a9027c6070365053c3cb91261991c71f1d3a63707df8467e413847f344b3af4d

Analysis

max time kernel
303s
max time network
334s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
18-09-2022 14:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

TrashMalwares-main/Antivirus_Installer.exe
Size

89KB
MD5

70ec6f9bec87d67c435a2b8505a72629
SHA1

8dae4c1727c73b3c1135b633e4db69e60ed522f1
SHA256

1bfef2733f357e531be53b406b65661893b97a8b18a699b6e65f201dd0eeeae8
SHA512

4a164019ae25e21007f2678bdf0e002b2e1eee115ddc4e101a909712d2bbaff3987339b6059c9db69988918296692839c47c49da9ca9ff3310a9e0088ab7d56c
SSDEEP

1536:X7fbN3eEDhDPA/pICdUkbBtW7upvaLU0bI5taxKo0IOlnToIfrwFOO:L7DhdC6kzWypvaQ0FxyNTBfrS

Score

8^/10

persistence

Malware Config

Signatures

Downloads MZ/PE file
Adds Run key to start application 2 TTPs 1 IoCs
persistence

Registry Run Keys / Startup Folder
T1060

Modify Registry
T1112

Processes:

msedge.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Windows\CurrentVersion\Run msedge.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Windows\CurrentVersion\Run	msedge.exe

Drops file in Program Files directory 2 IoCs

Processes:

setup.exe

description	ioc	process
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20220901113522.pma	setup.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\e34f0977-d546-4aad-a692-0045c7aca606.tmp	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

Processes:

msedge.exe

description ioc process

Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ msedge.exe
NTFS ADS 1 IoCs

Processes:

msedge.exe

description ioc process

File opened for modification C:\Users\Admin\Downloads\Unconfirmed 446164.crdownload:SmartScreen msedge.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 446164.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 26 IoCs

Processes:

msedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
5608	msedge.exe
5608	msedge.exe
5588	msedge.exe
5588	msedge.exe
5652	msedge.exe
5640	msedge.exe
5652	msedge.exe
5640	msedge.exe
5620	msedge.exe
5620	msedge.exe
5752	msedge.exe
5752	msedge.exe
5572	msedge.exe
5572	msedge.exe
5788	msedge.exe
5788	msedge.exe
5764	msedge.exe
5764	msedge.exe
3492	msedge.exe
3492	msedge.exe
7868	identity_helper.exe
7868	identity_helper.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 25 IoCs

Processes:

msedge.exe

pid	process
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe

Suspicious use of FindShellTrayWindow 57 IoCs

Processes:

msedge.exe

pid	process
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

Antivirus_Installer.execmd.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exe

description	pid	process	target process
PID 2076 wrote to memory of 5056	2076	Antivirus_Installer.exe	cmd.exe
PID 2076 wrote to memory of 5056	2076	Antivirus_Installer.exe	cmd.exe
PID 5056 wrote to memory of 4720	5056	cmd.exe	msedge.exe
PID 5056 wrote to memory of 4720	5056	cmd.exe	msedge.exe
PID 5056 wrote to memory of 3492	5056	cmd.exe	msedge.exe
PID 5056 wrote to memory of 3492	5056	cmd.exe	msedge.exe
PID 5056 wrote to memory of 4224	5056	cmd.exe	msedge.exe
PID 5056 wrote to memory of 4224	5056	cmd.exe	msedge.exe
PID 5056 wrote to memory of 2540	5056	cmd.exe	msedge.exe
PID 5056 wrote to memory of 2540	5056	cmd.exe	msedge.exe
PID 5056 wrote to memory of 2244	5056	cmd.exe	msedge.exe
PID 5056 wrote to memory of 2244	5056	cmd.exe	msedge.exe
PID 5056 wrote to memory of 216	5056	cmd.exe	msedge.exe
PID 5056 wrote to memory of 216	5056	cmd.exe	msedge.exe
PID 5056 wrote to memory of 1504	5056	cmd.exe	msedge.exe
PID 5056 wrote to memory of 1504	5056	cmd.exe	msedge.exe
PID 3492 wrote to memory of 1720	3492	msedge.exe	msedge.exe
PID 3492 wrote to memory of 1720	3492	msedge.exe	msedge.exe
PID 4720 wrote to memory of 1508	4720	msedge.exe	msedge.exe
PID 4720 wrote to memory of 1508	4720	msedge.exe	msedge.exe
PID 2244 wrote to memory of 4804	2244	msedge.exe	msedge.exe
PID 2244 wrote to memory of 4804	2244	msedge.exe	msedge.exe
PID 4224 wrote to memory of 4576	4224	msedge.exe	msedge.exe
PID 4224 wrote to memory of 4576	4224	msedge.exe	msedge.exe
PID 1504 wrote to memory of 1856	1504	msedge.exe	msedge.exe
PID 1504 wrote to memory of 1856	1504	msedge.exe	msedge.exe
PID 216 wrote to memory of 5112	216	msedge.exe	msedge.exe
PID 216 wrote to memory of 5112	216	msedge.exe	msedge.exe
PID 2540 wrote to memory of 548	2540	msedge.exe	msedge.exe
PID 2540 wrote to memory of 548	2540	msedge.exe	msedge.exe
PID 5056 wrote to memory of 4048	5056	cmd.exe	msedge.exe
PID 5056 wrote to memory of 4048	5056	cmd.exe	msedge.exe
PID 4048 wrote to memory of 4884	4048	msedge.exe	msedge.exe
PID 4048 wrote to memory of 4884	4048	msedge.exe	msedge.exe
PID 5056 wrote to memory of 3532	5056	cmd.exe	msedge.exe
PID 5056 wrote to memory of 3532	5056	cmd.exe	msedge.exe
PID 3532 wrote to memory of 4752	3532	msedge.exe	msedge.exe
PID 3532 wrote to memory of 4752	3532	msedge.exe	msedge.exe
PID 216 wrote to memory of 5272	216	msedge.exe	msedge.exe
PID 216 wrote to memory of 5272	216	msedge.exe	msedge.exe
PID 4048 wrote to memory of 5276	4048	msedge.exe	msedge.exe
PID 4048 wrote to memory of 5276	4048	msedge.exe	msedge.exe
PID 4048 wrote to memory of 5276	4048	msedge.exe	msedge.exe
PID 216 wrote to memory of 5272	216	msedge.exe	msedge.exe
PID 4048 wrote to memory of 5276	4048	msedge.exe	msedge.exe
PID 216 wrote to memory of 5272	216	msedge.exe	msedge.exe
PID 4048 wrote to memory of 5276	4048	msedge.exe	msedge.exe
PID 4048 wrote to memory of 5276	4048	msedge.exe	msedge.exe
PID 216 wrote to memory of 5272	216	msedge.exe	msedge.exe
PID 4048 wrote to memory of 5276	4048	msedge.exe	msedge.exe
PID 4048 wrote to memory of 5276	4048	msedge.exe	msedge.exe
PID 216 wrote to memory of 5272	216	msedge.exe	msedge.exe
PID 4048 wrote to memory of 5276	4048	msedge.exe	msedge.exe
PID 216 wrote to memory of 5272	216	msedge.exe	msedge.exe
PID 4048 wrote to memory of 5276	4048	msedge.exe	msedge.exe
PID 4048 wrote to memory of 5276	4048	msedge.exe	msedge.exe
PID 216 wrote to memory of 5272	216	msedge.exe	msedge.exe
PID 4048 wrote to memory of 5276	4048	msedge.exe	msedge.exe
PID 216 wrote to memory of 5272	216	msedge.exe	msedge.exe
PID 4048 wrote to memory of 5276	4048	msedge.exe	msedge.exe
PID 4048 wrote to memory of 5276	4048	msedge.exe	msedge.exe
PID 216 wrote to memory of 5272	216	msedge.exe	msedge.exe
PID 4048 wrote to memory of 5276	4048	msedge.exe	msedge.exe
PID 216 wrote to memory of 5272	216	msedge.exe	msedge.exe

C:\Users\Admin\AppData\Local\Temp\TrashMalwares-main\Antivirus_Installer.exe
"C:\Users\Admin\AppData\Local\Temp\TrashMalwares-main\Antivirus_Installer.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2076

C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\3D67.tmp\3D68.tmp\3D69.bat C:\Users\Admin\AppData\Local\Temp\TrashMalwares-main\Antivirus_Installer.exe"
2⤵
- Suspicious use of WriteProcessMemory
PID:5056

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=oAkRBqxm8tM
3⤵
- Suspicious use of WriteProcessMemory
PID:4720

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffc46a546f8,0x7ffc46a54708,0x7ffc46a54718
4⤵
PID:1508

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,16352718115825194435,6845214008874660767,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
4⤵
PID:5340

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,16352718115825194435,6845214008874660767,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
4⤵
- Suspicious behavior: EnumeratesProcesses
PID:5788

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=lPySS7mt4eo
3⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:3492

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xa0,0x104,0x7ffc46a546f8,0x7ffc46a54708,0x7ffc46a54718
4⤵
PID:1720

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,10749338042690545825,10453321120208308166,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
4⤵
PID:5316

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,10749338042690545825,10453321120208308166,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
4⤵
- Suspicious behavior: EnumeratesProcesses
PID:5588

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,10749338042690545825,10453321120208308166,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8
4⤵
PID:5616

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10749338042690545825,10453321120208308166,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
4⤵
PID:6836

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10749338042690545825,10453321120208308166,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
4⤵
PID:6896

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10749338042690545825,10453321120208308166,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4016 /prefetch:1
4⤵
PID:7108

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10749338042690545825,10453321120208308166,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4268 /prefetch:1
4⤵
PID:6288

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10749338042690545825,10453321120208308166,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4256 /prefetch:1
4⤵
PID:6844

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10749338042690545825,10453321120208308166,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
4⤵
PID:5612

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10749338042690545825,10453321120208308166,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
4⤵
PID:6764

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10749338042690545825,10453321120208308166,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
4⤵
PID:5536

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10749338042690545825,10453321120208308166,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
4⤵
PID:7260

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10749338042690545825,10453321120208308166,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
4⤵
PID:7332

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2064,10749338042690545825,10453321120208308166,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6556 /prefetch:8
4⤵
PID:7380

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10749338042690545825,10453321120208308166,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6544 /prefetch:1
4⤵
PID:7396

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10749338042690545825,10453321120208308166,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7072 /prefetch:1
4⤵
PID:7512

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2064,10749338042690545825,10453321120208308166,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3288 /prefetch:8
4⤵
PID:7588

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10749338042690545825,10453321120208308166,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3712 /prefetch:1
4⤵
PID:7608

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10749338042690545825,10453321120208308166,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
4⤵
PID:7676

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2064,10749338042690545825,10453321120208308166,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7596 /prefetch:8
4⤵
PID:7824

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10749338042690545825,10453321120208308166,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7732 /prefetch:1
4⤵
PID:7928

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10749338042690545825,10453321120208308166,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7756 /prefetch:1
4⤵
PID:7944

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2064,10749338042690545825,10453321120208308166,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8116 /prefetch:8
4⤵
PID:8000

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10749338042690545825,10453321120208308166,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
4⤵
PID:7964

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,10749338042690545825,10453321120208308166,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8676 /prefetch:8
4⤵
PID:6136

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
4⤵
- Drops file in Program Files directory
PID:6180

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff6a8505460,0x7ff6a8505470,0x7ff6a8505480
5⤵
PID:6140

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,10749338042690545825,10453321120208308166,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8676 /prefetch:8
4⤵
- Suspicious behavior: EnumeratesProcesses
PID:7868

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10749338042690545825,10453321120208308166,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8548 /prefetch:1
4⤵
PID:3064

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10749338042690545825,10453321120208308166,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7368 /prefetch:1
4⤵
PID:6648

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10749338042690545825,10453321120208308166,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
4⤵
PID:4072

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10749338042690545825,10453321120208308166,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
4⤵
PID:7220

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,10749338042690545825,10453321120208308166,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=9076 /prefetch:2
4⤵
- Suspicious behavior: EnumeratesProcesses
PID:316

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10749338042690545825,10453321120208308166,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8636 /prefetch:1
4⤵
PID:5408

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10749338042690545825,10453321120208308166,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1
4⤵
PID:6524

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10749338042690545825,10453321120208308166,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8928 /prefetch:1
4⤵
PID:7260

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10749338042690545825,10453321120208308166,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8912 /prefetch:1
4⤵
PID:3720

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://custom-gwent.com/cardsBg/1efae8b0c69810654f16b400426049fd.jpeg
3⤵
- Suspicious use of WriteProcessMemory
PID:4224

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0x40,0x104,0x7ffc46a546f8,0x7ffc46a54708,0x7ffc46a54718
4⤵
PID:4576

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,17108270468971453316,2848914390248812417,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 /prefetch:3
4⤵
- Suspicious behavior: EnumeratesProcesses
PID:5652

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,17108270468971453316,2848914390248812417,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
4⤵
PID:5308

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.protegent360.com/softwares/PAVSetup.exe
3⤵
- Suspicious use of WriteProcessMemory
PID:2540

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc46a546f8,0x7ffc46a54708,0x7ffc46a54718
4⤵
PID:548

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,14511563083365964431,13741702033554566962,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
4⤵
PID:5368

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,14511563083365964431,13741702033554566962,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 /prefetch:3
4⤵
- Suspicious behavior: EnumeratesProcesses
PID:5620

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=ymbw2R3uIqc
3⤵
- Suspicious use of WriteProcessMemory
PID:2244

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc46a546f8,0x7ffc46a54708,0x7ffc46a54718
4⤵
PID:4804

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,17246073181656669487,8303475252148320640,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
4⤵
PID:5404

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,17246073181656669487,8303475252148320640,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 /prefetch:3
4⤵
- Suspicious behavior: EnumeratesProcesses
PID:5608

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://files.fm/f/hfkwsdkmj
3⤵
- Suspicious use of WriteProcessMemory
PID:216

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc46a546f8,0x7ffc46a54708,0x7ffc46a54718
4⤵
PID:5112

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,10442969393592836323,13954490408990100915,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2428 /prefetch:3
4⤵
- Suspicious behavior: EnumeratesProcesses
PID:5572

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,10442969393592836323,13954490408990100915,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
4⤵
PID:5272

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://download2389.mediafire.com/xzhsf9dl17ng/9f8fds9s3efg7so/WannaCry+by+Rafael.rar
3⤵
- Suspicious use of WriteProcessMemory
PID:1504

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffc46a546f8,0x7ffc46a54708,0x7ffc46a54718
4⤵
PID:1856

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,3135265811479044782,10177617976098221142,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
4⤵
PID:5380

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,3135265811479044782,10177617976098221142,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2356 /prefetch:3
4⤵
- Suspicious behavior: EnumeratesProcesses
PID:5752

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/959038855737147432/967723261284724796/Setup_File_Pass_1234.rar
3⤵
- Suspicious use of WriteProcessMemory
PID:4048

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffc46a546f8,0x7ffc46a54708,0x7ffc46a54718
4⤵
PID:4884

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,2618871425713635840,1167572098694541050,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
4⤵
- Suspicious behavior: EnumeratesProcesses
PID:5640

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,2618871425713635840,1167572098694541050,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
4⤵
PID:5276

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/959038855737147432/967723261284724796/Setup_File_Pass_1234.rar
3⤵
- Suspicious use of WriteProcessMemory
PID:3532

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffc46a546f8,0x7ffc46a54708,0x7ffc46a54718
4⤵
PID:4752

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,14970314324966134772,11835217421620456477,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
4⤵
PID:5412

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,14970314324966134772,11835217421620456477,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 /prefetch:3
4⤵
- Suspicious behavior: EnumeratesProcesses
PID:5764

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6748

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:7148

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_E503B048B745DFA14B81FCFC68D6DECE
Filesize
471B

MD5
e42eb5b44932e22e80651f7085c1bf74

SHA1
ab6110d18721c204187030dd0621b40669339ee0

SHA256
4f4a7056330e175b2499eda6fe31d5ea8aa1927748d7c52a4648210a606c5cba

SHA512
9dd7d2edf16cdbabb0590380624327bf32a00d262c5688e2f3e7bcb61730e9da1fe8bae1f0ec0a1d12ecef982ff7d02c6220f663f97ab3fda242210ecf0a7318

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_E503B048B745DFA14B81FCFC68D6DECE
Filesize
471B

MD5
e42eb5b44932e22e80651f7085c1bf74

SHA1
ab6110d18721c204187030dd0621b40669339ee0

SHA256
4f4a7056330e175b2499eda6fe31d5ea8aa1927748d7c52a4648210a606c5cba

SHA512
9dd7d2edf16cdbabb0590380624327bf32a00d262c5688e2f3e7bcb61730e9da1fe8bae1f0ec0a1d12ecef982ff7d02c6220f663f97ab3fda242210ecf0a7318

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_E503B048B745DFA14B81FCFC68D6DECE
Filesize
416B

MD5
2314dce9748c1eb9f8f078a8ceba9aa3

SHA1
4e13b03302ea2ac656377a6f8c9093110fbf59cc

SHA256
04763d7298f759c6737de9244717b431ff83f72feb8a0a6d9371cc07194e6b51

SHA512
f9bd76ee21c2038bb70c7d1bab65e2dc888c0c53ceb4271017427315d7f5d5255a3b7452a42216d97b3ef6d9b51e6f3a1af500dd817c9d373e7264349a8b8325

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_E503B048B745DFA14B81FCFC68D6DECE
Filesize
416B

MD5
c59c13d3ce767857cf56e1970d911de2

SHA1
1f88f529e4a3723907f8959826b3119da3b0d7d3

SHA256
3dfe127ea6f564a88447fc72c88e6234682a3516006e9ae76248843e3219b9ff

SHA512
fb572d79157af707cf7c1d246cd0dbc6b96bca3a6f036d2fb0d8ccc5e626eb77bcebeb4d68d25d061aa7a38aeb5abe783a68fd9b352ade9fa0b7b93f058caa86

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_E503B048B745DFA14B81FCFC68D6DECE
Filesize
416B

MD5
c59c13d3ce767857cf56e1970d911de2

SHA1
1f88f529e4a3723907f8959826b3119da3b0d7d3

SHA256
3dfe127ea6f564a88447fc72c88e6234682a3516006e9ae76248843e3219b9ff

SHA512
fb572d79157af707cf7c1d246cd0dbc6b96bca3a6f036d2fb0d8ccc5e626eb77bcebeb4d68d25d061aa7a38aeb5abe783a68fd9b352ade9fa0b7b93f058caa86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
1dde831b3f72227121241cfbcf0b8bfa

SHA1
e076ca61127cce19e3495b3a0ae3dfdb8592effd

SHA256
b3f388e535f4220252e0b0b4fc8146c51489ecbeca74227f8cdff78ed0062cc6

SHA512
2ec5a389bb710a725b75ba3e27f3fbcb0d5d6bd2ff0803d1f2381d1a79c7162581c6818afaa7e10aa03900482e2a1f683ca8cb7ed2f68489efa093715740f03b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
1dde831b3f72227121241cfbcf0b8bfa

SHA1
e076ca61127cce19e3495b3a0ae3dfdb8592effd

SHA256
b3f388e535f4220252e0b0b4fc8146c51489ecbeca74227f8cdff78ed0062cc6

SHA512
2ec5a389bb710a725b75ba3e27f3fbcb0d5d6bd2ff0803d1f2381d1a79c7162581c6818afaa7e10aa03900482e2a1f683ca8cb7ed2f68489efa093715740f03b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
1dde831b3f72227121241cfbcf0b8bfa

SHA1
e076ca61127cce19e3495b3a0ae3dfdb8592effd

SHA256
b3f388e535f4220252e0b0b4fc8146c51489ecbeca74227f8cdff78ed0062cc6

SHA512
2ec5a389bb710a725b75ba3e27f3fbcb0d5d6bd2ff0803d1f2381d1a79c7162581c6818afaa7e10aa03900482e2a1f683ca8cb7ed2f68489efa093715740f03b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
1dde831b3f72227121241cfbcf0b8bfa

SHA1
e076ca61127cce19e3495b3a0ae3dfdb8592effd

SHA256
b3f388e535f4220252e0b0b4fc8146c51489ecbeca74227f8cdff78ed0062cc6

SHA512
2ec5a389bb710a725b75ba3e27f3fbcb0d5d6bd2ff0803d1f2381d1a79c7162581c6818afaa7e10aa03900482e2a1f683ca8cb7ed2f68489efa093715740f03b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
1dde831b3f72227121241cfbcf0b8bfa

SHA1
e076ca61127cce19e3495b3a0ae3dfdb8592effd

SHA256
b3f388e535f4220252e0b0b4fc8146c51489ecbeca74227f8cdff78ed0062cc6

SHA512
2ec5a389bb710a725b75ba3e27f3fbcb0d5d6bd2ff0803d1f2381d1a79c7162581c6818afaa7e10aa03900482e2a1f683ca8cb7ed2f68489efa093715740f03b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
1dde831b3f72227121241cfbcf0b8bfa

SHA1
e076ca61127cce19e3495b3a0ae3dfdb8592effd

SHA256
b3f388e535f4220252e0b0b4fc8146c51489ecbeca74227f8cdff78ed0062cc6

SHA512
2ec5a389bb710a725b75ba3e27f3fbcb0d5d6bd2ff0803d1f2381d1a79c7162581c6818afaa7e10aa03900482e2a1f683ca8cb7ed2f68489efa093715740f03b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
1dde831b3f72227121241cfbcf0b8bfa

SHA1
e076ca61127cce19e3495b3a0ae3dfdb8592effd

SHA256
b3f388e535f4220252e0b0b4fc8146c51489ecbeca74227f8cdff78ed0062cc6

SHA512
2ec5a389bb710a725b75ba3e27f3fbcb0d5d6bd2ff0803d1f2381d1a79c7162581c6818afaa7e10aa03900482e2a1f683ca8cb7ed2f68489efa093715740f03b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
1dde831b3f72227121241cfbcf0b8bfa

SHA1
e076ca61127cce19e3495b3a0ae3dfdb8592effd

SHA256
b3f388e535f4220252e0b0b4fc8146c51489ecbeca74227f8cdff78ed0062cc6

SHA512
2ec5a389bb710a725b75ba3e27f3fbcb0d5d6bd2ff0803d1f2381d1a79c7162581c6818afaa7e10aa03900482e2a1f683ca8cb7ed2f68489efa093715740f03b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
1dde831b3f72227121241cfbcf0b8bfa

SHA1
e076ca61127cce19e3495b3a0ae3dfdb8592effd

SHA256
b3f388e535f4220252e0b0b4fc8146c51489ecbeca74227f8cdff78ed0062cc6

SHA512
2ec5a389bb710a725b75ba3e27f3fbcb0d5d6bd2ff0803d1f2381d1a79c7162581c6818afaa7e10aa03900482e2a1f683ca8cb7ed2f68489efa093715740f03b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
1dde831b3f72227121241cfbcf0b8bfa

SHA1
e076ca61127cce19e3495b3a0ae3dfdb8592effd

SHA256
b3f388e535f4220252e0b0b4fc8146c51489ecbeca74227f8cdff78ed0062cc6

SHA512
2ec5a389bb710a725b75ba3e27f3fbcb0d5d6bd2ff0803d1f2381d1a79c7162581c6818afaa7e10aa03900482e2a1f683ca8cb7ed2f68489efa093715740f03b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
1dde831b3f72227121241cfbcf0b8bfa

SHA1
e076ca61127cce19e3495b3a0ae3dfdb8592effd

SHA256
b3f388e535f4220252e0b0b4fc8146c51489ecbeca74227f8cdff78ed0062cc6

SHA512
2ec5a389bb710a725b75ba3e27f3fbcb0d5d6bd2ff0803d1f2381d1a79c7162581c6818afaa7e10aa03900482e2a1f683ca8cb7ed2f68489efa093715740f03b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
1dde831b3f72227121241cfbcf0b8bfa

SHA1
e076ca61127cce19e3495b3a0ae3dfdb8592effd

SHA256
b3f388e535f4220252e0b0b4fc8146c51489ecbeca74227f8cdff78ed0062cc6

SHA512
2ec5a389bb710a725b75ba3e27f3fbcb0d5d6bd2ff0803d1f2381d1a79c7162581c6818afaa7e10aa03900482e2a1f683ca8cb7ed2f68489efa093715740f03b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
1dde831b3f72227121241cfbcf0b8bfa

SHA1
e076ca61127cce19e3495b3a0ae3dfdb8592effd

SHA256
b3f388e535f4220252e0b0b4fc8146c51489ecbeca74227f8cdff78ed0062cc6

SHA512
2ec5a389bb710a725b75ba3e27f3fbcb0d5d6bd2ff0803d1f2381d1a79c7162581c6818afaa7e10aa03900482e2a1f683ca8cb7ed2f68489efa093715740f03b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
1dde831b3f72227121241cfbcf0b8bfa

SHA1
e076ca61127cce19e3495b3a0ae3dfdb8592effd

SHA256
b3f388e535f4220252e0b0b4fc8146c51489ecbeca74227f8cdff78ed0062cc6

SHA512
2ec5a389bb710a725b75ba3e27f3fbcb0d5d6bd2ff0803d1f2381d1a79c7162581c6818afaa7e10aa03900482e2a1f683ca8cb7ed2f68489efa093715740f03b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
1dde831b3f72227121241cfbcf0b8bfa

SHA1
e076ca61127cce19e3495b3a0ae3dfdb8592effd

SHA256
b3f388e535f4220252e0b0b4fc8146c51489ecbeca74227f8cdff78ed0062cc6

SHA512
2ec5a389bb710a725b75ba3e27f3fbcb0d5d6bd2ff0803d1f2381d1a79c7162581c6818afaa7e10aa03900482e2a1f683ca8cb7ed2f68489efa093715740f03b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
1dde831b3f72227121241cfbcf0b8bfa

SHA1
e076ca61127cce19e3495b3a0ae3dfdb8592effd

SHA256
b3f388e535f4220252e0b0b4fc8146c51489ecbeca74227f8cdff78ed0062cc6

SHA512
2ec5a389bb710a725b75ba3e27f3fbcb0d5d6bd2ff0803d1f2381d1a79c7162581c6818afaa7e10aa03900482e2a1f683ca8cb7ed2f68489efa093715740f03b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
1dde831b3f72227121241cfbcf0b8bfa

SHA1
e076ca61127cce19e3495b3a0ae3dfdb8592effd

SHA256
b3f388e535f4220252e0b0b4fc8146c51489ecbeca74227f8cdff78ed0062cc6

SHA512
2ec5a389bb710a725b75ba3e27f3fbcb0d5d6bd2ff0803d1f2381d1a79c7162581c6818afaa7e10aa03900482e2a1f683ca8cb7ed2f68489efa093715740f03b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
1aa7e0f203b5b0b2f753567d77fbe2d9

SHA1
443937fd906e3a356a6689181b29a9e849f54209

SHA256
27f1577aa081b2222b6549e74de58ef60bf0a054c7b2a345366e6ebbf44fab8c

SHA512
ce2fff1ddfab2e82f4e8ec6b3d04405f9fb2ad07dccfdde404411de9bbc66033610ad1689316173878be9758bb822612d4a931901e1ed4bbbd41199c2885debf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
1aa7e0f203b5b0b2f753567d77fbe2d9

SHA1
443937fd906e3a356a6689181b29a9e849f54209

SHA256
27f1577aa081b2222b6549e74de58ef60bf0a054c7b2a345366e6ebbf44fab8c

SHA512
ce2fff1ddfab2e82f4e8ec6b3d04405f9fb2ad07dccfdde404411de9bbc66033610ad1689316173878be9758bb822612d4a931901e1ed4bbbd41199c2885debf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
1aa7e0f203b5b0b2f753567d77fbe2d9

SHA1
443937fd906e3a356a6689181b29a9e849f54209

SHA256
27f1577aa081b2222b6549e74de58ef60bf0a054c7b2a345366e6ebbf44fab8c

SHA512
ce2fff1ddfab2e82f4e8ec6b3d04405f9fb2ad07dccfdde404411de9bbc66033610ad1689316173878be9758bb822612d4a931901e1ed4bbbd41199c2885debf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
1aa7e0f203b5b0b2f753567d77fbe2d9

SHA1
443937fd906e3a356a6689181b29a9e849f54209

SHA256
27f1577aa081b2222b6549e74de58ef60bf0a054c7b2a345366e6ebbf44fab8c

SHA512
ce2fff1ddfab2e82f4e8ec6b3d04405f9fb2ad07dccfdde404411de9bbc66033610ad1689316173878be9758bb822612d4a931901e1ed4bbbd41199c2885debf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
1aa7e0f203b5b0b2f753567d77fbe2d9

SHA1
443937fd906e3a356a6689181b29a9e849f54209

SHA256
27f1577aa081b2222b6549e74de58ef60bf0a054c7b2a345366e6ebbf44fab8c

SHA512
ce2fff1ddfab2e82f4e8ec6b3d04405f9fb2ad07dccfdde404411de9bbc66033610ad1689316173878be9758bb822612d4a931901e1ed4bbbd41199c2885debf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
1aa7e0f203b5b0b2f753567d77fbe2d9

SHA1
443937fd906e3a356a6689181b29a9e849f54209

SHA256
27f1577aa081b2222b6549e74de58ef60bf0a054c7b2a345366e6ebbf44fab8c

SHA512
ce2fff1ddfab2e82f4e8ec6b3d04405f9fb2ad07dccfdde404411de9bbc66033610ad1689316173878be9758bb822612d4a931901e1ed4bbbd41199c2885debf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
1aa7e0f203b5b0b2f753567d77fbe2d9

SHA1
443937fd906e3a356a6689181b29a9e849f54209

SHA256
27f1577aa081b2222b6549e74de58ef60bf0a054c7b2a345366e6ebbf44fab8c

SHA512
ce2fff1ddfab2e82f4e8ec6b3d04405f9fb2ad07dccfdde404411de9bbc66033610ad1689316173878be9758bb822612d4a931901e1ed4bbbd41199c2885debf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
1aa7e0f203b5b0b2f753567d77fbe2d9

SHA1
443937fd906e3a356a6689181b29a9e849f54209

SHA256
27f1577aa081b2222b6549e74de58ef60bf0a054c7b2a345366e6ebbf44fab8c

SHA512
ce2fff1ddfab2e82f4e8ec6b3d04405f9fb2ad07dccfdde404411de9bbc66033610ad1689316173878be9758bb822612d4a931901e1ed4bbbd41199c2885debf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
1aa7e0f203b5b0b2f753567d77fbe2d9

SHA1
443937fd906e3a356a6689181b29a9e849f54209

SHA256
27f1577aa081b2222b6549e74de58ef60bf0a054c7b2a345366e6ebbf44fab8c

SHA512
ce2fff1ddfab2e82f4e8ec6b3d04405f9fb2ad07dccfdde404411de9bbc66033610ad1689316173878be9758bb822612d4a931901e1ed4bbbd41199c2885debf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
1aa7e0f203b5b0b2f753567d77fbe2d9

SHA1
443937fd906e3a356a6689181b29a9e849f54209

SHA256
27f1577aa081b2222b6549e74de58ef60bf0a054c7b2a345366e6ebbf44fab8c

SHA512
ce2fff1ddfab2e82f4e8ec6b3d04405f9fb2ad07dccfdde404411de9bbc66033610ad1689316173878be9758bb822612d4a931901e1ed4bbbd41199c2885debf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
1aa7e0f203b5b0b2f753567d77fbe2d9

SHA1
443937fd906e3a356a6689181b29a9e849f54209

SHA256
27f1577aa081b2222b6549e74de58ef60bf0a054c7b2a345366e6ebbf44fab8c

SHA512
ce2fff1ddfab2e82f4e8ec6b3d04405f9fb2ad07dccfdde404411de9bbc66033610ad1689316173878be9758bb822612d4a931901e1ed4bbbd41199c2885debf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
1aa7e0f203b5b0b2f753567d77fbe2d9

SHA1
443937fd906e3a356a6689181b29a9e849f54209

SHA256
27f1577aa081b2222b6549e74de58ef60bf0a054c7b2a345366e6ebbf44fab8c

SHA512
ce2fff1ddfab2e82f4e8ec6b3d04405f9fb2ad07dccfdde404411de9bbc66033610ad1689316173878be9758bb822612d4a931901e1ed4bbbd41199c2885debf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
2KB

MD5
e3f9692b74c04f11447b2ebbd703ef26

SHA1
1732a3142d92442cadf7267783c1906c882769b0

SHA256
abefc09a638ab32684f276736ae63e7ba9bab0ac207cedd2bcc2c8fa096a5f2b

SHA512
a6bd83907c935fd0d408ef590b2c60fa6a994b1dc0618a70e266007871ecb712b156b36ae809e899c8d8050c8388ffa593489a413e9ab813893c3925d6623bf2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
2KB

MD5
e3f9692b74c04f11447b2ebbd703ef26

SHA1
1732a3142d92442cadf7267783c1906c882769b0

SHA256
abefc09a638ab32684f276736ae63e7ba9bab0ac207cedd2bcc2c8fa096a5f2b

SHA512
a6bd83907c935fd0d408ef590b2c60fa6a994b1dc0618a70e266007871ecb712b156b36ae809e899c8d8050c8388ffa593489a413e9ab813893c3925d6623bf2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
2KB

MD5
3de474d7b8da57d4ec47cb44fa8d6a2d

SHA1
1cd23b1d8087417fb52f9599b179fa7d3ed6b667

SHA256
5877294cd4fd52661826e844a0e7c72baa4948c2b419630251be08076e729d98

SHA512
8bf8cd2d9c5a0145381034155c8655cb8c1d820b4b556c22156d8162d35095bc8544262bbc21373a18875868479e88526098b92e6ee0e18237567cc53886025d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
2KB

MD5
6fa0b9ce253f58b7d82dd173f8cbb408

SHA1
de97b81d7026bb698e4d5ce3b168e758a8ed07a8

SHA256
f38229a79b48d9d71a70d2f3a6482a32f14aa162ac3db516688c65560f3f0660

SHA512
cdc12a6cfca73e9b1c152685439a3c11134537ad602b770432e2cb7eb4d8d2677394d1225d8724a2ceda4d64db33c591f6368ffb74607eb48467197472cd2e63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
2KB

MD5
6fa0b9ce253f58b7d82dd173f8cbb408

SHA1
de97b81d7026bb698e4d5ce3b168e758a8ed07a8

SHA256
f38229a79b48d9d71a70d2f3a6482a32f14aa162ac3db516688c65560f3f0660

SHA512
cdc12a6cfca73e9b1c152685439a3c11134537ad602b770432e2cb7eb4d8d2677394d1225d8724a2ceda4d64db33c591f6368ffb74607eb48467197472cd2e63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
2KB

MD5
70701608c4b4b16b3cbec4f71faefa34

SHA1
6f6271eeea5e93cb64305998bc5bca12a8a03321

SHA256
8047047cc42ff704c1d5a6220e9a1c699e1cb9385e1489fd5e1cbfc202dda819

SHA512
3e1f3023a7d251f15431710054beb0aaf8fcbdb5d7b89c1a520c329f8f05f4fd849ce500d659e9395e05ab2414e93bd0f22f64231f9a22ddc7b53d568b1a9405

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
2KB

MD5
497f468f7a525531efcd1fcdc2329150

SHA1
5838facc39040b7a00bc281ff05213f4d7c9a5ba

SHA256
20d5a37d9c537afa905e1c0cbab0d2bc14259b7995ad128323f8a5b6705582c2

SHA512
703abd4f88436b7decf5ed80f3a63dc851b2fc60eb34b012aebda3eb53c01feed02b895cf5171bb4c19571122fb44b9da935578605ad0cd0c5478939c52cd582

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
2KB

MD5
3de474d7b8da57d4ec47cb44fa8d6a2d

SHA1
1cd23b1d8087417fb52f9599b179fa7d3ed6b667

SHA256
5877294cd4fd52661826e844a0e7c72baa4948c2b419630251be08076e729d98

SHA512
8bf8cd2d9c5a0145381034155c8655cb8c1d820b4b556c22156d8162d35095bc8544262bbc21373a18875868479e88526098b92e6ee0e18237567cc53886025d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
2KB

MD5
6fa0b9ce253f58b7d82dd173f8cbb408

SHA1
de97b81d7026bb698e4d5ce3b168e758a8ed07a8

SHA256
f38229a79b48d9d71a70d2f3a6482a32f14aa162ac3db516688c65560f3f0660

SHA512
cdc12a6cfca73e9b1c152685439a3c11134537ad602b770432e2cb7eb4d8d2677394d1225d8724a2ceda4d64db33c591f6368ffb74607eb48467197472cd2e63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
2KB

MD5
6fa0b9ce253f58b7d82dd173f8cbb408

SHA1
de97b81d7026bb698e4d5ce3b168e758a8ed07a8

SHA256
f38229a79b48d9d71a70d2f3a6482a32f14aa162ac3db516688c65560f3f0660

SHA512
cdc12a6cfca73e9b1c152685439a3c11134537ad602b770432e2cb7eb4d8d2677394d1225d8724a2ceda4d64db33c591f6368ffb74607eb48467197472cd2e63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
2KB

MD5
497f468f7a525531efcd1fcdc2329150

SHA1
5838facc39040b7a00bc281ff05213f4d7c9a5ba

SHA256
20d5a37d9c537afa905e1c0cbab0d2bc14259b7995ad128323f8a5b6705582c2

SHA512
703abd4f88436b7decf5ed80f3a63dc851b2fc60eb34b012aebda3eb53c01feed02b895cf5171bb4c19571122fb44b9da935578605ad0cd0c5478939c52cd582

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
2KB

MD5
e3f9692b74c04f11447b2ebbd703ef26

SHA1
1732a3142d92442cadf7267783c1906c882769b0

SHA256
abefc09a638ab32684f276736ae63e7ba9bab0ac207cedd2bcc2c8fa096a5f2b

SHA512
a6bd83907c935fd0d408ef590b2c60fa6a994b1dc0618a70e266007871ecb712b156b36ae809e899c8d8050c8388ffa593489a413e9ab813893c3925d6623bf2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
2KB

MD5
70701608c4b4b16b3cbec4f71faefa34

SHA1
6f6271eeea5e93cb64305998bc5bca12a8a03321

SHA256
8047047cc42ff704c1d5a6220e9a1c699e1cb9385e1489fd5e1cbfc202dda819

SHA512
3e1f3023a7d251f15431710054beb0aaf8fcbdb5d7b89c1a520c329f8f05f4fd849ce500d659e9395e05ab2414e93bd0f22f64231f9a22ddc7b53d568b1a9405

Download Submit
C:\Users\Admin\AppData\Local\Temp\3D67.tmp\3D68.tmp\3D69.bat
Filesize
725B

MD5
6882363dd125a39e084667ddd43532a4

SHA1
a5b6e74b292d96424d7b39ee9f71e98701f4548d

SHA256
b998f488ff63337265c33a7e298e85679393d54e6094d223cd97e549a17078ba

SHA512
7bec550ded2c532f279638050638db8abe48f7a31f1175a8caf34dd6ff4ccddfc01331211088ab0b2e3fe980846657f609a897be88eace28c0347f56d7b91a19

Download Submit
\??\pipe\LOCAL\crashpad_1504_PCAQXNWZPLSZUVCU
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\??\pipe\LOCAL\crashpad_216_UHLQSJKKTUIMWUHJ
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\??\pipe\LOCAL\crashpad_2244_AYWICZIJKMQRYQXT
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\??\pipe\LOCAL\crashpad_2540_MOZGUZEVCMJSFKAN
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\??\pipe\LOCAL\crashpad_3492_XXZEOBCQVGTLYFUI
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\??\pipe\LOCAL\crashpad_3532_INQPTDTXXJJUXYHW
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\??\pipe\LOCAL\crashpad_4048_WMOGKWSGJWRHWWJT
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\??\pipe\LOCAL\crashpad_4224_FRBWAEYANFYVMGNM
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\??\pipe\LOCAL\crashpad_4720_DDCTLTDGIGGDVBJO
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/216-139-0x0000000000000000-mapping.dmp

Download
memory/548-147-0x0000000000000000-mapping.dmp

Download
memory/1504-140-0x0000000000000000-mapping.dmp

Download
memory/1508-142-0x0000000000000000-mapping.dmp

Download
memory/1720-141-0x0000000000000000-mapping.dmp

Download
memory/1856-145-0x0000000000000000-mapping.dmp

Download
memory/2244-138-0x0000000000000000-mapping.dmp

Download
memory/2540-137-0x0000000000000000-mapping.dmp

Download
memory/3064-283-0x0000000000000000-mapping.dmp

Download
memory/3492-135-0x0000000000000000-mapping.dmp

Download
memory/3532-157-0x0000000000000000-mapping.dmp

Download
memory/4048-148-0x0000000000000000-mapping.dmp

Download
memory/4224-136-0x0000000000000000-mapping.dmp

Download
memory/4576-144-0x0000000000000000-mapping.dmp

Download
memory/4720-134-0x0000000000000000-mapping.dmp

Download
memory/4752-158-0x0000000000000000-mapping.dmp

Download
memory/4804-143-0x0000000000000000-mapping.dmp

Download
memory/4884-149-0x0000000000000000-mapping.dmp

Download
memory/5056-132-0x0000000000000000-mapping.dmp

Download
memory/5112-146-0x0000000000000000-mapping.dmp

Download
memory/5272-181-0x0000000000000000-mapping.dmp

Download
memory/5276-182-0x0000000000000000-mapping.dmp

Download
memory/5308-184-0x0000000000000000-mapping.dmp

Download
memory/5316-183-0x0000000000000000-mapping.dmp

Download
memory/5340-185-0x0000000000000000-mapping.dmp

Download
memory/5368-187-0x0000000000000000-mapping.dmp

Download
memory/5380-186-0x0000000000000000-mapping.dmp

Download
memory/5404-188-0x0000000000000000-mapping.dmp

Download
memory/5412-189-0x0000000000000000-mapping.dmp

Download
memory/5536-252-0x0000000000000000-mapping.dmp

Download
memory/5572-198-0x0000000000000000-mapping.dmp

Download
memory/5588-199-0x0000000000000000-mapping.dmp

Download
memory/5608-200-0x0000000000000000-mapping.dmp

Download
memory/5612-245-0x0000000000000000-mapping.dmp

Download
memory/5616-217-0x0000000000000000-mapping.dmp

Download
memory/5620-201-0x0000000000000000-mapping.dmp

Download
memory/5640-202-0x0000000000000000-mapping.dmp

Download
memory/5652-203-0x0000000000000000-mapping.dmp

Download
memory/5752-206-0x0000000000000000-mapping.dmp

Download
memory/5764-207-0x0000000000000000-mapping.dmp

Download
memory/5788-211-0x0000000000000000-mapping.dmp

Download
memory/6140-280-0x0000000000000000-mapping.dmp

Download
memory/6180-279-0x0000000000000000-mapping.dmp

Download
memory/6288-239-0x0000000000000000-mapping.dmp

Download
memory/6648-285-0x0000000000000000-mapping.dmp

Download
memory/6764-247-0x0000000000000000-mapping.dmp

Download
memory/6836-226-0x0000000000000000-mapping.dmp

Download
memory/6844-241-0x0000000000000000-mapping.dmp

Download
memory/6896-228-0x0000000000000000-mapping.dmp

Download
memory/7108-237-0x0000000000000000-mapping.dmp

Download
memory/7260-254-0x0000000000000000-mapping.dmp

Download
memory/7332-256-0x0000000000000000-mapping.dmp

Download
memory/7380-258-0x0000000000000000-mapping.dmp

Download
memory/7396-260-0x0000000000000000-mapping.dmp

Download
memory/7512-262-0x0000000000000000-mapping.dmp

Download
memory/7588-264-0x0000000000000000-mapping.dmp

Download
memory/7608-266-0x0000000000000000-mapping.dmp

Download
memory/7676-268-0x0000000000000000-mapping.dmp

Download
memory/7824-270-0x0000000000000000-mapping.dmp

Download
memory/7868-281-0x0000000000000000-mapping.dmp

Download
memory/7928-272-0x0000000000000000-mapping.dmp

Download
memory/7944-274-0x0000000000000000-mapping.dmp

Download
memory/7964-278-0x0000000000000000-mapping.dmp

Download
memory/8000-276-0x0000000000000000-mapping.dmp

Download