Resubmissions
07-04-2023 15:07
230407-shqw4sbd5s 607-04-2023 15:06
230407-sgqjysbd4y 607-04-2023 13:33
230407-qttq2abb51 607-04-2023 11:19
230407-ne3dhsgh88 6Analysis
-
max time kernel
469s -
max time network
472s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
07-04-2023 11:19
Static task
static1
Behavioral task
behavioral1
Sample
ziprar.exe
Resource
win10v2004-20230220-en
General
-
Target
ziprar.exe
-
Size
6.7MB
-
MD5
5c8a4c8fd3cc94f957a2ed070a606431
-
SHA1
c25c4e6178f9434f6ee74790b31a7c09bd812271
-
SHA256
94dd39bc894ee60fc3c7ae21f53da2e29ed2d7b60515fd17b49ff57b0679a591
-
SHA512
9ba24100c48fc8831d1acc84a3fa14b2dea8ae6b509d5fba537ced5ef91f2379e6c87c43fc027e11eda4c0ff4788d5936dccd625eb042569af4f6b33c4ac2daf
-
SSDEEP
98304:9K5UEXPwQmPCOiMEto9cHP9dkuHz9M6l8:w5UEXmIWaP9d98
Malware Config
Signatures
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Writes to the Master Boot Record (MBR) 1 TTPs 3 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
Processes:
ziprar.exeziprar.exeziprar.exedescription ioc process File opened for modification \??\PhysicalDrive0 ziprar.exe File opened for modification \??\PhysicalDrive0 ziprar.exe File opened for modification \??\PhysicalDrive0 ziprar.exe -
Drops file in Program Files directory 2 IoCs
Processes:
setup.exedescription ioc process File created C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\4ff53a03-96f3-4978-a1bb-6adbe1426896.tmp setup.exe File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230407112035.pma setup.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 3460 1460 WerFault.exe ziprar.exe -
Checks processor information in registry 2 TTPs 6 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
EXCEL.EXEEXCEL.EXEdescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString EXCEL.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz EXCEL.EXE -
Enumerates system info in registry 2 TTPs 27 IoCs
Processes:
msedge.exeEXCEL.EXEmsedge.exemsedge.exemsedge.exemsedge.exemsedge.exeEXCEL.EXEmsedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU EXCEL.EXE Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily EXCEL.EXE Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies registry class 56 IoCs
Processes:
msedge.exemsedge.exemsedge.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 msedge.exe Set value (data) \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe100000007673eeb56645d901932e0b767145d9012de818a44369d90114000000 msedge.exe Set value (int) \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\NodeSlot = "5" msedge.exe Set value (int) \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode = "1" msedge.exe Set value (int) \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0" msedge.exe Key created \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings msedge.exe Set value (data) \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff msedge.exe Key created \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 msedge.exe Key created \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 msedge.exe Key created \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU msedge.exe Set value (data) \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 msedge.exe Set value (int) \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48" msedge.exe Key created \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ msedge.exe Key created \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0 msedge.exe Set value (data) \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202 msedge.exe Key created \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656} msedge.exe Key created \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg msedge.exe Set value (int) \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3" msedge.exe Set value (data) \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff msedge.exe Set value (data) \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = ffffffff msedge.exe Set value (data) \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 msedge.exe Set value (int) \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0" msedge.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ msedge.exe Set value (int) \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0" msedge.exe Key created \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 msedge.exe Set value (data) \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202 msedge.exe Key created \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell msedge.exe Key created \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3} msedge.exe Key created \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell msedge.exe Set value (int) \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4" msedge.exe Key created \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5 msedge.exe Set value (int) \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0" msedge.exe Set value (int) \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616193" msedge.exe Set value (int) \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616193" msedge.exe Key created \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg msedge.exe Set value (int) \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16" msedge.exe Set value (int) \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1" msedge.exe Set value (data) \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 00000000ffffffff msedge.exe Set value (str) \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" msedge.exe Key created \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags msedge.exe Set value (data) \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\MRUListEx = ffffffff msedge.exe Set value (int) \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\NodeSlot = "6" msedge.exe Set value (data) \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 msedge.exe Key created \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings msedge.exe Set value (data) \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202 msedge.exe Set value (int) \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1" msedge.exe Set value (int) \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1" msedge.exe Set value (data) \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 msedge.exe Set value (data) \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 = 200000001a00eebbfe2300001000d3e22ef49f90074988714c22fc0bf75600000000 msedge.exe Set value (int) \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1" msedge.exe Key created \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6 msedge.exe Set value (str) \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\SniffedFolderType = "Documents" msedge.exe Set value (int) \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1" msedge.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ msedge.exe Key created \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 msedge.exe Set value (str) \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" msedge.exe -
Opens file in notepad (likely ransom note) 1 IoCs
Processes:
NOTEPAD.EXEpid process 2088 NOTEPAD.EXE -
Suspicious behavior: AddClipboardFormatListener 2 IoCs
Processes:
EXCEL.EXEEXCEL.EXEpid process 2008 EXCEL.EXE 4524 EXCEL.EXE -
Suspicious behavior: EnumeratesProcesses 59 IoCs
Processes:
ziprar.exemsedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exeidentity_helper.exeziprar.exemsedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exemsedge.exeidentity_helper.exepid process 1460 ziprar.exe 3324 msedge.exe 3324 msedge.exe 1460 ziprar.exe 1460 ziprar.exe 5072 msedge.exe 5072 msedge.exe 3024 identity_helper.exe 3024 identity_helper.exe 3404 msedge.exe 3404 msedge.exe 3176 msedge.exe 3176 msedge.exe 4488 identity_helper.exe 4488 identity_helper.exe 5104 msedge.exe 5104 msedge.exe 1364 msedge.exe 1364 msedge.exe 1364 msedge.exe 2116 identity_helper.exe 2116 identity_helper.exe 2676 ziprar.exe 1100 msedge.exe 1100 msedge.exe 4820 msedge.exe 4820 msedge.exe 1380 identity_helper.exe 1380 identity_helper.exe 2676 ziprar.exe 2676 ziprar.exe 4900 msedge.exe 4900 msedge.exe 4900 msedge.exe 1676 msedge.exe 1676 msedge.exe 4576 identity_helper.exe 4576 identity_helper.exe 2676 ziprar.exe 2676 ziprar.exe 2676 ziprar.exe 2676 ziprar.exe 2676 ziprar.exe 3876 msedge.exe 3876 msedge.exe 400 msedge.exe 400 msedge.exe 4312 identity_helper.exe 4312 identity_helper.exe 2972 msedge.exe 2972 msedge.exe 4852 msedge.exe 4852 msedge.exe 5008 msedge.exe 5008 msedge.exe 1040 msedge.exe 1040 msedge.exe 376 identity_helper.exe 376 identity_helper.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
7zFM.exepid process 3988 7zFM.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs
Processes:
msedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exepid process 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 3176 msedge.exe 3176 msedge.exe 3176 msedge.exe 3176 msedge.exe 3176 msedge.exe 3176 msedge.exe 3176 msedge.exe 3176 msedge.exe 3176 msedge.exe 3176 msedge.exe 1364 msedge.exe 1364 msedge.exe 1364 msedge.exe 1364 msedge.exe 1364 msedge.exe 1364 msedge.exe 1364 msedge.exe 1364 msedge.exe 1364 msedge.exe 4820 msedge.exe 4820 msedge.exe 4820 msedge.exe 4820 msedge.exe 4820 msedge.exe 4820 msedge.exe 4820 msedge.exe 4820 msedge.exe 4820 msedge.exe 4820 msedge.exe 4820 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 1676 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe -
Suspicious use of AdjustPrivilegeToken 6 IoCs
Processes:
