca095d57a8ebebe6347a1f790d0699877f0c5df0f36db7c84e3b64911c0fb2fb80485

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
e5e1adfd8045df6ee66b73c2430864e8

SHA1
87f146130c0e56c0d720d810b0e7eec4d481b81e

SHA256
7d2e61f69b11f24aa6672ec280f7c0b8f37d2ffdf2e31c6c72c4fb0bfeae9a43

SHA512
957bbb9d0794f7dd40eea7b962c268e9e20128e5bc5100041ce5fa753a67a449d549ca88424f405c84b186808bf5c7e0168a7f053f61811b756b454292ee100a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe581ff7.TMP

Filesize
48B

MD5
08f302b85d32dda1d2ebd4ffcb960201

SHA1
ce78e94e8426d2c6a203b21afb12ba45e6692a46

SHA256
0728b373b4b762dd9107c9316408d0849262d458cbb69d60df0b3919d7118441

SHA512
d91d7ca2a37e9fc59bd0c8d622fde060f23c6e6a0fea17694eec321f4156203fef7aa0e289e077aba4574b38288d14c6e2834865281095cf04deba456c6f232a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
6814baff22c76d591ad95e9c8574ef9b

SHA1
e6a1d5771636b00f5c39f92b371d20713700d9d6

SHA256
df4619910f489d91164b1664456d02f379b532e3a220b50648c9277a1a7f30e4

SHA512
1e9fad355dcdc27af371a98625bcb986b828dc4f863ff90803238b6c448d5ae8ef38d19e2ba3f6f5cc563e38f64fed1db64c99cc6b265a206863124192bdc3a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
a385ba4268c7fa445f405cbfe129a440

SHA1
a2b3a80b004629b944cc25e33e13f65ee7f99da6

SHA256
a12909994914273f925bf0fc006497f98fce7e5be9bde47c0d1487adfdd3fcbb

SHA512
a5e7f631d526ddb347350dae9e484c01a05c8767bcd0072564b08b14dd007f0947aae33aef85179ea37ad745d9ce8a75eef3df3a6514884f6c085a0689b4fcbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
2bc4ee47c606bd2774ae11017ebd8a5a

SHA1
aecc8b440a221798c6b4f2c66d2b2098aa845642

SHA256
32319a6b5dfee7ffe965a160efb8db0410be9a2f8a90ab0f271ff16e1082b25d

SHA512
037864eead06f85ae865b6fe18f88cdd36c869e61f5d8b26aa32992b694343c88de278bc9c0f518f6f3e8861d433202c94564153ab8cab6be2e20fba481050bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
96961ec675bfdd168ecd981bc050b15f

SHA1
60c6d04fe760899200f9924220971f60ac5feeda

SHA256
cf2d3ffffeae1e1d67589da5ea1bb54b338a27dbc9a047431ea84ebd01d76819

SHA512
ced2ea794bceedca1a7c7967ff73a66ede23bf2a0c3676d8cfb3ca30725a0660b8560cdceb15c05b636b78cdb451fc87d7a1ccbd7703ad468c74e7c5341525a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
6397dc8f802c00814f410d07bb173e88

SHA1
f6c07d5584aed91eb1e889664ca621ca1ea0ba6f

SHA256
7af9ea54a3a57e5aaf10591c0afe2ca2a297d694474b826dd730de98e8ba8eec

SHA512
8b1d635a9a86d0c5298069628b52c137400dadc4d4dcf3aa10978d72579ac3d640a0b789d4fcde52ca3f72897af836d24bcfa285c4e26caf937a3113a5320962

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
a2d5fb33e243232f89c192042e121726

SHA1
5f52121c5c5f1ba756a1edae546e8080a8464a0c

SHA256
83905715bf585378318cafbb3d462344a7f5e9a06b7d6fc0a491c50fcb180016

SHA512
941eff4aa1a6a4e2289a0eb5e8cefc0823ebbc7dcf69a21556fd339aebf835ee81f8b2681a329586aadfebbb90ca97b05de9fa8b63222898ff15c02c0b6f4d1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
f76fbc84b7bcb9febacd2305f7831610

