Overview
overview
10Static
static
10TrashMalwa...in.exe
windows10-2004-x64
8TrashMalwa...er.exe
windows10-2004-x64
8TrashMalwa...nk.exe
windows10-2004-x64
8TrashMalwa...oN.bat
windows10-2004-x64
8TrashMalwa...zz.exe
windows10-2004-x64
6TrashMalwa...de.exe
windows10-2004-x64
8TrashMalwa...20.exe
windows10-2004-x64
7TrashMalwa...ll.exe
windows10-2004-x64
8TrashMalwa...le.exe
windows10-2004-x64
8TrashMalwa...oe.bat
windows10-2004-x64
TrashMalwa....0.exe
windows10-2004-x64
7TrashMalwa....0.exe
windows10-2004-x64
8TrashMalwa....0.exe
windows10-2004-x64
8TrashMalwa...ic.exe
windows10-2004-x64
6TrashMalwa...OD.exe
windows10-2004-x64
10TrashMalwa...um.exe
windows10-2004-x64
6TrashMalwa...er.exe
windows10-2004-x64
8TrashMalwa...MZ.exe
windows10-2004-x64
1TrashMalwa...ch.exe
windows10-2004-x64
8TrashMalwa....5.exe
windows10-2004-x64
8TrashMalwa...ol.exe
windows10-2004-x64
8TrashMalwa...hm.exe
windows10-2004-x64
10TrashMalwa...10.exe
windows10-2004-x64
7TrashMalwa...V6.exe
windows10-2004-x64
7TrashMalwa.../x.exe
windows10-2004-x64
7Analysis
-
max time kernel
301s -
max time network
338s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system -
submitted
18-09-2022 14:13
Behavioral task
behavioral1
Sample
TrashMalwares-main/AcidRain.exe
Resource
win10v2004-20220812-en
Behavioral task
behavioral2
Sample
TrashMalwares-main/Antivirus_Installer.exe
Resource
win10v2004-20220901-en
Behavioral task
behavioral3
Sample
TrashMalwares-main/Dro trojan. Virus prank.exe
Resource
win10v2004-20220812-en
Behavioral task
behavioral4
Sample
TrashMalwares-main/FaZoN.bat
Resource
win10v2004-20220901-en
Behavioral task
behavioral5
Sample
TrashMalwares-main/Fizz.exe
Resource
win10v2004-20220812-en
Behavioral task
behavioral6
Sample
TrashMalwares-main/Ginxide.exe
Resource
win10v2004-20220812-en
Behavioral task
behavioral7
Sample
TrashMalwares-main/Install Windows20.exe
Resource
win10v2004-20220812-en
Behavioral task
behavioral8
Sample
TrashMalwares-main/MS-RickRoll.exe
Resource
win10v2004-20220901-en
Behavioral task
behavioral9
Sample
TrashMalwares-main/MercuryXhoffle.exe
Resource
win10v2004-20220812-en
Behavioral task
behavioral10
Sample
TrashMalwares-main/NetPakoe.bat
Resource
win10v2004-20220812-en
Behavioral task
behavioral11
Sample
TrashMalwares-main/NetPakoe3.0.exe
Resource
win10v2004-20220812-en
Behavioral task
behavioral12
Sample
TrashMalwares-main/NoEscape8.0.exe
Resource
win10v2004-20220901-en
Behavioral task
behavioral13
Sample
TrashMalwares-main/PC shaking v4.0.exe
Resource
win10v2004-20220812-en
Behavioral task
behavioral14
Sample
TrashMalwares-main/Phsyletric.exe
Resource
win10v2004-20220812-en
Behavioral task
behavioral15
Sample
TrashMalwares-main/RealBSOD.exe
Resource
win10v2004-20220812-en
Behavioral task
behavioral16
Sample
TrashMalwares-main/Sankylium.exe
Resource
win10v2004-20220812-en
Behavioral task
behavioral17
Sample
TrashMalwares-main/SuperWacker.exe
Resource
win10v2004-20220901-en
Behavioral task
behavioral18
Sample
TrashMalwares-main/TEMZ.exe
Resource
win10v2004-20220812-en
Behavioral task
behavioral19
Sample
TrashMalwares-main/ach.exe
Resource
win10v2004-20220901-en
Behavioral task
behavioral20
Sample
TrashMalwares-main/even0.5.exe
Resource
win10v2004-20220812-en
Behavioral task
behavioral21
Sample
TrashMalwares-main/lol.exe
Resource
win10v2004-20220812-en
Behavioral task
behavioral22
Sample
TrashMalwares-main/mhm.exe
Resource
win10v2004-20220812-en
Behavioral task
behavioral23
Sample
TrashMalwares-main/winnit6.6.6 V10.exe
Resource
win10v2004-20220901-en
Behavioral task
behavioral24
Sample
TrashMalwares-main/winnit6.6.6_V6.exe
Resource
win10v2004-20220812-en
Behavioral task
behavioral25
Sample
TrashMalwares-main/x.exe
Resource
win10v2004-20220812-en
General
-
Target
TrashMalwares-main/ach.exe
-
Size
837KB
-
MD5
ab4470038abfcf2550f50cb94537165e
-
SHA1
2aaa0e7137e2c09ab7f0cc5bcaf088521edad9f0
-
SHA256
7c80903c5d1765f106a9a25187c32b40a9f7ab11ebf40d8117ba5b80acc5f3e9
-
SHA512
b6853047083ccb5e4d0c13cad934366506dfb3decaefc9a06c26a255b1d0704b38047cafba2daa4cfb1bf09b3ef5ebe79153eee0ae8ea5cc8f534f280c50e7f4
-
SSDEEP
24576:+TbBv5rUlI6ZpBuTC/wYsxeB252QRoOXMf:ABRHC/Rso23RVXk
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
Processes:
2.exepid process 2400 2.exe -
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
Processes:
ach.exedescription ioc process Key value queried \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Control Panel\International\Geo\Nation ach.exe -
Adds Run key to start application 2 TTPs 1 IoCs
Processes:
msedge.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Windows\CurrentVersion\Run msedge.exe -
Drops file in Program Files directory 28 IoCs
Processes:
ach.exesetup.exedescription ioc process File created C:\Program Files (x86)\ach\1.vbs ach.exe File opened for modification C:\Program Files (x86)\ach\2.exe ach.exe File opened for modification C:\Program Files (x86)\ach\4.bat ach.exe File created C:\Program Files (x86)\ach\8.bat ach.exe File created C:\Program Files (x86)\ach\10.png ach.exe File opened for modification C:\Program Files (x86)\ach ach.exe File created C:\Program Files (x86)\ach\6.bat ach.exe File opened for modification C:\Program Files (x86)\ach\7.bat ach.exe File opened for modification C:\Program Files (x86)\ach\11.vbs ach.exe File created C:\Program Files (x86)\ach\2.exe ach.exe File created C:\Program Files (x86)\ach\9.bat ach.exe File opened for modification C:\Program Files (x86)\ach\10.png ach.exe File opened for modification C:\Program Files (x86)\ach\8.bat ach.exe File opened for modification C:\Program Files (x86)\ach\5.png ach.exe File opened for modification C:\Program Files (x86)\ach\12.bat ach.exe File created C:\Program Files (x86)\ach\3.bat ach.exe File opened for modification C:\Program Files (x86)\ach\9.bat ach.exe File created C:\Program Files (x86)\ach\11.vbs ach.exe File created C:\Program Files (x86)\ach\12.bat ach.exe File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20220918141938.pma setup.exe File opened for modification C:\Program Files (x86)\ach\1.vbs ach.exe File created C:\Program Files (x86)\ach\7.bat ach.exe File created C:\Program Files (x86)\ach\5.png ach.exe File opened for modification C:\Program Files (x86)\ach\6.bat ach.exe File created C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\c347a981-7a6f-4596-94f1-486f93d5e406.tmp setup.exe File created C:\Program Files (x86)\ach\__tmp_rar_sfx_access_check_240595062 ach.exe File created C:\Program Files (x86)\ach\4.bat ach.exe File opened for modification C:\Program Files (x86)\ach\3.bat ach.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies registry class 2 IoCs
