mydoom | hxxps://github[.]com/Da2dalus/The-MALWARE-Repo/blob/master/Trojan/MrsMajors/MrsMajor3[.]0[.]exe

max time kernel
146s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
18/03/2025, 18:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Da2dalus/The-MALWARE-Repo/blob/master/Trojan/MrsMajors/MrsMajor3.0.exe

Score

10^/10

mydoom bootkit discovery persistence upx worm

Malware Config

Signatures

Detects MyDoom family 15 IoCs

resource	yara_rule
behavioral1/memory/4084-905-0x00000000004A0000-0x00000000004AD000-memory.dmp	family_mydoom
behavioral1/memory/3660-913-0x00000000004A0000-0x00000000004AD000-memory.dmp	family_mydoom
behavioral1/memory/4884-921-0x00000000004A0000-0x00000000004AD000-memory.dmp	family_mydoom
behavioral1/memory/4444-928-0x00000000004A0000-0x00000000004AD000-memory.dmp	family_mydoom
behavioral1/memory/4676-935-0x00000000004A0000-0x00000000004AD000-memory.dmp	family_mydoom
behavioral1/memory/4088-942-0x00000000004A0000-0x00000000004AD000-memory.dmp	family_mydoom
behavioral1/memory/2140-951-0x00000000004A0000-0x00000000004AD000-memory.dmp	family_mydoom
behavioral1/memory/4264-968-0x00000000004A0000-0x00000000004AD000-memory.dmp	family_mydoom
behavioral1/memory/2840-976-0x00000000004A0000-0x00000000004AD000-memory.dmp	family_mydoom
behavioral1/memory/3252-993-0x00000000004A0000-0x00000000004AD000-memory.dmp	family_mydoom
behavioral1/memory/5052-1001-0x00000000004A0000-0x00000000004AD000-memory.dmp	family_mydoom
behavioral1/memory/2224-1009-0x00000000004A0000-0x00000000004AD000-memory.dmp	family_mydoom
behavioral1/memory/4680-1023-0x00000000004A0000-0x00000000004AD000-memory.dmp	family_mydoom
behavioral1/memory/3708-1027-0x00000000004A0000-0x00000000004AD000-memory.dmp	family_mydoom
behavioral1/memory/4444-1033-0x00000000004A0000-0x00000000004AD000-memory.dmp	family_mydoom

MyDoom
MyDoom is a Worm that is written in C++.
worm mydoom
Mydoom family
mydoom

Downloads MZ/PE file 3 IoCs

flow	pid	Process
136	212	msedge.exe
136	212	msedge.exe
136	212	msedge.exe

ACProtect 1.3x - 1.4x DLL software 4 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/memory/4084-903-0x000000007E1A0000-0x000000007E1A7000-memory.dmp	acprotect
behavioral1/files/0x000600000001ea8e-901.dat	acprotect
behavioral1/memory/4084-906-0x000000007E1A0000-0x000000007E1A7000-memory.dmp	acprotect
behavioral1/memory/3660-915-0x000000007E1A0000-0x000000007E1A7000-memory.dmp	acprotect

Executes dropped EXE 17 IoCs

pid	Process
4084	MyDoom.A.exe
3660	MyDoom.A.exe
4884	MyDoom.A.exe
4444	MyDoom.A.exe
4676	MyDoom.A.exe
4088	MyDoom.A.exe
2140	MyDoom.A.exe
4264	MyDoom.A.exe
2840	MyDoom.A.exe
3252	MyDoom.A.exe
5052	MyDoom.A.exe
2224	MyDoom.A.exe
4680	MyDoom.A.exe
3708	MyDoom.A.exe
4444	MyDoom.A.exe
3944	ClassicShell.exe
2196	IconDance.exe

Loads dropped DLL 15 IoCs

pid	Process
4084	MyDoom.A.exe
3660	MyDoom.A.exe
4884	MyDoom.A.exe
4444	MyDoom.A.exe
4676	MyDoom.A.exe
4088	MyDoom.A.exe
2140	MyDoom.A.exe
4264	MyDoom.A.exe
2840	MyDoom.A.exe
3252	MyDoom.A.exe
5052	MyDoom.A.exe
2224	MyDoom.A.exe
4680	MyDoom.A.exe
3708	MyDoom.A.exe
4444	MyDoom.A.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs

Web Service

T1102

flow	ioc
133	raw.githubusercontent.com
134	raw.githubusercontent.com
135	raw.githubusercontent.com
136	raw.githubusercontent.com
131	raw.githubusercontent.com
132	raw.githubusercontent.com

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	ClassicShell.exe

Drops file in System32 directory 15 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\shimgapi.dll	MyDoom.A.exe
File opened for modification	C:\Windows\SysWOW64\shimgapi.dll	MyDoom.A.exe
File opened for modification	C:\Windows\SysWOW64\shimgapi.dll	MyDoom.A.exe
File opened for modification	C:\Windows\SysWOW64\shimgapi.dll	MyDoom.A.exe
File opened for modification	C:\Windows\SysWOW64\shimgapi.dll	MyDoom.A.exe
File opened for modification	C:\Windows\SysWOW64\shimgapi.dll	MyDoom.A.exe
File opened for modification	C:\Windows\SysWOW64\shimgapi.dll	MyDoom.A.exe
File opened for modification	C:\Windows\SysWOW64\shimgapi.dll	MyDoom.A.exe
File opened for modification	C:\Windows\SysWOW64\shimgapi.dll	MyDoom.A.exe
File opened for modification	C:\Windows\SysWOW64\shimgapi.dll	MyDoom.A.exe
File created	C:\Windows\SysWOW64\shimgapi.dll	MyDoom.A.exe
File opened for modification	C:\Windows\SysWOW64\shimgapi.dll	MyDoom.A.exe
File opened for modification	C:\Windows\SysWOW64\shimgapi.dll	MyDoom.A.exe
File opened for modification	C:\Windows\SysWOW64\shimgapi.dll	MyDoom.A.exe
File opened for modification	C:\Windows\SysWOW64\shimgapi.dll	MyDoom.A.exe

