d96bd8bfbd53664b1f39632af3c4344755f547b72a8402b912e63bfcad4b680a

Analysis

max time kernel
153s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
26-11-2022 12:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d96bd8bfbd53664b1f39632af3c4344755f547b72a8402b912e63bfcad4b680a.exe
Size

1.2MB
MD5

a2c1055a3da9f0f112d3839d2d032a36
SHA1

d591ef12b1d64b606e673b98acedf74366200dcd
SHA256

d96bd8bfbd53664b1f39632af3c4344755f547b72a8402b912e63bfcad4b680a
SHA512

c35467dc4ea304ec113d7c0a51e79fb09e84d84e3194262ec0931adebb7179a83691506e9672b3f0df51125cc4a65e62c0200d4c93074d218257ca3b11727853
SSDEEP

24576:bvJZCbUT/KMtbZdrTqF9ozkuKCboFRcLvBEwwo:rCb0/KAa9ozkuAFRqywwo

Score

10^/10

persistence phishing

Malware Config

Signatures

Detected phishing page
phishing
Executes dropped EXE 3 IoCs

Processes:

chrom.exePRO77.exeGra-Pro l PB Auto Kill Free.exe

pid process

2744 chrom.exe
3984 PRO77.exe
4532 Gra-Pro l PB Auto Kill Free.exe

pid	process
2744	chrom.exe
3984	PRO77.exe
4532	Gra-Pro l PB Auto Kill Free.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

d96bd8bfbd53664b1f39632af3c4344755f547b72a8402b912e63bfcad4b680a.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Control Panel\International\Geo\Nation	d96bd8bfbd53664b1f39632af3c4344755f547b72a8402b912e63bfcad4b680a.exe

Adds Run key to start application 2 TTPs 1 IoCs
persistence

Registry Run Keys / Startup Folder
T1060

Modify Registry
T1112

Processes:

msedge.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Windows\CurrentVersion\Run msedge.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2891029575-1462575-1165213807-1000\Software\Microsoft\Windows\CurrentVersion\Run	msedge.exe

Drops file in System32 directory 2 IoCs

Processes:

Gra-Pro l PB Auto Kill Free.exe

description	ioc	process
File created	C:\Windows\SysWOW64\EBY.dll	Gra-Pro l PB Auto Kill Free.exe
File created	C:\Windows\SysWOW64\Hook.dll	Gra-Pro l PB Auto Kill Free.exe

Drops file in Program Files directory 2 IoCs

Processes:

setup.exe

description	ioc	process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\2644cc47-c342-401c-9cfe-307bd326334d.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20221127021103.pma	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Program crash 2 IoCs

Processes:

WerFault.exeWerFault.exe

pid pid_target process target process

5828 2744 WerFault.exe chrom.exe
2848 2744 WerFault.exe chrom.exe

pid	pid_target	process	target process
5828	2744	WerFault.exe	chrom.exe
2848	2744	WerFault.exe	chrom.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

Processes:

msedge.exe

description ioc process

Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ msedge.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

Gra-Pro l PB Auto Kill Free.exe

pid	process
4532	Gra-Pro l PB Auto Kill Free.exe
4532	Gra-Pro l PB Auto Kill Free.exe
4532	Gra-Pro l PB Auto Kill Free.exe
4532	Gra-Pro l PB Auto Kill Free.exe
4532	Gra-Pro l PB Auto Kill Free.exe
4532	Gra-Pro l PB Auto Kill Free.exe
4532	Gra-Pro l PB Auto Kill Free.exe
4532	Gra-Pro l PB Auto Kill Free.exe
4532	Gra-Pro l PB Auto Kill Free.exe
4532	Gra-Pro l PB Auto Kill Free.exe
4532	Gra-Pro l PB Auto Kill Free.exe
4532	Gra-Pro l PB Auto Kill Free.exe
4532	Gra-Pro l PB Auto Kill Free.exe
4532	Gra-Pro l PB Auto Kill Free.exe
4532	Gra-Pro l PB Auto Kill Free.exe
4532	Gra-Pro l PB Auto Kill Free.exe
4532	Gra-Pro l PB Auto Kill Free.exe
4532	Gra-Pro l PB Auto Kill Free.exe
4532	Gra-Pro l PB Auto Kill Free.exe
4532	Gra-Pro l PB Auto Kill Free.exe
4532	Gra-Pro l PB Auto Kill Free.exe
4532	Gra-Pro l PB Auto Kill Free.exe
4532	Gra-Pro l PB Auto Kill Free.exe
4532	Gra-Pro l PB Auto Kill Free.exe
4532	Gra-Pro l PB Auto Kill Free.exe
4532	Gra-Pro l PB Auto Kill Free.exe
4532	Gra-Pro l PB Auto Kill Free.exe
4532	Gra-Pro l PB Auto Kill Free.exe
4532	Gra-Pro l PB Auto Kill Free.exe
4532	Gra-Pro l PB Auto Kill Free.exe
4532	Gra-Pro l PB Auto Kill Free.exe
4532	Gra-Pro l PB Auto Kill Free.exe
4532	Gra-Pro l PB Auto Kill Free.exe
4532	Gra-Pro l PB Auto Kill Free.exe
4532	Gra-Pro l PB Auto Kill Free.exe
4532	Gra-Pro l PB Auto Kill Free.exe
4532	Gra-Pro l PB Auto Kill Free.exe
4532	Gra-Pro l PB Auto Kill Free.exe
4532	Gra-Pro l PB Auto Kill Free.exe
4532	Gra-Pro l PB Auto Kill Free.exe
4532	Gra-Pro l PB Auto Kill Free.exe
4532	Gra-Pro l PB Auto Kill Free.exe
4532	Gra-Pro l PB Auto Kill Free.exe
4532	Gra-Pro l PB Auto Kill Free.exe
4532	Gra-Pro l PB Auto Kill Free.exe
4532	Gra-Pro l PB Auto Kill Free.exe
4532	Gra-Pro l PB Auto Kill Free.exe
4532	Gra-Pro l PB Auto Kill Free.exe
4532	Gra-Pro l PB Auto Kill Free.exe
4532	Gra-Pro l PB Auto Kill Free.exe
4532	Gra-Pro l PB Auto Kill Free.exe
4532	Gra-Pro l PB Auto Kill Free.exe
4532	Gra-Pro l PB Auto Kill Free.exe
4532	Gra-Pro l PB Auto Kill Free.exe
4532	Gra-Pro l PB Auto Kill Free.exe
4532	Gra-Pro l PB Auto Kill Free.exe
4532	Gra-Pro l PB Auto Kill Free.exe
4532	Gra-Pro l PB Auto Kill Free.exe
4532	Gra-Pro l PB Auto Kill Free.exe
4532	Gra-Pro l PB Auto Kill Free.exe
4532	Gra-Pro l PB Auto Kill Free.exe
4532	Gra-Pro l PB Auto Kill Free.exe
4532	Gra-Pro l PB Auto Kill Free.exe
4532	Gra-Pro l PB Auto Kill Free.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 37 IoCs