Processes:
ach.exemsedge.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings ach.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ msedge.exe -
Runs regedit.exe 10 IoCs
Processes:
regedit.exeregedit.exeregedit.exeregedit.exeregedit.exeregedit.exeregedit.exeregedit.exeregedit.exeregedit.exepid process 5156 regedit.exe 6700 regedit.exe 2372 regedit.exe 6640 regedit.exe 5284 regedit.exe 3980 regedit.exe 4320 regedit.exe 6088 regedit.exe 6772 regedit.exe 456 regedit.exe -
Suspicious behavior: EnumeratesProcesses 26 IoCs
Processes:
msedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exepid process 5904 msedge.exe 5904 msedge.exe 5948 msedge.exe 5948 msedge.exe 6020 msedge.exe 6020 msedge.exe 6048 msedge.exe 6048 msedge.exe 6060 msedge.exe 6060 msedge.exe 5844 msedge.exe 5844 msedge.exe 6108 msedge.exe 6108 msedge.exe 6100 msedge.exe 6100 msedge.exe 6092 msedge.exe 6092 msedge.exe 3104 msedge.exe 3104 msedge.exe 6260 identity_helper.exe 6260 identity_helper.exe 5800 msedge.exe 5800 msedge.exe 5800 msedge.exe 5800 msedge.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
ach.exepid process 4632 ach.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs
Processes:
msedge.exepid process 3104 msedge.exe 3104 msedge.exe 3104 msedge.exe 3104 msedge.exe 3104 msedge.exe 3104 msedge.exe 3104 msedge.exe 3104 msedge.exe 3104 msedge.exe 3104 msedge.exe 3104 msedge.exe 3104 msedge.exe 3104 msedge.exe 3104 msedge.exe 3104 msedge.exe 3104 msedge.exe 3104 msedge.exe -
Suspicious use of FindShellTrayWindow 3 IoCs
Processes:
msedge.exepid process 3104 msedge.exe 3104 msedge.exe 3104 msedge.exe -
Suspicious use of SetWindowsHookEx 60 IoCs
Processes:
wordpad.exewordpad.exewordpad.exewordpad.exewordpad.exewordpad.exewordpad.exewordpad.exewordpad.exewordpad.exewordpad.exewordpad.exepid process 7144 wordpad.exe 7144 wordpad.exe 7144 wordpad.exe 2344 wordpad.exe 2344 wordpad.exe 2344 wordpad.exe 4792 wordpad.exe 2344 wordpad.exe 2344 wordpad.exe 4792 wordpad.exe 4792 wordpad.exe 7144 wordpad.exe 7144 wordpad.exe 4792 wordpad.exe 4792 wordpad.exe 372 wordpad.exe 372 wordpad.exe 372 wordpad.exe 5292 wordpad.exe 5292 wordpad.exe 5292 wordpad.exe 372 wordpad.exe 372 wordpad.exe 5292 wordpad.exe 5292 wordpad.exe 1876 wordpad.exe 1876 wordpad.exe 1876 wordpad.exe 1876 wordpad.exe 1876 wordpad.exe 6604 wordpad.exe 6604 wordpad.exe 6604 wordpad.exe 6604 wordpad.exe 6604 wordpad.exe 5764 wordpad.exe 5764 wordpad.exe 5764 wordpad.exe 6828 wordpad.exe 6828 wordpad.exe 6828 wordpad.exe 5764 wordpad.exe 5764 wordpad.exe 6828 wordpad.exe 6828 wordpad.exe 5808 wordpad.exe 5808 wordpad.exe 5808 wordpad.exe 5560 wordpad.exe 5560 wordpad.exe 5560 wordpad.exe 6316 wordpad.exe 6316 wordpad.exe 6316 wordpad.exe 5808 wordpad.exe 5808 wordpad.exe 6316 wordpad.exe 6316 wordpad.exe 5560 wordpad.exe 5560 wordpad.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
ach.execmd.execmd.exedescription pid process target process PID 4632 wrote to memory of 672 4632 ach.exe WScript.exe PID 4632 wrote to memory of 672 4632 ach.exe WScript.exe PID 4632 wrote to memory of 672 4632 ach.exe WScript.exe PID 4632 wrote to memory of 2400 4632 ach.exe 2.exe PID 4632 wrote to memory of 2400 4632 ach.exe 2.exe PID 4632 wrote to memory of 2400 4632 ach.exe 2.exe PID 4632 wrote to memory of 5076 4632 ach.exe cmd.exe PID 4632 wrote to memory of 5076 4632 ach.exe cmd.exe PID 4632 wrote to memory of 5076 4632 ach.exe cmd.exe PID 4632 wrote to memory of 4708 4632 ach.exe cmd.exe PID 4632 wrote to memory of 4708 4632 ach.exe cmd.exe PID 4632 wrote to memory of 4708 4632 ach.exe cmd.exe PID 4632 wrote to memory of 3228 4632 ach.exe WScript.exe PID 4632 wrote to memory of 3228 4632 ach.exe WScript.exe PID 4632 wrote to memory of 3228 4632 ach.exe WScript.exe PID 4632 wrote to memory of 3712 4632 ach.exe WScript.exe PID 4632 wrote to memory of 3712 4632 ach.exe WScript.exe PID 4632 wrote to memory of 3712 4632 ach.exe WScript.exe PID 4632 wrote to memory of 1304 4632 ach.exe WScript.exe PID 4632 wrote to memory of 1304 4632 ach.exe WScript.exe PID 4632 wrote to memory of 1304 4632 ach.exe WScript.exe PID 4632 wrote to memory of 5056 4632 ach.exe WScript.exe PID 4632 wrote to memory of 5056 4632 ach.exe WScript.exe PID 4632 wrote to memory of 5056 4632 ach.exe WScript.exe PID 4632 wrote to memory of 1228 4632 ach.exe WScript.exe PID 4632 wrote to memory of 1228 4632 ach.exe WScript.exe PID 4632 wrote to memory of 1228 4632 ach.exe WScript.exe PID 4632 wrote to memory of 4152 4632 ach.exe WScript.exe PID 4632 wrote to memory of 4152 4632 ach.exe WScript.exe PID 4632 wrote to memory of 4152 4632 ach.exe WScript.exe PID 4632 wrote to memory of 4604 4632 ach.exe WScript.exe PID 4632 wrote to memory of 4604 4632 ach.exe WScript.exe PID 4632 wrote to memory of 4604 4632 ach.exe WScript.exe PID 4632 wrote to memory of 2440 4632 ach.exe WScript.exe PID 4632 wrote to memory of 2440 4632 ach.exe WScript.exe PID 4632 wrote to memory of 2440 4632 ach.exe WScript.exe PID 4632 wrote to memory of 3420 4632 ach.exe WScript.exe PID 4632 wrote to memory of 3420 4632 ach.exe WScript.exe PID 4632 wrote to memory of 3420 4632 ach.exe WScript.exe PID 4632 wrote to memory of 5104 4632 ach.exe cmd.exe PID 4632 wrote to memory of 5104 4632 ach.exe cmd.exe PID 4632 wrote to memory of 5104 4632 ach.exe cmd.exe PID 4632 wrote to memory of 2344 4632 ach.exe cmd.exe PID 4632 wrote to memory of 2344 4632 ach.exe cmd.exe PID 4632 wrote to memory of 2344 4632 ach.exe cmd.exe PID 4632 wrote to memory of 4512 4632 ach.exe cmd.exe PID 4632 wrote to memory of 4512 4632 ach.exe cmd.exe PID 4632 wrote to memory of 4512 4632 ach.exe cmd.exe PID 4632 wrote to memory of 3388 4632 ach.exe cmd.exe PID 4632 wrote to memory of 3388 4632 ach.exe cmd.exe PID 4632 wrote to memory of 3388 4632 ach.exe cmd.exe PID 4632 wrote to memory of 1768 4632 ach.exe cmd.exe PID 4632 wrote to memory of 1768 4632 ach.exe cmd.exe PID 4632 wrote to memory of 1768 4632 ach.exe cmd.exe PID 4632 wrote to memory of 1832 4632 ach.exe cmd.exe PID 4632 wrote to memory of 1832 4632 ach.exe cmd.exe PID 4632 wrote to memory of 1832 4632 ach.exe cmd.exe PID 4632 wrote to memory of 3256 4632 ach.exe cmd.exe PID 4632 wrote to memory of 3256 4632 ach.exe cmd.exe PID 4632 wrote to memory of 3256 4632 ach.exe cmd.exe PID 5076 wrote to memory of 3080 5076 cmd.exe msedge.exe PID 5076 wrote to memory of 3080 5076 cmd.exe msedge.exe PID 4708 wrote to memory of 2008 4708 cmd.exe msedge.exe PID 4708 wrote to memory of 2008 4708 cmd.exe msedge.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\TrashMalwares-main\ach.exe"C:\Users\Admin\AppData\Local\Temp\TrashMalwares-main\ach.exe"1⤵
- Checks computer location settings
- Drops file in Program Files directory
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\ach\1.vbs"2⤵
-
C:\Program Files (x86)\ach\2.exe"C:\Program Files (x86)\ach\2.exe"2⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\ach\3.bat" "2⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/channel/UC6qeIOiQYuevWysxR91eEZA3⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffe963846f8,0x7ffe96384708,0x7ffe963847184⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,3756725831459776631,3136039457986828358,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:24⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,3756725831459776631,3136039457986828358,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 /prefetch:34⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\ach\3.bat" "2⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/channel/UC6qeIOiQYuevWysxR91eEZA3⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffe963846f8,0x7ffe96384708,0x7ffe963847184⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,9485692132609169596,2098746912072526660,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:24⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,9485692132609169596,2098746912072526660,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 /prefetch:34⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\ach\1.vbs"2⤵
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\ach\1.vbs"2⤵
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\ach\1.vbs"2⤵
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\ach\1.vbs"2⤵
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\ach\1.vbs"2⤵
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\ach\1.vbs"2⤵
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\ach\1.vbs"2⤵
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\ach\1.vbs"2⤵
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\ach\1.vbs"2⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\ach\4.bat" "2⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://yandex.ru/search/?text=you+are+hacked+by+ach+vzlom3⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffe963846f8,0x7ffe96384708,0x7ffe963847184⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,16181277633030879497,13193982830578980751,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:24⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,16181277633030879497,13193982830578980751,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 /prefetch:34⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\ach\3.bat" "2⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/channel/UC6qeIOiQYuevWysxR91eEZA3⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffe963846f8,0x7ffe96384708,0x7ffe963847184⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,2954543758145040444,9628486307791040147,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:24⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,2954543758145040444,9628486307791040147,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 /prefetch:34⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\ach\4.bat" "2⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://yandex.ru/search/?text=you+are+hacked+by+ach+vzlom3⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffe963846f8,0x7ffe96384708,0x7ffe963847184⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,3074488523761732856,7264812909760221709,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:24⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,3074488523761732856,7264812909760221709,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2448 /prefetch:34⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\ach\4.bat" "2⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://yandex.ru/search/?text=you+are+hacked+by+ach+vzlom3⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0x9c,0x104,0x7ffe963846f8,0x7ffe96384708,0x7ffe963847184⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,8539379936975148108,1673264370304631510,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:24⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,8539379936975148108,1673264370304631510,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:84⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,8539379936975148108,1673264370304631510,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2420 /prefetch:34⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8539379936975148108,1673264370304631510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8539379936975148108,1673264370304631510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8539379936975148108,1673264370304631510,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3908 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8539379936975148108,1673264370304631510,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4288 