SHA1
4d0dd00b0135510f341356663f27de6041ea7c9d

SHA256
d02960a70756386dae2fc36d737b560da279b10a97046f175196ddad53e8df83

SHA512
e4f32f4988c72f5a19932b876558c153dfdb2a747c03f56217d04893d8941a1fde24bd97daff22974201c5524677fc8d9c997755c783dbbb07c2d2865845e8c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
8cd6911f423ad8672749ed2e17b77f0e

SHA1
cb52017cb9cdf55186c0c4ba493f0d3ce2977b8a

SHA256
fe88df6a2155cdd773ac2c641d58aec1481bf3b06c3801061a3395882ad553e7

SHA512
24b0ab19a2cd72af2f253ce005f1972e2f2365bc2bd0cdfaf0acd92c4518f70fa5cc8fac3c74af6fb05c96f780ee34e5c189f95edaaaf06f8a279572cb64f0f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
21b3eb02b04963c7d6afdbad67187e8e

SHA1
3b69b42d4ea025c7a3743068c5ba0bf359b432ec

SHA256
38188875bc040b47eb329761a703f93be1d1eec3d549b2bdad9fae221b2d10b4

SHA512
12e6140bae0209c0cd101ed2b88cc997e68d39e1637826f0fc1201521d3727fc06c388619655baf989162e5a8477f4b6c53f591b01cfa866446a8c25b862e480

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f1f88337a8c2571acb8fa70e8048771b

SHA1
42c0c7b5d99c65ad730b55026985133ee11ee8f5

SHA256
9556183c3f724e7f7ea4b9dbfeeabacaa7bf2c2a49d53f814c5ff88095038462

SHA512
fb176cb06394b8dd169ac4dff49b91913b7f13b756d35d0dcccfbb86ab553ab8d72e558b2eaad2a7dd0dc1a9d256b5cfb4f6b1815825b2333769124b7f3f406a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
7b08d401b6bc61ab5c3daadfb36b976b

SHA1
16f934abb4c71bb7a158d9fe82fc881e3e705ad8

SHA256
62f537a9c4c2461cf65ea6b623edc3c812658357b6a69b0cae0a84820c4ea5e2

SHA512
cc159ee5681b44689022702c06aed7175854f83d5c2edb999a5ad8b513adaddf241e9ecb81cbebb8e3d295836129d8214d2ae28c647b2e0b297b5e6fde8b792b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
66f6c3594fcf052c43a3d396ff63102d

SHA1
f77f8fcf72682e17557f7bd63b793592e32472ff

SHA256
f7e0bb9316a9fd3f99b6939d7d7b4b556280d34f9f3243958ab1633873d29c55

SHA512
997ad6a91ea2450ac2b560cc423f313255383ec521d084909876f6227f34b838a6c42bc518ff95c57a96e9b5004867d07d0f9980d8daade5802f7a689653d2c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581e31.TMP

Filesize
1KB

MD5
2ee0c282fd9eaa55b19afbc9f35e9eb0

SHA1
3d808f581c20eef760a4a63f4cc5ec376a8c8cfc

SHA256
ca985bfd16e7a6a5e292b8d729599ea2d0083c0f6867374acb8d30a8e8975887

SHA512
c8858befa556699f2ffc030b2d3d87bac3d01ae2a15ef125b8a83b8b0856e52c11c2749b23cb3b82c084bb24ce5a0549b8af041e4a404f171ca80e2cff247dcc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0ec8d5125f64974bbfe3a04fc794ea1e

