Analysis
-
max time kernel
232s -
max time network
233s -
platform
windows11-21h2_x64 -
resource
win11-20250502-en -
resource tags
arch:x64arch:x86image:win11-20250502-enlocale:en-usos:windows11-21h2-x64system -
submitted
10/05/2025, 07:58
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://github.com/enginestein/Virus-Collection/tree/main/Windows/Source/NoEscape
Resource
win11-20250502-en
General
-
Target
https://github.com/enginestein/Virus-Collection/tree/main/Windows/Source/NoEscape
Malware Config
Signatures
-
Disables Task Manager via registry modification
-
Downloads MZ/PE file 2 IoCs
flow pid Process 91 4400 msedge.exe 91 4400 msedge.exe -
Executes dropped EXE 2 IoCs
pid Process 5548 CookieClickerHack.exe 3808 Trololo.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs
flow ioc 89 raw.githubusercontent.com 90 raw.githubusercontent.com 91 raw.githubusercontent.com 110 camo.githubusercontent.com 111 camo.githubusercontent.com 112 camo.githubusercontent.com -
Drops file in Windows directory 64 IoCs
description ioc Process File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5784_2099676864\hyph-as.hyb msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5784_2099676864\hyph-bg.hyb msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5784_2099676864\hyph-cs.hyb msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5784_2099676864\hyph-da.hyb msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5784_2099676864\hyph-gu.hyb msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5784_2099676864\hyph-pt.hyb msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5784_2099676864\manifest.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5784_2099676864\_metadata\verified_contents.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5784_689067968\manifest.fingerprint msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5784_630909388\deny_full_domains.list msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5784_630909388\manifest.fingerprint msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5784_2099676864\hyph-sk.hyb msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5784_2099676864\hyph-und-ethi.hyb msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5784_1597334679\Filtering Rules msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5784_2099676864\hyph-de-1996.hyb msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5784_2099676864\hyph-gl.hyb msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5784_2099676864\hyph-te.hyb msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5784_630909388\deny_domains.list msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5784_2099676864\hyph-eu.hyb msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5784_2099676864\hyph-lt.hyb msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5784_2099676864\hyph-lv.hyb msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5784_1597334679\manifest.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5784_1597334679\Part-ES msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5784_2099676864\hyph-hr.hyb msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5784_1597334679\Filtering Rules-CA msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5784_2099676864\hyph-en-gb.hyb msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5784_2099676864\hyph-en-us.hyb msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5784_2099676864\hyph-es.hyb msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5784_2099676864\hyph-hy.hyb msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5784_2099676864\hyph-ka.hyb msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5784_2099676864\hyph-ru.hyb msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5784_2099676864\hyph-ta.hyb msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5784_1597334679\Part-FR msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5784_630909388\manifest.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5784_2099676864\hyph-la.hyb msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5784_2099676864\hyph-mn-cyrl.hyb msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5784_1597334679\Part-DE msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5784_1597334679\Part-IT msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5784_1597334679\Part-RU msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5784_1597334679\Part-ZH msedge.exe File opened for modification C:\Windows\SystemTemp msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5784_689067968\sets.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5784_2102106451\manifest.fingerprint msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5784_2099676864\hyph-bn.hyb msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5784_1597334679\adblock_snippet.js msedge.exe File opened for modification C:\Windows\SystemTemp msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5784_2102106451\typosquatting_list.pb msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5784_2099676864\hyph-et.hyb msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5784_2099676864\hyph-pa.hyb msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5784_2099676864\hyph-uk.hyb msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5784_2099676864\manifest.fingerprint msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5784_1597334679\Filtering Rules-AA msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5784_689067968\_metadata\verified_contents.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5784_2099676864\hyph-it.hyb msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5784_689067968\LICENSE msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5784_2099676864\hyph-cy.hyb msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5784_2099676864\hyph-de-ch-1901.hyb msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5784_2099676864\hyph-hu.hyb msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5784_2099676864\hyph-or.hyb msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5784_1597334679\Part-NL msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5784_2102106451\manifest.json msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5784_2099676864\hyph-el.hyb msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5784_2099676864\hyph-fr.hyb msedge.exe File created C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping5784_2099676864\hyph-nb.hyb msedge.exe -
Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 2 IoCs
When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.
description ioc Process File opened for modification C:\Users\Admin\Downloads\CookieClickerHack.exe:Zone.Identifier msedge.exe File opened for modification C:\Users\Admin\Downloads\Trololo.exe:Zone.Identifier msedge.exe -
Enumerates system info in registry 2 TTPs 6 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Kills process with taskkill 2 IoCs
pid Process 1032 taskkill.exe 2516 taskkill.exe -
Modifies data under HKEY_USERS 3 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry msedge.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133913375415679742" msedge.exe Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry msedge.exe -
Modifies registry class 5 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-779059454-4269757009-3780780039-1000_Classes\Local Settings msedge.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ msedge.exe Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-779059454-4269757009-3780780039-1000\{A3CE7C0F-2F54-4141-9D6B-5ACEEE01BD13} msedge.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ msedge.exe Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-779059454-4269757009-3780780039-1000\{712E70BF-EE1B-4F1F-945E-1302C08DD565} msedge.exe -
NTFS ADS 3 IoCs
description ioc Process File opened for modification C:\Users\Admin\Downloads\BlackDream.zip:Zone.Identifier msedge.exe File opened for modification C:\Users\Admin\Downloads\CookieClickerHack.exe:Zone.Identifier msedge.exe File opened for modification C:\Users\Admin\Downloads\Trololo.exe:Zone.Identifier msedge.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 984 msedge.exe 984 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
pid Process 5784 msedge.exe 5784 msedge.exe 5784 msedge.exe 5784 msedge.exe 5784 msedge.exe 5784 msedge.exe 5784 msedge.exe 5784 msedge.exe 3624 msedge.exe 3624 msedge.exe -
Suspicious use of AdjustPrivilegeToken 4 IoCs
description pid Process Token: SeDebugPrivilege 2516 taskkill.exe Token: SeDebugPrivilege 1032 taskkill.exe Token: 33 5976 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 5976 AUDIODG.EXE -
Suspicious use of FindShellTrayWindow 36 IoCs
pid Process 5784 msedge.exe 5784 msedge.exe 5784 msedge.exe 5784 msedge.exe 5784 msedge.exe 5784 msedge.exe 5784 msedge.exe 5784 msedge.exe 5784 msedge.exe 5784 msedge.exe 5784 msedge.exe 5784 msedge.exe 5784 msedge.exe 5784 msedge.exe 5784 msedge.exe 5784 msedge.exe 5784 msedge.exe 5784 msedge.exe 5784 msedge.exe 5784 msedge.exe 5784 msedge.exe 5784 msedge.exe 5784 msedge.exe 5784 msedge.exe 5784 msedge.exe 5784 msedge.exe 5784 msedge.exe 5784 msedge.exe 5784 msedge.exe 5784 msedge.exe 5784 msedge.exe 5784 msedge.exe 5784 msedge.exe 5784 msedge.exe 5784 msedge.exe 5784 msedge.exe -
Suspicious use of SendNotifyMessage 6 IoCs
pid Process 5784 msedge.exe 5784 msedge.exe 5784 msedge.exe 5784 msedge.exe 5784 msedge.exe 5784 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 5784 wrote to memory of 672 5784 msedge.exe 78 PID 5784 wrote to memory of 672 5784 msedge.exe 78 PID 5784 wrote to memory of 4400 5784 msedge.exe 79 PID 5784 wrote to memory of 4400 5784 msedge.exe 79 PID 5784 wrote to memory of 1840 5784 msedge.exe 80 PID 5784 wrote to memory of 1840 5784 msedge.exe 80 PID 5784 wrote to memory of 1840 5784 msedge.exe 80 PID 5784 wrote to memory of 1840 5784 msedge.exe 80 PID 5784 wrote to memory of 1840 5784 msedge.exe 80 PID 5784 wrote to memory of 1840 5784 msedge.exe 80 PID 5784 wrote to memory of 1840 5784 msedge.exe 80 PID 5784 wrote to memory of 1840 5784 msedge.exe 80 PID 5784 wrote to memory of 1840 5784 msedge.exe 80 PID 5784 wrote to memory of 1840 5784 msedge.exe 80 PID 5784 wrote to memory of 1840 5784 msedge.exe 80 PID 5784 wrote to memory of 1840 5784 msedge.exe 80 PID 5784 wrote to memory of 1840 5784 msedge.exe 80 PID 5784 wrote to memory of 1840 5784 msedge.exe 80 PID 5784 wrote to memory of 1840 5784 msedge.exe 80 PID 5784 wrote to memory of 1840 5784 msedge.exe 80 PID 5784 wrote to memory of 1840 5784 msedge.exe 80 PID 5784 wrote to memory of 1840 5784 msedge.exe 80 PID 5784 wrote to memory of 1840 5784 msedge.exe 80 PID 5784 wrote to memory of 1840 5784 msedge.exe 80 PID 5784 wrote to memory of 1840 5784 msedge.exe 80 PID 5784 wrote to memory of 1840 5784 msedge.exe 80 PID 5784 wrote to memory of 1840 5784 msedge.exe 80 PID 5784 wrote to memory of 1840 5784 msedge.exe 80 PID 5784 wrote to memory of 1840 5784 msedge.exe 80 PID 5784 wrote to memory of 1840 5784 msedge.exe 80 PID 5784 wrote to memory of 1840 5784 msedge.exe 80 PID 5784 wrote to memory of 1840 5784 msedge.exe 80 PID 5784 wrote to memory of 1840 5784 msedge.exe 80 PID 5784 wrote to memory of 1840 5784 msedge.exe 80 PID 5784 wrote to memory of 1840 5784 msedge.exe 80 PID 5784 wrote to memory of 1840 5784 msedge.exe 80 PID 5784 wrote to memory of 1840 5784 msedge.exe 80 PID 5784 wrote to memory of 1840 5784 msedge.exe 80 PID 5784 wrote to memory of 1840 5784 msedge.exe 80 PID 5784 wrote to memory of 1840 5784 msedge.exe 80 PID 5784 