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8539379936975148108,1673264370304631510,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8539379936975148108,1673264370304631510,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4308 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8539379936975148108,1673264370304631510,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8539379936975148108,1673264370304631510,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8539379936975148108,1673264370304631510,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8539379936975148108,1673264370304631510,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2076,8539379936975148108,1673264370304631510,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5604 /prefetch:84⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8539379936975148108,1673264370304631510,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7144 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8539379936975148108,1673264370304631510,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7160 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2076,8539379936975148108,1673264370304631510,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=8276 /prefetch:84⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8539379936975148108,1673264370304631510,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8252 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8539379936975148108,1673264370304631510,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8612 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8539379936975148108,1673264370304631510,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8548 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8539379936975148108,1673264370304631510,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9452 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8539379936975148108,1673264370304631510,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9728 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,8539379936975148108,1673264370304631510,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8308 /prefetch:84⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings4⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff718b15460,0x7ff718b15470,0x7ff718b154805⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,8539379936975148108,1673264370304631510,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8308 /prefetch:84⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2076,8539379936975148108,1673264370304631510,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7784 /prefetch:84⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2076,8539379936975148108,1673264370304631510,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=9700 /prefetch:84⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,8539379936975148108,1673264370304631510,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7108 /prefetch:24⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2076,8539379936975148108,1673264370304631510,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7792 /prefetch:84⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2076,8539379936975148108,1673264370304631510,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=10116 /prefetch:84⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2076,8539379936975148108,1673264370304631510,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1908 /prefetch:84⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2076,8539379936975148108,1673264370304631510,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=8540 /prefetch:84⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2076,8539379936975148108,1673264370304631510,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=10200 /prefetch:84⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2076,8539379936975148108,1673264370304631510,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6124 /prefetch:84⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\ach\3.bat" "2⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/channel/UC6qeIOiQYuevWysxR91eEZA3⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffe963846f8,0x7ffe96384708,0x7ffe963847184⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,1402879579130333590,2077091500721386755,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2400 /prefetch:34⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,1402879579130333590,2077091500721386755,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:24⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\ach\3.bat" "2⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/channel/UC6qeIOiQYuevWysxR91eEZA3⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xd4,0x110,0x7ffe963846f8,0x7ffe96384708,0x7ffe963847184⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,9044149770503410691,12954774675446232123,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:24⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,9044149770503410691,12954774675446232123,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 /prefetch:34⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\ach\4.bat" "2⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://yandex.ru/search/?text=you+are+hacked+by+ach+vzlom3⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffe963846f8,0x7ffe96384708,0x7ffe963847184⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,10309151019529488247,16334913890403832422,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:24⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,10309151019529488247,16334913890403832422,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2356 /prefetch:34⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\ach\1.vbs"2⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\ach\6.bat" "2⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.meme-arsenal.com/memes/da2f1ad351b86210222d977d86acd913.jpg3⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe963846f8,0x7ffe96384708,0x7ffe963847184⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\ach\6.bat" "2⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.meme-arsenal.com/memes/da2f1ad351b86210222d977d86acd913.jpg3⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\ach\6.bat" "2⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.meme-arsenal.com/memes/da2f1ad351b86210222d977d86acd913.jpg3⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffe963846f8,0x7ffe96384708,0x7ffe963847184⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\ach\7.bat" "2⤵
-
C:\Windows\SysWOW64\regedit.exeregedit.exe3⤵
- Runs regedit.exe
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\ach\7.bat" "2⤵
-
C:\Windows\SysWOW64\regedit.exeregedit.exe3⤵
- Runs regedit.exe
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\ach\7.bat" "2⤵
-
C:\Windows\SysWOW64\regedit.exeregedit.exe3⤵
- Runs regedit.exe
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\ach\7.bat" "2⤵
-
C:\Windows\SysWOW64\regedit.exeregedit.exe3⤵
- Runs regedit.exe
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\ach\7.bat" "2⤵
-
C:\Windows\SysWOW64\regedit.exeregedit.exe3⤵
- Runs regedit.exe
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\ach\7.bat" "2⤵
-
C:\Windows\SysWOW64\regedit.exeregedit.exe3⤵
- Runs regedit.exe
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\ach\7.bat" "2⤵
-
C:\Windows\SysWOW64\regedit.exeregedit.exe3⤵
- Runs regedit.exe
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\ach\7.bat" "2⤵
-
C:\Windows\SysWOW64\regedit.exeregedit.exe3⤵
- Runs regedit.exe
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\ach\8.bat" "2⤵
-
C:\Windows\SysWOW64\write.exewrite.exe3⤵
-
C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"4⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\splwow64.exeC:\Windows\splwow64.exe 122885⤵
-
C:\Windows\SysWOW64\write.exewrite.exe3⤵
-
C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"4⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\write.exewrite.exe3⤵
-
C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"4⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\ach\7.bat" "2⤵
-
C:\Windows\SysWOW64\regedit.exeregedit.exe3⤵
- Runs regedit.exe
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\ach\8.bat" "2⤵
-
C:\Windows\SysWOW64\write.exewrite.exe3⤵
-
C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"4⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\write.exewrite.exe3⤵
-
C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"4⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\write.exewrite.exe3⤵
-
C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"4⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\ach\7.bat" "2⤵
-
C:\Windows\SysWOW64\regedit.exeregedit.exe3⤵
- Runs regedit.exe
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\ach\9.bat" "2⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://wipet.malwarewatch.org/3⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe963846f8,0x7ffe96384708,0x7ffe963847184⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\ach\12.bat" "2⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://yandex.ru/images/search?text=trollface3⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe963846f8,0x7ffe96384708,0x7ffe963847184⤵
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\ach\11.vbs"2⤵
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\ach\1.vbs"2⤵
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\ach\11.vbs"2⤵
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\ach\1.vbs"2⤵
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\ach\11.vbs"2⤵
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\ach\1.vbs"2⤵
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\ach\11.vbs"2⤵
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\ach\1.vbs"2⤵
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\ach\11.vbs"2⤵
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\ach\1.vbs"2⤵
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\ach\11.vbs"2⤵
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\ach\1.vbs"2⤵
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\ach\8.bat" "2⤵
-
C:\Windows\SysWOW64\write.exewrite.exe3⤵
-
C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"4⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\write.exewrite.exe3⤵
-
C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"4⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\write.exewrite.exe3⤵
-
C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"4⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\ach\8.bat" "2⤵
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵
-
C:\Windows\SysWOW64\write.exewrite.exe3⤵
-
C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"4⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\write.exewrite.exe3⤵
-
C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"4⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\write.exewrite.exe3⤵
-
C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"4⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ffe963846f8,0x7ffe96384708,0x7ffe963847181⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k appmodel -p -s camsvc1⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files (x86)\ach\1.vbsFilesize
45B
MD57a89fc4808a599eca068d9d5d6da5c17
SHA134808a073a897f4eb2deaea3e74b8f33a3872776
SHA2567d855d79426eca3e1fc8f6338c64a93bb90ecb51247f810c6e4414cbacbf5953
SHA512dc6fa4265890133d4d003feafa7f6583cbcb7e1e9140babec14b65ebc704327abe4a4fb851e053b4bc889c1e12c8867dd6e1b26a78810bb7ed412aaa34b0b80e
-
C:\Program Files (x86)\ach\2.exeFilesize
2.3MB
MD55134f289dbf4abae370e3f36b637b73e
SHA1c78d3f2d00dc47da0112a74df665c7a84a8e32c3
SHA256e69c9383b5d9fe4e069ddee15797c52e9116f883ad3b1717d2519621ab2751b2
SHA5120bf61a04b93b1ba5b8a0e2d9a1c333cc4605350a4c797cc9f5f78fec698d6f4fd62d329513ed406e76a06aa6af0f00d206da723e5a33315ce8de7f68f2002cb5
-
C:\Program Files (x86)\ach\3.batFilesize
62B
MD5ea0164899b0262ea4949e2bcd9f31396
SHA191b698e4b13755fcb6d5ce0209a5b342185bc566
SHA2560c39352ff971f6099cdf146ce566b70e089eb15db75a42b3ae8deb13fa771913
SHA512cf9ba9b662dc107593cc66fe21b815bbf5b05651c0e4a50029f62ff16d64f8d63185d57c96cd6984141ca62310250b7af42ef56ea6249285c97c2d0aec0f3560
-
C:\Program Files (x86)\ach\4.batFilesize
83B
MD51acc850c1f9ad9dee5c12c9bd511bc19
SHA12786d0b2a6f3b1518f0ffcc31fd4d2466448f3dc
SHA256136ca30e5e046d8cc399c5ae80fee4678723dabb84e0b33211c23e4457ab24d8
SHA512db3eef765e8de29df99fda976d7ede5ec713a090f810a4a48430e2b1d11f54656a46c46e9cc691fa645212ecc742447f13d8429bcd32de318e5df460c74eb81d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_C0427F5F77D9B3A439FC620EDAAB6177Filesize
471B
MD50f0d392bfa87f8c42d8489491d85c953
SHA1c18ab3c74dea8d969e665aa40270b80f20bfe9e9
SHA2567867bd411a5fdda87bfe3002fb53cd3a4ef9ceabeb568faa0cd933c10710e97c
SHA5123513186d8049bc2bd8a0bb838ccc87358454364e2565bf24b5df47c2f0dfc587da5db0512b5889c6499035aa1c18aee73e23fb68733e40efd815dddfd1c2d1b1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_C0427F5F77D9B3A439FC620EDAAB6177Filesize
412B
MD5c5fefe20aed84054e3aef4974cf2fb51
SHA133c8a025d8ba4f3988a86cd68b37b96daa92cf71
SHA256233b3a53a7831f845164da5c8cb55abe12f4af5830ce150af07f0fd6e31320de
SHA512c111231ee73f84bdcc31eb336186171e15fd6c27e751a7bb69b31efa6cd3a2f693636392567d61de31367f13b1e6831d22076f01380150cb0409994f4cc062a8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD51dde831b3f72227121241cfbcf0b8bfa
SHA1e076ca61127cce19e3495b3a0ae3dfdb8592effd
SHA256b3f388e535f4220252e0b0b4fc8146c51489ecbeca74227f8cdff78ed0062cc6
SHA5122ec5a389bb710a725b75ba3e27f3fbcb0d5d6bd2ff0803d1f2381d1a79c7162581c6818afaa7e10aa03900482e2a1f683ca8cb7ed2f68489efa093715740f03b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD51dde831b3f72227121241cfbcf0b8bfa
SHA1e076ca61127cce19e3495b3a0ae3dfdb8592effd
SHA256b3f388e535f4220252e0b0b4fc8146c51489ecbeca74227f8cdff78ed0062cc6
SHA5122ec5a389bb710a725b75ba3e27f3fbcb0d5d6bd2ff0803d1f2381d1a79c7162581c6818afaa7e10aa03900482e2a1f683ca8cb7ed2f68489efa093715740f03b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD51dde831b3f72227121241cfbcf0b8bfa
SHA1e076ca61127cce19e3495b3a0ae3dfdb8592effd
SHA256b3f388e535f4220252e0b0b4fc8146c51489ecbeca74227f8cdff78ed0062cc6
SHA5122ec5a389bb710a725b75ba3e27f3fbcb0d5d6bd2ff0803d1f2381d1a79c7162581c6818afaa7e10aa03900482e2a1f683ca8cb7ed2f68489efa093715740f03b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD51dde831b3f72227121241cfbcf0b8bfa
SHA1e076ca61127cce19e3495b3a0ae3dfdb8592effd
SHA256b3f388e535f4220252e0b0b4fc8146c51489ecbeca74227f8cdff78ed0062cc6
SHA5122ec5a389bb710a725b75ba3e27f3fbcb0d5d6bd2ff0803d1f2381d1a79c7162581c6818afaa7e10aa03900482e2a1f683ca8cb7ed2f68489efa093715740f03b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD51dde831b3f72227121241cfbcf0b8bfa
SHA1e076ca61127cce19e3495b3a0ae3dfdb8592effd
SHA256b3f388e535f4220252e0b0b4fc8146c51489ecbeca74227f8cdff78ed0062cc6
SHA5122ec5a389bb710a725b75ba3e27f3fbcb0d5d6bd2ff0803d1f2381d1a79c7162581c6818afaa7e10aa03900482e2a1f683ca8cb7ed2f68489efa093715740f03b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD51dde831b3f72227121241cfbcf0b8bfa
SHA1e076ca61127cce19e3495b3a0ae3dfdb8592effd
SHA256b3f388e535f4220252e0b0b4fc8146c51489ecbeca74227f8cdff78ed0062cc6
SHA5122ec5a389bb710a725b75ba3e27f3fbcb0d5d6bd2ff0803d1f2381d1a79c7162581c6818afaa7e10aa03900482e2a1f683ca8cb7ed2f68489efa093715740f03b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD51dde831b3f72227121241cfbcf0b8bfa
SHA1e076ca61127cce19e3495b3a0ae3dfdb8592effd
SHA256b3f388e535f4220252e0b0b4fc8146c51489ecbeca74227f8cdff78ed0062cc6
SHA5122ec5a389bb710a725b75ba3e27f3fbcb0d5d6bd2ff0803d1f2381d1a79c7162581c6818afaa7e10aa03900482e2a1f683ca8cb7ed2f68489efa093715740f03b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD51dde831b3f72227121241cfbcf0b8bfa
SHA1e076ca61127cce19e3495b3a0ae3dfdb8592effd
SHA256b3f388e535f4220252e0b0b4fc8146c51489ecbeca74227f8cdff78ed0062cc6
SHA5122ec5a389bb710a725b75ba3e27f3fbcb0d5d6bd2ff0803d1f2381d1a79c7162581c6818afaa7e10aa03900482e2a1f683ca8cb7ed2f68489efa093715740f03b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD51dde831b3f72227121241cfbcf0b8bfa
SHA1e076ca61127cce19e3495b3a0ae3dfdb8592effd
SHA256b3f388e535f4220252e0b0b4fc8146c51489ecbeca74227f8cdff78ed0062cc6
SHA5122ec5a389bb710a725b75ba3e27f3fbcb0d5d6bd2ff0803d1f2381d1a79c7162581c6818afaa7e10aa03900482e2a1f683ca8cb7ed2f68489efa093715740f03b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD51dde831b3f72227121241cfbcf0b8bfa
SHA1e076ca61127cce19e3495b3a0ae3dfdb8592effd
SHA256b3f388e535f4220252e0b0b4fc8146c51489ecbeca74227f8cdff78ed0062cc6
SHA5122ec5a389bb710a725b75ba3e27f3fbcb0d5d6bd2ff0803d1f2381d1a79c7162581c6818afaa7e10aa03900482e2a1f683ca8cb7ed2f68489efa093715740f03b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD51dde831b3f72227121241cfbcf0b8bfa
SHA1e076ca61127cce19e3495b3a0ae3dfdb8592effd
SHA256b3f388e535f4220252e0b0b4fc8146c51489ecbeca74227f8cdff78ed0062cc6
SHA5122ec5a389bb710a725b75ba3e27f3fbcb0d5d6bd2ff0803d1f2381d1a79c7162581c6818afaa7e10aa03900482e2a1f683ca8cb7ed2f68489efa093715740f03b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD51dde831b3f72227121241cfbcf0b8bfa
SHA1e076ca61127cce19e3495b3a0ae3dfdb8592effd
SHA256b3f388e535f4220252e0b0b4fc8146c51489ecbeca74227f8cdff78ed0062cc6
SHA5122ec5a389bb710a725b75ba3e27f3fbcb0d5d6bd2ff0803d1f2381d1a79c7162581c6818afaa7e10aa03900482e2a1f683ca8cb7ed2f68489efa093715740f03b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD51dde831b3f72227121241cfbcf0b8bfa
SHA1e076ca61127cce19e3495b3a0ae3dfdb8592effd
SHA256b3f388e535f4220252e0b0b4fc8146c51489ecbeca74227f8cdff78ed0062cc6
SHA5122ec5a389bb710a725b75ba3e27f3fbcb0d5d6bd2ff0803d1f2381d1a79c7162581c6818afaa7e10aa03900482e2a1f683ca8cb7ed2f68489efa093715740f03b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD51aa7e0f203b5b0b2f753567d77fbe2d9
SHA1443937fd906e3a356a6689181b29a9e849f54209
SHA25627f1577aa081b2222b6549e74de58ef60bf0a054c7b2a345366e6ebbf44fab8c
SHA512ce2fff1ddfab2e82f4e8ec6b3d04405f9fb2ad07dccfdde404411de9bbc66033610ad1689316173878be9758bb822612d4a931901e1ed4bbbd41199c2885debf
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD51aa7e0f203b5b0b2f753567d77fbe2d9
SHA1443937fd906e3a356a6689181b29a9e849f54209
SHA25627f1577aa081b2222b6549e74de58ef60bf0a054c7b2a345366e6ebbf44fab8c
SHA512ce2fff1ddfab2e82f4e8ec6b3d04405f9fb2ad07dccfdde404411de9bbc66033610ad1689316173878be9758bb822612d4a931901e1ed4bbbd41199c2885debf
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD51aa7e0f203b5b0b2f753567d77fbe2d9
SHA1443937fd906e3a356a6689181b29a9e849f54209
SHA25627f1577aa081b2222b6549e74de58ef60bf0a054c7b2a345366e6ebbf44fab8c
SHA512ce2fff1ddfab2e82f4e8ec6b3d04405f9fb2ad07dccfdde404411de9bbc66033610ad1689316173878be9758bb822612d4a931901e1ed4bbbd41199c2885debf
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD51aa7e0f203b5b0b2f753567d77fbe2d9
SHA1443937fd906e3a356a6689181b29a9e849f54209
SHA25627f1577aa081b2222b6549e74de58ef60bf0a054c7b2a345366e6ebbf44fab8c
SHA512ce2fff1ddfab2e82f4e8ec6b3d04405f9fb2ad07dccfdde404411de9bbc66033610ad1689316173878be9758bb822612d4a931901e1ed4bbbd41199c2885debf
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD51aa7e0f203b5b0b2f753567d77fbe2d9
SHA1443937fd906e3a356a6689181b29a9e849f54209
SHA25627f1577aa081b2222b6549e74de58ef60bf0a054c7b2a345366e6ebbf44fab8c
SHA512ce2fff1ddfab2e82f4e8ec6b3d04405f9fb2ad07dccfdde404411de9bbc66033610ad1689316173878be9758bb822612d4a931901e1ed4bbbd41199c2885debf
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD51aa7e0f203b5b0b2f753567d77fbe2d9
SHA1443937fd906e3a356a6689181b29a9e849f54209
SHA25627f1577aa081b2222b6549e74de58ef60bf0a054c7b2a345366e6ebbf44fab8c
SHA512ce2fff1ddfab2e82f4e8ec6b3d04405f9fb2ad07dccfdde404411de9bbc66033610ad1689316173878be9758bb822612d4a931901e1ed4bbbd41199c2885debf
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD51aa7e0f203b5b0b2f753567d77fbe2d9
SHA1443937fd906e3a356a6689181b29a9e849f54209
SHA25627f1577aa081b2222b6549e74de58ef60bf0a054c7b2a345366e6ebbf44fab8c
SHA512ce2fff1ddfab2e82f4e8ec6b3d04405f9fb2ad07dccfdde404411de9bbc66033610ad1689316173878be9758bb822612d4a931901e1ed4bbbd41199c2885debf
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD51aa7e0f203b5b0b2f753567d77fbe2d9
SHA1443937fd906e3a356a6689181b29a9e849f54209
SHA25627f1577aa081b2222b6549e74de58ef60bf0a054c7b2a345366e6ebbf44fab8c
SHA512ce2fff1ddfab2e82f4e8ec6b3d04405f9fb2ad07dccfdde404411de9bbc66033610ad1689316173878be9758bb822612d4a931901e1ed4bbbd41199c2885debf
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD51aa7e0f203b5b0b2f753567d77fbe2d9
SHA1443937fd906e3a356a6689181b29a9e849f54209
SHA25627f1577aa081b2222b6549e74de58ef60bf0a054c7b2a345366e6ebbf44fab8c
SHA512ce2fff1ddfab2e82f4e8ec6b3d04405f9fb2ad07dccfdde404411de9bbc66033610ad1689316173878be9758bb822612d4a931901e1ed4bbbd41199c2885debf
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD51aa7e0f203b5b0b2f753567d77fbe2d9
SHA1443937fd906e3a356a6689181b29a9e849f54209
SHA25627f1577aa081b2222b6549e74de58ef60bf0a054c7b2a345366e6ebbf44fab8c
SHA512ce2fff1ddfab2e82f4e8ec6b3d04405f9fb2ad07dccfdde404411de9bbc66033610ad1689316173878be9758bb822612d4a931901e1ed4bbbd41199c2885debf
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD51aa7e0f203b5b0b2f753567d77fbe2d9
SHA1443937fd906e3a356a6689181b29a9e849f54209
SHA25627f1577aa081b2222b6549e74de58ef60bf0a054c7b2a345366e6ebbf44fab8c
SHA512ce2fff1ddfab2e82f4e8ec6b3d04405f9fb2ad07dccfdde404411de9bbc66033610ad1689316173878be9758bb822612d4a931901e1ed4bbbd41199c2885debf
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
2KB
MD5dab7f78a912ea8c7d1b2db52a9c1fdd3
SHA169b08cea7fb64ff50052b60e67f2afb3b9975af6
SHA25688e71b2c9a11caa6b1578f7221865d5fbc4c164d2847db379a1000b5a5b5ebbf
SHA5127c271773544da00ec883a1995d86d4fd1b34eed3bdce0080574677b5606e4d6d8dcec2f7c87db4338f2735db86e72de7fdef26c7027c387aa8f765921ccd5092
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
2KB
MD59a9e6a7fc4b1cc29e587073859f01afc
SHA155de26f9fa367661672c42eb520fa511ccc2dac5
SHA25665864fdd4664b79183341c4e5f445f961eaa38d5c00ecade6ff2eb1f1f15a05b
SHA5121429bb9473c0e10fa51b3711a120c5810b788cab6a8b65deb68a81c2cc6766a309dc6d9427465b043c52abf21915e3622ae0476ecb0b2b03b1ea1ca06753cec9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
2KB
MD5decc9ae6af5f374b22c3bccb52781904
SHA11c3c3072c5f377d25ac4505e5aa7279651e443fe
SHA25645e1bd8fcd0bf4b07bd8740399b5a68520775dd590e592047aea0d8cf0aa6ae0
SHA512458d430beeffa1a4221146d5e8a117a96c80b4c01e354cc702c950511659650849b8764f70e4ae06c919cc32a525d256a2d918e170bdf3ccb847d89c4606e6b7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
2KB
MD5d282340d81d61b9ec140e1ae2074aa35
SHA1daad858055a55ff7293ac951251dfba4d9552567
SHA256b91ef26b9214cc9be876e9b089166d3c765614cbbe172e8a3c313640620e027c
SHA5121729e92969443576322c848e6a395abc766201004b52a1530b0d4c47fff3136c54768b4cf5bb007e7ba6e71d71debc54465adc6f5aeb070d28aa14141b0de557
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
2KB
MD50ccfb5402a2d243ba78c17b292e73218
SHA1677e60396c41bf843d02e1868e6ff87292daa7bd
SHA256540eb1a1bf3d4ae1d8524aa791a14d438af678ff5be310b8c696c763e6725680
SHA51256d3dccf8599c30ea89793ddef58313ef3b9cac8847efab9b9a8b17200d3850bb5ea6dfbe22060cd445b15f8436e65fa52c43bea1862ac8543247a085068b971
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
2KB
MD582ec235bbd6407f91c0740599420c29f
SHA1bdf1bf3c303d1e2f95fe962f4fb3b8cfd38d88d5
SHA256c2c33e8671bc807cb250d1ec47c72425652d899a18f7e39b8aeb1d5d18d7a5de
SHA512d6e6028b41d7bb949a7462cb89bfc097d325bc0d547993ad150b1e54ba31aa5cc8d1501e0ba38467f725520256c6552145ace4e16a793789bbb2e5be40b76835
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
2KB
MD59a9e6a7fc4b1cc29e587073859f01afc
SHA155de26f9fa367661672c42eb520fa511ccc2dac5
SHA25665864fdd4664b79183341c4e5f445f961eaa38d5c00ecade6ff2eb1f1f15a05b
SHA5121429bb9473c0e10fa51b3711a120c5810b788cab6a8b65deb68a81c2cc6766a309dc6d9427465b043c52abf21915e3622ae0476ecb0b2b03b1ea1ca06753cec9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
2KB
MD5decc9ae6af5f374b22c3bccb52781904
SHA11c3c3072c5f377d25ac4505e5aa7279651e443fe
SHA25645e1bd8fcd0bf4b07bd8740399b5a68520775dd590e592047aea0d8cf0aa6ae0
SHA512458d430beeffa1a4221146d5e8a117a96c80b4c01e354cc702c950511659650849b8764f70e4ae06c919cc32a525d256a2d918e170bdf3ccb847d89c4606e6b7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