SHA1
2701035a37a3b3ac9788935babf1a460632b1cb9

SHA256
92097a99fa1c79d8d6e042e79ecf0ed4b0527ad84373cb626e5b80ba0e04d8ca

SHA512
8b75cda09452e3ec0161986ecfa5c153a14487d782e57fcaf5ad70da5cad1e1d89ecfb6905cf9adc281e2a4dfca0c5876f3c23fce1b305d05e1ac5b088629782

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
6e30be4c309f865d1c8b78dd65ef6964

SHA1
776667a5c4cf4125a49a8fc231d0addc613aa4e9

SHA256
8c00f11ea04680beade079c07249069290b302ad36e82e3de5550d73f9f4234e

SHA512
7f049674ee07060ceebb40126e9817772da35d44cfca46809d137104dbe2cb405d019e21a6d173e3a677cd7c652038ff49f5e75b19059aa36af4a0f2d3fd6be3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
ff8d3d1f2aa7952b79506969e52716e9

SHA1
0c618ceb64639eafd83c7a17b6bfda59db917ab9

SHA256
ca30c6ccea726c7315ccd5dd3a770740b4cf2c6e967ec9799f2673b2a2c32c92

SHA512
899edd139c5019234f47cb7be20d63dacaf5df9767bdafcb33d3b528b5dd97e4d4cde2a528d6973997f526a1e8f5946527058fe5e5d1f6107ffab1ae3dac214d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
9bddadb91f60a73d7216d798316b4d8d

SHA1
a8315736095c94ac7346928458457027926489ab

SHA256
c28c4246dae67fc1b084dbbf1fdd64d178d584051842da35c6cb5e4a63d262dd

SHA512
244e39b9fd9b15164d0feab6bca88b3426d2850ea8793e9a4addedab475f93d19f48c4311a057031d9786d3f70435f5840e6cb70791e33c477a3cd2a589f0467

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a7957e84b90be5eafc435644febddb74

SHA1
1a3b0c854654455e6760839cfc3579ee2a21c143

SHA256
0cd00550e7f431fb66115a423482275da894c65807e65eeacc32918a56e2465b

SHA512
f2dc8631cd867f254c835f01d555e5586587e0a21a00c7628bbc62ac554b3ef00340546e1fdd61bef1813fe2a6756f6013038d1a8646cb9abcdc7fa4abe71c55

Download Submit
C:\Users\Admin\AppData\Local\Temp\TCD729A.tmp\sist02.xsl

Filesize
245KB

MD5
f883b260a8d67082ea895c14bf56dd56

SHA1
7954565c1f243d46ad3b1e2f1baf3281451fc14b

SHA256
ef4835db41a485b56c2ef0ff7094bc2350460573a686182bc45fd6613480e353

SHA512
d95924a499f32d9b4d9a7d298502181f9e9048c21dbe0496fa3c3279b263d6f7d594b859111a99b1a53bd248ee69b867d7b1768c42e1e40934e0b990f0ce051e

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_mfj3bnsy.otf.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat

Filesize
443B

MD5
9b5eaac4d7d9af639a83650feb72e09d

SHA1
047e65f911a1320a7a1c45eafe8b15f68682da1f

SHA256
acf5e9e549821969d25707de3c038b3b2a1b004bdf1f95aa6553f2cb2b0578e3

SHA512
be02dcf8abad6e670f38ad8e839149fa11c11a94762bdc1199d8f2d5177679acd4bad705d15264caab3f0dede8cca362fc5cc9a741f99942850732413386ce3c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms

Filesize
3KB

MD5
b713d6bc0eeb04efc8f26ee170ba1d5d

SHA1
575ec90fca473d5a7e6edffccca8b36d67a013cf

SHA256
baaf49400ea7b3dfdc3b0e77a17127e98dc9a2e39207b73969e630e404b7d78f

SHA512
9c05fe336aba9874371ca530c0d723306f4515e672f38dea44cf1f229dbe014a240e4d90d9a24e0ef9028b17f10b98c21c1ef4a34b02f0cb07c27acc8452b579