UPX packed file 21 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000600000001e740-845.dat	upx
behavioral1/memory/4084-898-0x00000000004A0000-0x00000000004AD000-memory.dmp	upx
behavioral1/memory/4084-903-0x000000007E1A0000-0x000000007E1A7000-memory.dmp	upx
behavioral1/files/0x000600000001ea8e-901.dat	upx
behavioral1/memory/4084-905-0x00000000004A0000-0x00000000004AD000-memory.dmp	upx
behavioral1/memory/4084-906-0x000000007E1A0000-0x000000007E1A7000-memory.dmp	upx
behavioral1/memory/3660-913-0x00000000004A0000-0x00000000004AD000-memory.dmp	upx
behavioral1/memory/3660-915-0x000000007E1A0000-0x000000007E1A7000-memory.dmp	upx
behavioral1/memory/4884-921-0x00000000004A0000-0x00000000004AD000-memory.dmp	upx
behavioral1/memory/4444-928-0x00000000004A0000-0x00000000004AD000-memory.dmp	upx
behavioral1/memory/4676-935-0x00000000004A0000-0x00000000004AD000-memory.dmp	upx
behavioral1/memory/4088-942-0x00000000004A0000-0x00000000004AD000-memory.dmp	upx
behavioral1/memory/2140-951-0x00000000004A0000-0x00000000004AD000-memory.dmp	upx
behavioral1/memory/4264-968-0x00000000004A0000-0x00000000004AD000-memory.dmp	upx
behavioral1/memory/2840-976-0x00000000004A0000-0x00000000004AD000-memory.dmp	upx
behavioral1/memory/3252-993-0x00000000004A0000-0x00000000004AD000-memory.dmp	upx
behavioral1/memory/5052-1001-0x00000000004A0000-0x00000000004AD000-memory.dmp	upx
behavioral1/memory/2224-1009-0x00000000004A0000-0x00000000004AD000-memory.dmp	upx
behavioral1/memory/4680-1023-0x00000000004A0000-0x00000000004AD000-memory.dmp	upx
behavioral1/memory/3708-1027-0x00000000004A0000-0x00000000004AD000-memory.dmp	upx
behavioral1/memory/4444-1033-0x00000000004A0000-0x00000000004AD000-memory.dmp	upx

Drops file in Program Files directory 8 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5020_524058917\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5020_524058917\protocols.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5020_524058917\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5020_1905516719\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5020_1905516719\nav_config.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5020_1905516719\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5020_373394539\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5020_373394539\manifest.fingerprint	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MyDoom.A.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ClassicShell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IconDance.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133867970550276679"	msedge.exe