2KB
MD5dab7f78a912ea8c7d1b2db52a9c1fdd3
SHA169b08cea7fb64ff50052b60e67f2afb3b9975af6
SHA25688e71b2c9a11caa6b1578f7221865d5fbc4c164d2847db379a1000b5a5b5ebbf
SHA5127c271773544da00ec883a1995d86d4fd1b34eed3bdce0080574677b5606e4d6d8dcec2f7c87db4338f2735db86e72de7fdef26c7027c387aa8f765921ccd5092
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
2KB
MD50ccfb5402a2d243ba78c17b292e73218
SHA1677e60396c41bf843d02e1868e6ff87292daa7bd
SHA256540eb1a1bf3d4ae1d8524aa791a14d438af678ff5be310b8c696c763e6725680
SHA51256d3dccf8599c30ea89793ddef58313ef3b9cac8847efab9b9a8b17200d3850bb5ea6dfbe22060cd445b15f8436e65fa52c43bea1862ac8543247a085068b971
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
2KB
MD57c574f935a45a1008022b067a3d69a3f
SHA1f062e71c3535086fb48049d0b08b849c99cafef6
SHA256284bb409e92365f71b096adca2e12b87ddf6f1476697ade371904dbde0a5126b
SHA512625fdaa78d72411e96b397f5c4a2d148540c74cb9ab9152b01ded63881c9fbcfeb51b2187f32556ac9deaf49dc3047b45b4f6719401864929f411ddfbf05a71b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
2KB
MD5ecd5540fbcc8a29e657271927892a3c4
SHA159e252eb2c21f33445969d535fd13717940d421e
SHA25699a57f340ccabb988d32f0987a777b979068860e516dbe093b01e6a945045823
SHA5122fb2a14459288f8d0f27bbb06a6807109888f26093cece9379df827d0ba9cfab5b9536cde717a033924020d5c95a6b7ea2a1adbaaaa83cfc0b419c35374d0eeb
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
2KB
MD5ecd5540fbcc8a29e657271927892a3c4
SHA159e252eb2c21f33445969d535fd13717940d421e
SHA25699a57f340ccabb988d32f0987a777b979068860e516dbe093b01e6a945045823
SHA5122fb2a14459288f8d0f27bbb06a6807109888f26093cece9379df827d0ba9cfab5b9536cde717a033924020d5c95a6b7ea2a1adbaaaa83cfc0b419c35374d0eeb
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
2KB
MD5d282340d81d61b9ec140e1ae2074aa35
SHA1daad858055a55ff7293ac951251dfba4d9552567
SHA256b91ef26b9214cc9be876e9b089166d3c765614cbbe172e8a3c313640620e027c
SHA5121729e92969443576322c848e6a395abc766201004b52a1530b0d4c47fff3136c54768b4cf5bb007e7ba6e71d71debc54465adc6f5aeb070d28aa14141b0de557
-
\??\pipe\LOCAL\crashpad_1564_VLMDFVWLAGZFHQYRMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
\??\pipe\LOCAL\crashpad_2008_TULHACNCTKFGERNJMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
\??\pipe\LOCAL\crashpad_2444_DENZNWQWNSBXKNECMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
\??\pipe\LOCAL\crashpad_3080_BZPDGGUUXOIJSXDMMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
\??\pipe\LOCAL\crashpad_3104_OEQXEYCTHLFMFDIWMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
\??\pipe\LOCAL\crashpad_3168_EUNMSYMJWBZCAGEVMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
\??\pipe\LOCAL\crashpad_4260_UPDTTLIRSOUDQZZEMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
\??\pipe\LOCAL\crashpad_4892_BGTSJOJMCHXMIURLMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
\??\pipe\LOCAL\crashpad_5012_LXAAYQIYSUMUGVFPMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/672-132-0x0000000000000000-mapping.dmp
-
memory/912-174-0x0000000000000000-mapping.dmp
-
memory/960-177-0x0000000000000000-mapping.dmp
-
memory/1228-143-0x0000000000000000-mapping.dmp
-
memory/1240-168-0x0000000000000000-mapping.dmp
-
memory/1304-140-0x0000000000000000-mapping.dmp
-
memory/1564-175-0x0000000000000000-mapping.dmp
-
memory/1768-152-0x0000000000000000-mapping.dmp
-
memory/1784-158-0x0000000000000000-mapping.dmp
-
memory/1788-162-0x0000000000000000-mapping.dmp
-
memory/1832-153-0x0000000000000000-mapping.dmp
-
memory/2008-157-0x0000000000000000-mapping.dmp
-
memory/2316-160-0x0000000000000000-mapping.dmp
-
memory/2344-149-0x0000000000000000-mapping.dmp
-
memory/2400-134-0x0000000000000000-mapping.dmp
-
memory/2440-146-0x0000000000000000-mapping.dmp
-
memory/2444-159-0x0000000000000000-mapping.dmp
-
memory/3080-156-0x0000000000000000-mapping.dmp
-
memory/3104-164-0x0000000000000000-mapping.dmp
-
memory/3168-170-0x0000000000000000-mapping.dmp
-
memory/3228-138-0x0000000000000000-mapping.dmp
-
memory/3256-154-0x0000000000000000-mapping.dmp
-
memory/3368-176-0x0000000000000000-mapping.dmp
-
memory/3388-151-0x0000000000000000-mapping.dmp
-
memory/3420-147-0x0000000000000000-mapping.dmp
-
memory/3700-179-0x0000000000000000-mapping.dmp
-
memory/3712-139-0x0000000000000000-mapping.dmp
-
memory/4152-144-0x0000000000000000-mapping.dmp
-
memory/4260-163-0x0000000000000000-mapping.dmp
-
memory/4512-150-0x0000000000000000-mapping.dmp
-
memory/4604-145-0x0000000000000000-mapping.dmp
-
memory/4708-137-0x0000000000000000-mapping.dmp
-
memory/4872-161-0x0000000000000000-mapping.dmp
-
memory/4892-171-0x0000000000000000-mapping.dmp
-
memory/5012-172-0x0000000000000000-mapping.dmp
-
memory/5056-141-0x0000000000000000-mapping.dmp
-
memory/5076-136-0x0000000000000000-mapping.dmp
-
memory/5104-148-0x0000000000000000-mapping.dmp
-
memory/5116-165-0x0000000000000000-mapping.dmp
-
memory/5592-199-0x0000000000000000-mapping.dmp
-
memory/5604-194-0x0000000000000000-mapping.dmp
-
memory/5616-198-0x0000000000000000-mapping.dmp
-
memory/5632-207-0x0000000000000000-mapping.dmp
-
memory/5640-211-0x0000000000000000-mapping.dmp
-
memory/5652-212-0x0000000000000000-mapping.dmp
-
memory/5660-209-0x0000000000000000-mapping.dmp
-
memory/5728-249-0x0000000000000000-mapping.dmp
-
memory/5752-210-0x0000000000000000-mapping.dmp
-
memory/5804-220-0x0000000000000000-mapping.dmp
-
memory/5844-213-0x0000000000000000-mapping.dmp
-
memory/5904-221-0x0000000000000000-mapping.dmp
-
memory/5948-222-0x0000000000000000-mapping.dmp
-
memory/5952-262-0x0000000000000000-mapping.dmp
-
memory/6020-224-0x0000000000000000-mapping.dmp
-
memory/6048-226-0x0000000000000000-mapping.dmp
-
memory/6060-227-0x0000000000000000-mapping.dmp
-
memory/6092-230-0x0000000000000000-mapping.dmp
-
memory/6100-231-0x0000000000000000-mapping.dmp
-
memory/6108-228-0x0000000000000000-mapping.dmp
-
memory/6480-239-0x0000000000000000-mapping.dmp
-
memory/6580-253-0x0000000000000000-mapping.dmp
-
memory/6588-260-0x0000000000000000-mapping.dmp
-
memory/7176-264-0x0000000000000000-mapping.dmp
-
memory/7208-266-0x0000000000000000-mapping.dmp