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms

Filesize
2KB

MD5
5d243d86d3692d9b56eac40df670173d

SHA1
851e94a6d9bdab7c77c01e3b9b27b3bc6978feb1

SHA256
207428f7325f696c9fb78a473751440fe287d6ef6275134eba17f93efff4112c

SHA512
cdef3dcd4e02102f16e221eafebe0ddd64f8ad5f3f381f79d174761bf974f049826e6759f8d02e7a0a7e965bcbd126c5771f802bf8e46f81c3742ea0c8a5e8b2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Word\AutoRecovery save of CobaltStrike.asd

Filesize
68KB

MD5
95e16641fcc81d3d971e348a3c5eca58

SHA1
39f34a4ed30c1772e8ea76d1f775da420acde92f

SHA256
3ce46d9fb5e8e0b0ffea8f7e40f14d5efa910b467936b8742e8a123faadab636

SHA512
375d8bba415291959a572f2eccdce2ac56e486eead7a9f107d5308dbe249fc4f400d5f3644243b709d8e807710f854c8a228bb1c877d083c12d9eca01138ed1a

Download Submit
C:\Users\Admin\AppData\Roaming\VanToM Folder\Server.exe

Filesize
183KB

MD5
3d4e3f149f3d0cdfe76bf8b235742c97

SHA1
0e0e34b5fd8c15547ca98027e49b1dcf37146d95

SHA256
b15c7cf9097195fb5426d4028fd2f6352325400beb1e32431395393910e0b10a

SHA512
8c9d2a506135431adcfd35446b69b20fe12f39c0694f1464c534a6bf01ebc5f815c948783508e06b14ff4cc33f44e220122bf2a42d2e97afa646b714a88addff

Download Submit
C:\Users\Admin\AppData\Roaming\VanToM Folder\Server.exe:Zone.Identifier

Filesize
92B

MD5
c6c7806bab4e3c932bb5acb3280b793e

SHA1
a2a90b8008e5b27bdc53a15dc345be1d8bd5386b

SHA256
5ba37b532dbb714d29f33e79dacb5740096fd1e89da0a07b9b8e6b803931c61a

SHA512
c648be984413fdbaeb34808c8164c48b5441a8f3f35533b189f420230e5e90605c15fde2ce0d9fe42e9755c594dd1ef32de71a24016277ad2cef2f9afcf0ad93

Download Submit
C:\Users\Admin\Downloads\Nicht bestätigt 399658.crdownload

Filesize
2.9MB

MD5
e398a0557b44366c849b85fbe26a63e1

SHA1
d20b6b46fc572a435e4e5eb7f5dbd3e601725bac

SHA256
63466a7b4c4ca557cbb2e8b57c125db52fffb234fdbfa38f31eb61b040411e7d

SHA512
a4c0a608ea1f4a33bd39a5536dc4b2105598e3fa4a9ff9033b2279f885a7251684761e1f4ac7b1ba5226de2b0ca777fdc971f0a7f22e65f66f0a3b9c601291d1

Download Submit
memory/2164-4352-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2164-4418-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/4280-1756-0x00000195B0540000-0x00000195B08B8000-memory.dmp