Processes:

msedge.exe

pid	process
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrom.exePRO77.exeGra-Pro l PB Auto Kill Free.exe

description	pid	process
Token: SeDebugPrivilege	2744	chrom.exe
Token: 33	2744	chrom.exe
Token: SeIncBasePriorityPrivilege	2744	chrom.exe
Token: SeDebugPrivilege	3984	PRO77.exe
Token: 33	3984	PRO77.exe
Token: SeIncBasePriorityPrivilege	3984	PRO77.exe
Token: 33	2744	chrom.exe
Token: SeIncBasePriorityPrivilege	2744	chrom.exe
Token: 33	2744	chrom.exe
Token: SeIncBasePriorityPrivilege	2744	chrom.exe
Token: SeDebugPrivilege	4532	Gra-Pro l PB Auto Kill Free.exe
Token: 33	2744	chrom.exe
Token: SeIncBasePriorityPrivilege	2744	chrom.exe
Token: 33	2744	chrom.exe
Token: SeIncBasePriorityPrivilege	2744	chrom.exe
Token: 33	2744	chrom.exe
Token: SeIncBasePriorityPrivilege	2744	chrom.exe
Token: 33	2744	chrom.exe
Token: SeIncBasePriorityPrivilege	2744	chrom.exe
Token: 33	2744	chrom.exe
Token: SeIncBasePriorityPrivilege	2744	chrom.exe
Token: 33	2744	chrom.exe
Token: SeIncBasePriorityPrivilege	2744	chrom.exe
Token: 33	2744	chrom.exe
Token: SeIncBasePriorityPrivilege	2744	chrom.exe
Token: 33	2744	chrom.exe
Token: SeIncBasePriorityPrivilege	2744	chrom.exe
Token: 33	2744	chrom.exe
Token: SeIncBasePriorityPrivilege	2744	chrom.exe
Token: 33	2744	chrom.exe
Token: SeIncBasePriorityPrivilege	2744	chrom.exe
Token: 33	2744	chrom.exe
Token: SeIncBasePriorityPrivilege	2744	chrom.exe
Token: 33	2744	chrom.exe
Token: SeIncBasePriorityPrivilege	2744	chrom.exe
Token: 33	2744	chrom.exe
Token: SeIncBasePriorityPrivilege	2744	chrom.exe
Token: 33	2744	chrom.exe
Token: SeIncBasePriorityPrivilege	2744	chrom.exe
Token: 33	2744	chrom.exe
Token: SeIncBasePriorityPrivilege	2744	chrom.exe
Token: 33	2744	chrom.exe
Token: SeIncBasePriorityPrivilege	2744	chrom.exe
Token: 33	2744	chrom.exe
Token: SeIncBasePriorityPrivilege	2744	chrom.exe
Token: 33	2744	chrom.exe
Token: SeIncBasePriorityPrivilege	2744	chrom.exe
Token: 33	2744	chrom.exe
Token: SeIncBasePriorityPrivilege	2744	chrom.exe
Token: 33	2744	chrom.exe
Token: SeIncBasePriorityPrivilege	2744	chrom.exe
Token: 33	2744	chrom.exe
Token: SeIncBasePriorityPrivilege	2744	chrom.exe
Token: 33	2744	chrom.exe
Token: SeIncBasePriorityPrivilege	2744	chrom.exe
Token: 33	2744	chrom.exe
Token: SeIncBasePriorityPrivilege	2744	chrom.exe
Token: 33	2744	chrom.exe
Token: SeIncBasePriorityPrivilege	2744	chrom.exe
Token: 33	2744	chrom.exe
Token: SeIncBasePriorityPrivilege	2744	chrom.exe
Token: 33	2744	chrom.exe
Token: SeIncBasePriorityPrivilege	2744	chrom.exe
Token: 33	2744	chrom.exe

Suspicious use of FindShellTrayWindow 2 IoCs

Processes:

msedge.exe

pid process

3284 msedge.exe
3284 msedge.exe
Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

PRO77.exechrom.exe

pid process

3984 PRO77.exe
3984 PRO77.exe
2744 chrom.exe
2744 chrom.exe

pid	process
3984	PRO77.exe
3984	PRO77.exe
2744	chrom.exe
2744	chrom.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

d96bd8bfbd53664b1f39632af3c4344755f547b72a8402b912e63bfcad4b680a.exechrom.exePRO77.exemsedge.exemsedge.exeGra-Pro l PB Auto Kill Free.exemsedge.exe

description	pid	process	target process
PID 5056 wrote to memory of 2744	5056	d96bd8bfbd53664b1f39632af3c4344755f547b72a8402b912e63bfcad4b680a.exe	chrom.exe
PID 5056 wrote to memory of 2744	5056	d96bd8bfbd53664b1f39632af3c4344755f547b72a8402b912e63bfcad4b680a.exe	chrom.exe
PID 5056 wrote to memory of 2744	5056	d96bd8bfbd53664b1f39632af3c4344755f547b72a8402b912e63bfcad4b680a.exe	chrom.exe
PID 5056 wrote to memory of 3984	5056	d96bd8bfbd53664b1f39632af3c4344755f547b72a8402b912e63bfcad4b680a.exe	PRO77.exe
PID 5056 wrote to memory of 3984	5056	d96bd8bfbd53664b1f39632af3c4344755f547b72a8402b912e63bfcad4b680a.exe	PRO77.exe
PID 5056 wrote to memory of 3984	5056	d96bd8bfbd53664b1f39632af3c4344755f547b72a8402b912e63bfcad4b680a.exe	PRO77.exe
PID 5056 wrote to memory of 4532	5056	d96bd8bfbd53664b1f39632af3c4344755f547b72a8402b912e63bfcad4b680a.exe	Gra-Pro l PB Auto Kill Free.exe
PID 5056 wrote to memory of 4532	5056	d96bd8bfbd53664b1f39632af3c4344755f547b72a8402b912e63bfcad4b680a.exe	Gra-Pro l PB Auto Kill Free.exe
PID 5056 wrote to memory of 4532	5056	d96bd8bfbd53664b1f39632af3c4344755f547b72a8402b912e63bfcad4b680a.exe	Gra-Pro l PB Auto Kill Free.exe
PID 2744 wrote to memory of 3284	2744	chrom.exe	msedge.exe
PID 2744 wrote to memory of 3284	2744	chrom.exe	msedge.exe
PID 3984 wrote to memory of 3264	3984	PRO77.exe	msedge.exe
PID 3984 wrote to memory of 3264	3984	PRO77.exe	msedge.exe
PID 3264 wrote to memory of 3884	3264	msedge.exe	msedge.exe
PID 3264 wrote to memory of 3884	3264	msedge.exe	msedge.exe
PID 3284 wrote to memory of 1112	3284	msedge.exe	msedge.exe
PID 3284 wrote to memory of 1112	3284	msedge.exe	msedge.exe
PID 4532 wrote to memory of 1020	4532	Gra-Pro l PB Auto Kill Free.exe	msedge.exe
PID 4532 wrote to memory of 1020	4532	Gra-Pro l PB Auto Kill Free.exe	msedge.exe
PID 1020 wrote to memory of 3060	1020	msedge.exe	msedge.exe
PID 1020 wrote to memory of 3060	1020	msedge.exe	msedge.exe
PID 3284 wrote to memory of 1424	3284	msedge.exe	msedge.exe
PID 3284 wrote to memory of 1424	3284	msedge.exe	msedge.exe
PID 3284 wrote to memory of 1424	3284	msedge.exe	msedge.exe
PID 3284 wrote to memory of 1424	3284	msedge.exe	msedge.exe
PID 3284 wrote to memory of 1424	3284	msedge.exe	msedge.exe
PID 3284 wrote to memory of 1424	3284	msedge.exe	msedge.exe
PID 3284 wrote to memory of 1424	3284	msedge.exe	msedge.exe
PID 3284 wrote to memory of 1424	3284	msedge.exe	msedge.exe
PID 3284 wrote to memory of 1424	3284	msedge.exe	msedge.exe
PID 3284 wrote to memory of 1424	3284	msedge.exe	msedge.exe
PID 3284 wrote to memory of 1424	3284	msedge.exe	msedge.exe
PID 3284 wrote to memory of 1424	3284	msedge.exe	msedge.exe
PID 3284 wrote to memory of 1424	3284	msedge.exe	msedge.exe
PID 3284 wrote to memory of 1424	3284	msedge.exe	msedge.exe
PID 3284 wrote to memory of 1424	3284	msedge.exe	msedge.exe
PID 3284 wrote to memory of 1424	3284	msedge.exe	msedge.exe
PID 3284 wrote to memory of 1424	3284	msedge.exe	msedge.exe
PID 3284 wrote to memory of 1424	3284	msedge.exe	msedge.exe
PID 3284 wrote to memory of 1424	3284	msedge.exe	msedge.exe
PID 3284 wrote to memory of 1424	3284	msedge.exe	msedge.exe
PID 3284 wrote to memory of 1424	3284	msedge.exe	msedge.exe
PID 3284 wrote to memory of 1424	3284	msedge.exe	msedge.exe
PID 3284 wrote to memory of 1424	3284	msedge.exe	msedge.exe
PID 3284 wrote to memory of 1424	3284	msedge.exe	msedge.exe
PID 3284 wrote to memory of 1424	3284	msedge.exe	msedge.exe
PID 3284 wrote to memory of 1424	3284	msedge.exe	msedge.exe
PID 3284 wrote to memory of 1424	3284	msedge.exe	msedge.exe
PID 3284 wrote to memory of 1424	3284	msedge.exe	msedge.exe
PID 3284 wrote to memory of 1424	3284	msedge.exe	msedge.exe
PID 3284 wrote to memory of 1424	3284	msedge.exe	msedge.exe
PID 3284 wrote to memory of 1424	3284	msedge.exe	msedge.exe
PID 3284 wrote to memory of 1424	3284	msedge.exe	msedge.exe
PID 1020 wrote to memory of 4124	1020	msedge.exe	msedge.exe
PID 1020 wrote to memory of 4124	1020	msedge.exe	msedge.exe
PID 1020 wrote to memory of 4124	1020	msedge.exe	msedge.exe
PID 1020 wrote to memory of 4124	1020	msedge.exe	msedge.exe
PID 1020 wrote to memory of 4124	1020	msedge.exe	msedge.exe
PID 1020 wrote to memory of 4124	1020	msedge.exe	msedge.exe
PID 1020 wrote to memory of 4124	1020	msedge.exe	msedge.exe
PID 1020 wrote to memory of 4124	1020	msedge.exe	msedge.exe
PID 1020 wrote to memory of 4124	1020	msedge.exe	msedge.exe
PID 1020 wrote to memory of 4124	1020	msedge.exe	msedge.exe
PID 1020 wrote to memory of 4124	1020	msedge.exe	msedge.exe

C:\Users\Admin\AppData\Local\Temp\d96bd8bfbd53664b1f39632af3c4344755f547b72a8402b912e63bfcad4b680a.exe
"C:\Users\Admin\AppData\Local\Temp\d96bd8bfbd53664b1f39632af3c4344755f547b72a8402b912e63bfcad4b680a.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:5056

C:\Users\Admin\AppData\Local\Temp\chrom.exe
"C:\Users\Admin\AppData\Local\Temp\chrom.exe"
2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2744

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://probot99.blogspot.com/
3⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:3284

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9981146f8,0x7ff998114708,0x7ff998114718
4⤵
PID:1112

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,18349780530924316741,7186513783540689042,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
4⤵
PID:1424

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,18349780530924316741,7186513783540689042,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2560 /prefetch:3
4⤵
PID:2352

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,18349780530924316741,7186513783540689042,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2556 /prefetch:8
4⤵
PID:4900

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18349780530924316741,7186513783540689042,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3572 /prefetch:1
4⤵
PID:3920

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18349780530924316741,7186513783540689042,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
4⤵
PID:3796

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18349780530924316741,7186513783540689042,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4356 /prefetch:1
4⤵
PID:1696

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18349780530924316741,7186513783540689042,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4588 /prefetch:1
4⤵
PID:4036

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2148,18349780530924316741,7186513783540689042,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5404 /prefetch:8
4⤵
PID:2976

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18349780530924316741,7186513783540689042,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
4⤵
PID:3464

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18349780530924316741,7186513783540689042,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4356 /prefetch:1
4⤵
PID:4104

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18349780530924316741,7186513783540689042,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1
4⤵
PID:2776

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18349780530924316741,7186513783540689042,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:1
4⤵
PID:4412

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18349780530924316741,7186513783540689042,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3912 /prefetch:1
4⤵
PID:1696

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18349780530924316741,7186513783540689042,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6404 /prefetch:1
4⤵
PID:3600

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18349780530924316741,7186513783540689042,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6520 /prefetch:1
4⤵
PID:2228

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18349780530924316741,7186513783540689042,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6720 /prefetch:1
4⤵
PID:1968

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2148,18349780530924316741,7186513783540689042,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3988 /prefetch:8
4⤵
PID:2036

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18349780530924316741,7186513783540689042,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7440 /prefetch:1
4⤵
PID:5144

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18349780530924316741,7186513783540689042,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7416 /prefetch:1
4⤵
PID:5164

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18349780530924316741,7186513783540689042,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7692 /prefetch:1
4⤵
PID:5180

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18349780530924316741,7186513783540689042,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
4⤵
PID:5344

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18349780530924316741,7186513783540689042,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7920 /prefetch:1
4⤵
PID:5360

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18349780530924316741,7186513783540689042,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8172 /prefetch:1
4⤵
PID:5428

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18349780530924316741,7186513783540689042,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7108 /prefetch:1
4⤵
PID:5512

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18349780530924316741,7186513783540689042,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8268 /prefetch:1
4⤵
PID:5600

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18349780530924316741,7186513783540689042,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7960 /prefetch:1
4⤵
PID:5668

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18349780530924316741,7186513783540689042,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8416 /prefetch:1
4⤵
PID:5812

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18349780530924316741,7186513783540689042,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8960 /prefetch:1
4⤵
PID:5844

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18349780530924316741,7186513783540689042,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8684 /prefetch:1
4⤵
PID:5984

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18349780530924316741,7186513783540689042,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9056 /prefetch:1
4⤵
PID:6064

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18349780530924316741,7186513783540689042,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9024 /prefetch:1
4⤵
PID:6080

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18349780530924316741,7186513783540689042,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1044 /prefetch:1
4⤵
PID:4364

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18349780530924316741,7186513783540689042,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8388 /prefetch:1
4⤵
PID:2284

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18349780530924316741,7186513783540689042,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9016 /prefetch:1
4⤵
PID:3148

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18349780530924316741,7186513783540689042,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7180 /prefetch:1
4⤵
PID:5444

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18349780530924316741,7186513783540689042,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7724 /prefetch:1
4⤵
PID:5228

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18349780530924316741,7186513783540689042,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8728 /prefetch:1
4⤵
PID:5720

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18349780530924316741,7186513783540689042,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9572 /prefetch:1
4⤵
PID:5900

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18349780530924316741,7186513783540689042,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9036 /prefetch:1
4⤵
PID:5620

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18349780530924316741,7186513783540689042,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9424 /prefetch:1
4⤵
PID:5484

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18349780530924316741,7186513783540689042,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9380 /prefetch:1
4⤵
PID:5940

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18349780530924316741,7186513783540689042,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9416 /prefetch:1
4⤵
PID:2324

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,18349780530924316741,7186513783540689042,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6592 /prefetch:8
4⤵
PID:2996

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
4⤵
- Drops file in Program Files directory
PID:5148

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x118,0x11c,0xf0,0x130,0x7ff7b6335460,0x7ff7b6335470,0x7ff7b6335480
5⤵
PID:5236

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,18349780530924316741,7186513783540689042,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6592 /prefetch:8
4⤵
PID:5488

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2148,18349780530924316741,7186513783540689042,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1820 /prefetch:8
4⤵
PID:3684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 2244
3⤵
- Program crash
PID:5828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 2244
3⤵
- Program crash
PID:2848

C:\Users\Admin\AppData\Local\Temp\PRO77.exe
"C:\Users\Admin\AppData\Local\Temp\PRO77.exe"
2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3984

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pro-77.blogspot.com/
3⤵
- Suspicious use of WriteProcessMemory
PID:3264

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd8,0x104,0x7ff9981146f8,0x7ff998114708,0x7ff998114718
4⤵
PID:3884

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,15855808065952933885,13118295662766519275,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
4⤵
PID:2636

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,15855808065952933885,13118295662766519275,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2480 /prefetch:3
4⤵
PID:3580

C:\Users\Admin\AppData\Local\Temp\Gra-Pro l PB Auto Kill Free.exe
"C:\Users\Admin\AppData\Local\Temp\Gra-Pro l PB Auto Kill Free.exe"
2⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4532

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/GRAHACKPB
3⤵
- Suspicious use of WriteProcessMemory
PID:1020

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9981146f8,0x7ff998114708,0x7ff998114718
4⤵
PID:3060

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,16440365602754135924,1372371293000125575,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
4⤵
PID:4124

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1916,16440365602754135924,1372371293000125575,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2428 /prefetch:3
4⤵
PID:4684

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 2744 -ip 2744
1⤵
PID:5532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 2744 -ip 2744
1⤵
PID:6128

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771
Filesize
1KB

MD5
db0592962d9de77cd824619c4d96005c

SHA1
3e3640d22b532ab4627c310ba06786ca8249f371

SHA256
86188f175288d2c920c91395154ea7a04c77ae08784789e18174e2a7598013d9

SHA512
a202fc3b59d024079e74e54abfc606c821eb4699a9c8aae3f3b11da166b7abc68f140d47a74525962b02fd3c9647fcbc927c53fc962f36065438e771f8ea380d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
Filesize
1KB

MD5
5f3ccde13a2c02a15c9fb1c4b47f4cb1

SHA1
017be7f54853d4685b2cbe4eedb03ed999db8917

SHA256
fd4117eaf53402af49bcb0f2058dc2723b4fe61d185ca7dae37b3357e84ee4e8

SHA512
ef2c78fe6e1e16afc4fd5e4c3e0ae59392f4c287e7fa5be2bcd7c050dc048a3b2e06ef546c7d183c5856e3ec904144e816d509629232d7d696dd8755114cef4e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_46F574BDF8F8E3AC29733131E4667BA4
Filesize
472B

MD5
30f833b25d6e5af2229d9584c6f6cf97

SHA1
ee79c3fa994d53c1d0687ca61353d63cce459e25

SHA256
1bc091991c4663dbc86ae735e47ddc3e887a24661050ad9f24b8d458bfd11a6b

SHA512
da38df5335fbbefc9b38bb2cf5f5fc875794d444ed7ec41b8db5e0df128ad9dff34828fb1976977aec6b9ad36312535fa78f28a020531d360d8cc5fbf8cc8d24

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\35DDEDF268117918D1D277A171D8DF7B_86B32C8BBDCAD3A82509980EACA68C9B
Filesize
471B

MD5
c6fcca3e6edbf5db096022bc3219c252

SHA1
1aee60273b1b71be2e46ad6c0900aa22b556c566

SHA256
f47522572e2a4551ae66e237c9f396c62b69a25f035db89e915f8fbc22cf1173

SHA512
3089d86c6b0902e0da4245d1b0ef75ed02e41c7397ad0fa019af4b57f520df646e17befead14dcd8dce12a6d774835fadbf3efe7f0d713b5d31290c6fc97c6b2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_E503B048B745DFA14B81FCFC68D6DECE
Filesize
471B

MD5
c60e7e6da2d6abb70c52f8d7b6733e00

SHA1
d480d5088a78313b2bbe69155f7221589d3e07f0

SHA256
b02a43decd64469acb3576ec0823561fceb2deb65e4087112a40a2f1fdff3fc2

SHA512
e4589428ccbfb91b64f61b5700e75da4e955b8fb6ecf8602053b3c32a70024ae13bc7f84d179adc7b9fd9b1f86ad0b9c7998db9de05c1995ca0f131a320fedca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_E503B048B745DFA14B81FCFC68D6DECE
Filesize
471B

MD5
c60e7e6da2d6abb70c52f8d7b6733e00

SHA1
d480d5088a78313b2bbe69155f7221589d3e07f0

SHA256
b02a43decd64469acb3576ec0823561fceb2deb65e4087112a40a2f1fdff3fc2

SHA512
e4589428ccbfb91b64f61b5700e75da4e955b8fb6ecf8602053b3c32a70024ae13bc7f84d179adc7b9fd9b1f86ad0b9c7998db9de05c1995ca0f131a320fedca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_528EE72A58F76A72D60C536B16477B9D
Filesize
471B

MD5
3af86ffa45a38a9c1893246384fd98e2

SHA1
443689828d8fe68cad492ff311ee181721fcd921

SHA256
1374059b5c6ebd6bbbfd8ed4af2e53dc050801a38098f6de394e523d8be2e792

SHA512
88f85a74422fa607b85d327a5be9262d7e801ba21ee9cbf537ea2a109c232e5548a8c97523c091d95bd0b807b66ef34498220fadf81a4dfced1bd4fe9de6090f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_5C379F3600DE745720AF61433A9796B2
Filesize
472B

MD5
e9895464b828d538dc654c678c82b181

SHA1
af5791cd48761cb3f3f979b481c23e1508692823

SHA256
c93a71d276aa3f386bef66ed2b4d69e041cccc9a4df5024b14d54ce2569948f0

SHA512
7eaa004920cf778647d071f2074ed39f4fadda3f0436bb3ece34247e8b0a422d913ca254943d085a3044a697da4d93433eea1efa387c6cee92ff41afca8bb968

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
Filesize
724B

MD5
f569e1d183b84e8078dc456192127536

SHA1
30c537463eed902925300dd07a87d820a713753f

SHA256
287bc80237497eb8681dbf136a56cc3870dd5bd12d48051525a280ae62aab413

SHA512
49553b65a8e3fc0bf98c1bc02bae5b22188618d8edf8e88e4e25932105796956ae8301c63c487e0afe368ea39a4a2af07935a808f5fb53287ef9287bc73e1012

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DEC714EF0D801827047B2410CC1A3F11_95C799F77592FF4EE56FD1D598DEC121
Filesize
1KB

MD5
d4a2168a78653b537863df2fa399178c

SHA1
1fa55e19462234f8149b7177a29a19a1f26da8fa

SHA256
09af15d9f3b037d17084032b0fa102147c3d011f6e9b0215689bf65777f0f025

SHA512
998df314c8b81f811d4ebfcd515fd0d2e136a376e0c01877fbd78f0276e1aca25d9a7d0eca9b456421c81c08c8cb9007c4f705fffd13ba7f8ae4ac79367a7db3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_46A29D8C69049954CEBFA353C74F83EF
Filesize
471B

MD5
e99fcdc3ed7523948d56cbe1c943fcf3

SHA1
4b8a3c27fa51771c288a392441d678321d7a3717

SHA256
60e7c3efee2b4d2fb45d7ddeaee81b3dcd379b3cad9774f51402f09e1dcf9cfc

SHA512
dad381bfac3ae6245150c03d57afdce6c7196d3a969321550b7ec57c9861757a9852815848f6a60d89c6e0797304227357f26361226d5c147739cafdd57295a0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2D
Filesize
1KB

MD5
33f52773cae9a28175753a6ed4c7d214

SHA1
8cc8d0863a484bf54110f007b19c58f9742816bf

SHA256
2132ec0a0d6fd4dfb755224b89d19e9e09e899e3b6c509bae332486c966269d5

SHA512
78cc14837d588be3dcc138e9645eb989e63ba995fc9233e76c0a05a4b86bb966e41cdf11be1d6de717943f2ad73b04897355d17dcd7ef70ae95b9f1fea313f8f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB
Filesize
471B

MD5
ba7c6f09e456984a42ffa54366c6a1a7

SHA1
3180ca4f7516bfa74ea3438faf8e9465b11933c3

SHA256
f0771969219f38e28b81c6908e4be2eac40ce209a34cf678ef8d85a65289334c

SHA512
f7006aaff4ddaee981d0dee7f73b53d274e8b89b1b6105dd5b48107f05f51eb772c58ec5feef0177b6120bd0f9191387002087043539a7e81041d20e9d45551b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_90051C1CA1CFD5F243617D4BD45AADB6
Filesize
472B

MD5
6983392700438f228fa9b5bba4594fc5

SHA1
d27c65105b44a2e1ff7663ba0021a475b5b30cd2

SHA256
557627dbab910f61773f0f818efc6b18bb2b5816175199b997684a799c1c97e0

SHA512
cb423974bbe86fb92dbe8160c0359872b9b40d7af303420e95f4b1bc64a11dfae5df18774c14ac2478ae0c2ae3a3ee8fb9b8cee2b6af31debc0b6b6a14ec701e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\223DE96EE265046957A660ED7C9DD9E7_EFF9B9BA98DEAA773F261FA85A0B1771
Filesize
450B

MD5
f5f5b3d6e912cd13b9da685e8607a0a8

SHA1
856c456ea61609bc6c77a521e69dc04b8398c9f0

SHA256
1d7a9f2b551d99d2d8644f6b31c41071311f39e28b0207046aa673053b75e189

SHA512
ee0a6fc9b91805b0bd140ca0feaa4fd44bcc77050412c2dcf81d4d737abc549ad43ad9667887108ba115bf20a6fb014f5a07c9f10ec63f157ba903bb253201b9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
Filesize
410B

MD5
c6750d689cd626f9310150d9f7e20dc3

SHA1
965244d2fee1eaad29aae98bd6ac68783b75354e

SHA256
5054be12e1c9a6b5a8d51298944c37ca8d90e252df35c176ea230b2988717942

SHA512
d5024b7df53bd6ae53f4f03cf8fac9d6739b8c5c5e93269939b8a19c5ced6875e7892f7907720b6fb8aa5948aeca29e8caf5a2ce82bc69029ee96c56fa88f7e9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_46F574BDF8F8E3AC29733131E4667BA4
Filesize
402B

MD5
d0a618421ea3dd287f1d15a62535ad03

SHA1
c5ab8c7ec3c35236da59c4b330d13f8381c462a0

SHA256
c41ec13403162d13184e716070bd4b1802860c8dca415fb57117e1b8a568c586

SHA512
1b89dd7ab9604a312608293a435b6cb69dfb27cca114a36b86d3e296c996b4dc3016e3ae4681c9ef1f8c5855291fed8170218a6a4602e76d2f8cd5e07cac643d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\35DDEDF268117918D1D277A171D8DF7B_86B32C8BBDCAD3A82509980EACA68C9B
Filesize
412B

MD5
af5b0a45af88077ed3793258bb331f26

SHA1
5d3c3e19324c83ad7f668edca657bd95d1fd3ef9

SHA256
936b15b819fad6023faf2dc45abdfc4ae0ea4cdb846708685d038fce8764c3c8

SHA512
4942519c818314398aaea4241c17f45ecaa27726c5ce33b81cf20562d8b761f9686104afe488ef796b4d1664b372825841f1b5fb03b692fd0ad7d21ee62fa2f6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_E503B048B745DFA14B81FCFC68D6DECE
Filesize
446B

MD5
0d4d97902982f43ecf7c150ded98deff

SHA1
2212856f071cf5a3d776ae87b5d50d35e8881591

SHA256
a592848a6fe7877a80900801d027d87509b158e884dace4fc3ddb94f66f59eba

SHA512
88940c32ee1f88a5e1e4a4d374a8cd12d9d5020fa44f7f011877f63b1300b15f07963ff8c328204504d9656904c96ab94d9c5566c650754a76365d9f91d4c2cf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_E503B048B745DFA14B81FCFC68D6DECE
Filesize
446B

MD5
0d4d97902982f43ecf7c150ded98deff

SHA1
2212856f071cf5a3d776ae87b5d50d35e8881591

SHA256
a592848a6fe7877a80900801d027d87509b158e884dace4fc3ddb94f66f59eba

SHA512
88940c32ee1f88a5e1e4a4d374a8cd12d9d5020fa44f7f011877f63b1300b15f07963ff8c328204504d9656904c96ab94d9c5566c650754a76365d9f91d4c2cf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_528EE72A58F76A72D60C536B16477B9D
Filesize
406B

MD5
48edba7345cd554e999bd1628ba8fb09

SHA1
8432dd25f78fee6f7181740132d25c974ab656f7

SHA256
3f0a607192685069d23cad37ba00aacf1da39f3593ad441464afa1e4cfa354b5

SHA512
d503fdedf516dc748994d6555ed066dae5526a0c69e635e4138d852a809291c6cdf7044026a8e8ee2b5c828f6360035ab2c9e7e5344a6200c767c9ddbd838bd8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_5C379F3600DE745720AF61433A9796B2
Filesize
410B

MD5
d236c1aee8b6c9bb3c5f0a11637af261

SHA1
1677e10ce07cfc3803f16d45f471a8efc652df01

SHA256
34d43caa327960926a3abbd21305db374c9a8ebcf1633ac946e9d8e797fd516a

SHA512
468b30951400d1dda148bea5fef246ea67a9ccc04c69b714c4719ddb8a972467390a06febb359812239f95fb1d391078710c9266e15ac4dfb5b379d7e9b58c58

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
Filesize
392B

MD5
ab191f3ff4115ed51b5cda46080e8fd0

SHA1
eb7c24b93bd53b64f7079e90ddcc73f91ad4eb11

SHA256
d53ce5207579646e5c23f130008008da5803782ee9386977a3a418baaf39014f

SHA512
4c86450f3bf202806938bf000f6b5eba28eb2b8d2eb18d121be5ab70aeb12798e2a4ad90b7c0be60ca3ab123ceca4fdc515417e2f9897fb26588a3539022c854

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DEC714EF0D801827047B2410CC1A3F11_95C799F77592FF4EE56FD1D598DEC121
Filesize
478B

MD5
39b22d38070540c48c029723b7e6f3ec

SHA1
6e9743c04196113af83df646127cd6937ae93f22

SHA256
7236dca21976768179c66129417a6addaa54a9568cad4028d979a80c6c76e72a

SHA512
7a28c6f9604525b7b1e1aa2d549f5891566f3316d6838819900cad5594f4c15326ecf62b1779f9004a5635710980ed10ec27a8fb67066e4de24ead5c0cbdec31

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_46A29D8C69049954CEBFA353C74F83EF
Filesize
406B

MD5
040d8f76929ff8003a739d2cf2536220

SHA1
ab857b082fce48f1c2079ae0ff8571c17c50a49a

SHA256
be49c082a9098175e3d46d76a34a3264188c35ff9448fdb6402a0a1020a755ff

SHA512
401fd0a3c3dde0105b6be5c5250b7e25a679ba1a7e6c8877ccd277e068e3ac72ddcbddee3b8224ad0e8d9df683a4fe0e732297b2adb4a6c1bb3387f59f9f3a46

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EB2C4AB8B68FFA4B7733A9139239A396_D76DB901EE986B889F30D8CC06229E2D
Filesize
458B

MD5
6edbf5f796d6e7690ca6002604a11c19

SHA1
f43f03e1c6a63260c40f037a7ae919827262d90b

SHA256
b433ec382f7dd789097d26589ab427eb2b8f4cccd2cb45466fe0bdf9335c58b5

SHA512
089907df9467919bd9abcd2214a465c945d604aec36139ae15c5908222e7ed56b9c456c25fa8123e534e7369a6c31dc8087d7c53727f607f2ec3076ef00627c8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB
Filesize
426B

MD5
9c87e80bc72249e0a5dffd3c521c28e9

SHA1
850324256c854e52c9b3ba3f9fcd2c6b69c1fde0

SHA256
0dbaa36c9b3bcde52c090d46a3e324d5ca470b28c89d2d3b311892692ed1f659

SHA512
b95c7f0ae3cf2f62491fea6abfcf71dd73328565cf8432fdf02af2a17191b9f6d18a4ce2c99efb6f928a9a7048972abc93e0f84f2d3167e1d3caaa9cd7df28af

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_90051C1CA1CFD5F243617D4BD45AADB6
Filesize
406B

MD5
0b53e7bc111e1cfca140cd4bd7854751

SHA1
f0a99bc0cd50550037e7abfa7dd644d86f0813b2

SHA256
22f2233f58557afd2c72de63ad4b56a4a471cd6db4f90085d1bbbfee0125fbb9

SHA512
106aa6eb5724df31d61fa8e5973ad46537398b7bbe574765c2b7ffa97edc8efeae8f1e9a64f073acf15aeed899c03a49f632685c603d9fb2ecd951fd3e791706

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
e1661723f09a6aed8290c3f836ef2c2b

SHA1
55e08c810da94c08c5ee54ace181d4347f4e2ae5

SHA256
a6527662d502234a1a9847973eb8e39e817aa145c43514229ba720150f74a2f2

SHA512
dcd1e6320510594dd86568608d905ad5aacd4fa2b3369ac4daa1b938f7f0597da64747875a3567e5c05e5de34f77d87f5effdfda8091d01354699711f4bc12ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
e1661723f09a6aed8290c3f836ef2c2b

SHA1
55e08c810da94c08c5ee54ace181d4347f4e2ae5

SHA256
a6527662d502234a1a9847973eb8e39e817aa145c43514229ba720150f74a2f2

SHA512
dcd1e6320510594dd86568608d905ad5aacd4fa2b3369ac4daa1b938f7f0597da64747875a3567e5c05e5de34f77d87f5effdfda8091d01354699711f4bc12ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
e1661723f09a6aed8290c3f836ef2c2b

SHA1
55e08c810da94c08c5ee54ace181d4347f4e2ae5

SHA256
a6527662d502234a1a9847973eb8e39e817aa145c43514229ba720150f74a2f2

SHA512
dcd1e6320510594dd86568608d905ad5aacd4fa2b3369ac4daa1b938f7f0597da64747875a3567e5c05e5de34f77d87f5effdfda8091d01354699711f4bc12ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
e1661723f09a6aed8290c3f836ef2c2b

SHA1
55e08c810da94c08c5ee54ace181d4347f4e2ae5

SHA256
a6527662d502234a1a9847973eb8e39e817aa145c43514229ba720150f74a2f2

SHA512
dcd1e6320510594dd86568608d905ad5aacd4fa2b3369ac4daa1b938f7f0597da64747875a3567e5c05e5de34f77d87f5effdfda8091d01354699711f4bc12ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
e1661723f09a6aed8290c3f836ef2c2b

SHA1
55e08c810da94c08c5ee54ace181d4347f4e2ae5

SHA256
a6527662d502234a1a9847973eb8e39e817aa145c43514229ba720150f74a2f2

SHA512
dcd1e6320510594dd86568608d905ad5aacd4fa2b3369ac4daa1b938f7f0597da64747875a3567e5c05e5de34f77d87f5effdfda8091d01354699711f4bc12ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
e1661723f09a6aed8290c3f836ef2c2b

SHA1
55e08c810da94c08c5ee54ace181d4347f4e2ae5

SHA256
a6527662d502234a1a9847973eb8e39e817aa145c43514229ba720150f74a2f2

SHA512
dcd1e6320510594dd86568608d905ad5aacd4fa2b3369ac4daa1b938f7f0597da64747875a3567e5c05e5de34f77d87f5effdfda8091d01354699711f4bc12ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
e1661723f09a6aed8290c3f836ef2c2b

SHA1
55e08c810da94c08c5ee54ace181d4347f4e2ae5

SHA256
a6527662d502234a1a9847973eb8e39e817aa145c43514229ba720150f74a2f2

SHA512
dcd1e6320510594dd86568608d905ad5aacd4fa2b3369ac4daa1b938f7f0597da64747875a3567e5c05e5de34f77d87f5effdfda8091d01354699711f4bc12ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
e1661723f09a6aed8290c3f836ef2c2b

SHA1
55e08c810da94c08c5ee54ace181d4347f4e2ae5

SHA256
a6527662d502234a1a9847973eb8e39e817aa145c43514229ba720150f74a2f2

SHA512
dcd1e6320510594dd86568608d905ad5aacd4fa2b3369ac4daa1b938f7f0597da64747875a3567e5c05e5de34f77d87f5effdfda8091d01354699711f4bc12ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
7b3f352bbc8046d1d5d84c5bb693e2e5

SHA1
e9d1ec6341b7959453e7cfb1ec65a55bf415cd4c

SHA256
471da5f4a494fb6adb027e3fd80765a6c27a3967208aad8fb55e38a3f7fca7da

SHA512
c984248535cb94fc265e93b9001d5936697dd2ff3ef8dfedd014df64b5f76e031eea1a594db3085e0149794ad90802a45c6cd985035ba383d1bf80ed928ff809

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
7b3f352bbc8046d1d5d84c5bb693e2e5

SHA1
e9d1ec6341b7959453e7cfb1ec65a55bf415cd4c

SHA256
471da5f4a494fb6adb027e3fd80765a6c27a3967208aad8fb55e38a3f7fca7da

SHA512
c984248535cb94fc265e93b9001d5936697dd2ff3ef8dfedd014df64b5f76e031eea1a594db3085e0149794ad90802a45c6cd985035ba383d1bf80ed928ff809

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
7b3f352bbc8046d1d5d84c5bb693e2e5

SHA1
e9d1ec6341b7959453e7cfb1ec65a55bf415cd4c

SHA256
471da5f4a494fb6adb027e3fd80765a6c27a3967208aad8fb55e38a3f7fca7da

SHA512
c984248535cb94fc265e93b9001d5936697dd2ff3ef8dfedd014df64b5f76e031eea1a594db3085e0149794ad90802a45c6cd985035ba383d1bf80ed928ff809

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
7b3f352bbc8046d1d5d84c5bb693e2e5

SHA1
e9d1ec6341b7959453e7cfb1ec65a55bf415cd4c

SHA256
471da5f4a494fb6adb027e3fd80765a6c27a3967208aad8fb55e38a3f7fca7da

SHA512
c984248535cb94fc265e93b9001d5936697dd2ff3ef8dfedd014df64b5f76e031eea1a594db3085e0149794ad90802a45c6cd985035ba383d1bf80ed928ff809

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
2KB

MD5
84cdaf5dcf9a557fccae63619d4826d2

SHA1
b77d7148a0b5038fef97d1e1d3c5738214a4a9a3

SHA256
22c8d7682ea8c5df7a33c8ce6d39911aa96fc1d8b8d27d9f1d3f98480c40b039

SHA512
891cd2eccf313983033a5c19ffd2ccbc011b3e840b4fd4f9d6ec829a9ef81e6b154bd869c7abc79d96d1d8fdab2e3a220238baa86869feec85547225b5c4acf6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
2KB

MD5
e3852fd4ec16cb600ad0f716024eb54c

SHA1
f0ef7c78dae699c1e429e37bb617c6c9bd57fe0b

SHA256
383e6f5026b64f18fb712cafb264d72931e84b23f72e8af28b58617a6d9ee53b

SHA512
5d3f522425bf24dc7902bf18423c8c7db13c77f9abbe4418e6e29f43774df73bed47e476048c40493b913501ccfa0a8f87771c360d23a64fa6f7b89d098d7a8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
2KB

MD5
84cdaf5dcf9a557fccae63619d4826d2

SHA1
b77d7148a0b5038fef97d1e1d3c5738214a4a9a3

SHA256
22c8d7682ea8c5df7a33c8ce6d39911aa96fc1d8b8d27d9f1d3f98480c40b039

SHA512
891cd2eccf313983033a5c19ffd2ccbc011b3e840b4fd4f9d6ec829a9ef81e6b154bd869c7abc79d96d1d8fdab2e3a220238baa86869feec85547225b5c4acf6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Gra-Pro l PB Auto Kill Free.exe
Filesize
1.3MB

MD5
a3326d58aa359a86decda892e21e6e71

SHA1
04a889e8d0780adb77a2423e97ead118d4bdef51

SHA256
ae737412a9a2e382ba979581a3d804a27e180591072633cdaaf356f5cd724666

SHA512
e578683031128bf20b639dc9b72d94059006b0103a96f2c1df62967a2bdd0dd7388a81c90d891f034ff8fa895db98b1aae7d84b21b5eeb4411e9caf7b97e509e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Gra-Pro l PB Auto Kill Free.exe
Filesize
1.3MB

MD5
a3326d58aa359a86decda892e21e6e71

SHA1
04a889e8d0780adb77a2423e97ead118d4bdef51

SHA256
ae737412a9a2e382ba979581a3d804a27e180591072633cdaaf356f5cd724666

SHA512
e578683031128bf20b639dc9b72d94059006b0103a96f2c1df62967a2bdd0dd7388a81c90d891f034ff8fa895db98b1aae7d84b21b5eeb4411e9caf7b97e509e

Download Submit
C:\Users\Admin\AppData\Local\Temp\PRO77.exe
Filesize
50KB

MD5
0036e63e66c0705ce37ebd02018ed9d4

SHA1
5ea5f38f688a38a841397470851debb35b23e87c

SHA256
10d7bba8a31b13550e52ae02aec7df982da228eb0e3e1b39846d50958b84ad6f

SHA512
296363b3196d18e0202fe19f0752ecde882aa39f897a78bb7fe40da18d3d6534e5c105a7763365538f41a8a512138a529e2ff54b5a4353c21037d3ecfd2ee03f

Download Submit
C:\Users\Admin\AppData\Local\Temp\PRO77.exe
Filesize
50KB

MD5
0036e63e66c0705ce37ebd02018ed9d4

SHA1
5ea5f38f688a38a841397470851debb35b23e87c

SHA256
10d7bba8a31b13550e52ae02aec7df982da228eb0e3e1b39846d50958b84ad6f

SHA512
296363b3196d18e0202fe19f0752ecde882aa39f897a78bb7fe40da18d3d6534e5c105a7763365538f41a8a512138a529e2ff54b5a4353c21037d3ecfd2ee03f

Download Submit
C:\Users\Admin\AppData\Local\Temp\chrom.exe
Filesize
36KB

MD5
787951fba9d217fb79320703377e0bbb

SHA1
543def981079d44df0bc4c121c27d63c78bed4d8

SHA256
aa2ed050a67457a7d4ff3e6855ccfc1276e66ae8b3265a31eb8cb11d03b8e699

SHA512
0d798073f1c15208424751d423532a7a28603031464c739fb33baaf77d233694b3519c8ebbe82ea16cf5c64c54e1095322674bf464cc6b51f264d58c8eec3a47

Download Submit
C:\Users\Admin\AppData\Local\Temp\chrom.exe
Filesize
36KB

MD5
787951fba9d217fb79320703377e0bbb

SHA1
543def981079d44df0bc4c121c27d63c78bed4d8

SHA256
aa2ed050a67457a7d4ff3e6855ccfc1276e66ae8b3265a31eb8cb11d03b8e699

SHA512
0d798073f1c15208424751d423532a7a28603031464c739fb33baaf77d233694b3519c8ebbe82ea16cf5c64c54e1095322674bf464cc6b51f264d58c8eec3a47

Download Submit
\??\pipe\LOCAL\crashpad_1020_PCJHHKFMJLPIAFPY
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\??\pipe\LOCAL\crashpad_3264_UUVECHWULAHWTSKM
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\??\pipe\LOCAL\crashpad_3284_BKYYHZFFVWTRTWJR
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1020-166-0x0000000000000000-mapping.dmp

Download
memory/1112-159-0x0000000000000000-mapping.dmp

Download
memory/1424-183-0x0000000000000000-mapping.dmp

Download
memory/1696-210-0x0000000000000000-mapping.dmp

Download
memory/1696-241-0x0000000000000000-mapping.dmp

Download
memory/1968-248-0x0000000000000000-mapping.dmp

Download
memory/2036-250-0x0000000000000000-mapping.dmp

Download
memory/2228-245-0x0000000000000000-mapping.dmp

Download
memory/2284-283-0x0000000000000000-mapping.dmp

Download
memory/2324-301-0x0000000000000000-mapping.dmp

Download
memory/2352-190-0x0000000000000000-mapping.dmp

Download
memory/2636-185-0x0000000000000000-mapping.dmp

Download
memory/2744-246-0x000000000DF67000-0x000000000DF6A000-memory.dmp

Filesize
12KB

Download
memory/2744-208-0x000000000DF67000-0x000000000DF6A000-memory.dmp

Filesize
12KB

Download
memory/2744-174-0x000000000DF60000-0x000000000DF64000-memory.dmp

Filesize
16KB

Download
memory/2744-193-0x000000000DF64000-0x000000000DF67000-memory.dmp

Filesize
12KB

Download
memory/2744-163-0x000000000B7B0000-0x000000000BF56000-memory.dmp

Filesize
7.6MB

Download
memory/2744-207-0x000000000DF60000-0x000000000DF64000-memory.dmp

Filesize
16KB

Download
memory/2744-257-0x000000000DF6A000-0x000000000DF6F000-memory.dmp

Filesize
20KB

Download
memory/2744-147-0x00000000053E0000-0x0000000005472000-memory.dmp

Filesize
584KB

Download
memory/2744-188-0x00000000052CA000-0x00000000052CF000-memory.dmp

Filesize
20KB

Download
memory/2744-142-0x0000000000880000-0x000000000088E000-memory.dmp

Filesize
56KB

Download
memory/2744-169-0x00000000052CA000-0x00000000052CF000-memory.dmp

Filesize
20KB

Download
memory/2744-302-0x000000000DF6A000-0x000000000DF6F000-memory.dmp

Filesize
20KB

Download
memory/2744-223-0x000000000DF64000-0x000000000DF67000-memory.dmp

Filesize
12KB

Download
memory/2744-132-0x0000000000000000-mapping.dmp

Download
memory/2744-220-0x000000000DF6A000-0x000000000DF6F000-memory.dmp

Filesize
20KB

Download
memory/2776-229-0x0000000000000000-mapping.dmp

Download
memory/2976-219-0x0000000000000000-mapping.dmp

Download
memory/3060-167-0x0000000000000000-mapping.dmp

Download
memory/3148-285-0x0000000000000000-mapping.dmp

Download
memory/3264-151-0x0000000000000000-mapping.dmp

Download
memory/3284-150-0x0000000000000000-mapping.dmp

Download
memory/3464-222-0x0000000000000000-mapping.dmp

Download
memory/3580-186-0x0000000000000000-mapping.dmp

Download
memory/3600-243-0x0000000000000000-mapping.dmp

Download
memory/3684-307-0x0000000000000000-mapping.dmp

Download
memory/3796-206-0x0000000000000000-mapping.dmp

Download
memory/3884-158-0x0000000000000000-mapping.dmp

Download
memory/3920-204-0x0000000000000000-mapping.dmp

Download
memory/3984-149-0x0000000005AF0000-0x0000000005B46000-memory.dmp

Filesize
344KB

Download
memory/3984-148-0x00000000057D0000-0x00000000057DA000-memory.dmp

Filesize
40KB

Download
memory/3984-134-0x0000000000000000-mapping.dmp

Download
memory/3984-143-0x0000000000E00000-0x0000000000E12000-memory.dmp

Filesize
72KB

Download
memory/3984-146-0x0000000005F00000-0x00000000064A4000-memory.dmp

Filesize
5.6MB

Download
memory/4036-213-0x0000000000000000-mapping.dmp

Download
memory/4104-225-0x0000000000000000-mapping.dmp

Download
memory/4124-184-0x0000000000000000-mapping.dmp

Download
memory/4364-281-0x0000000000000000-mapping.dmp

Download
memory/4412-231-0x0000000000000000-mapping.dmp

Download
memory/4532-138-0x0000000000000000-mapping.dmp

Download
memory/4532-144-0x0000000000290000-0x00000000003EE000-memory.dmp

Filesize
1.4MB

Download
memory/4532-145-0x00000000058E0000-0x000000000597C000-memory.dmp

Filesize
624KB

Download
memory/4684-189-0x0000000000000000-mapping.dmp

Download
memory/4900-195-0x0000000000000000-mapping.dmp

Download
memory/5144-252-0x0000000000000000-mapping.dmp

Download
memory/5148-303-0x0000000000000000-mapping.dmp

Download
memory/5164-254-0x0000000000000000-mapping.dmp

Download
memory/5180-256-0x0000000000000000-mapping.dmp

Download
memory/5228-289-0x0000000000000000-mapping.dmp

Download
memory/5236-304-0x0000000000000000-mapping.dmp

Download
memory/5344-259-0x0000000000000000-mapping.dmp

Download
memory/5360-261-0x0000000000000000-mapping.dmp

Download
memory/5428-263-0x0000000000000000-mapping.dmp

Download
memory/5444-287-0x0000000000000000-mapping.dmp

Download
memory/5484-297-0x0000000000000000-mapping.dmp

Download
memory/5488-305-0x0000000000000000-mapping.dmp

Download
memory/5512-265-0x0000000000000000-mapping.dmp

Download
memory/5600-267-0x0000000000000000-mapping.dmp

Download
memory/5620-295-0x0000000000000000-mapping.dmp

Download
memory/5668-269-0x0000000000000000-mapping.dmp

Download
memory/5720-291-0x0000000000000000-mapping.dmp

Download
memory/5812-271-0x0000000000000000-mapping.dmp

Download
memory/5844-273-0x0000000000000000-mapping.dmp

Download
memory/5900-293-0x0000000000000000-mapping.dmp

Download
memory/5940-299-0x0000000000000000-mapping.dmp

Download
memory/5984-275-0x0000000000000000-mapping.dmp

Download
memory/6064-277-0x0000000000000000-mapping.dmp

Download
memory/6080-279-0x0000000000000000-mapping.dmp

Download