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3218366390-1258052702-4267193707-1000\{67990C76-B0D9-4CD0-A8B9-D218781B7B68}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3218366390-1258052702-4267193707-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3218366390-1258052702-4267193707-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1992	msedge.exe
1992	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1544	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1544	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5020 wrote to memory of 4828	5020	msedge.exe	85
PID 5020 wrote to memory of 4828	5020	msedge.exe	85
PID 5020 wrote to memory of 212	5020	msedge.exe	86
PID 5020 wrote to memory of 212	5020	msedge.exe	86
PID 5020 wrote to memory of 4272	5020	msedge.exe	87
PID 5020 wrote to memory of 4272	5020	msedge.exe	87
PID 5020 wrote to memory of 4272	5020	msedge.exe	87
PID 5020 wrote to memory of 4272	5020	msedge.exe	87
PID 5020 wrote to memory of 4272	5020	msedge.exe	87
PID 5020 wrote to memory of 4272	5020	msedge.exe	87
PID 5020 wrote to memory of 4272	5020	msedge.exe	87
PID 5020 wrote to memory of 4272	5020	msedge.exe	87
PID 5020 wrote to memory of 4272	5020	msedge.exe	87
PID 5020 wrote to memory of 4272	5020	msedge.exe	87
PID 5020 wrote to memory of 4272	5020	msedge.exe	87
PID 5020 wrote to memory of 4272	5020	msedge.exe	87
PID 5020 wrote to memory of 4272	5020	msedge.exe	87
PID 5020 wrote to memory of 4272	5020	msedge.exe	87
PID 5020 wrote to memory of 4272	5020	msedge.exe	87
PID 5020 wrote to memory of 4272	5020	msedge.exe	87
PID 5020 wrote to memory of 4272	5020	msedge.exe	87
PID 5020 wrote to memory of 4272	5020	msedge.exe	87
PID 5020 wrote to memory of 4272	5020	msedge.exe	87
PID 5020 wrote to memory of 4272	5020	msedge.exe	87
PID 5020 wrote to memory of 4272	5020	msedge.exe	87
PID 5020 wrote to memory of 4272	5020	msedge.exe	87
PID 5020 wrote to memory of 4272	5020	msedge.exe	87
PID 5020 wrote to memory of 4272	5020	msedge.exe	87
PID 5020 wrote to memory of 4272	5020	msedge.exe	87
PID 5020 wrote to memory of 4272	5020	msedge.exe	87
PID 5020 wrote to memory of 4272	5020	msedge.exe	87
PID 5020 wrote to memory of 4272	5020	msedge.exe	87
PID 5020 wrote to memory of 4272	5020	msedge.exe	87
PID 5020 wrote to memory of 4272	5020	msedge.exe	87
PID 5020 wrote to memory of 4272	5020	msedge.exe	87
PID 5020 wrote to memory of 4272	5020	msedge.exe	87
PID 5020 wrote to memory of 4272	5020	msedge.exe	87
PID 5020 wrote to memory of 4272	5020	msedge.exe	87
PID 5020 wrote to memory of 4272	5020	msedge.exe	87
PID 5020 wrote to memory of 4272	5020	msedge.exe	87
PID 5020 wrote to memory of 4272	5020	msedge.exe	87
PID 5020 wrote to memory of 4272	5020	msedge.exe	87
PID 5020 wrote to memory of 4272	5020	msedge.exe	87
PID 5020 wrote to memory of 4272	5020	msedge.exe	87
PID 5020 wrote to memory of 4272	5020	msedge.exe	87
PID 5020 wrote to memory of 4272	5020	msedge.exe	87
PID 5020 wrote to memory of 4272	5020	msedge.exe	87
PID 5020 wrote to memory of 4272	5020	msedge.exe	87
PID 5020 wrote to memory of 4272	5020	msedge.exe	87
PID 5020 wrote to memory of 4272	5020	msedge.exe	87
PID 5020 wrote to memory of 4272	5020	msedge.exe	87
PID 5020 wrote to memory of 4272	5020	msedge.exe	87
PID 5020 wrote to memory of 4272	5020	msedge.exe	87
PID 5020 wrote to memory of 4272	5020	msedge.exe	87
PID 5020 wrote to memory of 4272	5020	msedge.exe	87
PID 5020 wrote to memory of 4196	5020	msedge.exe	88
PID 5020 wrote to memory of 4196	5020	msedge.exe	88
PID 5020 wrote to memory of 4196	5020	msedge.exe	88
PID 5020 wrote to memory of 4196	5020	msedge.exe	88
PID 5020 wrote to memory of 4196	5020	msedge.exe	88
PID 5020 wrote to memory of 4196	5020	msedge.exe	88
PID 5020 wrote to memory of 4196	5020	msedge.exe	88
PID 5020 wrote to memory of 4196	5020	msedge.exe	88
PID 5020 wrote to memory of 4196	5020	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/Da2dalus/The-MALWARE-Repo/blob/master/Trojan/MrsMajors/MrsMajor3.0.exe
1⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x264,0x7fffb0c5f208,0x7fffb0c5f214,0x7fffb0c5f220
  2⤵
  PID:4828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1840,i,7432970442835800910,15423859158221018695,262144 --variations-seed-version --mojo-platform-channel-handle=2380 /prefetch:3
  2⤵
  - Downloads MZ/PE file
  PID:212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2340,i,7432970442835800910,15423859158221018695,262144 --variations-seed-version --mojo-platform-channel-handle=2336 /prefetch:2
  2⤵
  PID:4272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2268,i,7432970442835800910,15423859158221018695,262144 --variations-seed-version --mojo-platform-channel-handle=2740 /prefetch:8
  2⤵
  PID:4196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3536,i,7432970442835800910,15423859158221018695,262144 --variations-seed-version --mojo-platform-channel-handle=3576 /prefetch:1
  2⤵
  PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3544,i,7432970442835800910,15423859158221018695,262144 --variations-seed-version --mojo-platform-channel-handle=3620 /prefetch:1
  2⤵
  PID:4352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4216,i,7432970442835800910,15423859158221018695,262144 --variations-seed-version --mojo-platform-channel-handle=4224 /prefetch:1
  2⤵
  PID:2288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4280,i,7432970442835800910,15423859158221018695,262144 --variations-seed-version --mojo-platform-channel-handle=4232 /prefetch:2
  2⤵
  PID:2284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3808,i,7432970442835800910,15423859158221018695,262144 --variations-seed-version --mojo-platform-channel-handle=5192 /prefetch:8
  2⤵
  PID:4800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4748,i,7432970442835800910,15423859158221018695,262144 --variations-seed-version --mojo-platform-channel-handle=4420 /prefetch:8
  2⤵
  PID:752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4892,i,7432970442835800910,15423859158221018695,262144 --variations-seed-version --mojo-platform-channel-handle=5636 /prefetch:8
  2⤵
  PID:3276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5584,i,7432970442835800910,15423859158221018695,262144 --variations-seed-version --mojo-platform-channel-handle=5660 /prefetch:8
  2⤵
  PID:4204
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5428,i,7432970442835800910,15423859158221018695,262144 --variations-seed-version --mojo-platform-channel-handle=5264 /prefetch:8
  2⤵
  PID:2444
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5428,i,7432970442835800910,15423859158221018695,262144 --variations-seed-version --mojo-platform-channel-handle=5264 /prefetch:8
  2⤵
  PID:1540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6128,i,7432970442835800910,15423859158221018695,262144 --variations-seed-version --mojo-platform-channel-handle=6140 /prefetch:8
  2⤵
  PID:4112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6224,i,7432970442835800910,15423859158221018695,262144 --variations-seed-version --mojo-platform-channel-handle=6056 /prefetch:8
  2⤵
  PID:2356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6160,i,7432970442835800910,15423859158221018695,262144 --variations-seed-version --mojo-platform-channel-handle=6096 /prefetch:8
  2⤵
  PID:1112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6076,i,7432970442835800910,15423859158221018695,262144 --variations-seed-version --mojo-platform-channel-handle=6220 /prefetch:8
  2⤵
  PID:1596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6396,i,7432970442835800910,15423859158221018695,262144 --variations-seed-version --mojo-platform-channel-handle=6516 /prefetch:8
  2⤵
  PID:2024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6232,i,7432970442835800910,15423859158221018695,262144 --variations-seed-version --mojo-platform-channel-handle=6680 /prefetch:8
  2⤵
  PID:4184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6660,i,7432970442835800910,15423859158221018695,262144 --variations-seed-version --mojo-platform-channel-handle=6844 /prefetch:8
  2⤵
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6968,i,7432970442835800910,15423859158221018695,262144 --variations-seed-version --mojo-platform-channel-handle=6984 /prefetch:8
  2⤵
  PID:1632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5064,i,7432970442835800910,15423859158221018695,262144 --variations-seed-version --mojo-platform-channel-handle=5032 /prefetch:8
  2⤵
  PID:2708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5056,i,7432970442835800910,15423859158221018695,262144 --variations-seed-version --mojo-platform-channel-handle=4316 /prefetch:8
  2⤵
  PID:1528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5044,i,7432970442835800910,15423859158221018695,262144 --variations-seed-version --mojo-platform-channel-handle=5012 /prefetch:8
  2⤵
  PID:1936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4772,i,7432970442835800910,15423859158221018695,262144 --variations-seed-version --mojo-platform-channel-handle=4768 /prefetch:8
  2⤵
  PID:4220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --always-read-main-dll --field-trial-handle=7116,i,7432970442835800910,15423859158221018695,262144 --variations-seed-version --mojo-platform-channel-handle=5712 /prefetch:1
  2⤵
  PID:1596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5692,i,7432970442835800910,15423859158221018695,262144 --variations-seed-version --mojo-platform-channel-handle=6716 /prefetch:8
  2⤵
  PID:3908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6724,i,7432970442835800910,15423859158221018695,262144 --variations-seed-version --mojo-platform-channel-handle=6736 /prefetch:8
  2⤵
  PID:4128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7056,i,7432970442835800910,15423859158221018695,262144 --variations-seed-version --mojo-platform-channel-handle=6828 /prefetch:8
  2⤵
  PID:2576
- C:\Users\Admin\Downloads\MyDoom.A.exe
  "C:\Users\Admin\Downloads\MyDoom.A.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in System32 directory
  - System Location Discovery: System Language Discovery
  PID:4084
- C:\Users\Admin\Downloads\MyDoom.A.exe
  "C:\Users\Admin\Downloads\MyDoom.A.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in System32 directory
  PID:3660
- C:\Users\Admin\Downloads\MyDoom.A.exe
  "C:\Users\Admin\Downloads\MyDoom.A.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in System32 directory
  PID:4884
- C:\Users\Admin\Downloads\MyDoom.A.exe
  "C:\Users\Admin\Downloads\MyDoom.A.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in System32 directory
  PID:4444
- C:\Users\Admin\Downloads\MyDoom.A.exe
  "C:\Users\Admin\Downloads\MyDoom.A.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in System32 directory
  PID:4676
- C:\Users\Admin\Downloads\MyDoom.A.exe
  "C:\Users\Admin\Downloads\MyDoom.A.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in System32 directory
  PID:4088
- C:\Users\Admin\Downloads\MyDoom.A.exe
  "C:\Users\Admin\Downloads\MyDoom.A.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in System32 directory
  PID:2140
- C:\Users\Admin\Downloads\MyDoom.A.exe
  "C:\Users\Admin\Downloads\MyDoom.A.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in System32 directory
  PID:4264
- C:\Users\Admin\Downloads\MyDoom.A.exe
  "C:\Users\Admin\Downloads\MyDoom.A.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in System32 directory
  PID:2840
- C:\Users\Admin\Downloads\MyDoom.A.exe
  "C:\Users\Admin\Downloads\MyDoom.A.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in System32 directory
  PID:3252
- C:\Users\Admin\Downloads\MyDoom.A.exe
  "C:\Users\Admin\Downloads\MyDoom.A.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in System32 directory
  PID:5052
- C:\Users\Admin\Downloads\MyDoom.A.exe
  "C:\Users\Admin\Downloads\MyDoom.A.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in System32 directory
  PID:2224
- C:\Users\Admin\Downloads\MyDoom.A.exe
  "C:\Users\Admin\Downloads\MyDoom.A.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in System32 directory
  PID:4680
- C:\Users\Admin\Downloads\MyDoom.A.exe
  "C:\Users\Admin\Downloads\MyDoom.A.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in System32 directory
  PID:3708
- C:\Users\Admin\Downloads\MyDoom.A.exe
  "C:\Users\Admin\Downloads\MyDoom.A.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in System32 directory
  PID:4444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6524,i,7432970442835800910,15423859158221018695,262144 --variations-seed-version --mojo-platform-channel-handle=6808 /prefetch:8
  2⤵
  PID:3916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --always-read-main-dll --field-trial-handle=6700,i,7432970442835800910,15423859158221018695,262144 --variations-seed-version --mojo-platform-channel-handle=4848 /prefetch:1
  2⤵
  PID:1524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6824,i,7432970442835800910,15423859158221018695,262144 --variations-seed-version --mojo-platform-channel-handle=6752 /prefetch:8
  2⤵
  PID:2756
- C:\Users\Admin\Downloads\ClassicShell.exe
  "C:\Users\Admin\Downloads\ClassicShell.exe"
  2⤵
  - Executes dropped EXE
  - Writes to the Master Boot Record (MBR)
  - System Location Discovery: System Language Discovery
  PID:3944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4236,i,7432970442835800910,15423859158221018695,262144 --variations-seed-version --mojo-platform-channel-handle=5188 /prefetch:8
  2⤵
  PID:3172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --always-read-main-dll --field-trial-handle=5844,i,7432970442835800910,15423859158221018695,262144 --variations-seed-version --mojo-platform-channel-handle=5204 /prefetch:1
  2⤵
  PID:1604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6568,i,7432970442835800910,15423859158221018695,262144 --variations-seed-version --mojo-platform-channel-handle=5704 /prefetch:8
  2⤵
  PID:4640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=6856,i,7432970442835800910,15423859158221018695,262144 --variations-seed-version --mojo-platform-channel-handle=6616 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6800,i,7432970442835800910,15423859158221018695,262144 --variations-seed-version --mojo-platform-channel-handle=6732 /prefetch:8
  2⤵
  PID:3380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --always-read-main-dll --field-trial-handle=6644,i,7432970442835800910,15423859158221018695,262144 --variations-seed-version --mojo-platform-channel-handle=6388 /prefetch:1
  2⤵
  PID:3648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4176,i,7432970442835800910,15423859158221018695,262144 --variations-seed-version --mojo-platform-channel-handle=7136 /prefetch:8
  2⤵
  PID:3344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5852,i,7432970442835800910,15423859158221018695,262144 --variations-seed-version --mojo-platform-channel-handle=6596 /prefetch:8
  2⤵
  PID:664
- C:\Users\Admin\Downloads\IconDance.exe
  "C:\Users\Admin\Downloads\IconDance.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --instant-process --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --always-read-main-dll --field-trial-handle=5344,i,7432970442835800910,15423859158221018695,262144 --variations-seed-version --mojo-platform-channel-handle=5200 /prefetch:1
  2⤵
  PID:452

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:4544

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1544

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
PID:3688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-skip-compat-layer-relaunch
  2⤵
  PID:3056

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping5020_1905516719\manifest.json

Filesize
160B

MD5
c3911ceb35539db42e5654bdd60ac956

SHA1
71be0751e5fc583b119730dbceb2c723f2389f6c

SHA256
31952875f8bb2e71f49231c95349945ffc0c1dd975f06309a0d138f002cfd23d

SHA512
d8b2c7c5b7105a6f0c4bc9c79c05b1202bc8deb90e60a037fec59429c04fc688a745ee1a0d06a8311466b4d14e2921dfb4476104432178c01df1e99deb48b331

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5020_373394539\manifest.json

Filesize
43B

MD5
af3a9104ca46f35bb5f6123d89c25966

SHA1
1ffb1b0aa9f44bdbc57bdf4b98d26d3be0207ee8

SHA256
81bd82ac27612a58be30a72dd8956b13f883e32ffb54a58076bd6a42b8afaeea

SHA512
6a7a543fa2d1ead3574b4897d2fc714bb218c60a04a70a7e92ecfd2ea59d67028f91b6a2094313f606560087336c619093f1d38d66a3c63a1d1d235ca03d36d1

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5020_524058917\manifest.json

Filesize
134B

MD5
58d3ca1189df439d0538a75912496bcf

SHA1
99af5b6a006a6929cc08744d1b54e3623fec2f36

SHA256
a946db31a6a985bdb64ea9f403294b479571ca3c22215742bdc26ea1cf123437

SHA512
afd7f140e89472d4827156ec1c48da488b0d06daaa737351c7bec6bc12edfc4443460c4ac169287350934ca66fb2f883347ed8084c62caf9f883a736243194a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\AutoLaunchProtocolsComponent\1.0.0.8\protocols.json

Filesize
3KB

MD5
6bbb18bb210b0af189f5d76a65f7ad80

SHA1
87b804075e78af64293611a637504273fadfe718

SHA256
01594d510a1bbc016897ec89402553eca423dfdc8b82bafbc5653bf0c976f57c

SHA512
4788edcfa3911c3bb2be8fc447166c330e8ac389f74e8c44e13238ead2fa45c8538aee325bd0d1cc40d91ad47dea1aa94a92148a62983144fdecff2130ee120d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
4013ebc7b496bf70ecf9f6824832d4ae

SHA1
cfdcdac5d8c939976c11525cf5e79c6a491c272a

SHA256
fb1a67bdc2761f1f9e72bbc41b6fc0bf89c068205ffd0689e4f7e2c34264b22a

SHA512
96822252f121fb358aa43d490bb5f5ce3a81c65c8de773c170f1d0e91da1e6beb83cb1fb9d4d656230344cd31c3dca51a6c421fda8e55598c364092232e0ad22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
fed4ab68611c6ce720965bcb5dfbf546

SHA1
af33fc71721625645993be6fcba5c5852e210864

SHA256
c41acdf5d0a01d5e9720ef9f6d503099950791b6f975ba698ccd013c4defa8c4

SHA512
f9ab23b3b4052f7fda6c9a3e8cd68056f21da5d0fcf28061331900cac6f31ef081705804d9a9d4103ee7d9c9bdb6aa4237987b7e821d2d96cd52da24219e55ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
a37cf26d9b9562d003e95fc4b1115e01

SHA1
59dac9fb25b0f0faf208a9694fa8253d430459af

SHA256
92d3ba33a3ccb5f35f8b0bd3ff0fe25112a1db3a560e42203044a6b89dd248c0

SHA512
8f2b313855ef251e8d4d1617cac9d7e834d34caf2fd223370ccfdaa41f2028541d331a36e0a35986d56abc801d833347ef3733ea17f4eb4c9b0ba73ee7dc97cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe57e3c8.TMP

Filesize
3KB

MD5
31b0e278d13d1d1917d8db1b723e9a9a

SHA1
80b53c2272de340aaa8d48d860668c7664ddae56

SHA256
23560c288485df9fa8f1cf296cd47f2cbf21d785fb7aeec7417612732ec3effb

SHA512
06bbb4f106ca674e7aeffe349b346bd9b7e8d9bd166a44ce48eac8104610dfa0d2706d7fde4c04fff553fa668ef695b42c55539daed63461fb433e6bf8929fae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
69KB

MD5
164a788f50529fc93a6077e50675c617

SHA1
c53f6cd0531fd98d6abbd2a9e5fbb4319b221f48

SHA256
b305e470fb9f8b69a8cd53b5a8ffb88538c9f6a9c7c2c194a226e8f6c9b53c17

SHA512
ec7d173b55283f3e59a468a0037921dc4e1bf3fab1c693330b9d8e5826273c917b374c4b802f3234bbb5e5e210d55e52351426867e0eb8c9f6fba1a053cb05d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\content.js

Filesize
9KB

MD5
3d20584f7f6c8eac79e17cca4207fb79

SHA1
3c16dcc27ae52431c8cdd92fbaab0341524d3092

SHA256
0d40a5153cb66b5bde64906ca3ae750494098f68ad0b4d091256939eea243643

SHA512
315d1b4cc2e70c72d7eb7d51e0f304f6e64ac13ae301fd2e46d585243a6c936b2ad35a0964745d291ae9b317c316a29760b9b9782c88cc6a68599db531f87d59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
1093bd1f4bccca3ac1c7d4ac9ff82f00

SHA1
ab5f96005797179dedca7b3da2139b00737236c2

SHA256
1e9876851727bd93387283c92984d53a01a29c09650502790f8226c7d28b4138

SHA512
522ee73f27c0d04e579aac93893e9f79c350e4cc2928b848d85b1a79de1a59ab53a808cc965acc5aff2ab01690268d892fb0ad6911702631e4f2affe129f9eff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
e42af678d921f1a2429c1fe61e94b2f2

SHA1
53c4e7f0cb1e6d3becc26687d9f94a8a20e9faf5

SHA256
fc92839f6e5dd73c977d634dee1e1a06f89baaa85e8d36026cfb0379b3eaf2af

SHA512
f56084adf4e22f286962d31f167cbd499eb4d8f9424a585e5ad68280bf5e3549af519f54e80f133577c5c62ba50ac421f9ec6474db42f44a4eb9b42c729708dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
4131c6828032b23645b6bb8489c5c876

SHA1
233d3053b40271bb66ab804c9f1252de802cb530

SHA256
0f6306a9910d02af2ffd5584b05556b6ba5259a71cb65206e26368fca7269992

SHA512
46ad00e6e31cec9a106c2ae9593886b91ecb2290e073915e89ce647d59ecb290637f3920d3ed0c07b03f3c02c78ef01aab5ab8852256ee1087f3ce36a7a4a601

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
69739310232b41b32fedf16e4d1b4dd2

SHA1
12e7ae980feb2755e3c2246c4db6a26af9a4e5f8

SHA256
ac67aba283235233ce87d5a8e18a2ff0fd85fe555f4de1e2f61560432742e24d

SHA512
6a31f81b38df01043227adcc201826df87d7e5718f6f64a8018c897f16caa68aca1a9e2ab29a6fad093d2feabda927bbdd5c3646e78b9d77d03c839e04b75f89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
f0b0b880aaa821ffa2b6310f237c0df5

SHA1
85ead6c472a45c4c59ac76fdc7c967741d41ba57

SHA256
5e52b3824d0d4dd2ffdd451a95783254e47534609c62b862a3515a8cd254aa2a

SHA512
16fd2e5b9be23e2232e6dbbe55c576396dd56e6fb806ebdb2aac0dbab60330600d260de67651d1f23a3c314c798a997135fe5e4a68c21bc761537217330caec5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
9c13352cd6bb5a5dc3517999cd196ae1

SHA1
6e8981f9c2a51ffc619faa20b7b75449d35d27ff

SHA256
346346db9c5a85f303d048dcacb9f60ff07b6e60c414f7381afb68ab10fadf1a

SHA512
c70f25c93ff6d8bcb552681a3ec78b8e6bb3eaaa49a85d73ccc9fa9e9169379b7059d168a42f9e3e67756cff9dd59b69c6a8a7e985d73a3d292f4c5c34913456

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\bb9a4039-5fee-44f8-a618-d20a135c468d\index-dir\the-real-index

Filesize
864B

MD5
52f8ed1feb966e88b4d82d050f32c0eb

SHA1
50e5fa656e79d6c2bedf1f5c2681f2f430068103

SHA256
9074c0a5a2b86db7a9baa0caaff04031556144dc24df6b59d66967c6d444d6a1

SHA512
71aa55b0eda12514dd189b7e596a8106ccdf1204a69ba91b899c002345d329b8d7c93a6d91ba92fde797dd38cf7b4f5b5bea2f49a98a21b08625d397625cc75d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\bb9a4039-5fee-44f8-a618-d20a135c468d\index-dir\the-real-index~RFe59bd1c.TMP

Filesize
864B

MD5
7208e5d07e71699e237ae4834194eacc

SHA1
77b73e5a7b3fc4e060994ea5ec25bfdedf9e2b4e

SHA256
c6582ec9830a1314a249ed3a500ed3c9a92ba690fbb10dfaf80747c71813f056

SHA512
f76dda5dc53d995bb977ccac6da9ccff1c86a0b10d38d54cf55b479931dbac148569219fe0a2e9265393d0925e074a012503caa81c0d003909edb11eabe05692

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
4KB

MD5
ca3b3d55b6c0be04a993f65260bda428

SHA1
4cd227aafc9e69b46f4d0c1f14c9400d0230c11d

SHA256
65bca710737513ee03e9df9878964ff73a065124d20481a51a51c44519b8f6b1

SHA512
dcd09d60a347bbb5dbc64c34a0dc6cabb47d895cc69b525e4ef19a601723efe20b0557075a4e176401ae6604e872e0419a96068397d8ccc44c4d5fb8bab456b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
880B

MD5
f447109f87ff70783390b3bc0cc44f01

SHA1
68ad9a1ace08f9619d64c1fb2f5dc93114c3688e

SHA256
1b003598b435bcec4b5e105ac1e7864456f391274343e1f379b95b0a9d4a8ea3

SHA512
146a95e6a94b4a4edf6a4e2f75c3c3f13b50ac29519177688a99382808436f544379ad973f547df8eaeebc361681dd0d6feaa2f45ec6b6e4e0e3bee9ee333b7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
21KB

MD5
8dad652fb46847671e51a420ccb26415

SHA1
89251555d49b4577b8deb725fd5213b9611882a2

SHA256
1d26dd3209da4d568c65afa8d2c241376d922e7c4d7a87ef94f417bb9debd8b7

SHA512
358814746195ed090a8c299c31aa7ab878134cd97ccb6047e9408d64de86e4c78a3f66942289b7f029df260a1a233607c6491937a726b7a3f8f207fbc9d9a6ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog~RFe58752b.TMP

Filesize
469B

MD5
b6555ee994c35ab366dacbe98df0c948

SHA1
57e36e33cab3c14d5ce23299916dab4c77f1e34d

SHA256
e66a3de764392d3eb7b49cc480a1861d324d95b672b1c7de2ac3c80a61f983d8

SHA512
ff06d9a1b563f4ab799ef0298c807519098b461936053936a7444a6452f3853875441b596aea07ed7a7d61c2353de640180c28beda86fea580a4d984fb547793

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\f5261d6f-d54d-44fd-b91b-2d6c49884157.tmp

Filesize
20KB

MD5
622cf13abe8c4ba81acbbe4070f8d70a

SHA1
29c39577de789602617632a1ee745e5897805fa7

SHA256
b91863cb7dfb695e04f8be6b437f67ba669d1cfbd407a3418cccf12919c7dab4

SHA512
25d382c5ef4691018d62f05e28a6d2c321218e1586646b2e628350968f2475d30a13c53c5055bea16451111b1c566e53003af3e2afe3a9e5a3785255069c23f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
30KB

MD5
4c93eb07a8fc2077c7dc53f6652160bd

SHA1
29d1ba595efdeb7e2f52b8900ed3579a4e888e4e

SHA256
4be1fcf24d436d44137b304b479225a9a48a0a0111812156746d919342869547

SHA512
1211e64f4e672009861d9018b35a28ab455a69e3c3ea1df73c45fbcdea1c520ea9c36454f962064d0319b9bcd0931790535b42a88040bc957cc8dd34a4f85b7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
39KB

MD5
d85ff5ab97638ef0cb1ec7293c2af4fe

SHA1
2aa3d682c6e43009bc65646e640c36f18f9919fc

SHA256
aa27ddbc91c9a936afb10717f2ab4345d00c5d52bdb0004304c114af1589a44d

SHA512
e4b91d172e1ee91cceb2041032d50b8781e92b39d3f56ff78919a1170a0e7433c12a64b48b7e3f785945a8c4cfcc0c98df3df0a511367407e5993681b557d7c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
39KB

MD5
8c6f81a32ff925ee0e1ae4400ad494ac

SHA1
586323d8f5ae840c9c40363095e8f97593fa2444

SHA256
89250fcc29baefa8719fcd8a3c87155c9a765c13f0b50a26849660b65906fe5f

SHA512
2eca3105f2b1c2b2ac9cb005e65db02e5faad246eb026045890ed2bbd604c106e96ded19bab627be1cee1870cb0d06dae5e941fa46f211e3584716d4230987b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
6KB

MD5
deb44335fefc44e245d02a8f9549811d

SHA1
2633e6f35869546b23e28870f7b258db5b19974a

SHA256
097a141290b1daa95cf5e8732ad58fa38dcc42b1ee9fcbf31080ab0f8e93779f

SHA512
22a15333d16626aa1b02d6d3f07c122e91a7a8f69dc757bd7b6ac3f58f4aa9180d15c87d6917a3f06197a14f73d336a270cce1d0336ebda27ebfc147e2232bc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
39KB

MD5
254677a8c4f6f503030012a4b6201e97

SHA1
964a0e1492d7b1dc7053f67dd70a2cfe8f84e902

SHA256
3dc77d34ccff135d18d976825b0c76bc6cbdb4fb01e2bbec76fb5d1f4b4d22e2

SHA512
eefa3ab0afdf730635f27f89e1544a8dc82bd9e4d59eb4eb4934ebdd9f0e47bdef1d0f584d4568626821e31947d8be50e17db1fea9064676db52fdda9f0d0c45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
39KB

MD5
97b036be98eaf462cf12e649cb571ffe

SHA1
b0ad8d02ae5d677f7933c2b755be881ef4cae9e0

SHA256
04dce501365aaadd8ca56b5477ae74d0d2d6638807f4d1e81e2ab537b51005fd

SHA512
ffc9f98fb92897d24bf0c9233f9873626e90ba7a7478b7625fd0aaa66ece2440db0be2efc1c3d8d27138188b87e2a3d97a5a42348d9611af56796540cd4daf0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
7KB

MD5
40b522b34955ef0cacd8f2a526769b4d

SHA1
c46f085cec6b1f35513b76996a0a9741260d9814

SHA256
6e7c1af3360ecf72e6718b2e9f8e06a2942e9b8514369ada4bb41afb1005d88a

SHA512
f426f28f339072936f80ea0d561af05900163c695c558d4ec88d41166374503a2147921f027afe2d4e33347801f74943993524d44b0dc7847633cfe8be16838f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
190b8b895d1af0f46381e6677ff36d91

SHA1
63e3a4974f03a280e6783d3323ae3f060b96b107

SHA256
2bab0c85f7bac4d3aa9454c2479f9037757220e9aa5c99eed91297c503f39cdd

SHA512
17d1e4c4c8c956641681f06d39a03bca0ee44a5331d7a2ef2819156e93daeaa388f8d170233821d9c3f195d2032c0d70e0706ee2064433c9d844f36df22fb368

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
da59c5d4c61e16e36a84d35738724aca

SHA1
8af06b6681d47a47d52bab781fb72f2c55b1abde

SHA256
1dadda476a8ca2a91ebc75caa9e1874497375d7881fd340b9e28285301a1528b

SHA512
291c0f2e0f9323dcf3a31376b3d7ceb651d38ccb4c8aca507e556e5763c312e222a76dc14d36ea7affc924c0b10bb7e1ce95ab835a4acf00c12a5fe43e2d5ec0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
8cc21da382aa107cb3af873242321197

SHA1
fdee5cba9ce640fdf3c7f034824cb6b830a976e3

SHA256
624895a123c531d7a63615c604451bd51a63eb887f05732c3bb3391a5374cfc1

SHA512
ea34814148970892a1c188f875004c2add8080d234d44d3b0372b6ad96f0f90be4bb41774e9c8eb85bd6f3dd629d5d2db8694f412cb8954baaa349d05670273e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
f9ca0b252261630d9ac9bdbfc13f1496

SHA1
7150b0b2f6b436a54ae7f267da2092cbf66c8f20

SHA256
9a6d5dddf10d09160176b07af1e647c4ce1ffb68eb6d7134c3175646bb8b5aff

SHA512
932e9edcc952e59be5121ebfa07465ff1287054208a3789e44d080640fb2d64f82797e8a61a503a4991cb28cb324855cf419646bb2d7c799091881a8dc680f8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter~RFe5873f3.TMP

Filesize
392B

MD5
4f7f4712318324e108bbdeab4c720a57

SHA1
01371db1bedc296af8682f50e62053fbfd556918

SHA256
01791374a9a5032b04f7e2fa380e4cfc6c759af1210a331b44bbe0b9f7610472

SHA512
c02f8de2916b9f0b8607c59ce2fa48324f4cde888b0c351e26e7816db3ac14e8ba1838c1d22c6186d9eea0d49ca7e9f77ac70e28b4dda49abaccd0cf87bbf49d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\WorkspacesNavigationComponent\1.0.0.5\nav_config.json

Filesize
2KB

MD5
499d9e568b96e759959dc69635470211

SHA1
2462a315342e0c09fd6c5fbd7f1e7ff6914c17e6

SHA256
98252dc9f9e81167e893f2c32f08ee60e9a6c43fadb454400ed3bff3a68fbf0d

SHA512
3a5922697b5356fd29ccf8dcc2e5e0e8c1fd955046a5bacf11b8ac5b7c147625d31ade6ff17be86e79c2c613104b2d2aebb11557399084d422e304f287d8b905

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
ec227e965a13b0d32b642c5ae8daebea

SHA1
03cc94dff8cca5afd08958225e840b6b7b663324

SHA256
6fb09776d3d4dfc233b6d0c27f96e11da0ef82843786343059128eb523d5d44d

SHA512
b73eebfd6e3777786bec4af3c230ae431a779c8b30d36eba17b68cb24557639b4b4405709163dfaab765babd61ee2f4f432a67f6ea6dedc2f2e7279dfdcda3bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\e9cf9db4-1c4b-4e0c-af34-aaa1fa18867c.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Temp\f4faf220-3104-42d0-b40c-669ab3ee6041.tmp

Filesize
10KB

MD5
78e47dda17341bed7be45dccfd89ac87

SHA1
1afde30e46997452d11e4a2adbbf35cce7a1404f

SHA256
67d161098be68cd24febc0c7b48f515f199dda72f20ae3bbb97fcf2542bb0550

SHA512
9574a66d3756540479dc955c4057144283e09cae11ce11ebce801053bb48e536e67dc823b91895a9e3ee8d3cb27c065d5e9030c39a26cbf3f201348385b418a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir5020_1593455122\0314949f-89d5-4df9-a520-a2e5e900f7e2.tmp

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\Downloads\ClassicShell.exe

Filesize
6.8MB

MD5
c67dff7c65792e6ea24aa748f34b9232

SHA1
438b6fa7d5a2c7ca49837f403bcbb73c14d46a3e

SHA256
a848bf24651421fbcd15c7e44f80bb87cbacd2599eb86508829537693359e032

SHA512
5e1b0b024f36288c1d2dd4bc5cf4e6b7d469e1e7e29dcef748d17a92b9396c94440eb27348cd2561d17593d8c705d4d9b51ae7b49b50c6dee85f73dec7100879

Download Submit
C:\Users\Admin\Downloads\Grave.apk.crdownload

Filesize
560KB

MD5
61b29201190909e848107d93063726ca

SHA1
f6505a3b56fdbbc54e1624793581afe45010c890

SHA256
64c874d0a67387d174fbf18811ef23e9d9b0f532ed7f805e542dacdf3c9d42f9

SHA512
a2e8fa752d62e77e20e6fd86b7c6de3e683e41932eef448164944bd5f5dbb91ccf4380b3c13943e5c0264b9127b7f5e471ece68753af541d408caefae1065930

Download Submit
C:\Users\Admin\Downloads\IconDance.exe.crdownload

Filesize
301KB

MD5
7ad8c84dea7bd1e9cbb888734db28961

SHA1
58e047c7abecdd31d4e3c937b0ee89c98ab06c6a

SHA256
a4b6e53453d1874a6f78f0d7aa14dfafba778062f4b85b42b4c1001e1fc17095

SHA512
d34b087f7c6dd224e9bfe7a24364f878fc55c5368ce7395349ca063a7fd9ac555baed8431bfa13c331d7e58108b34e0f9d84482ce2e133f623dd086f14345adb

Download Submit
C:\Users\Admin\Downloads\MyDoom.A.exe.crdownload

Filesize
22KB

MD5
53df39092394741514bc050f3d6a06a9

SHA1
f91a4d7ac276b8e8b7ae41c22587c89a39ddcea5

SHA256
fff0ccf5feaf5d46b295f770ad398b6d572909b00e2b8bcd1b1c286c70cd9151

SHA512
9792017109cf6ffc783e67be2a4361aa2c0792a359718434fec53e83feed6a9a2f0f331e9951f798e7fb89421fdc1ac0e083527c3d3b6dd71b7fdd90836023a0

Download Submit
C:\Windows\SysWOW64\shimgapi.dll

Filesize
4KB

MD5
8750df7c3d110ebc870f7afe319426e6

SHA1
a770fff05a829f666517a5f42e44785d6f0b4ae7

SHA256
fa3f934083746a702de18b927284f0145d4b82a92f2111693e93a4f762b50c00

SHA512
dfcbc2ba358ec40143e842d5242781a59943e646f50c41010a8cc4e2c5a15d5b19dcd2ee9556a0317ca73283e84d1f9d1b0b8b7470b493fe38e4e027336b8a2a

Download Submit
memory/2140-951-0x00000000004A0000-0x00000000004AD000-memory.dmp

Filesize
52KB

Download
memory/2196-1256-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download
memory/2224-1009-0x00000000004A0000-0x00000000004AD000-memory.dmp

Filesize
52KB

Download
memory/2840-976-0x00000000004A0000-0x00000000004AD000-memory.dmp

Filesize
52KB

Download
memory/3252-993-0x00000000004A0000-0x00000000004AD000-memory.dmp

Filesize
52KB

Download
memory/3660-913-0x00000000004A0000-0x00000000004AD000-memory.dmp

Filesize
52KB

Download
memory/3660-915-0x000000007E1A0000-0x000000007E1A7000-memory.dmp

Filesize
28KB

Download
memory/3708-1027-0x00000000004A0000-0x00000000004AD000-memory.dmp

Filesize
52KB

Download
memory/3944-1100-0x0000000000400000-0x0000000000AD8000-memory.dmp

Filesize
6.8MB

Download
memory/4084-903-0x000000007E1A0000-0x000000007E1A7000-memory.dmp

Filesize
28KB

Download
memory/4084-898-0x00000000004A0000-0x00000000004AD000-memory.dmp

Filesize
52KB

Download
memory/4084-906-0x000000007E1A0000-0x000000007E1A7000-memory.dmp

Filesize
28KB

Download
memory/4084-905-0x00000000004A0000-0x00000000004AD000-memory.dmp

Filesize
52KB

Download
memory/4088-942-0x00000000004A0000-0x00000000004AD000-memory.dmp

Filesize
52KB

Download
memory/4264-968-0x00000000004A0000-0x00000000004AD000-memory.dmp

Filesize
52KB

Download
memory/4444-1033-0x00000000004A0000-0x00000000004AD000-memory.dmp

Filesize
52KB

Download
memory/4444-928-0x00000000004A0000-0x00000000004AD000-memory.dmp

Filesize
52KB

Download
memory/4676-935-0x00000000004A0000-0x00000000004AD000-memory.dmp

Filesize
52KB

Download
memory/4680-1023-0x00000000004A0000-0x00000000004AD000-memory.dmp

Filesize
52KB

Download
memory/4884-921-0x00000000004A0000-0x00000000004AD000-memory.dmp

Filesize
52KB

Download
memory/5052-1001-0x00000000004A0000-0x00000000004AD000-memory.dmp

Filesize
52KB

Download