Filesize
3.5MB

Download
memory/4856-4338-0x0000000000EB0000-0x00000000014ED000-memory.dmp

Filesize
6.2MB

Download
memory/4856-4318-0x0000000000EB0000-0x00000000014ED000-memory.dmp

Filesize
6.2MB

Download
memory/4856-4420-0x0000000000EB0000-0x00000000014ED000-memory.dmp

Filesize
6.2MB

Download
memory/4936-4233-0x000000001BF50000-0x000000001BFEC000-memory.dmp

Filesize
624KB

Download
memory/4936-4232-0x000000001B9A0000-0x000000001BE6E000-memory.dmp

Filesize
4.8MB

Download
memory/4936-4231-0x000000001B410000-0x000000001B4B6000-memory.dmp

Filesize
664KB

Download
memory/4936-4234-0x0000000000CE0000-0x0000000000CE8000-memory.dmp

Filesize
32KB

Download
memory/4936-4235-0x000000001C1B0000-0x000000001C1FC000-memory.dmp

Filesize
304KB

Download
memory/4936-4236-0x000000001E400000-0x000000001E450000-memory.dmp

Filesize
320KB

Download
memory/4936-4237-0x000000001E450000-0x000000001E760000-memory.dmp

Filesize
3.1MB

Download
memory/5480-3158-0x000001D8402D0000-0x000001D840648000-memory.dmp

Filesize
3.5MB

Download
memory/6584-3632-0x000001FEBFBA0000-0x000001FEBFF18000-memory.dmp

Filesize
3.5MB

Download
memory/6964-1755-0x000001D3BA1A0000-0x000001D3BA518000-memory.dmp

Filesize
3.5MB

Download
memory/7080-1616-0x00000161C9F80000-0x00000161C9FC2000-memory.dmp

Filesize
264KB

Download
memory/7080-1620-0x0000000180000000-0x000000018111D000-memory.dmp

Filesize
17.1MB

Download
memory/7080-2256-0x0000000180000000-0x000000018111D000-memory.dmp

Filesize
17.1MB

Download
memory/7080-1902-0x0000000180000000-0x000000018111D000-memory.dmp

Filesize
17.1MB

Download
memory/7080-1889-0x0000000180000000-0x000000018111D000-memory.dmp

Filesize
17.1MB

Download
memory/7080-1867-0x0000000180000000-0x000000018111D000-memory.dmp

Filesize
17.1MB

Download
memory/7080-2796-0x0000000180000000-0x000000018111D000-memory.dmp

Filesize
17.1MB

Download
memory/7080-1811-0x0000000180000000-0x000000018111D000-memory.dmp

Filesize
17.1MB

Download
memory/7080-3589-0x0000000180000000-0x000000018111D000-memory.dmp

Filesize
17.1MB

Download
memory/7080-1716-0x0000000180000000-0x000000018111D000-memory.dmp

Filesize
17.1MB

Download
memory/7080-1617-0x0000000180000000-0x000000018111D000-memory.dmp

Filesize
17.1MB

Download
memory/7080-3002-0x0000000180000000-0x000000018111D000-memory.dmp

Filesize
17.1MB

Download
memory/7080-1618-0x0000000180000000-0x000000018111D000-memory.dmp

Filesize
17.1MB

Download
memory/7080-1611-0x00000161C9C50000-0x00000161C9D02000-memory.dmp

Filesize
712KB

Download
memory/7080-3652-0x0000000180000000-0x000000018111D000-memory.dmp

Filesize
17.1MB

Download
memory/7080-3296-0x0000000180000000-0x000000018111D000-memory.dmp

Filesize
17.1MB

Download
memory/7080-1619-0x0000000180000000-0x000000018111D000-memory.dmp

Filesize
17.1MB

Download
memory/7080-2709-0x0000000180000000-0x000000018111D000-memory.dmp

Filesize
17.1MB

Download
memory/7080-1615-0x00000161C9EA0000-0x00000161C9F30000-memory.dmp

Filesize
576KB

Download
memory/7080-1613-0x00000161B11D0000-0x00000161B11E0000-memory.dmp

Filesize
64KB

Download
memory/7080-1612-0x00000161C9A00000-0x00000161C9A48000-memory.dmp