ziprar.exeziprar.exe7zFM.exeziprar.exedescription pid process Token: SeDebugPrivilege 1460 ziprar.exe Token: SeDebugPrivilege 2676 ziprar.exe Token: SeRestorePrivilege 3988 7zFM.exe Token: 35 3988 7zFM.exe Token: SeSecurityPrivilege 3988 7zFM.exe Token: SeDebugPrivilege 4952 ziprar.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
Processes:
msedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exe7zFM.exemsedge.exepid process 5072 msedge.exe 5072 msedge.exe 5072 msedge.exe 3176 msedge.exe 3176 msedge.exe 1364 msedge.exe 1364 msedge.exe 4820 msedge.exe 4820 msedge.exe 1676 msedge.exe 1676 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 3988 7zFM.exe 3988 7zFM.exe 400 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe -
Suspicious use of SendNotifyMessage 48 IoCs
Processes:
msedge.exemsedge.exepid process 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe 1040 msedge.exe -
Suspicious use of SetWindowsHookEx 55 IoCs
Processes:
ziprar.exeziprar.exemsedge.exeEXCEL.EXEEXCEL.EXEpid process 1460 ziprar.exe 1460 ziprar.exe 1460 ziprar.exe 2676 ziprar.exe 2676 ziprar.exe 2676 ziprar.exe 2676 ziprar.exe 2676 ziprar.exe 2676 ziprar.exe 2676 ziprar.exe 2676 ziprar.exe 2676 ziprar.exe 2676 ziprar.exe 2676 ziprar.exe 2676 ziprar.exe 2676 ziprar.exe 2676 ziprar.exe 2676 ziprar.exe 2676 ziprar.exe 2676 ziprar.exe 2676 ziprar.exe 2676 ziprar.exe 2676 ziprar.exe 2676 ziprar.exe 2676 ziprar.exe 2676 ziprar.exe 2676 ziprar.exe 2676 ziprar.exe 2676 ziprar.exe 2676 ziprar.exe 2676 ziprar.exe 2676 ziprar.exe 2676 ziprar.exe 2676 ziprar.exe 2676 ziprar.exe 2676 ziprar.exe 2972 msedge.exe 2008 EXCEL.EXE 2008 EXCEL.EXE 2008 EXCEL.EXE 2008 EXCEL.EXE 2008 EXCEL.EXE 2008 EXCEL.EXE 2008 EXCEL.EXE 2008 EXCEL.EXE 2008 EXCEL.EXE 4524 EXCEL.EXE 4524 EXCEL.EXE 4524 EXCEL.EXE 4524 EXCEL.EXE 4524 EXCEL.EXE 4524 EXCEL.EXE 4524 EXCEL.EXE 4524 EXCEL.EXE 4524 EXCEL.EXE -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
ziprar.exemsedge.exedescription pid process target process PID 1460 wrote to memory of 5072 1460 ziprar.exe msedge.exe PID 1460 wrote to memory of 5072 1460 ziprar.exe msedge.exe PID 5072 wrote to memory of 1776 5072 msedge.exe msedge.exe PID 5072 wrote to memory of 1776 5072 msedge.exe msedge.exe PID 5072 wrote to memory of 376 5072 msedge.exe msedge.exe PID 5072 wrote to memory of 376 5072 msedge.exe msedge.exe PID 5072 wrote to memory of 376 5072 msedge.exe msedge.exe PID 5072 wrote to memory of 376 5072 msedge.exe msedge.exe PID 5072 wrote to memory of 376 5072 msedge.exe msedge.exe PID 5072 wrote to memory of 376 5072 msedge.exe msedge.exe PID 5072 wrote to memory of 376 5072 msedge.exe msedge.exe PID 5072 wrote to memory of 376 5072 msedge.exe msedge.exe PID 5072 wrote to memory of 376 5072 msedge.exe msedge.exe PID 5072 wrote to memory of 376 5072 msedge.exe msedge.exe PID 5072 wrote to memory of 376 5072 msedge.exe msedge.exe PID 5072 wrote to memory of 376 5072 msedge.exe msedge.exe PID 5072 wrote to memory of 376 5072 msedge.exe msedge.exe PID 5072 wrote to memory of 376 5072 msedge.exe msedge.exe PID 5072 wrote to memory of 376 5072 msedge.exe msedge.exe PID 5072 wrote to memory of 376 5072 msedge.exe msedge.exe PID 5072 wrote to memory of 376 5072 msedge.exe msedge.exe PID 5072 wrote to memory of 376 5072 msedge.exe msedge.exe PID 5072 wrote to memory of 376 5072 msedge.exe msedge.exe PID 5072 wrote to memory of 376 5072 msedge.exe msedge.exe PID 5072 wrote to memory of 376 5072 msedge.exe msedge.exe PID 5072 wrote to memory of 376 5072 msedge.exe msedge.exe PID 5072 wrote to memory of 376 5072 msedge.exe msedge.exe PID 5072 wrote to memory of 376 5072 msedge.exe msedge.exe PID 5072 wrote to memory of 376 5072 msedge.exe msedge.exe PID 5072 wrote to memory of 376 5072 msedge.exe msedge.exe PID 5072 wrote to memory of 376 5072 msedge.exe msedge.exe PID 5072 wrote to memory of 376 5072 msedge.exe msedge.exe PID 5072 wrote to memory of 376 5072 msedge.exe msedge.exe PID 5072 wrote to memory of 376 5072 msedge.exe msedge.exe PID 5072 wrote to memory of 376 5072 msedge.exe msedge.exe PID 5072 wrote to memory of 376 5072 msedge.exe msedge.exe PID 5072 wrote to memory of 376 5072 msedge.exe msedge.exe PID 5072 wrote to memory of 376 5072 msedge.exe msedge.exe PID 5072 wrote to memory of 376 5072 msedge.exe msedge.exe PID 5072 wrote to memory of 376 5072 msedge.exe msedge.exe PID 5072 wrote to memory of 376 5072 msedge.exe msedge.exe PID 5072 wrote to memory of 376 5072 msedge.exe msedge.exe PID 5072 wrote to memory of 376 5072 msedge.exe msedge.exe PID 5072 wrote to memory of 376 5072 msedge.exe msedge.exe PID 5072 wrote to memory of 3324 5072 msedge.exe msedge.exe PID 5072 wrote to memory of 3324 5072 msedge.exe msedge.exe PID 5072 wrote to memory of 1124 5072 msedge.exe msedge.exe PID 5072 wrote to memory of 1124 5072 msedge.exe msedge.exe PID 5072 wrote to memory of 1124 5072 msedge.exe msedge.exe PID 5072 wrote to memory of 1124 5072 msedge.exe msedge.exe PID 5072 wrote to memory of 1124 5072 msedge.exe msedge.exe PID 5072 wrote to memory of 1124 5072 msedge.exe msedge.exe PID 5072 wrote to memory of 1124 5072 msedge.exe msedge.exe PID 5072 wrote to memory of 1124 5072 msedge.exe msedge.exe PID 5072 wrote to memory of 1124 5072 msedge.exe msedge.exe PID 5072 wrote to memory of 1124 5072 msedge.exe msedge.exe PID 5072 wrote to memory of 1124 5072 msedge.exe msedge.exe PID 5072 wrote to memory of 1124 5072 msedge.exe msedge.exe PID 5072 wrote to memory of 1124 5072 msedge.exe msedge.exe PID 5072 wrote to memory of 1124 5072 msedge.exe msedge.exe PID 5072 wrote to memory of 1124 5072 msedge.exe msedge.exe PID 5072 wrote to memory of 1124 5072 msedge.exe msedge.exe PID 5072 wrote to memory of 1124 5072 msedge.exe msedge.exe PID 5072 wrote to memory of 1124 5072 msedge.exe msedge.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\ziprar.exe"C:\Users\Admin\AppData\Local\Temp\ziprar.exe"1⤵
- Writes to the Master Boot Record (MBR)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1460 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument microsoft-edge:2⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:5072 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffd8aa846f8,0x7ffd8aa84708,0x7ffd8aa847183⤵PID:1776
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,15688785212463830411,8272362431651923427,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
PID:3324 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,15688785212463830411,8272362431651923427,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:23⤵PID:376
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,15688785212463830411,8272362431651923427,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:83⤵PID:1124
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15688785212463830411,8272362431651923427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3656 /prefetch:13⤵PID:4164
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15688785212463830411,8272362431651923427,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3668 /prefetch:13⤵PID:4436
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15688785212463830411,8272362431651923427,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:13⤵PID:4264
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15688785212463830411,8272362431651923427,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:13⤵PID:1832
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,15688785212463830411,8272362431651923427,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5476 /prefetch:83⤵PID:1420
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings3⤵
- Drops file in Program Files directory
PID:3672 -
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff793175460,0x7ff793175470,0x7ff7931754804⤵PID:2512
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,15688785212463830411,8272362431651923427,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5476 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
PID:3024 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15688785212463830411,8272362431651923427,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:13⤵PID:4456
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15688785212463830411,8272362431651923427,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:13⤵PID:2568
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15688785212463830411,8272362431651923427,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4232 /prefetch:13⤵PID:1588
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,15688785212463830411,8272362431651923427,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:13⤵PID:220
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1460 -s 32882⤵
- Program crash
PID:3460
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:936
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 1460 -ip 14601⤵PID:488
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
PID:3176 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd8aa846f8,0x7ffd8aa84708,0x7ffd8aa847182⤵PID:4232
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,10231027887665545234,11389271168795489559,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:22⤵PID:2040
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,10231027887665545234,11389271168795489559,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3404 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,10231027887665545234,11389271168795489559,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:82⤵PID:4340
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10231027887665545234,11389271168795489559,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3596 /prefetch:12⤵PID:4668
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10231027887665545234,11389271168795489559,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3608 /prefetch:12⤵PID:3828
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10231027887665545234,11389271168795489559,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2960 /prefetch:12⤵PID:2604
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10231027887665545234,11389271168795489559,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2692 /prefetch:12⤵PID:3664
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,10231027887665545234,11389271168795489559,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4964 /prefetch:82⤵PID:1440
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,10231027887665545234,11389271168795489559,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4964 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4488 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10231027887665545234,11389271168795489559,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:12⤵PID:2136
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10231027887665545234,11389271168795489559,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:12⤵PID:3364
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10231027887665545234,11389271168795489559,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2660 /prefetch:12⤵PID:4972
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10231027887665545234,11389271168795489559,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4180 /prefetch:12⤵PID:3872
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10231027887665545234,11389271168795489559,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3008 /prefetch:12⤵PID:1824
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,10231027887665545234,11389271168795489559,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:12⤵PID:452
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1084
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
PID:1364 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd8aa846f8,0x7ffd8aa84708,0x7ffd8aa847182⤵PID:4684
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,4576370856912719504,2180981307706732485,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:5104 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,4576370856912719504,2180981307706732485,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:22⤵PID:5040
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2188,4576370856912719504,2180981307706732485,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2956 /prefetch:82⤵PID:3412
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,4576370856912719504,2180981307706732485,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3520 /prefetch:12⤵PID:1436
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,4576370856912719504,2180981307706732485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3500 /prefetch:12⤵PID:1572
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,4576370856912719504,2180981307706732485,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:12⤵PID:464
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,4576370856912719504,2180981307706732485,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:12⤵PID:3364
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,4576370856912719504,2180981307706732485,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4900 /prefetch:82⤵PID:220
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,4576370856912719504,2180981307706732485,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4900 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2116 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,4576370856912719504,2180981307706732485,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3588 /prefetch:12⤵PID:488
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,4576370856912719504,2180981307706732485,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3560 /prefetch:12⤵PID:3724
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,4576370856912719504,2180981307706732485,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:12⤵PID:4476
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,4576370856912719504,2180981307706732485,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:12⤵PID:4640
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,4576370856912719504,2180981307706732485,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:12⤵PID:2720
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4636
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:3688
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\msedge_installer.log1⤵
- Opens file in notepad (likely ransom note)
PID:2088
-
C:\Users\Admin\Desktop\ziprar.exe"C:\Users\Admin\Desktop\ziprar.exe"1⤵
- Writes to the Master Boot Record (MBR)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2676 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument microsoft-edge:2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
PID:4820 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd8aa846f8,0x7ffd8aa84708,0x7ffd8aa847183⤵PID:4544
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1980,9251883753831201949,13661696005781963831,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1992 /prefetch:23⤵PID:4804
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1980,9251883753831201949,13661696005781963831,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2548 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
PID:1100 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1980,9251883753831201949,13661696005781963831,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:83⤵PID:4396
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,9251883753831201949,13661696005781963831,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3524 /prefetch:13⤵PID:1332
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,9251883753831201949,13661696005781963831,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:13⤵PID:744
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,9251883753831201949,13661696005781963831,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:13⤵PID:1216
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,9251883753831201949,13661696005781963831,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4840 /prefetch:13⤵PID:4440
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,9251883753831201949,13661696005781963831,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:13⤵PID:2304
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1980,9251883753831201949,13661696005781963831,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3688 /prefetch:83⤵PID:2252
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1980,9251883753831201949,13661696005781963831,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3688 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
PID:1380 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,9251883753831201949,13661696005781963831,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:13⤵PID:1432
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,9251883753831201949,13661696005781963831,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:13⤵PID:4936
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,9251883753831201949,13661696005781963831,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:13⤵PID:688
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,9251883753831201949,13661696005781963831,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4228 /prefetch:13⤵PID:3452
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,9251883753831201949,13661696005781963831,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3796 /prefetch:13⤵PID:4004
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,9251883753831201949,13661696005781963831,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:13⤵PID:1632
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument microsoft-edge:http://dsc.searcharchiver.com?e68b71b04514154ab154c6f8a0847a9f=H1xAXFNHX1pbVlQNEQQwBw9cQ1pQRldZU1ZDXFlCW1peUVQJDB0LU1pWSi4nNikoW1FCX1FCK1w6LEJcUUVcK11SRF9WTFdXL1QwSgIcDgAFBB4zCBBSXg%253D%253D2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
PID:1676 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd8aa846f8,0x7ffd8aa84708,0x7ffd8aa847183⤵PID:2456
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,12373054440351757037,9308487258716248477,131072 --disable-features=msEdgeEnableNurturingFramework --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
PID:4900 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2180,12373054440351757037,9308487258716248477,131072 --disable-features=msEdgeEnableNurturingFramework --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3000 /prefetch:83⤵PID:3408
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,12373054440351757037,9308487258716248477,131072 --disable-features=msEdgeEnableNurturingFramework --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:23⤵PID:936
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,12373054440351757037,9308487258716248477,131072 --disable-features=msEdgeEnableNurturingFramework --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3592 /prefetch:13⤵PID:1144
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,12373054440351757037,9308487258716248477,131072 --disable-features=msEdgeEnableNurturingFramework --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:13⤵PID:944
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2180,12373054440351757037,9308487258716248477,131072 --disable-features=msEdgeEnableNurturingFramework --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5004 /prefetch:83⤵PID:2624
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,12373054440351757037,9308487258716248477,131072 --disable-features=msEdgeEnableNurturingFramework --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 /prefetch:83⤵PID:3360
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,12373054440351757037,9308487258716248477,131072 --disable-features=msEdgeEnableNurturingFramework --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
PID:4576 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,12373054440351757037,9308487258716248477,131072 --disable-features=msEdgeEnableNurturingFramework --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:13⤵PID:4468
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,12373054440351757037,9308487258716248477,131072 --disable-features=msEdgeEnableNurturingFramework --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:13⤵PID:4376
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,12373054440351757037,9308487258716248477,131072 --disable-features=msEdgeEnableNurturingFramework --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:13⤵PID:4664
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,12373054440351757037,9308487258716248477,131072 --disable-features=msEdgeEnableNurturingFramework --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:13⤵PID:184
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,12373054440351757037,9308487258716248477,131072 --disable-features=msEdgeEnableNurturingFramework --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:13⤵PID:2692
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,12373054440351757037,9308487258716248477,131072 --disable-features=msEdgeEnableNurturingFramework --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:13⤵PID:3992
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,12373054440351757037,9308487258716248477,131072 --disable-features=msEdgeEnableNurturingFramework --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:13⤵PID:824
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,12373054440351757037,9308487258716248477,131072 --disable-features=msEdgeEnableNurturingFramework --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:13⤵PID:4332
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,12373054440351757037,9308487258716248477,131072 --disable-features=msEdgeEnableNurturingFramework --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:13⤵PID:1832
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,12373054440351757037,9308487258716248477,131072 --disable-features=msEdgeEnableNurturingFramework --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:13⤵PID:4248
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,12373054440351757037,9308487258716248477,131072 --disable-features=msEdgeEnableNurturingFramework --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3880 /prefetch:13⤵PID:3716
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument microsoft-edge:https://ziprararchiver.com/thankyou?tyid=178BFBFF000306D2QM00013E63637889D5B2⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:400 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd8ab046f8,0x7ffd8ab04708,0x7ffd8ab047183⤵PID:1232
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,17981528244608770890,10419164955741722654,131072 --disable-features=msEdgeEnableNurturingFramework --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
PID:3876 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,17981528244608770890,10419164955741722654,131072 --disable-features=msEdgeEnableNurturingFramework --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:23⤵PID:4280
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,17981528244608770890,10419164955741722654,131072 --disable-features=msEdgeEnableNurturingFramework --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:83⤵PID:2088
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17981528244608770890,10419164955741722654,131072 --disable-features=msEdgeEnableNurturingFramework --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3552 /prefetch:13⤵PID:1968
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17981528244608770890,10419164955741722654,131072 --disable-features=msEdgeEnableNurturingFramework --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3528 /prefetch:13⤵PID:1916
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17981528244608770890,10419164955741722654,131072 --disable-features=msEdgeEnableNurturingFramework --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:13⤵PID:4400
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17981528244608770890,10419164955741722654,131072 --disable-features=msEdgeEnableNurturingFramework --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3908 /prefetch:13⤵PID:3604
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,17981528244608770890,10419164955741722654,131072 --disable-features=msEdgeEnableNurturingFramework --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5728 /prefetch:83⤵PID:3176
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,17981528244608770890,10419164955741722654,131072 --disable-features=msEdgeEnableNurturingFramework --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5728 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
PID:4312 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17981528244608770890,10419164955741722654,131072 --disable-features=msEdgeEnableNurturingFramework --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:13⤵PID:2880
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17981528244608770890,10419164955741722654,131072 --disable-features=msEdgeEnableNurturingFramework --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:13⤵PID:4840
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17981528244608770890,10419164955741722654,131072 --disable-features=msEdgeEnableNurturingFramework --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:13⤵PID:820
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17981528244608770890,10419164955741722654,131072 --disable-features=msEdgeEnableNurturingFramework --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:13⤵PID:4392
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17981528244608770890,10419164955741722654,131072 --disable-features=msEdgeEnableNurturingFramework --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4348 /prefetch:13⤵PID:316
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17981528244608770890,10419164955741722654,131072 --disable-features=msEdgeEnableNurturingFramework --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:13⤵PID:2788
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17981528244608770890,10419164955741722654,131072 --disable-features=msEdgeEnableNurturingFramework --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6248 /prefetch:13⤵PID:1576
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17981528244608770890,10419164955741722654,131072 --disable-features=msEdgeEnableNurturingFramework --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6172 /prefetch:13⤵PID:4772
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17981528244608770890,10419164955741722654,131072 --disable-features=msEdgeEnableNurturingFramework --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3668 /prefetch:13⤵PID:5076
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17981528244608770890,10419164955741722654,131072 --disable-features=msEdgeEnableNurturingFramework --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:13⤵PID:1840
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2080,17981528244608770890,10419164955741722654,131072 --disable-features=msEdgeEnableNurturingFramework --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6488 /prefetch:83⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2972 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17981528244608770890,10419164955741722654,131072 --disable-features=msEdgeEnableNurturingFramework --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1288 /prefetch:13⤵PID:4272
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2080,17981528244608770890,10419164955741722654,131072 --disable-features=msEdgeEnableNurturingFramework --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6404 /prefetch:83⤵PID:1564
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2080,17981528244608770890,10419164955741722654,131072 --disable-features=msEdgeEnableNurturingFramework --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6360 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
PID:4852 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17981528244608770890,10419164955741722654,131072 --disable-features=msEdgeEnableNurturingFramework --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3556 /prefetch:13⤵PID:644
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3632
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1088
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4424
-
C:\Program Files\7-Zip\7zFM.exe"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\BlockLimit.rar"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3988
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\Downloads\BlockLimit.xlsb"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:2008
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\Documents\BlockLimit.xlsb"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:4524
-
C:\Users\Admin\Desktop\ziprar.exe"C:\Users\Admin\Desktop\ziprar.exe"1⤵
- Writes to the Master Boot Record (MBR)
- Suspicious use of AdjustPrivilegeToken
PID:4952
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://app.ziprararchiver.com/1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1040 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd8b7846f8,0x7ffd8b784708,0x7ffd8b7847182⤵PID:1940
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,7707301127529964173,10710471087088607882,131072 --disable-features=msEdgeEnableNurturingFramework --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:5008 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,7707301127529964173,10710471087088607882,131072 --disable-features=msEdgeEnableNurturingFramework --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:22⤵PID:3684
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,7707301127529964173,10710471087088607882,131072 --disable-features=msEdgeEnableNurturingFramework --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:82⤵PID:2760
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7707301127529964173,10710471087088607882,131072 --disable-features=msEdgeEnableNurturingFramework --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3684 /prefetch:12⤵PID:1808
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7707301127529964173,10710471087088607882,131072 --disable-features=msEdgeEnableNurturingFramework --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3548 /prefetch:12⤵PID:1572
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7707301127529964173,10710471087088607882,131072 --disable-features=msEdgeEnableNurturingFramework --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:12⤵PID:4996
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7707301127529964173,10710471087088607882,131072 --disable-features=msEdgeEnableNurturingFramework --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2760 /prefetch:12⤵PID:4740
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7707301127529964173,10710471087088607882,131072 --disable-features=msEdgeEnableNurturingFramework --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:12⤵PID:1420
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7707301127529964173,10710471087088607882,131072 --disable-features=msEdgeEnableNurturingFramework --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:12⤵PID:4604
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7707301127529964173,10710471087088607882,131072 --disable-features=msEdgeEnableNurturingFramework --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:12⤵PID:1748
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7707301127529964173,10710471087088607882,131072 --disable-features=msEdgeEnableNurturingFramework --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:12⤵PID:3596
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7707301127529964173,10710471087088607882,131072 --disable-features=msEdgeEnableNurturingFramework --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:12⤵PID:3640
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,7707301127529964173,10710471087088607882,131072 --disable-features=msEdgeEnableNurturingFramework --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6452 /prefetch:82⤵PID:2204
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,7707301127529964173,10710471087088607882,131072 --disable-features=msEdgeEnableNurturingFramework --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6452 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:376 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7707301127529964173,10710471087088607882,131072 --disable-features=msEdgeEnableNurturingFramework --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:12⤵PID:2004
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7707301127529964173,10710471087088607882,131072 --disable-features=msEdgeEnableNurturingFramework --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6280 /prefetch:12⤵PID:1936
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7707301127529964173,10710471087088607882,131072 --disable-features=msEdgeEnableNurturingFramework --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:12⤵PID:3984
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7707301127529964173,10710471087088607882,131072 --disable-features=msEdgeEnableNurturingFramework --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:12⤵PID:3308
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7707301127529964173,10710471087088607882,131072 --disable-features=msEdgeEnableNurturingFramework --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6564 /prefetch:12⤵PID:4352
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7707301127529964173,10710471087088607882,131072 --disable-features=msEdgeEnableNurturingFramework --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3960 /prefetch:12⤵PID:4332
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,7707301127529964173,10710471087088607882,131072 --disable-features=msEdgeEnableNurturingFramework --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:12⤵PID:2124
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3264
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5350044ab61fcc459673bec06d04e1ae0
SHA156547a63cf421d8ae6208d16516f41ec220dfc4d
SHA25642ee8917ed0c2d6aac643e25ad0b26cc7a50e6406ff9e1b881d98a436ca3b61f
SHA51209d3b43ae6f54710248db0cc12186bd0465ae5256ed5d8721a43dbf92cd6b05cca83012f687b01c950f54524acdc3ace3cd8d5dd9dc2e6106c78b298a8f61d35
-
Filesize
152B
MD5d767d2fb4e2226836f9425ad36bcef97
SHA1c47e8ccc029ea5d500bd072a347e01cdb3e165cf
SHA256339cefc98dd7288b1a1cf6a589675ee37504e39fafdc7970bc860163b6dc9555
SHA512a307101d853dd41be9707b7be1e97a63dd5994c598c0b7bbf7747361dd38b846e35109e77610a2c8b86b3916970bcb695bfcb7a27268a94271918bf5bc16d166
-
Filesize
152B
MD5462f3c1360a4b5e319363930bc4806f6
SHA19ba5e43d833c284b89519423f6b6dab5a859a8d0
SHA256fec64069c72a8d223ed89a816501b3950f5e4f5dd88f289a923c5f961d259f85
SHA5125584ef75dfb8a1907c071a194fa78f56d10d1555948dffb8afcacaaa2645fd9d842a923437d0e94fad1d1919dcef5b25bf065863405c8d2a28216df27c87a417
-
Filesize
152B
MD5d2642245b1e4572ba7d7cd13a0675bb8
SHA196456510884685146d3fa2e19202fd2035d64833
SHA2563763676934b31fe2e3078256adb25b01fdf899db6616b6b41dff3062b68e20a1
SHA51299e35f5eefc1e654ecfcf0493ccc02475ca679d3527293f35c3adea66879e21575ab037bec77775915ec42ac53e30416c3928bc3c57910ce02f3addd880392e9
-
Filesize
152B
MD51c2306030c69bf4b0992b61c585d01a0
SHA1b8b456933dd158b661cda008b0857b4a44d70f47
SHA256b69df02365da9dc1cd233dfccb5a54b38daa238f9d49e860923058573b616ce4
SHA512032a58e28b6d9be9eca4a6524df02c31cdaa6cec5914a5a70760f331f82191395befcb807ce6a7b701771490acdd393426b6957b35b3a5e9c529ef4025fdd79c
-
Filesize
152B
MD5014c9ce3e520f19a8bba679c7296f8c0
SHA1dea10f30a0c313c5c9e23e45b21ed5c5e02624b9
SHA2568d37ac330684d1c59dfd971e5e5b8b1923e4d127262a8ed5159896358c52a295
SHA512d473297d1104abedeb488e33d49b6d563d0c8e002dad29abdcd7b7735e14d1b32c36bd057421a52befdbbbce06260c58530ffd38aad4878af74a722e664f050f
-
Filesize
152B
MD5014c9ce3e520f19a8bba679c7296f8c0
SHA1dea10f30a0c313c5c9e23e45b21ed5c5e02624b9
SHA2568d37ac330684d1c59dfd971e5e5b8b1923e4d127262a8ed5159896358c52a295
SHA512d473297d1104abedeb488e33d49b6d563d0c8e002dad29abdcd7b7735e14d1b32c36bd057421a52befdbbbce06260c58530ffd38aad4878af74a722e664f050f
-
Filesize
152B
MD5782e4169e7283feaf49df6428fb4ccf9
SHA13d8b2df90f1d27666ada6916479e93ad89454cad
SHA2568a5ed0c001ef75b42350934294629b82e890bf8acc9d48652d502971c69ccde2
SHA512e5341fc37569bd3b3e9a69634848272442d3b3298c1e328e468ef0cc4091501f21ea598403ae9970ac6c8bf25e2ccba0b0bfd04e3313fcca1ead9f643de20d94
-
Filesize
152B
MD561fe338210e41f7a8cfa2c867dfba0e2
SHA1b6b61bfddbcd487095fb160173616a049c6c3c24
SHA25600f23c535e77e6c46a272ef2e3d181160ff66ee52631fec206bdcb2752c67f03
SHA512bc11b1e3e023e89bae78cd5b45ebb6034b29a192a376238fd3191f45dbb76915d628c6d297cde67b18464c9941bcc5a8b6a287893f821148d130fbf881e7ce45
-
Filesize
152B
MD52ada99f68a12dfbcb4da87bfc1a5d8f5
SHA153a8ab66032354d017b03a85feb4f9b6f65ed08e
SHA256d7efc155c6e81a05e571aef92a51971b4b5174a8197896ffdd9238684252e1a5
SHA512213630d348994e979c21cac2e87f1ec815b9374c8d5ce68b143f94f6bad488d2c266df644cbb9baf87d5fade4f88f66e2c1e70b5d3c70639158516d03c48a525
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\374638c7-9345-484c-8a48-21057e0a6e06.tmp
Filesize11KB
MD57caa5e2ac7130fca9340dcb82df68a83
SHA17f31d8adcf58ab19227c97cc7d4766cda9626440
SHA256d5d39efed2be56ec39b6ee997c4170a96dcd756fd06c5339c549cc2b033e0e99
SHA5124279ddf85a8551a1e756fe2a0c9254c275527d7c7e2ed5d70633bed9c05f6ae7c7326e9ba79b441fee0cb08d4b30cc3bb7c4aead70cf99fc408e76fec945b84e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\6c335279-73c1-468b-83da-1d785126d1b0.tmp
Filesize1B
MD55058f1af8388633f609cadb75a75dc9d
SHA13a52ce780950d4d969792a2559cd519d7ee8c727
SHA256cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA5120b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\870012e6-ba0b-4de7-958a-f76d2bd4334d.tmp
Filesize6KB
MD561e79d7edbb88136e9e103c4d413df41
SHA1ab95301783642897b6f05861e07d49f594e75d9f
SHA2564766928a0416f6732e5fc8d62e1ca1bbfda0cf55634dcaaab5fb0a92e0948914
SHA5124017aad2b0598bbed1bf1af318b3dabe18d2e0b4194c9c2bcbc2bcc15affa80c5584efde56123d3499effc7fb1e5c4366878d8b2939c7e1c4b293ed086d23119
-
Filesize
44KB
MD54622a3d8c544f4e61f6216e27859365e
SHA1b71a0e3b92cbd78951352d20fc7ec296817ae595
SHA25664fc87ea18fb4515184b9ac34d770e9c30255a02948a46cfb4163cbd7c01b69e
SHA51213c69f7b85c175c11355aad13cebd04138d5e3faf823e75e3ba151432f6d5d1cccc27c7df1e93adaba2e6f89daf77cedeb9830ba2da276f12132c092d502db55
-
Filesize
44KB
MD51858ed58b148547148410742a40d25d2
SHA10a58db2e689aa6990775efb3f9b4af6fd2e167bb
SHA256a773c5beb76be748920cb328d245c7d0e10f237effc30e07802dde8f3bd10af6
SHA512b5bac25fdd270a003f560a8f6f296e9a057384dbe3ab933a0979012d72d61519643902a870cf38339a643bd330b360471a37a5008e4e9963264817fcd8bb63a8
-
Filesize
264KB
MD50ea6efc490e6c1cd92beedae20980ccf
SHA10b8d1c631210015b8212e1b5941a9910fe279ed8
SHA256dc5ee722935a781b5ac7392e1c946868b10caff1c36d1406f1da03b91bb066ec
SHA51207148f8f1b52230c29f11019b0413fc8b68994b29c8af138e83d1d17f00b82cd51d552625193aafb288de439e8b62fbe881b94a23957bd83678882aa822d3302
-
Filesize
264KB
MD549255ad3ce3ccd26dd6a86f2a517244a
SHA1bdc86aed79e0cf1061640105a4ed04e117bc9fa4
SHA256fc81c4a619aa59577d3f99356bb56ee2bd1a42e252c6faea1dfe59d84bb1a552
SHA512c63ae458d0504ac1b8e37a9473829179c51ef349181c2c022c8fc2717bf83d6b50d6e7d5be19d37e8e68fdf14168d4c9bb538131df28acb59fdeaaec6cad2619
-
Filesize
8KB
MD50962291d6d367570bee5454721c17e11
SHA159d10a893ef321a706a9255176761366115bedcb
SHA256ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed
-
Filesize
8KB
MD50962291d6d367570bee5454721c17e11
SHA159d10a893ef321a706a9255176761366115bedcb
SHA256ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed
-
Filesize
8KB
MD541876349cb12d6db992f1309f22df3f0
SHA15cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e
-
Filesize
8KB
MD541876349cb12d6db992f1309f22df3f0
SHA15cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e
-
Filesize
400KB
MD5c979b1455db21f8886dab3d3892cb64b
SHA1d00720b6391dac9f7231d75ab51a5a11e85353c8
SHA256ec3ffc8a5c733dfed8078e22d4ba7a8c4e41583d139c9f936172ad2e4714957a
SHA5121fcf586b4b55d9f5298037fdf23d3dc4e69f1c931caffc3e712c92f68d68111a9badd9de06ef7c9bef00e04dce5118648df28285a891b433f0ed4b9fe2902d49
-
Filesize
256KB
MD505ceac05a51303c415aa2634ffc1a577
SHA12a91a8e189e8ed1b566e8b3398bd5c490bc64a04
SHA256543b1c39fd3ad6cc2495bc1137fd496a3f8f9df51198996bd55272f8220c12cd
SHA512cf2460a1e21da989ac3d6c133ccb80ad5e4ea9d2116e65877eb1a2287ad153e934d8e4bae014e19395e3fcfaeee031aa91c9c435842570337be7e4aaf00f10ab
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize48B
MD513891efd69e7c20b5e7195a21ecedcf6
SHA15b48d1c0f07be21c4a2239bc1c38f94d4510e150
SHA2569c1bf4b0deab4c2c663bd4e365e31a70fdc54708e08aa10d31880cc56d8ba6cf
SHA512e7925674d96f39aab47539265124c0f9ee2cfc2d940242268930ec92f581a271beb953851627835c60ca4dc5cfb5bc6da0923ee27acce0b480e78db205d61e7a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize744B
MD5cef128a5e2d854ea8841c33a72b55a56
SHA1d3dcc3f90156fe1617a26e0b25435ed3839bd357
SHA256df6b691a2663701560188d0eb8aa1da40dfa136732acb160a0c7b3f395e85069
SHA51269f4bcde209d51390b2d42058e0d53994c78a3737319f63439345d95c4a3c9ce2b507abdd6f2cf975de9aa8b5aa174964ca913f130e3f4c9a8e8a6662605f343
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize816B
MD5f1e429eba36eeb8edf4d9653ccd4bacf
SHA14439308dd34668922dbb7f03114ab28dd850390d
SHA2565fc209e06f7460df0221b0afe9274253bf7bc65f7d44e7359e5f0bed8f6ef73e
SHA512b0926b0e7180ef90081a0ae925883c5591d3c4f1cd587638f271ba0132da45a6395073eec2a09155362a1533dd8c562e2a32101fc7a432d9898149c277baa389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD5224df578f2240f00ae0969a1492ad5b3
SHA1b98a5e7dcedd2644da47dd8f747ef10a7fa41ebc
SHA256a8de63fca5b79ddf68005811eaf9e07a43516458f6996aaf6ba8fe3b15a84abd
SHA5125d87bad146aea372eb0796bab8d8bce79e67759a7601026bdcd8c8285d10dfc6b5f5774fd976fbbba910fbb571f5ec7c502858d8892b79b9c53133bb375e94a6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir\the-real-index
Filesize48B
MD513891efd69e7c20b5e7195a21ecedcf6
SHA15b48d1c0f07be21c4a2239bc1c38f94d4510e150
SHA2569c1bf4b0deab4c2c663bd4e365e31a70fdc54708e08aa10d31880cc56d8ba6cf
SHA512e7925674d96f39aab47539265124c0f9ee2cfc2d940242268930ec92f581a271beb953851627835c60ca4dc5cfb5bc6da0923ee27acce0b480e78db205d61e7a
-
Filesize
20KB
MD549693267e0adbcd119f9f5e02adf3a80
SHA13ba3d7f89b8ad195ca82c92737e960e1f2b349df
SHA256d76e7512e496b7c8d9fcd3010a55e2e566881dc6dacaf0343652a4915d47829f
SHA512b4b9fcecf8d277bb0ccbb25e08f3559e3fc519d85d8761d8ad5bca983d04eb55a20d3b742b15b9b31a7c9187da40ad5c48baa7a54664cae4c40aa253165cbaa2
-
Filesize
70KB
MD5e5e3377341056643b0494b6842c0b544
SHA1d53fd8e256ec9d5cef8ef5387872e544a2df9108
SHA256e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25
SHA51283f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
279B
MD5aba7b68c375a11f7ba7f744fd208d046
SHA16af4958308de6224a0116bde5847f6bde4c25b02
SHA2561ed724a4993a7acde99e5b1f36c4fe883d3b2402df37138084aa6acaee076b1b
SHA512afe2c38869d83a3e9356e6d70276e374a577db4ee6820e9787889fe05c0d03552684ce7227abee706c37af20ff9962cb0cbdd904d083fd02afd5a268ad2c5ef9
-
Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
Filesize
8KB
MD5cf89d16bb9107c631daabf0c0ee58efb
SHA13ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA5128cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
Filesize
8KB
MD50962291d6d367570bee5454721c17e11
SHA159d10a893ef321a706a9255176761366115bedcb
SHA256ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed
-
Filesize
8KB
MD541876349cb12d6db992f1309f22df3f0
SHA15cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e
-
Filesize
256KB
MD5628c4f4aae2c4b259eb2de03d3492093
SHA19452bb504eab2ac6286aa7d754e6606d606b2f27
SHA256c452dde8eab976670b77a13b4cffc0811bd28194f49ba0631a6bd4b69933f1d4
SHA512567b51b221f2711a4f3554b6134c935f4e94a823bb23533c2963c7d1564376005570001454dd3c0e90df43db7e97d4c5450bb0b4e86f99712df5800f0cc41e8d
-
Filesize
6B
MD5a9851aa4c3c8af2d1bd8834201b2ba51
SHA1fa95986f7ebfac4aab3b261d3ed0a21b142e91fc
SHA256e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191
SHA51241a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818
-
Filesize
334B
MD59523f2708459bb948dd11328ced4d69d
SHA1e188ec4e0a165871960dabd3633bdacad99c7f15
SHA2567d38ba236b3ce11f7b59527190ff0ded9f1c2bfb941a96463395186ef49c9740
SHA512c18b27d02a9f860808288b1360274c85af5f6c543560a0879d32f98a977167321ca787a4d4ccc38503043e072199b6b83035c061dfdc66c9e300d7acd1cdff64
-
Filesize
2KB
MD5b961660ed6baa22b3bce373c90a76276
SHA1b7f08469d18bf8911dd4eb88a125625f146a0482
SHA256f0188625e93467b2c27b6c6afd5a35e500fdab3820f516c217401fb9aa9a2de1
SHA512d6a1eb3a08e17ea0da7f53169540cd37dcb92df8d0a67eedf29ba360a7bfa3654c9083298ebe751a8e61a9d42a580ba1ee5ff5f16d433bd0af32a32c04391710
-
Filesize
3KB
MD5e564341468d535930103ad2a31e9c918
SHA1ed927d75f316bb31249b209c8cdd2cb3e8fa3e8f
SHA25657d4e2da702275cc1917ec95f6afaff45f220ba39a6ab9de4ea3e81e10e21643
SHA5129fb36f653cb651ee81411b51a94b9d9472d910c5f21dd675a8c0f28d537692479c1645579f2a9d4c8babcfd1b2b7fd3ccbaa699eb65cf809c33ef6470dc6bb84
-
Filesize
9KB
MD5291185d67b1845920811861dd763df9f
SHA13f1a21aef8a91893a46bca4ae04533fdba890efd
SHA256804b24878ef655702bf45e0401a6f59c16ead99c968bf3d9554a8831ecb3a143
SHA51227aa34e354655bb2c77a8233c947918cf7e597ef35fd916c271a47d4ea2ef37bfd5736f0e9052d22f89ed68e20be1763278c7023064ed196180093a25a004eec
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
4KB
MD51b539ace5cceee2900ef7a6681697cb0
SHA163ed690fede6faf58ef9519b10ead45110766564
SHA25690cb2025ab9e7010cbd092b825cf90777e67f36b09c67a90a6b88ea7086a6e61
SHA512309fc360a353cec322eeb9cea5dae69f56b0785748e0aea10796e348b17d6f3ae57cba6ff947922e66bf83601f26d15c22f90452748a3352f12f14f53384102a
-
Filesize
4KB
MD5f73107f6d1c1b6895b50482efd3a584f
SHA189d3826bc0905de75fead3d8fca34e5cda5ced73
SHA256de5ffaa4e01c3804e29b4727eec61496f1e62423f4820b35a812a2b96b555f2b
SHA512e346763ae3a6b504c94613363a874ffd47b2eeb83dc3dcd12109a0c29350bacb536355311c20b5609a3d596246443dc63a9a89dd6ac3a0495238d9b226ecd75c
-
Filesize
5KB
MD5b698170cb161cab93848b6b7a610d640
SHA188c5f9db0d16927c7e15995412b3001062c11947
SHA256de69ae7a28eda642bd353ee774eb8b55c4f2e90431af3c2d9588dd570523dd07
SHA512dc21010579bd283d3e1d12e3ed5eb8ee1d27e2249176afe29a8d226f273081c4cdb6a007ba490e4e0595f8a5e10365168dbff38d08f46343727e16c9e20bfeb7
-
Filesize
6KB
MD5146e3875e4a321ca0f5029608dc73998
SHA13deb3991e1f4cc6410b7d2adebf0112067548eff
SHA256a087867853da06c0c7dd96aa341477119d004d1b104081ae51683fa4a2cdeb0b
SHA512b839ae7e595246024eeb7e443a18613f490fd48af5d5ba3f6fad119ba50245c2116687a1d05eb9d77b29f700b73ff98bf96b1539ce10e95e9edb81a21776343d
-
Filesize
6KB
MD5d99a85ae283ca4fd81a368a904146550
SHA1f72d2e41f5cf94760fda48068ea4d90dc1f42a60
SHA256895bf990e2b218a52189b54bdabc358e05285eebf3b18743e9abb8c9a5120a59
SHA5126e38ca183ebd2b343a0dfe7a66fd3fd9795b7d355042b39373bb4c8d060d90e429de66fce16f0f59353e254d08ddc407de617d4aefff6f7bb8de4d1484ea9fb3
-
Filesize
6KB
MD5b7bc7c9d6085094ee48adc4034fe39cf
SHA10c38bf08530fd6527be04d0373093c9ab34217ce
SHA256760271e4a5db34e5051c76243a7f10e596bd36177e2b0bb6e4fd11fbb0f2e2cb
SHA512801f1fb63eed86a374141ae6f411a4d4042f2bedad1d2cb2e88980a1f1da6d0b22b5dc7835d60c05fbbcf06b5b91d1381c55ca47fe9e54ff582b786308d82ad9
-
Filesize
6KB
MD5f6a6e6e8e103eb31ecf3e6cff2e4441f
SHA16340b1bdf2305fe4b041e41f1a8d657defc206bd
SHA25677e2556c47dbce93d4f9ca8ea344f0a122ad23e6b1fe74a8ce7d949304109d4e
SHA5123039906432b9614ce83aa3b91b2fc7b5378c17647fe731d1b6fe9f6166afe00259416b25a761d8f4944e9febc894137e44e16c229fdaa4241e07058cc10ea9fb
-
Filesize
6KB
MD567e80c2e20f9f0585d43990b2bc210fd
SHA1f2170666fb5b6f9260d66ab6178660f628deb79b
SHA25618b360297f9831cc4adb718a18ae402def6e39f10e4c49c66d8142758334bd7a
SHA5128f86534fafc3fb86c547d8b91f2cccf835222029cab6aee99d65d03523c7b473f02696d5f804544f310361a35107134f91562b62b8c66f7daaa6aa1406fb4ce3
-
Filesize
6KB
MD5fd2e0dbb7efbab6c95add5b3b7c261b2
SHA1d25342a06141f296de108806882df065fdeae1a2
SHA256209ab4eebb7857492e64390bd5dd6a11c89c064656557b41d3e60a88784439a9
SHA5123e5e564e172aef5a7106892b9caae590f27d334394eebd9eee9c579a51b68d8855d8c5f90001c777bc6c99a434e3847f23a67d0b55b7181f6a34af00299a2960
-
Filesize
7KB
MD562ec12fc0e3464a5877b551575f878d7
SHA16e41999b5ca3d6c1c5be3996d66177d3f06e4a00
SHA25695af0d2fa2ce4b3f444a8def67ecf03c13b18cd863fa39d47f6bc8d491e0a285
SHA512ca6a85b8080b22209f3cb8d4f709abf1ec71fabfe31418e821b39802ab0844011db62d3e0c030104e385a3d83266ad585065d0ae8fdfd6ceb0009fd0d6d3ae45
-
Filesize
7KB
MD54773e42bc388f7f529168561ea9e3914
SHA1e52c79d88f71adf60bb2f35a6def7a35f0434344
SHA256610c983abfc0fa3c3cb1d4db0afb1ba77fa2e42c2e5eb8e64284ba22e30857a5
SHA5127f4ed19a106c2c7317a422256850b0ab5ef984fcd820a1043c612d3f28d8194cd019a43a55391b688d3c2585bde4f826461e25e6683e67da79a52f167140029c
-
Filesize
5KB
MD577dac1af4abbcc44ba384efd277142dd
SHA1007f9084ab1d254c579cab5aecf8506d61c27fcc
SHA25645147150a6a61d1e15cf7920178cdf882177f3a60db2a8e02379b4569b30ecf2
SHA512796efdcc51bc19f092786b456fa907d46bd289f395786f07c17a2ca31d21cb2b211a4429e85032297c63bc8fed0a1cab19ff7cca85477093ff23d63abfe7c1c0
-
Filesize
5KB
MD577dac1af4abbcc44ba384efd277142dd
SHA1007f9084ab1d254c579cab5aecf8506d61c27fcc
SHA25645147150a6a61d1e15cf7920178cdf882177f3a60db2a8e02379b4569b30ecf2
SHA512796efdcc51bc19f092786b456fa907d46bd289f395786f07c17a2ca31d21cb2b211a4429e85032297c63bc8fed0a1cab19ff7cca85477093ff23d63abfe7c1c0
-
Filesize
9KB
MD5c855839b64641c89c4c35bb865067f26
SHA194777334a16d08093eb10529616703d4c0b250ff
SHA2567e15606ac56a3b705f0ea6b6b33782517f73aa7511886e4af0c3955d7d9c6bb3
SHA5128c892862a29a7211aab29c2118d02ca91e2b9438150a2125253043644019dacee37ce1e5d18f4644c2765aaac2d56215a568a504e268b288445c32e5bf29a161
-
Filesize
10KB
MD5406b975a3b49ced745bb8553d85dce40
SHA146109b3b1c55b47cb15ef8662dac33c380cf2147
SHA256f4901f9f13f6b54d57dd687bcbfbd57440a38b16cbef06a88a1203e0c83ce3ff
SHA51218b1b623bb9f5296dd07cfe2a6cc5e0bd52c889f7a1e989d89645c4ea10fb3c0d6bbf9c11c2d489e065ee493fc2cb13150c43f0f94046dc752e43799097cebb4
-
Filesize
11KB
MD57da33b17621734e619ff7859d6b64ba7
SHA1beabfa6abfb04ce36106131454cb8c2f979eb4ce
SHA256d586d713b6fe766b73862e904cc0c2209cb6243c37d5ce490edb211c4cd57074
SHA51290ad7f58a35f9bbb875cb1b2e4fa8eb0bcd66a2c4f842b986ee977c78ae19acab3ee62389bac025bee49f2f53a09ea6acaf808afbaee207b4b431628eb5ce597
-
Filesize
11KB
MD55279f5a310bff5ba3adff0ae66071fee
SHA18dddcd107e20b3adecdf90c9ce10551a384276db
SHA2565b9b597223f3b2940daa43fdb5f8d67bc28fff3a5998f8d8c61a5a744cc14cca
SHA5126fb29bf0bd7861a25ccb8b2c38acaac487520332ad82b366a21b42fe6b91c6f3944c50c4430938e54e4db0b1971895378cf76aae75f7b51da5f17cb15a600cc2
-
Filesize
11KB
MD56cadd0cf5bb2d9182615025202f74b38
SHA125de24d2e245d24d30752ce0bb8bbd31645e9842
SHA2569230fb0e3b305f698c1e4f15291755271662841a938cdcd2c76243b19ddd8bb2
SHA5128c48c5ceb21d9d7311dc049c58e9d3981aeafef181722e315fd6273e1504d8f6ec02e84db9967d43326d16531aa6f94f908c4ea3e35687cf77ce368ad578015a
-
Filesize
7KB
MD5a0a82da46808e9fb481f48428def9bf5
SHA18fad5b91ce437475691e436e49a9ec4b3da69691
SHA256f3fc7e09ee7dcabb5ab9fd7a34f85634dfc102d01301a424f8a3b52ffd0e36ad
SHA5121bab3ff4b5d9229130e38017ceb4b84cedc8ca1cc7ea1c401e80a3d1cd758f94cc0548b3d8368db1118a22f5760d6ec941e0457bc819fbc6d8f72e73d0b6e072
-
Filesize
7KB
MD5c44b39cf877485b6be92c694b56dfa43
SHA17744ba1acb6e26e875f17d07cc4cf00fffd56870
SHA256712894c85a0c62416f2c169cfb47785b0015288cea2e54443c35ce4660c86ba4
SHA512b07c546a08982de1a8271ae3552e3fe6cb6707fda9128a86b77746e7812080d2a9528a1486fda5fd59c3e7fbc3654c0847f123e2777d4583bc898d0ccf95c50e
-
Filesize
7KB
MD5dec0f0839469f3bf7fdb31d9882ba3c7
SHA1a7f9f56e8c96f89c512fefc7687396069f7fc727
SHA25602b4451f6b73d3a6933a131c594326f0326c588a75da541a9bab69b1bc769fc8
SHA512b979ccfb33d9cbec9e44782d65e6503bb0b24421f3c3a74fa3bbb618df29ae3ccf45a7846f1ca669a8d012ab970878d06d4fb3433e941a3b24c1c040d81d338d
-
Filesize
6KB
MD58e1595fe83f46e97bf9ed2d82d210af2
SHA19d38951fdfded18b681cc88b0c1e2e59a91e59ad
SHA256ec9f986b27a1c93c9b29f5e624b0501bc1c789f572531e97f998ccef83c2558f
SHA5122cdf09d25977c45798bea79b0f862e87582843b22de8330ac6f9d4a121486e93a45132eebafffded0d1b915af7a015dfbebd3350cbd344b5d35a2648b01dc200
-
Filesize
6KB
MD5189752fe0d3faa8fe725dd98c3b94409
SHA1e650adc4adc4202007916b6124f49b19809278c9
SHA25628e7672f187a622623039a6eccbcab684fd8ea8a1789e700b324d6de264699b5
SHA512f16c81daf975658c469e7861e90cbded9f8b6a157a975b9af16bd998061bff45cde28a8fa937bd5ad98dc66a0cc4d99043245c9f1981abbd281ead2d676df11b
-
Filesize
7KB
MD5df933c13376c3a084b5c9b164780a83e
SHA13e86488802e065553f23c8e5b8752f82abee120b
SHA2562b0d6f23a40f75f501a5549ba566838311a7b86fd40bab97f3fdcbca284a7650
SHA512b919d60fcbe1c721f7e81eed914eee40f02fba19db37df8eec76fff9b1d56e04d960fecc5871f6ebfcabc9fd8183e603724bda41b0231f89132f03074d267526
-
Filesize
11KB
MD5bcb8416fb055c744ad7b73183912e91b
SHA1db08f066f410bb14e8bc3459f6c3e3506c019c7e
SHA256fc31361a69bc22ede835622c1aa3ffdf1c8f850ff26dd5ccf6bac50f38a4d737
SHA5125abf559b03b6c08a8510b7d91df223b0b43affcd093463568ac1d3aab7d1da67a67d750d1de2f17d356995cac9ab9408bce30cff10b9cb4220c7c498873af413
-
Filesize
36KB
MD50247e46de79b6cd1bf08caf7782f7793
SHA1b3a63ed5be3d8ec6e3949fc5e2d21d97acc873a6
SHA256aad0053186875205e014ab98ae8c18a6233cb715dd3af44e7e8eb259aeab5eea
SHA512148804598d2a9ea182bd2adc71663d481f88683ce3d672ce12a43e53b0d34fd70458be5aaa781b20833e963804e7f4562855f2d18f7731b7c2eaea5d6d52fbb6
-
Filesize
24KB
MD5130644a5f79b27202a13879460f2c31a
SHA129e213847a017531e849139c7449bce6b39cb2fa
SHA2561306a93179e1eaf354d9daa6043ae8ffb37b76a1d1396e7b8df671485582bcd1
SHA512fbc8606bf988cf0a6dea28c16d4394c9b1e47f6b68256132b5c85caf1ec7b516c0e3d33034db275adf267d5a84af2854f50bd38a9ed5e86eb392144c63252e01
-
Filesize
24KB
MD5c325881ebe65f710ffde9291a337fa80
SHA11ee282fbda5f7c9b49406abfc182cc83148883e6
SHA2563b769be053cc0fb275a708dbd5e7cca5af41a5b4994385cbd19266e880da9c0c
SHA512f28ba69ec56f4d1dd8e241cb47d4514ac7f9d9cb177929f1c48dbb04bcc9adea13d95f415dfb4c660eb3c79ad1211ca15459b3c566179365d026ab3e5b4cad0f
-
Filesize
25KB
MD5ceef139ebfe8f6a00828e24dd7dc9efe
SHA188ae0040b0f415a5b0b2487682c9e4e04669f5f8
SHA25695e457788d8452454874965c1990c21035157da65b6ebf745f6e90cd4fa59c98
SHA512e9e07d7a051805d672af73b113a3a63d6f4c98b908a9ec823bcef23f25033ac51b802795d02070413806181a604f575924f1d346d9cdc36125e453869c7bdd77
-
Filesize
137B
MD5a62d3a19ae8455b16223d3ead5300936
SHA1c0c3083c7f5f7a6b41f440244a8226f96b300343
SHA256c72428d5b415719c73b6a102e60aaa6ad94bdc9273ca9950e637a91b3106514e
SHA512f3fc16fc45c8559c34ceba61739edd3facbbf25d114fecc57f61ec31072b233245fabae042cf6276e61c76e938e0826a0a17ae95710cfb21c2da13e18edbf99f
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
281B
MD561241208f325d678e36c0111f450c243
SHA1c1d9e1a6127bcf889ab6e3881405011c5ca8b700
SHA256cf774b2da3919ce5506dfc18b0782c3fd6194525807b610a5172a9739fe7fc87
SHA512f0c291cde355025bacf06bf647de01fbb6bafbabb008947a435de264913d38d7d40d54c60aeed62802f45d5508994e634737deea5a4dd5163ef481e989bfd1e8
-
Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
Filesize
1KB
MD5e86cde6343c6d1c8b58213445e9ae626
SHA18c5f87719b8e1576f035fbe9d510b22049f412c0
SHA25669ace4992ff6d320abd446d16927e7a768a5cec1945b96641eb67dd5a852a11c
SHA5120479305b7cc3fc76a5a4428b5007da955939c3e60fb69ab073f9f698cdf0bcb8a8eaeba7e8442337f4d682a5d95d3d2758d01cc72fcf30593b7f8fd83906ecd5
-
Filesize
933B
MD584aa1f8e236ec0fd751ca30b8da68c28
SHA16a79b17d74a817f0c107505a2f4de3e5139e052e
SHA256d22f7ef6948ab02297719774a3b3b17482d13844e451eb4d74b2f1188fecd8a6
SHA5124803d68d957e7d56f40069c744368cf536ca6c49274cf7f6168a31fba01fb065860919a1a073e9af65b2a59f03dd539c59ba0b849dddac63ae3a87676466c3f0
-
Filesize
350B
MD5722f1f8bf141cca82e986f83334ab33b
SHA14a7a7642b5a9e11fba790221971537767cc8daf7
SHA256f62264acb9ba9e2fffa17ddc9aec830d8bf23e010c99ede4fc1327d29ab02dd0
SHA5126e2dae08b34257246d141b8b463190c2d00ab545afbd03db69385c7f81ce259b922a479f18e39a3e304d049090174bcb62a0c1d50e911f30d2225da45c765d0a
-
Filesize
323B
MD54b4a6071cd7769d927727422ea5b943d
SHA1ec3a2047351433b9155b0b7459c34cfc30816b61
SHA256185f1864767bad3cfbf29edf2429c1e26655c6901a8626289264cb0f8f3f8f06
SHA512cc6a302003cf89d9e92a7e4211fed1ed79e4c02f97230f4c9129bce3b2a176818e3d319c3c6fabad8ecea0ea022d32a4bf5f2d6098f644ffd805fd5f9784eabf
-
Filesize
20KB
MD5f44dc73f9788d3313e3e25140002587c
SHA15aec4edc356bc673cba64ff31148b934a41d44c4
SHA2562002c1e5693dd638d840bb9fb04d765482d06ba3106623ce90f6e8e42067a983
SHA512e556e3c32c0bc142b08e5c479bf31b6101c9200896dd7fcd74fdd39b2daeac8f6dc9ba4f09f3c6715998015af7317211082d9c811e5f9e32493c9ecd888875d7
-
Filesize
540B
MD5645594411e8b2c57635e275dd68793a2
SHA12d2f77feeb8038b4d62a26830c1340995f22a304
SHA25647bc977e27a62373376012bfb8f0d0553813159eca09c09ca484bbdd9ed6fee4
SHA5123a7acdbb1261654de2fbcb1aed866a5ebf9004e65a7b305a703c3a75400b4c4a1527598750df9f20b11ad00643cb9b179692d1fbf881ab9f228af162c74ca019
-
Filesize
1KB
MD5e0a75cc2817c9516289167ebd13b66db
SHA19971b1bc7cab787371db0b3a5cf7b227cc6f3363
SHA2561fd0ba8ad16c3222c4faf32b30921ccc57127d0c7b0024f33e5a3cae1e2a04d6
SHA51283cd0d00aa13fb2e2a87071e70489f84dd3931db519819fe413ec08949b7c7362731b825651ab3629c45c98aabb086456def1bbd486fce8de6b8e5be404217f8
-
Filesize
2KB
MD57cd2338dc610d08bc056f8464d023319
SHA104a7946ca10ed74ab152e41c97add5342f2df3da
SHA25615eb1a69a6c48f1a8f1fec2cd11e354713c093e7a1af07251eea63018b2559a5
SHA5120914c3d5055ad0359c2fc779a153c86879e8a32cd8e53eab11f610bb7fbc0bbc37dd0316807430d8b38a4777965a6f363337d4536daacc53222aec28e367df50
-
Filesize
2KB
MD5ee080005ad89580d419c33be5516d9ed
SHA18b076c8143bb2a2d7fb2999b96946215ad4a5ae3
SHA256c810638328709a5caee8a9ca17a9c09524ffb45cb57858420135f2b00ffaad74
SHA512e8134100ba204c8c3220ad28db5180738dbc6c9c3228e9158006314098b4d2d144bc4e87c7affc69793a221ee64b61a2a13ab6e253269dbd3d9fe303df68832c
-
Filesize
708B
MD540eb121afcd8baa71916bffe62f2b8c2
SHA17bc842ee14d263571b023c460756a95e8a171089
SHA256f2d8d78cd5d9a2cb4522e4ae819fc0e362dae1f0ce464f8964753e1f0b0c3b65
SHA5124859d08bbf6cabe9cb334e41cbcace3535437fa872635bd8d07643f828d6eddb286078a3f2a907f815d060f66522c7b51396521286e3575d6b654441786ace1c
-
Filesize
2KB
MD5ea4699ac6b384138898e7b1f669d7095
SHA1a8c3acc5fd3ee6633340a79fc18ad80371b01a81
SHA2568d345050e2cad23413c4d2ab55cf3f0f024175ef0fd20cd56697490947e388f9
SHA51207bd3f1ca89906f0daf9c9e6bf0dc99447ad048bd82a63e167d09494f28d21b3bb095567518267fee1c0c68f3131b894e3e35ccb2ddd39d2173fd02a2d545f03
-
Filesize
372B
MD5f770626f80c6be87e2fa28570f81efaf
SHA11ea69342e88b3efbe4f54a31b4ab64fa81d5f9f5
SHA256949e37fedbaf78eaad9348d9a2dc7327e5e2c27e1bc51d95237c997408ccfe1f
SHA512ef89177e82703e46b660cfa7107e833e3fc272e32b10bea49444f3999e2e27808814898ca61885e34012faf732086beaa701a0218c58a1e648d5f0dcf0e8549c
-
Filesize
128KB
MD57d4aebbbd66e926f304388f892bcdc55
SHA1b367515d3198b1e7bd2c4f7e1b04d7ce9b47dd99
SHA256d33b71a19b9f426b5caad7fe36b5efdd37e8e1cf54c956693e2dc0fe40f854bd
SHA512d8cff772f5d9fd3d73324b2eb53b5154a5fee6d5afd268cb8bd83d0406f5d2ff89e7745037f2d788adfeb323dbadd877857039c4a05d3da1a05f5f19888c45e6
-
Filesize
116KB
MD5f70aa3fa04f0536280f872ad17973c3d
SHA150a7b889329a92de1b272d0ecf5fce87395d3123
SHA2568d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8
SHA51230675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\b832fba9-0e3d-4522-93d9-a2a908bf5dad.tmp
Filesize3KB
MD503bd36450102f786d0593707039b3a3d
SHA134d39cbc6c6e49ba6c44f755c0ad05a8df33e630
SHA256c5f8f95865354db7ea7489734b379e05c487e415b3554efe49d34b5c34bcd437
SHA512cc6283ad225a13d1b51a197167db7b407002b0a89ca81057bc73373d22f784cd24205db623d8e76effd5b5a4134413c20450cddd8d5a6b6e353da88a2c4fb334
-
Filesize
16B
MD5aefd77f47fb84fae5ea194496b44c67a
SHA1dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA2564166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3
-
Filesize
16B
MD5589c49f8a8e18ec6998a7a30b4958ebc
SHA1cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e
SHA25626d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8
SHA512e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2
-
Filesize
16B
MD560e3f691077715586b918375dd23c6b0
SHA1476d3eab15649c40c6aebfb6ac2366db50283d1b
SHA256e91d13722e31f9b06c5df3582cad1ea5b73547ce3dc08b12ed461f095aad48ee
SHA512d1c146d27bbf19362d6571e2865bb472ce4fe43dc535305615d92d6a2366f98533747a8a70a578d1f00199f716a61ce39fac5cab9dd67e9c044bc49e7343130e
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
16B
MD5ebc863bd1c035289fe8190da28b400bc
SHA11e63d5bda5f389ce1692da89776e8a51fa12be13
SHA25661657118abc562d70c10cbea1e8c92fab3a92739f5445033e813c3511688c625
SHA512f21506feeed984486121a09c1d43d4825ec1ec87f8977fa8c9cd4ff7fe15a49f74dc1b874293409bd309006c7bbc81e1c4bcba8d297c5875ca009b02e6d2b7be
-
Filesize
16B
MD5ab6ab31fbc80601ffb8ed2de18f4e3d3
SHA1983df2e897edf98f32988ea814e1b97adfc01a01
SHA256eaab30ed3bde0318e208d83e6b0701b3ee9eb6b11da2d9fbab1552e8e4ce88f8
SHA51241b42e6ab664319d68d86ce94a6db73789b2e34cba9b0c02d55dfb0816af654b02284aa3bfd9ae4f1a10e920087615b750fb2c54e9b3f646f721afb9a0d1aea3
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
44KB
MD5b31f4bc00e1b7f8315e254e3e6bbc098
SHA179888d2152ee7d8a997d68c69fbbf7a387ae825d
SHA256f61d91e097ff43c97c718d8fed66823b6713c81f85baa11bf40702fc9f7cb1de
SHA5129dbc2c7e9b56d55dce10461327abb3062f2afde761e97e8b32f9224741adda00f75123a9fce486753c8b9b84ea33adcc707f89b691f08c5d3cc7e8d7acc3c5cb
-
Filesize
187B
MD54b08d8ff2ea65ca468335d506c3c2e37
SHA13c364a4f150a02eee9a70982baac118a880e69c0
SHA256333fe4599a4423854e489780704ae40458dffe8760f351aaba1041e675e542e5
SHA51226d2a46dfbacc369e2acddd2d0ef616337d8fdef95fbfd428c9193d9b5f09a4e50527ed4c9216f86d8f861a435f7240e62bc518dfd89c945fd076eefae1f5fb9
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
279B
MD53cff5fe81e493d17c3d0314c46fae4cc
SHA166220c3266b027121bc91abd3d858823e7d6d4b4
SHA256c43efb32630918db6f981ab3774da0d89697175f9c43ffc7857370a4a43173aa
SHA51267cd777b4277a367fa38a84d565e0f5b15627063e8739850ed0d351240101ba34bd5ac4c73d94defd999c952a9a33bd96a1a996fb13d9330deeef7ac39557594
-
Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
Filesize
531B
MD5b06c2fc44d8b93fb30eeaf9efe5b584f
SHA157a5c00c928c61b94c1bbc4ae936f01beb218359
SHA256764c2a6e5d43eb85d890d32b2e2947db0c51622a9e1ea40f78712969597db01f
SHA512276ecc204d8d10d189c35919bb6c307adfade664369942c3d304f4616ca4ba95324e13141704f665b2ab115ee17aaf7353270482b65e19d5bc873a8402a47ce7
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
297B
MD570da3c3c46342dac600a49d8dfccac85
SHA14c0d60cb631add0b589c8a566faa2b3182dafc9b
SHA2564a619a5b0f98a3610c967134ee025e9d67d37f19b0ed615fb38e662740bd4b15
SHA51258c1fe0daa6fd5fc048b062717ac7e1cf720c4bcf2c4d5414cfe79a3438238013e801f5c22840187c437a08e7cadd90601cdc79adf25637667694962a22a8637
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\MANIFEST-000001
Filesize41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
Filesize
120B
MD5a397e5983d4a1619e36143b4d804b870
SHA1aa135a8cc2469cfd1ef2d7955f027d95be5dfbd4
SHA2569c70f766d3b84fc2bb298efa37cc9191f28bec336329cc11468cfadbc3b137f4
SHA5124159ea654152d2810c95648694dd71957c84ea825fcca87b36f7e3282a72b30ef741805c610c5fa847ca186e34bde9c289aaa7b6931c5b257f1d11255cd2a816
-
Filesize
11B
MD5838a7b32aefb618130392bc7d006aa2e
SHA15159e0f18c9e68f0e75e2239875aa994847b8290
SHA256ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa
SHA5129e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9
-
Filesize
11B
MD5838a7b32aefb618130392bc7d006aa2e
SHA15159e0f18c9e68f0e75e2239875aa994847b8290
SHA256ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa
SHA5129e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9
-
Filesize
10KB
MD5e0f644aebe1649f90584d420a646a0fe
SHA1c40897e7cbd32ee5bfbfacda3743d5aa5a19278b
SHA256a2c0a37e04ab018a42979c5ad6835e073fc943b0aa7ce514a60c2c2479e69236
SHA51255462aa35a10dbdb053d155687e6c9207ad97adf68ae08a0cd3457bec55dc87bca0ea89570598e8a801132b5115d0cc8b5b7f36e099e2150d4cdf2f7ecd1c228
-
Filesize
12KB
MD5f5a7d82c499de3864e5b81244f4b4da8
SHA119def512b29c8a72c729a769d1c830a2afef3c54
SHA256f8fa872dbc020ed8630b5134741003a6d16f411730697a54972d0f128ffd05ec
SHA512a765379f95ab2fed6004970d9d39ae040a85f88dda10eff91660f439bf93af8c2a1f1c734307f8ae769d8c7f0c0c80a1312a309489aab7021fd3f178176c8fc5
-
Filesize
13KB
MD5a7c004d3bae547f93cb58638c8bbeedb
SHA131b61179e0b136d58b31096f7aec20e6dec9a42c
SHA2568c907391ec14396d4c6aa32dce0898da11d4fd90eb1ea8916d4b07e26eb523ac
SHA512809242940900f2a08e626c742c44bf05a50476ff63fd4d40fb0fbabff3cb27c659ae2ba4fcc836e8f69d21314b2453d8a416d096170f78abc7fe2a5a6e87298a
-
Filesize
12KB
MD5f5a7d82c499de3864e5b81244f4b4da8
SHA119def512b29c8a72c729a769d1c830a2afef3c54
SHA256f8fa872dbc020ed8630b5134741003a6d16f411730697a54972d0f128ffd05ec
SHA512a765379f95ab2fed6004970d9d39ae040a85f88dda10eff91660f439bf93af8c2a1f1c734307f8ae769d8c7f0c0c80a1312a309489aab7021fd3f178176c8fc5
-
Filesize
13KB
MD50d5a34e8987e6e6e79b4bffc5eb26787
SHA1c1937c477e159ac49027c504cde83292e6a43400
SHA2568cd09d2c50c519232918a90d4615173262a67174fecfb816de3319af390f6708
SHA5122d03363ed20a59069fd514fc40961be6c7fc4b0848f86654a30aa0348f3ecc813aaf65f7daf46cd2e2172fa3564cb5be8b6140cfb7d9ac5335d048278d8fc3ea
-
Filesize
13KB
MD599879ab8a735a65268c68e7c4701436d
SHA16a90529b4023f514dcd140893908f4f06e514f0f
SHA256d602e5704622da4fad5552772119de1761d2f731d69b1dfb3088166e888fecbc
SHA51217a0b72a90a64e4a1ef83a92f55b7e5056d1e688c870af61b56b7af52e43af2c7920cc08361647a67e032b8a5042c617f3964ae48f1de1132fb52bdaabb9b5b6
-
Filesize
13KB
MD5005c46c85462ed9dc4b093a91e9b16fb
SHA1cc90e754bbc362297e8f8ef115ee9c024a028c9e
SHA2566249f7fe364f282c3a78c26973237d57c5fdd5f81c8d46ea79ecabe4d8638e7c
SHA5127be0ddfbb063f392582388dcaa4d932f5acee39084aaf72307c8072655117ef823abff37b10179c67eb05906303fe82cfb9aa4aca448853395fc8edad1fd8e6c
-
Filesize
13KB
MD5a06af21896f44dbd86d0a8dd85c37ecc
SHA1d22cd24f64697972c44caff8eac1421d505968cd
SHA256c284809d9874f4d506b522d08ff543f951c3b21b67e8ceb436be530211444f52
SHA51230ea06a0a395f6fa4a938643a133e7c6e20a2ca9c1f0ae47ee18955bfab6b7fc1bca0cad64ca92bfaf02c9a7ed1027940000425667b576a3be1e450c2acedf77
-
Filesize
13KB
MD5e0562a9a797522914f7af3a645e7b8a9
SHA1ee332698b862def7a9025124a1d611c8370e601d
SHA25688fa920ef7972b36397353220d515f7b502a7817d126f797f4e07d221c596448
SHA5120d1d9a61644907397939dea0761747139b54dead27ec6ec83acb445bd29f86551739fe9bd257cb98289c6b3d80a934e96792db1fa0c9cbb8d5847a0bf3558344
-
Filesize
13KB
MD561a855ef25d2357ec745d51ae7ae2aed
SHA106da7d3d8521266cbd648e718a826946c7fb1e11
SHA25664a27efe4129271222838478643d5b0ef65d57dce574080d7aecaac5254a5550
SHA51217a12d3eec0c1fbeab0d3414ee34fa58019dec8836297dbe5e51a115758b25232ce389ec86534d27a4cc6c70314ee0278ad4351eb2a50c2e3e3ceccf7d5e81b4
-
Filesize
13KB
MD5ecc92af09e856b7dc059202096ae4798
SHA1fd12d3edd16cae9a336062109d9ed29845438550
SHA2562b32b9eedf077c0934748d25531ff30a37373fd2e540965c2cb2ea5e4457d0e4
SHA512bc1b46f678ec2e417275468ce59a4d49faf27b883369c9b5541c87356820ee883eec07be888b18b406543d941be42fb350a574ebe5c911d288da0c51567feda9
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
Filesize
28KB
MD564f90cafa6afb36a6c5c21fc24222d8e
SHA1c9b224d4fb3a5f5bebfc0d20a5f32992eda7a6cf
SHA256a75a45e131bf8f28308136241c7d7e03c979df8c1f83e165a4e1a52cdc7b6319
SHA5120a585815bf8e2478148e10eb31ab32e1de0e188594ce27ac03827da004e7495a89124c6f68d90248b20fa56b51a9627f9c7579e1e4ae57c789f0c41b390506e4
-
Filesize
60KB
MD575fe3240a546f8ceb8e513e18d404f2c
SHA15c614060fb7765cdaf26eb6a50f6306e0fbe40f1
SHA256ea1d5e14222178c61efa65c01a4b60dec5f3dd801bd26ce00979de4b54019020
SHA5127c0924c5a5324461a090ba2b5c5531f7a973be6dfad830f0d9ce6a108a137b6e213ebc575939b0a91251f70ec8e5c761e4c3f5c15f4627e9ff8ab9daa6d41bdc
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize3KB
MD5a2d44549bf55e78a34e895637eb8cb88
SHA17939f22f5fc0b0a94590fad93e34d0f71be5001b
SHA25668f96dd979896daa1022165d64de076ce94de0b16577249338627db1879b5968
SHA512d8b41e9cb7e7d2bb9467b236d80260486f0db8325c486b327b327b646c60a00c03ba0465bb5eb13814e53464c761552158b3fb74d774313ba79ef212d2fe292b
-
Filesize
3.8MB
MD561a2b03a7dd82b722c8602204be4546c
SHA119b9316da303db7acd6fcc5b7e389b71c8eb7043
SHA2565c2ef8b2b3fc254c54d363661017851df43f3fab6fa9c0f11d7d153ff5157f91
SHA51283425f72eee61f61a07c69a1ce25fe6c90bec3ea929938b21c2cf1e3ca8f97fe468a33c770d4f76bf56645efc68c4d33dd91089f97a75a5d25059af3f44d7ba3
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e