wrote to memory of 1840 5784 msedge.exe 80 PID 5784 wrote to memory of 1840 5784 msedge.exe 80 PID 5784 wrote to memory of 1840 5784 msedge.exe 80 PID 5784 wrote to memory of 1840 5784 msedge.exe 80 PID 5784 wrote to memory of 1840 5784 msedge.exe 80 PID 5784 wrote to memory of 1840 5784 msedge.exe 80 PID 5784 wrote to memory of 1840 5784 msedge.exe 80 PID 5784 wrote to memory of 1840 5784 msedge.exe 80 PID 5784 wrote to memory of 1840 5784 msedge.exe 80 PID 5784 wrote to memory of 1840 5784 msedge.exe 80 PID 5784 wrote to memory of 1840 5784 msedge.exe 80 PID 5784 wrote to memory of 1840 5784 msedge.exe 80 PID 5784 wrote to memory of 1840 5784 msedge.exe 80 PID 5784 wrote to memory of 1840 5784 msedge.exe 80 PID 5784 wrote to memory of 1840 5784 msedge.exe 80 PID 5784 wrote to memory of 5016 5784 msedge.exe 81 PID 5784 wrote to memory of 5016 5784 msedge.exe 81 PID 5784 wrote to memory of 5016 5784 msedge.exe 81 PID 5784 wrote to memory of 5016 5784 msedge.exe 81 PID 5784 wrote to memory of 5016 5784 msedge.exe 81 PID 5784 wrote to memory of 5016 5784 msedge.exe 81 PID 5784 wrote to memory of 5016 5784 msedge.exe 81 PID 5784 wrote to memory of 5016 5784 msedge.exe 81 PID 5784 wrote to memory of 5016 5784 msedge.exe 81
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/enginestein/Virus-Collection/tree/main/Windows/Source/NoEscape1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5784 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2e4,0x2e8,0x2ec,0x2c0,0x2f4,0x7ffaf055f208,0x7ffaf055f214,0x7ffaf055f2202⤵PID:672
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1828,i,7064592315441691828,2820850248825070425,262144 --variations-seed-version --mojo-platform-channel-handle=2192 /prefetch:112⤵
- Downloads MZ/PE file
PID:4400
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2152,i,7064592315441691828,2820850248825070425,262144 --variations-seed-version --mojo-platform-channel-handle=2148 /prefetch:22⤵PID:1840
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=1408,i,7064592315441691828,2820850248825070425,262144 --variations-seed-version --mojo-platform-channel-handle=2360 /prefetch:132⤵PID:5016
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=1988,i,7064592315441691828,2820850248825070425,262144 --variations-seed-version --mojo-platform-channel-handle=3484 /prefetch:12⤵PID:2348
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3352,i,7064592315441691828,2820850248825070425,262144 --variations-seed-version --mojo-platform-channel-handle=3492 /prefetch:12⤵PID:5228
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4884,i,7064592315441691828,2820850248825070425,262144 --variations-seed-version --mojo-platform-channel-handle=5100 /prefetch:142⤵PID:3880
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5144,i,7064592315441691828,2820850248825070425,262144 --variations-seed-version --mojo-platform-channel-handle=5072 /prefetch:142⤵PID:5452
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5596,i,7064592315441691828,2820850248825070425,262144 --variations-seed-version --mojo-platform-channel-handle=5628 /prefetch:142⤵PID:3464
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5596,i,7064592315441691828,2820850248825070425,262144 --variations-seed-version --mojo-platform-channel-handle=5628 /prefetch:142⤵PID:2380
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5432,i,7064592315441691828,2820850248825070425,262144 --variations-seed-version --mojo-platform-channel-handle=5292 /prefetch:142⤵PID:3580
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\cookie_exporter.execookie_exporter.exe --cookie-json=11323⤵PID:876
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5832,i,7064592315441691828,2820850248825070425,262144 --variations-seed-version --mojo-platform-channel-handle=5844 /prefetch:142⤵PID:3980
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6244,i,7064592315441691828,2820850248825070425,262144 --variations-seed-version --mojo-platform-channel-handle=6324 /prefetch:142⤵PID:4536
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6384,i,7064592315441691828,2820850248825070425,262144 --variations-seed-version --mojo-platform-channel-handle=6260 /prefetch:142⤵PID:464
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5944,i,7064592315441691828,2820850248825070425,262144 --variations-seed-version --mojo-platform-channel-handle=6340 /prefetch:142⤵PID:5196
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5176,i,7064592315441691828,2820850248825070425,262144 --variations-seed-version --mojo-platform-channel-handle=5800 /prefetch:142⤵PID:2804
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5924,i,7064592315441691828,2820850248825070425,262144 --variations-seed-version --mojo-platform-channel-handle=6360 /prefetch:142⤵PID:4132
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --always-read-main-dll --field-trial-handle=5744,i,7064592315441691828,2820850248825070425,262144 --variations-seed-version --mojo-platform-channel-handle=6532 /prefetch:12⤵PID:3112
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6764,i,7064592315441691828,2820850248825070425,262144 --variations-seed-version --mojo-platform-channel-handle=6720 /prefetch:142⤵
- NTFS ADS
PID:5576
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6916,i,7064592315441691828,2820850248825070425,262144 --variations-seed-version --mojo-platform-channel-handle=6720 /prefetch:142⤵PID:5820
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4860,i,7064592315441691828,2820850248825070425,262144 --variations-seed-version --mojo-platform-channel-handle=4896 /prefetch:142⤵PID:2020
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=5692,i,7064592315441691828,2820850248825070425,262144 --variations-seed-version --mojo-platform-channel-handle=3808 /prefetch:102⤵
- Suspicious behavior: EnumeratesProcesses
PID:984
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5788,i,7064592315441691828,2820850248825070425,262144 --variations-seed-version --mojo-platform-channel-handle=5148 /prefetch:142⤵PID:4684
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5640,i,7064592315441691828,2820850248825070425,262144 --variations-seed-version --mojo-platform-channel-handle=5400 /prefetch:142⤵PID:124
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --always-read-main-dll --field-trial-handle=5668,i,7064592315441691828,2820850248825070425,262144 --variations-seed-version --mojo-platform-channel-handle=3724 /prefetch:12⤵PID:2432
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5356,i,7064592315441691828,2820850248825070425,262144 --variations-seed-version --mojo-platform-channel-handle=3796 /prefetch:142⤵
- Subvert Trust Controls: Mark-of-the-Web Bypass
- NTFS ADS
PID:3728
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --always-read-main-dll --field-trial-handle=7036,i,7064592315441691828,2820850248825070425,262144 --variations-seed-version --mojo-platform-channel-handle=5392 /prefetch:12⤵PID:1328
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --always-read-main-dll --field-trial-handle=4872,i,7064592315441691828,2820850248825070425,262144 --variations-seed-version --mojo-platform-channel-handle=3768 /prefetch:12⤵PID:5236
-
-
C:\Users\Admin\Downloads\CookieClickerHack.exe"C:\Users\Admin\Downloads\CookieClickerHack.exe"2⤵
- Executes dropped EXE
PID:5548
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4736,i,7064592315441691828,2820850248825070425,262144 --variations-seed-version --mojo-platform-channel-handle=6560 /prefetch:142⤵PID:4032
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6072,i,7064592315441691828,2820850248825070425,262144 --variations-seed-version --mojo-platform-channel-handle=7172 /prefetch:142⤵PID:4676
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --always-read-main-dll --field-trial-handle=7300,i,7064592315441691828,2820850248825070425,262144 --variations-seed-version --mojo-platform-channel-handle=7192 /prefetch:12⤵PID:4816
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6408,i,7064592315441691828,2820850248825070425,262144 --variations-seed-version --mojo-platform-channel-handle=7284 /prefetch:142⤵
- Subvert Trust Controls: Mark-of-the-Web Bypass
- NTFS ADS
PID:3284
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7316,i,7064592315441691828,2820850248825070425,262144 --variations-seed-version --mojo-platform-channel-handle=7180 /prefetch:142⤵PID:2292
-
-
C:\Users\Admin\Downloads\Trololo.exe"C:\Users\Admin\Downloads\Trololo.exe"2⤵
- Executes dropped EXE
PID:3808 -
C:\Windows\SYSTEM32\taskkill.exetaskkill.exe /f /im explorer.exe3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:1032
-
-
C:\Windows\SYSTEM32\taskkill.exetaskkill.exe /f /im taskmgr.exe3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:2516
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window2⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:3624 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x240,0x244,0x248,0x23c,0x254,0x7ffaf055f208,0x7ffaf055f214,0x7ffaf055f2203⤵PID:5324
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1808,i,6390870877247069726,17026111708500397292,262144 --variations-seed-version --mojo-platform-channel-handle=2276 /prefetch:113⤵PID:4736
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2240,i,6390870877247069726,17026111708500397292,262144 --variations-seed-version --mojo-platform-channel-handle=2236 /prefetch:23⤵PID:5968
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2476,i,6390870877247069726,17026111708500397292,262144 --variations-seed-version --mojo-platform-channel-handle=2540 /prefetch:133⤵PID:1496
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4536,i,6390870877247069726,17026111708500397292,262144 --variations-seed-version --mojo-platform-channel-handle=4564 /prefetch:143⤵PID:1512
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4536,i,6390870877247069726,17026111708500397292,262144 --variations-seed-version --mojo-platform-channel-handle=4564 /prefetch:143⤵PID:3448
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4800,i,6390870877247069726,17026111708500397292,262144 --variations-seed-version --mojo-platform-channel-handle=4836 /prefetch:143⤵PID:5092
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --instant-process --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --always-read-main-dll --field-trial-handle=4952,i,6390870877247069726,17026111708500397292,262144 --variations-seed-version --mojo-platform-channel-handle=4976 /prefetch:13⤵PID:2596
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5276,i,6390870877247069726,17026111708500397292,262144 --variations-seed-version --mojo-platform-channel-handle=5332 /prefetch:143⤵PID:4944
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4904,i,6390870877247069726,17026111708500397292,262144 --variations-seed-version --mojo-platform-channel-handle=5360 /prefetch:143⤵PID:5036
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --always-read-main-dll --field-trial-handle=5656,i,6390870877247069726,17026111708500397292,262144 --variations-seed-version --mojo-platform-channel-handle=5688 /prefetch:13⤵PID:1648
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"1⤵PID:2836
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start1⤵PID:3748
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start2⤵PID:4816
-
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:3712
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x00000000000004CC 0x00000000000004D81⤵
- Suspicious use of AdjustPrivilegeToken
PID:5976
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"1⤵PID:4560
Network
MITRE ATT&CK Enterprise v16
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
280B
MD577f231115428df1ae61c19c07653d5f5
SHA1a9d330be63ea969636b04ac036d79dc9ab0747d3
SHA25652086d8f1ca9ddeb556ff85914c1e17d29abb42fe8e438293fa99f3c665ee57e
SHA512f8e735d01467e529194f0a4024ea46a24a8d4b667d1f89d703ed1ed833f9f14a768da52d6c92f1c0e535c4d738f9245f42fd425867d2630959cce981e52dd247
-
Filesize
280B
MD5186f308617c276bef642380e84c73fd8
SHA1b77392f924929880d51ddac635201b3320ce60a4
SHA2561fc78659310bf1adcb621129fc8c80baee7c0fee9a6dd3683d7221be6ecfc97f
SHA51290053f19c608a4ae5b11252202e033e7be8770bd593dd83ab6748ed4509a80aaeb6d91e9e4c31b236314d1532f5e5cc936af7bb5226c5eed93b86ed686dd19a4
-
Filesize
280B
MD5420e88562823ca3f395b23d13f66496c
SHA1af85c0c19b87ad965ebb2b1d628f466a99dfe8ac
SHA256f15866a511f3f13b09d9f7d41aada5c47ec12db60b551de3101b48b5f08b3412
SHA512fd307c3aa0610d88da0ec6ccd3e157187bbbc215f105b5e067d1d0d326da6fa5170129ff334f65dab69a5ffda32c9a18d0a745cc663ba97b2804fdcb2d9ae6e8
-
Filesize
44KB
MD5df06ef7a77fb71de10cbbf4f7cd91f32
SHA1794846bb2c78e7e6874bcc959be1dcef0de00e34
SHA256cc2ae6724f0751a1e9993286a68460a6c1a5b5feea57cddf7c0b5ce625077d7b
SHA5127613bddc4bc35b5d2492ddcdb3c7976765a45db4cce734ddfa21a3806f28ac9eb121f4f718d0c4a0443659956a44ade937a5f3cd53f7de13d58e03562f050b75
-
Filesize
520KB
MD5d0b80097fc74c67b6a5ddde30112a316
SHA19d84631688f9bae6e68de8c3bcf0fee1cf3e7463
SHA256d13e86eb88f1ead85835cefd69e963b89fd832d08b5f9425816e5739476b1676
SHA512f6daf325cf165580ab2f1797dd3fa71c5389f45b41c2d5a7caed99681bfc34bfa0bd95a061affd5fd0734887293a098f2726bccaa6e6f05c7509d9365b687749
-
Filesize
1.0MB
MD5eb26dc192bead94151d8bdbf92e6aa26
SHA12363b4ed6b68bd5c49bdb77757fbb79812b80e8d
SHA256e0b3ddd2bfab18a9c2282d53097eaa3440062c13a39fb8923d825596adeb3fa8
SHA512bb3cd36b8f49e61373161940593cdf9d48a9ea3bc1e096b395182b3b2a2c6d7337597df16ba00edd8a1ca234a7013543985c341e19d56f23473607f7ea36fcf8
-
Filesize
8.0MB
MD5efb31ba42ea54ba88c3ff034226f0ce2
SHA18a81f6e10a67f62ebd664f5c5dfe2779de334c5d
SHA25690489c6bcb404895b555ab28527630a48f98f5d2ccecb020355c0990c0a9074e
SHA5123039f65fa72231c05516d16723a2257ed3763d5c9663e22bd2613f5f002ab309c0b54452f44a5e9cc10c909c36698c087b3968ec41115bb1fd1416c0541a57f1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize5KB
MD575c740cb3a1502e37d87bf8aaca7a959
SHA1e3dd9a1a9f9d692a275b208be07d674a277975c3
SHA256d93cdbbe197cd7aa6af24de938837624109d3619cd4e3a9ae5a1671920fa4f06
SHA51246f7285f4a0ba417e51f99da703a66acdce5a70e528189f61008b032415aa4b2cb879d31cf1ce8e9deb9ad1d81659aba7779694ef97996dab02341a50d4d09b1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize5KB
MD55d0ae66e99d05cabff039c29d3720533
SHA1f49e567e044ac0c66e57a49f1c14b5b8edefb21b
SHA256067d7cda55868fcde73e1cf81eb7e61e6803868de492c73b391fe6f00bfa2517
SHA51292e8ddf5e1e3236f93cbbe4884be25b7a9d7e4f1b4f254a46572bea8805b53b04c604e67dabbbe57c8ec20ea310d1eca7744dc35c782ca6b4484d584bdb4d406
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize5KB
MD5bac1d9d6453f2ff9cf460bee8ce47852
SHA1f09a3d37e82d7b57533f7526b06c81affbd1ee5b
SHA25647c7fdb4e05adbd34d96b458734d1d71c83c2563d4156b19dfab4a29cb18a042
SHA512b5765871f90a53a7663bb7db2ed25b14e33046816e2b2e55e8ccde8dfde115a38b4b302414e6f024d0ebfe3a69e23aa85a24420bfb3d6247c99b46223e7f2cb7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe57f0a9.TMP
Filesize3KB
MD58aea487342f2842d8b7c849f97e0fc3c
SHA13b4c48c7aec2bfa0181851431713f4428e49294d
SHA2563957761f3e83a841b69b3163c1f2e2f9e3ce26bc98333e480c632f430774d321
SHA5121da31ccb994ca80a7cfe25c9ea8e2e33ff2eafd098c84886e3a2c5302f5cff5146ee3a2cde5271b274f7e61852bc198f329e62e6c17ff301a42d43adb46178e9
-
Filesize
264KB
MD53b7dcd64b365b8b3735894de2733482f
SHA1d46b62b9bd18e33502cb528098a564771e48c06a
SHA2565a0b6f8775b44878dac469d67f281a06bc377413f3b9e1a8e791591340cece2f
SHA512a14d06a87a49688ffa36cebc00e421dde590f132d33f5134e153315fa01b5493097a867e662b147706c77131edf5bf68bdbe00ec0137e150ce520d969183e7e2
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
20KB
MD58041dc678119888a6c57bd4d2f6e15b4
SHA1d918d4ba0da44258daa3ec6d6ec1b4504cdc85ee
SHA256e052cf3292ca1dbf6762b6c7f87ef4f207b2e4a80656e8d8c280733bfb0f13bf
SHA5123f30db4ffce3998833ce905c0676cb54765afd62e2d844181bf741c0bbc1891c9fa16e6536a9295b842cfb466dc169ee7fcbcf880b870c283f3961c1653a478b
-
Filesize
192KB
MD55fe62dd4858378b0c7a29a78471e75af
SHA173067f9a79150c9d2223c78ddf2726875814f45c
SHA256bab352e4068499562355c493db42394f47700d7922db6d26ddfcb09e10912a8a
SHA512d14fd06ca42bbd71f87ab1d91d06020476b64d7ddebc0d4ed325164b1f0ba07ed011f637ce21afabe709c55021af3035dce6f4a62ccaa12988db71fa6ce2c444
-
Filesize
108KB
MD506d55006c2dec078a94558b85ae01aef
SHA16a9b33e794b38153f67d433b30ac2a7cf66761e6
SHA256088bb586f79dd99c5311d14e1560bbe0bb56225a1b4432727d2183341c762bcd
SHA512ec190652af9c213ccbb823e69c21d769c64e3b9bae27bea97503c352163bf70f93c67cebbf327bfc73bfd632c9a3ae57283b6e4019af04750fe18a2410a68e60
-
Filesize
3KB
MD55eab148c8b02dc9e78c98aad4e203b20
SHA1cdc650831e6a12303c2f8c9fc64f139aceab8c6c
SHA2564cdfa671e79c644bf8c78f683bfcd489af318e332388a758118d9f2fc296c6de
SHA512954e2c3f1d924661362df7f848d0073ef854d7d23fce6c649cc4cf86612c61981cd44d1ea82b64cb1dc94d27cc347327db3a0c46f2e9467d9e0d29419726f6bd
-
Filesize
2KB
MD567ec4d222dee7c7f5a71aac1d8b11ba0
SHA198207534b24f38ae6d2e6ce5deb4a4b0bc26ddfa
SHA2560e3aff85c94cbf4c13a9c624c57d9196c028e623ce973079731ecdce7750ccfa
SHA5120620320ec9245e9063aac8cc7bdc1f9f5c0eb3a9c45b751b2ff47d4016ab830ea07f6360aa00fdeb0d0a76cb77fdacbabf09ac7ab99b152159baf419360433bf
-
Filesize
2KB
MD57a25ae1663331c63321c37121bef683b
SHA19b209448cd391177d290e7e8b4176de62594ff56
SHA256ebc043644f11fe8c9feb8bd97996aaf5d5f607e096b8afb98d6c395305375d99
SHA5121e0c88ca510b0de4e2f9d07e1e2833295f1f4941f409a42f1f9b3c7ad27be47b0455a4e33a520b59ced99b83daa96a716ffdf0129700073231940b8f03fa513d
-
Filesize
3KB
MD50e665a1382520e153c89aa2f1afc994c
SHA122024808476e6fe0b945c7c9bf444906b968e0d6
SHA256e0c4cc5b93e9239ac412e93d4de1a59267c42a3a5b27bd62149c19611a865e11
SHA51289793b539138a39b2d2b92113cd36dc3bb22d519b85064892e6c664da985e1a080593d8817207e36aa53e0acdc259b958211490916586be2d1f1734c709e267b
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
40B
MD520d4b8fa017a12a108c87f540836e250
SHA11ac617fac131262b6d3ce1f52f5907e31d5f6f00
SHA2566028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d
SHA512507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856
-
Filesize
18KB
MD5f10b3af7a6b0351602bb9d72288c1936
SHA1e097023e66a9bc5f947a581a2ef1a8d53dcde17f
SHA2561653e96b5b2f0b80c176597937af6eddebb1330771aaf6e72fe6a803d85954b1
SHA512bf2a291da3581d51c74a7d355bd927ccbcc814dfaa4c4a86e77c27c05fcd78fe21d08e6c800a56c96945a1fd0a490dc5f58b5a33ab1717b9947b36360f7c3764
-
Filesize
19KB
MD57997c037d296c644fa3b1e6ac0dab333
SHA1163fb4895cdfcb7b0abf4495c2c6efd94e355070
SHA256a7824dbd0a2b86b1ae6708531c837f2601871c83ae24440b2fa178f3035b173a
SHA51223f8c3ad368b4b6488f5da1cc26812d09d743a466ecbe72199646ee7119323c17c795d07dfbf29f29bca66b8692d473ece079f2eb42ab299a0a50d2ce3d72edb
-
Filesize
18KB
MD5bc6ea2b2792fd15735d3a4962dfc5ce0
SHA1b46384cb752f48e15feb3753796601377fc22bf8
SHA256784d8fd73a8405e6a625ee7d9b5653dbee98c7ede9af5870d027b46d52d14a2f
SHA512cbd861ee76b7866a75a1a29847bf07d2e7ed6c48f5bb994f5d8d3893244a1df611f73cc42fac572943522520419cc62f6c46560c6666988941b66947f73d5ee4
-
Filesize
17KB
MD58c7421bc4532b41cba3d8e05b4b23d50
SHA1782e4c9f9379bcbdd4ab6b7b425da271862a9a6c
SHA256759891c025dd6df8f587651779169fa82e016ab08bdd1b0e14d4bfeee52e70ef
SHA512f12ba8b3a152c4f8b1b133f83cf2adb22bc12616c4fec6c79b37046de50fe6739eaea4507aa8614a67c1e46c47fe8f00dc58792e690aec9790945dde10a73e71
-
Filesize
37KB
MD545d13df293bd6cad9cd920fab8fe85fb
SHA15c75bd2c332ac4f3a25cdb6c5bd22299c23e3780
SHA2568c06b4ba80fa158548ba808ca59eb6b43b40355b09173f0ac5014546deb68071
SHA512b37ce578bfe38090b10c1c740c7a2b39b78063ab827fa8bf2f9f363e2f8eaba95521af4cb4e3585409d30dbee31e43be87cfbb4365fab1f99e7215ed24ec4aaf
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\b6571856-371a-4f7e-b43f-ce86e2b0351d\index-dir\the-real-index
Filesize1KB
MD5aec2b66e2f070b4413a87adb852d394f
SHA154c53f5777c28cb26e0654ffffe4554b27c2f28a
SHA2565e29b69d1263c3dece4674943cdffed953f51747a75ff90ca57ac173c11f79d6
SHA512c2eb4b5c92fa3d6e83a9b7cb4213c2fc57142a6d1abb297dae3a2c33754ac7ed51a2c7312a7372aa5d32729d8c9ee1cc592ed3eb05d2f4bb75f591d070af2933
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\b6571856-371a-4f7e-b43f-ce86e2b0351d\index-dir\the-real-index~RFe5ad2e2.TMP
Filesize1KB
MD5dd15c27e3be275d8f881f71ed184f5e6
SHA1e5b70584239631b71ec0bacedfc6f559f8be5eb6
SHA2564cae596156e273fe29ce26e6e60ce5ae496168dbb52e1383ee01e7930338e8aa
SHA5126eca270f05313db63d569f121f3ceb8a0e32f8e01fbed56abbd6ee1bdfa8a765076eae82bbdd156cdc9a13ad9b67235d297bb08c21105c4763fe9020176da447
-
Filesize
335B
MD514e7b00e7e99bcf7c30a9fda6fdbf0e1
SHA1c08439044c65a6b36c10698cd99aa020fe01bb1d
SHA256b6a9f8449d830e8f6114fd1202f6efc7b911b290ee3ca529fb885bed7e839d14
SHA51297c80945acef744fefe44d7c20ceab2e6a623e25f82b18f32757e2f8cd3c77dad57fc4708ed2819934c29a3a079c7f6cb2a22f52bf8ac29b3e0ebe065621022b
-
Filesize
347B
MD50eb525d66a5b8505cc6d9e2ec730e7d0
SHA1a91daddfa19b13807f098263ee2a982dcc1f255b
SHA256625b6300083c63143390be7abfe61f6546a975cb2d9538eaa1ab6594f725d231
SHA512e4ab05bf5399a7112d25ccd777802726e5e8948994927d258a7af4246f762bc2179beb0660b7198363b88e740757f6191cc517c91719e27388b65ce09f4e6bc7
-
Filesize
323B
MD55a83d815588459a9fbce0a394d6a839f
SHA14e7f8886b1e6288f693340ff11ce8e139cb14b9e
SHA25612f88f6bdb16023aa25090126dfeb4773436327048ce4061a6561bab163999c7
SHA5125884b796d5b2d8611a621650c5fd45eea7f531e0a3955bc9d7890910240ece4b28f606fe6faaf8e7e0b0f66101155e0d35f08ee2ef841ae9c38c9166a4b92971
-
Filesize
22KB
MD52634fda2d1ec6f76b6b26dc4b77d6364
SHA1d8e62308d00186f4b97c8bed69275340b33b9124
SHA25699a048572bbb5ecdbc93b57ae468eee80b8097ce9772a03eb7dac086b5c72de8
SHA51260f891ac3228f23b8be9ffcba42718aa66ade7afd1fb860003c22699c89ff20187ca682da411768c82ab7ed7d4ab36ccc2cbe1d6b07a5a385bf12290df17232e
-
Filesize
128KB
MD5c6e522c466c8716aa4f5ce28927c4efa
SHA114d0e7382f1108c94ec6156c457536d465d1f2ed
SHA256e8df060b9648bdc0b5edaa039aa0df34770a4c1f3b3f9298c5efb2a81c1ff04c
SHA512f186ea521f552bfd319e24103f9d4d38b6ba4aa4846356f1407369024c1404e1652654e31eaf8d7302067e449a1a268d5d84a24fb6c801823d018ec184a4c62f
-
Filesize
13KB
MD5256c40bace492c4e28451ce149d2f9ac
SHA1b48b0eaf986b9efc91d5c8dd394dccb6d82e2adc
SHA256f9e4da319fe1f5a7d497c452421f4648a24ec7588f309ebea0f0cd61a6251eef
SHA51233b38d1ced015798722180fc8c8ce6daedb18cd5d0e4b3db27d6176c13cf3ccb1bd79f2e68ca390d6eb43ac508c29067e8f1a3ee9f0167cabe37ebbddf6b0ec0
-
Filesize
462B
MD52e0600eaa46107608586ae685e7f8837
SHA1e6694c27dd832e297b9300d811aa6111b6d6063d
SHA25620807117a5eefd2a70cd18b5eb24135da90b1bf55d034efeedfde95c39e841e4
SHA512cbeb8dc8b5bc45b8582b191a89f14c62febf014430f81fdf66b5b8945fb6c143706ec5eb37ce2fdf96a2b01b8a5cf74f2a812f91b324c5ca482f8205e8f0d118
-
Filesize
13B
MD53e45022839c8def44fd96e24f29a9f4b
SHA1c798352b5a0860f8edfd5c1589cf6e5842c5c226
SHA25601a3e5d854762d8fdd01b235ce536fde31bf9a6be0596c295e3cea9aaf40f3dd
SHA5122888982860091421f89f3d7444cacccb1938ef70fc084d3028d8a29021e6e1d83eaef62108eace2f0d590ed41ece0e443d8b564e9c9a860fc48d766edb1dc3d9
-
Filesize
61KB
MD54c3fa29c3509bc0a89be011b915abfdf
SHA13941301486c34deec1217df81a67627dac1904a3
SHA256746c78eb2966b5a6515ba0b1ed580fac7e84253f8d8b5e296301912c9359bb0c
SHA5125045024cb68e2348ce70f8cf523b15339bc1ceb1c1ca45e9088f55460ba0535d911bee5bc1412c48c9c43cf248ac9c1bbc47f575a6870686ab84344b1918ec3d
-
Filesize
54KB
MD553a880146332afe7f5a7dec2d3e50bab
SHA135cb694ec140febdb8940dd56b50785f87bcaf3b
SHA256e7655312764b70953fe08cf84c0dbf81edda8926d8f92448eb5d520473ce4533
SHA5122873f25ec0dced769ee2ddfadb49bb476664f04b34f936a8ad18f0dfe355131926535f1e254f0965481bc92e1d321940f89f39cc269865004373a479c1711cc2
-
Filesize
40KB
MD5bbffeaae613276b53530b9143dbe80cb
SHA1fb642966e4e9e0efe1ab60215d01123115912bf1
SHA256be35730e0b470b7d93fcf5669a92fcd5337988f99ac81107e94ab8f70c9b9f2b
SHA5125eaf69e7e2e5fc71f9ec900bc6c5f6e8079aedb3372fee5cbc08b0cfdc8a9ec2bdc2f8e95d918462c8537812b6f9976426090c6b9d99eb4428664f8f7f96710f
-
Filesize
54KB
MD5cd91e041e6cac485f9b703cc36c882f0
SHA175d5d13fde0d47895b6e1ee70f849e78ce2ddce7
SHA256b126b7fe5839967eecab5302ec0ead659816c9ee553f70886df48bbcd6274589
SHA512f1532ca48b5143ee48c002340b5430851fb2cf8deb80c83cf466b0eac3506c6168e93479404dcca7ef81a43e655346f345fc60d573903847f36a09f7710348de
-
Filesize
54KB
MD5099b85c3c489d764da38f2887ed65e7a
SHA1f43d92ac2ece69793de096b6315ca73a77e22fcf
SHA256788984e0d2106d334c776ea06f3b0d47a85c56b9a15bc852926114d97fc030e4
SHA512a91e22cea1835a1be5b5d38c9045d9e9472c9c2ec95907103c98fbcb2cf447a54bfb9a2a0ab3ffaa6638904faeaab212aed708459224b16b8e00faee971247d1
-
Filesize
61KB
MD5b6a88ef572581fcd12433e35844ce5e6
SHA111741449e679b4d6be55d048a5a414f81f4b18f3
SHA2568660f22a1a129e17ebf87ea7744782e4d9d229b53758a5d910924c26dbefac35
SHA51213694b1e10e38508953b4f4c83891c5db807e47c46c2a6b0aef7051bea25482fb04c57a332093a303fd7f7d79a19de42ec1a12cd5cb14c14c478d32bda7ff6fc
-
Filesize
40KB
MD5e99308bfce325a030a8ef6d9781f97f0
SHA190c63c99e82485a660aad19ccc1579f5b6af7916
SHA256169caa7eab52656efc664b7ae6c0145196eb5c07602aa59e794dd38e7bd0422d
SHA512c4d7a43fb65a00d517212cfda091d2d55cede59ea99e3f8368382386c7fa078ef33d3ad38a34589a2aef0dc7334752022a2226b5ba1d86ac9935364d7b9511da
-
Filesize
54KB
MD525097501c162903faa99ffbe0a2b3e62
SHA165cd33f24077ef385190f20cf3dd0d97b04437dc
SHA2565f4f82a63cc98fe829dc6292bbc4976607b72d58e1d4e279915ab20e35829d9a
SHA512270b432ca1cb43059d3033fd34fceb68c72053894ac4c0575c74bb46787f49932cec03bd2abbac217918d92d6506c030e328c57a1985d1e44a5cfe3f6086e005
-
Filesize
54KB
MD5cacbbbce31771977b97688c6bd2c7374
SHA1543fccda8f4b5781d7cd78b51f17a7e61a50edca
SHA256a07d92814c31e7852d641d606420be4f89f363bab0d2a8f495992e5f54091386
SHA512c44536fb2a0521699eaddf9861c5c38f22723d90c5ce5db9843bfc87b585fcad4020fa3cc1046c2038b890824a779e175c7d970912ee25af37359445cc2773d7
-
Filesize
392B
MD526f9fce46631c73ace29c07ec2680a7f
SHA10127afa70fbca06a4e6ec906649214d439e9cc8e
SHA256446a2a373bef14ffe5bffdf411b6c016ddd6c9d0992eaa783ae115384ecaba83
SHA5123fa438bdf8e04cafa08a6e09d05edcbe25e77cfa8359d44d00f01cd1e53d07b6f8da1a9389acf3db34a4487e8b168c425a299755b9ff7bdcdfa0965c18c3981a
-
Filesize
392B
MD52e46fdb400607d253b499a72f51a5319
SHA167ff99bb28da0c1d19f50020ae1a0cf5afbfca73
SHA256fd43bf3ef2f99b9e0a9ee9e6d3f1c3e96421415aa0b8ed309f9ef6660364d1c6
SHA5127bc7270cc8c1b181ab5331df1dcfe007cc0461d81eabf2aedc97df60a85568d3fb3418a1120b9463d3872a7201123aa085f053f27d8b588cc62423b478d0c866
-
Filesize
392B
MD58e4ffd99bba92617a61655e57ba280d0
SHA1db1acdcaf676c427327efb66b135d6bf5f6175bf
SHA25688ff2b00bd9a5cd2ba2936f6235efae3a3700b79d70f6180b5f825ba3cbba962
SHA512ed5097c673dfc091f8e3397537ba648c91a4aad9669a0e9cbfb90bebd05d3f0becfc4686b8c54e3384abe410f3b9a8b126fe80f3b98167b146da22b6b824c734
-
Filesize
392B
MD5563580c53a186c6fda68085b059dbd7a
SHA1673d5ff02885119b65d1398dd766f30b145589f9
SHA256feca7235ee894cba6bc7df395eaaff655971319ee10cf492fbb0dd2378dff62a
SHA5127052006b63728b6c0d986258d06364dec7da4dc9b3a51dc717321a538276f2adf3e8360949509ff843753a0b69ff49728680e60a06e4d549ad524b0698c73c42
-
Filesize
392B
MD50937ccdfe97da46f1ae2d5c6b67f8a67
SHA1533a15d74be3f7faa6a94745d82265b88b29501b
SHA256212f977865dabf91f83df710c9ec02786aeba26c614c586e1a34ed6f1ceb294f
SHA512fc59f18694772be908efc332564a80b53ce42ee199a6a002f35b2998fcf168aed72359c5be1aef71def665c9284e68c0565a8081e1215f33be7afcd58bc749de
-
Filesize
392B
MD56ec98056879385c65a772f9c28439947
SHA15806abfd2026e76de686953bcdd99cd58f9a3575
SHA256320bffdb879c0fc9346dadbf5aa27f4c206deb6626a09cc3fec5baf38d91c0b6
SHA5120d47ccb4ef2ebfd9d7f26620e3b4394d0d3ad1d5d0b9d8e0b79a4be4e6604e14e2ea5b344c1705dc6652a390e191d1963935d0ca4c0cd257194adb845e861424
-
Filesize
392B
MD5abc00830e83e4d1395485d5dca26e049
SHA1cf79729c6d7a2a974ee4a20705991a2e3da8b6f5
SHA256d8728e89d71ddb0a03c2315a693dc18a45be9477e637eaa2e627b41d603f04bf
SHA512079712b9c1ae4c86c36ae5e698118dde7fc239755881cf0ebed3f628ca447ab581d943378b3a5b21ebe87629872f41a53cc51f68606be0d202e084dc5d738252
-
Filesize
392B
MD541d9385a4eff8de6bc016ac17215c03c
SHA135f108bd9028a1145f642c49f6938655f3f1a572
SHA2560860dbf3b42aab9d277167be1098c09debd5e79ccf817ee0f303bf4edc0e443f
SHA512042736b92902a0761403d536fe26c4648d1f00a7657591f60069955a97e115e26bfa806c06def9f751e10f27b7a25ddfca029f5b13917b3119b43f27f36cc283
-
Filesize
392B
MD5266fcf7ae05e4885dece090adfe1f325
SHA1308b493b4a3c3320f645763aa6cd0a8e14421c4a
SHA256b062a1c9a04137fe432a9c5abbebd404a5270f17e7492ac78dd7b5e54c186b39
SHA5124f66f1e5b09d8d5299c68d0cce52dfc1d326f440d7446504ddba2f560d45b536c9b615c7546a8622d95057869d7bfc5d67777de5074035c8aed7232d0bd8dd2c
-
Filesize
264KB
MD5719f725bb1709be7cc3e7375998c86da
SHA111ea3c281a61b3e5be036f929814d40f46d8ce5d
SHA25691a7d9c230ecf1bcfc56155b5dbf7c62acc03f1e99f8263cf93da45dbda5341f
SHA5123d4466ce84024c2cab962b384670885bac2a5f6e992e3dc6bbf137aa2b1b11f7aa3b67ffb1d8f91e790b1e6152baad20e2aa72e1cb5b469af2ded019eecee48c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Indexed Rules\36\10.34.0.80\Ruleset Data
Filesize2.8MB
MD53cdc93384b8e09c529d6dcd2f9df18ad
SHA14840919262721c45a058004024748e4ec898044e
SHA256b55d5717a543625a2aa3671e662bb59201548076fe9c3fb41e604c7f54b8b030
SHA5120994f3d74b0e23f83e92fc72db02d92d5bc7f7a0ea13b8ea92ab8b07ccb97450a101bbfa684159c5b6d56724f64d6fee9c3378f7ad40088b802851c80b7c2ef5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Unindexed Rules\10.34.0.80\Filtering Rules
Filesize1.8MB
MD5faf01ed2c0020f8fa512ff379d82c211
SHA1233d104dfe718231837e33c5543085b6dba5cd8b
SHA256192ca12bc520edee8b5a8844cc870cc4a669fb9c1449dad33a69fc5ce112c750
SHA5128ee475bc419950f08933be92c390087b67a7914825dce81eef4786012bf641f86f447239bb8d08602a407627b3846f12c52f365eae2af32fe5d22d5ee7133c31
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Unindexed Rules\10.34.0.80\LICENSE
Filesize24KB
MD5aad9405766b20014ab3beb08b99536de
SHA1486a379bdfeecdc99ed3f4617f35ae65babe9d47
SHA256ed0f972d56566a96fb2f128a7b58091dfbf32dc365b975bc9318c9701677f44d
SHA512bd9bf257306fdaff3f1e3e1fccb1f0d6a3181d436035124bd4953679d1af2cd5b4cc053b0e2ef17745ae44ae919cd8fd9663fbc0cd9ed36607e9b2472c206852
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Typosquatting\2025.5.9.1\typosquatting_list.pb
Filesize67KB
MD5a50b46aa311787328482750c251d2633
SHA1eaa327f9a89e5ec13301979f4ce49a36fc871049
SHA256019b9efc88e3e5939912472d7a9e43a8d9b675fff7ebf9b7b445042f6de4b721
SHA512a6820b29aa645abebeca3683ceb91372d69d8e589859e03f653ad6b2f3470ce2248603ce265c5d11f3da4833776d22493f3371e8e297591b678fa364bb5dc149
-
Filesize
86B
MD5961e3604f228b0d10541ebf921500c86
SHA16e00570d9f78d9cfebe67d4da5efe546543949a7
SHA256f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed
SHA512535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Web Notifications Deny List\2.0.0.22\manifest.fingerprint
Filesize66B
MD5c00b0e76dd1d6803e161f3064b6e6692
SHA10d7fd4a321a38026b31b2b70c6d2a9f84db47fff
SHA256e3dd51712598d3fc268cf56a6859747e596e79402cdd4099da9a79a4faab8d82
SHA512d594f2c56571845110a0b221ec22e06f0aace0602b7035acf32f0af4e3e4e6791bd5c9be1088f3310a5cb4b607014ee3fa6e71ead190be7ddcddde8cddfe2e9e
-
Filesize
66B
MD51d09a9a5e62b846125cd7b929cccbe44
SHA15271237c4d13f7735689a5acc52e48c491669aa3
SHA2561703e4e777b285aba435e71256890a5fe92d24cb01e0eefd03baddca228eee2f
SHA512cd2a2acc126ac6a7dcc81088047c894a427a44c5caa96003c1f3521beac3b46c117f0794e564838de14a18a3f65cb7988ba86b404e690ec77a57518247c03fbb
-
Filesize
166KB
MD5aa50bdf934d5e3e82b343e513cd08d9d
SHA163b4188400fb1028c3fd20c4fc321f3febd87f6b
SHA256febfa45cfc764dbf6895ce12f312ab85408fce2be85cf52ae11110fced7b1682
SHA51223961f5b0feebb8e9dbe3c53818903286c1f918bd1f396b8e7f8cb5019f94efb996ab2654696ec2ae7d434cb7c2ffa520573024f5d0668634be7799ee570ba47
-
Filesize
55B
MD50f98a5550abe0fb880568b1480c96a1c
SHA1d2ce9f7057b201d31f79f3aee2225d89f36be07d
SHA2562dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1
SHA512dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6
-
Filesize
68KB
MD5bc1e7d033a999c4fd006109c24599f4d
SHA1b927f0fc4a4232a023312198b33272e1a6d79cec
SHA25613adae722719839af8102f98730f3af1c5a56b58069bfce8995acd2123628401
SHA512f5d9b8c1fd9239894ec9c075542bff0bcef79871f31038e627ae257b8c1db9070f4d124448a78e60ccc8bc12f138102a54825e9d7647cd34832984c7c24a6276
-
Filesize
26B
MD5fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98
-
Filesize
3.0MB
MD5b6d61b516d41e209b207b41d91e3b90d
SHA1e50d4b7bf005075cb63d6bd9ad48c92a00ee9444
SHA2563d0efd55bde5fb7a73817940bac2a901d934b496738b7c5cab7ea0f6228e28fe
SHA5123217fc904e4c71b399dd273786634a6a6c19064a9bf96960df9b3357001c12b9547813412173149f6185eb5d300492d290342ec955a8347c6f9dcac338c136da
-
Filesize
116B
MD5a4edf901d950a9758ffe578ff1b03212
SHA1cda83d7736a1c05a7d2cb0b6704653c27b4a4ca5
SHA256aaca603fa9d65fefeaa198a93d03f2511de66b6398cc34dde6233eab492eebfd
SHA512835d6a31e56d400ace235ee94e16bc1e24bf1477e7e3524180d12b312a58422ce1a579daa423881e50bc2b314e50f5587e6fd98ea68a1ffcf294a7f187cdbac8
-
Filesize
703B
MD58961fdd3db036dd43002659a4e4a7365
SHA17b2fa321d50d5417e6c8d48145e86d15b7ff8321
SHA256c2784e33158a807135850f7125a7eaabe472b3cfc7afb82c74f02da69ea250fe
SHA512531ecec11d296a1ab3faeb2c7ac619da9d80c1054a2ccee8a5a0cd996346fea2a2fee159ac5a8d79b46a764a2aa8e542d6a79d86b3d7dda461e41b19c9bebe92
-
Filesize
687B
MD50807cf29fc4c5d7d87c1689eb2e0baaa
SHA1d0914fb069469d47a36d339ca70164253fccf022
SHA256f4df224d459fd111698dd5a13613c5bbf0ed11f04278d60230d028010eac0c42
SHA5125324fd47c94f5804bfa1aa6df952949915896a3fc77dccaed0eeffeafe995ce087faef035aecea6b4c864a16ad32de00055f55260af974f2c41afff14dce00f3
-
Filesize
141KB
MD5677edd1a17d50f0bd11783f58725d0e7
SHA198fedc5862c78f3b03daed1ff9efbe5e31c205ee
SHA256c2771fbb1bfff7db5e267dc7a4505a9675c6b98cfe7a8f7ae5686d7a5a2b3dd0
SHA512c368f6687fa8a2ef110fcb2b65df13f6a67feac7106014bd9ea9315f16e4d7f5cbc8b4a67ba2169c6909d49642d88ae2a0a9cd3f1eb889af326f29b379cfd3ff
-
Filesize
82B
MD52617c38bed67a4190fc499142b6f2867
SHA1a37f0251cd6be0a6983d9a04193b773f86d31da1
SHA256d571ef33b0e707571f10bb37b99a607d6f43afe33f53d15b4395b16ef3fda665
SHA512b08053050692765f172142bad7afbcd038235275c923f3cd089d556251482b1081e53c4ad7367a1fb11ca927f2ad183dc63d31ccfbf85b0160cf76a31343a6d0
-
Filesize
117B
MD5ec2d07974ef45152a83c82d09a08e138
SHA1cdfca8778648c74844b359b2d0f1d405302de8f6
SHA256bd6ad3cd015f36a4958892945f666703aeb10b2999422f58b699ba2d0895fa87
SHA512a9ec4562f90d2400229c6b30259ba569181398e20ede3dee4e8199a3c46f7607de5f78ab2ca115d83e7296f4e373625790ebe00108f1d0568b8f6f42cbc26dde
-
Filesize
176B
MD5778202dc964e7fb0ab5bed004f33fb14
SHA1932ed013275e2c1172575885246c937c7cca87af
SHA2564474f08d1718da148ddb55aeb998886c053f6539c2fee3b3b1796f3855792ff9
SHA5129105af9928af4bcceb2cdc2161137ef6b07f4b97d663bbf27086f80dd266e967a5524aa5aec3f457493a0c4b98aa092aac6bd5062e72cbd4d939402c92093948
-
Filesize
1KB
MD5ee002cb9e51bb8dfa89640a406a1090a
SHA149ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2
SHA2563dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b
SHA512d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c
-
Filesize
85B
MD5c3419069a1c30140b77045aba38f12cf
SHA111920f0c1e55cadc7d2893d1eebb268b3459762a
SHA256db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f
SHA512c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1