Filesize
288KB

Download
memory/7080-1608-0x00000161AF2D0000-0x00000161AF370000-memory.dmp

Filesize
640KB

Download
memory/7080-3542-0x0000000180000000-0x000000018111D000-memory.dmp

Filesize
17.1MB

Download
memory/7080-1609-0x00000161C9FE0000-0x00000161CA51C000-memory.dmp

Filesize
5.2MB

Download
memory/7080-1610-0x00000161C9B90000-0x00000161C9C4A000-memory.dmp

Filesize
744KB

Download
memory/7380-4216-0x000002D99C1F0000-0x000002D99CB04000-memory.dmp

Filesize
9.1MB

Download
memory/8136-4186-0x00000252BA670000-0x00000252BA68E000-memory.dmp

Filesize
120KB

Download
memory/8180-1231-0x00000251184A0000-0x00000251184AA000-memory.dmp

Filesize
40KB

Download
memory/8180-1207-0x0000025179920000-0x0000025179C02000-memory.dmp

Filesize
2.9MB

Download
memory/8180-1223-0x000002517C430000-0x000002517C450000-memory.dmp

Filesize
128KB

Download
memory/8180-1221-0x000002517BA10000-0x000002517BA20000-memory.dmp

Filesize
64KB

Download
memory/8180-1225-0x000002517C410000-0x000002517C41E000-memory.dmp

Filesize
56KB

Download
memory/8180-1226-0x0000025118B00000-0x0000025118C00000-memory.dmp

Filesize
1024KB

Download
memory/8180-1555-0x000002517C480000-0x000002517C492000-memory.dmp

Filesize
72KB

Download
memory/8180-1224-0x000002517FF30000-0x000002517FF68000-memory.dmp

Filesize
224KB

Download
memory/8180-1228-0x0000025118470000-0x0000025118496000-memory.dmp

Filesize
152KB

Download
memory/8180-1229-0x00000251184B0000-0x00000251184B8000-memory.dmp

Filesize
32KB

Download
memory/8180-1230-0x00000251184C0000-0x00000251184D6000-memory.dmp

Filesize
88KB

Download
memory/8180-1233-0x000002517C420000-0x000002517C428000-memory.dmp

Filesize
32KB

Download
memory/8180-1227-0x0000025118450000-0x000002511845A000-memory.dmp

Filesize
40KB

Download
memory/8180-1222-0x000002517C400000-0x000002517C408000-memory.dmp

Filesize
32KB

Download
memory/8180-1553-0x000002517C450000-0x000002517C45A000-memory.dmp

Filesize
40KB

Download
memory/8180-1232-0x0000025118460000-0x000002511846A000-memory.dmp

Filesize
40KB

Download
memory/8180-1550-0x0000025163C70000-0x0000025163D22000-memory.dmp

Filesize
712KB

Download
memory/8180-1552-0x0000025163D30000-0x0000025163D4E000-memory.dmp

Filesize
120KB

Download
memory/8356-1527-0x0000019ABD6D0000-0x0000019ABD756000-memory.dmp

Filesize
536KB

Download
memory/8356-1528-0x0000019ABD660000-0x0000019ABD682000-memory.dmp

Filesize
136KB

Download
memory/8356-1537-0x0000019ABD650000-0x0000019ABD660000-memory.dmp

Filesize
64KB

Download
memory/8356-1538-0x0000019ABDAB0000-0x0000019ABDBB4000-memory.dmp

Filesize
1.0MB

Download
memory/8740-2793-0x00000217B8BD0000-0x00000217B8F48000-memory.dmp

Filesize
3.5MB

Download
memory/8836-1720-0x000001FEE6CE0000-0x000001FEE7058000-memory.dmp

Filesize
3.5MB

Download
memory/8836-1632-0x00007FFB45DC0000-0x00007FFB45DC1000-memory.dmp

Filesize
4KB

Download
memory/8836-2771-0x000001FEE6CE0000-0x000001FEE7058000-memory.dmp

Filesize
3.5MB

Download
memory/8836-3671-0x000001FEE6CE0000-0x000001FEE7058000-memory.dmp

Filesize
3.5MB

Download

Analysis

Sharing

Errors

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads