wannacry | hxxp://q

Analysis

max time kernel
1743s
max time network
1743s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
11-04-2024 13:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://q

Score

10^/10

wannacry discovery persistence ransomware worm

Malware Config

Extracted

Path

C:\Users\Admin\Desktop\WannaCry-master\WannaCry-master\@[email protected]

Family

wannacry

Ransom Note

Q: What's wrong with my files? A: Ooops, your important files are encrypted. It means you will not be able to access them anymore until they are decrypted. If you follow our instructions, we guarantee that you can decrypt all your files quickly and safely! Let's start decrypting! Q: What do I do? A: First, you need to pay service fees for the decryption. Please send $300 worth of bitcoin to this bitcoin address: 13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94 Next, please find an application file named "@[email protected]". It is the decrypt software. Run and follow the instructions! (You may need to disable your antivirus for a while.) Q: How can I trust? A: Don't worry about decryption. We will decrypt your files surely because nobody will trust us if we cheat users. * If you need our assistance, send a message by clicking <Contact Us> on the decryptor window. �

Wallets

13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94

Signatures

Wannacry
WannaCry is a ransomware cryptoworm.
ransomware worm wannacry
Deletes shadow copies 2 TTPs
Ransomware often targets backup files to inhibit system recovery.
ransomware

File Deletion
T1070.004

Inhibit System Recovery
T1490

Drops startup file 2 IoCs

Processes:

WannaCry.EXE

description	ioc	process
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SDC9A7.tmp	WannaCry.EXE
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SDC9BD.tmp	WannaCry.EXE

Executes dropped EXE 24 IoCs

Processes:

taskdl.exe@[email protected]@[email protected]taskhsvc.exetaskdl.exetaskse.exe@[email protected]taskse.exe@[email protected]taskdl.exetaskse.exe@[email protected]taskdl.exeprocesshacker-2.39-setup.tmptaskse.exe@[email protected]taskdl.exetaskse.exe@[email protected]taskdl.exeProcessHacker.exetaskse.exe@[email protected]taskdl.exe

pid	process
1880	taskdl.exe
6052	@[email protected]
4076	@[email protected]
2288	taskhsvc.exe
4212	taskdl.exe
5244	taskse.exe
5808	@[email protected]
4036	taskse.exe
5336	@[email protected]
5372	taskdl.exe
1952	taskse.exe
2440	@[email protected]
5496	taskdl.exe
5656	processhacker-2.39-setup.tmp
1452	taskse.exe
5152	@[email protected]
4532	taskdl.exe
6064	taskse.exe
3388	@[email protected]
5944	taskdl.exe
5768	ProcessHacker.exe
2256	taskse.exe
4488	@[email protected]
2368	taskdl.exe

Loads dropped DLL 19 IoCs

Processes:

taskhsvc.exeProcessHacker.exe

pid	process
2288	taskhsvc.exe
2288	taskhsvc.exe
2288	taskhsvc.exe
2288	taskhsvc.exe
2288	taskhsvc.exe
2288	taskhsvc.exe
2288	taskhsvc.exe
5768	ProcessHacker.exe
5768	ProcessHacker.exe
5768	ProcessHacker.exe
5768	ProcessHacker.exe
5768	ProcessHacker.exe
5768	ProcessHacker.exe
5768	ProcessHacker.exe
5768	ProcessHacker.exe
5768	ProcessHacker.exe
5768	ProcessHacker.exe
5768	ProcessHacker.exe
5768	ProcessHacker.exe

Modifies file permissions 1 TTPs 1 IoCs
discovery

File and Directory Permissions Modification
T1222

Processes:

icacls.exe

pid process

2660 icacls.exe

pid	process
2660	icacls.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

reg.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\lbwpvpfrj996 = "\"C:\\Users\\Admin\\Desktop\\WannaCry-master\\WannaCry-master\\tasksche.exe\""	reg.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates connected drives 3 TTPs 1 IoCs
Attempts to read the root path of hard drives other than the default C: drive.

Query Registry
T1012

Peripheral Device Discovery
T1120

System Information Discovery
T1082

Processes:

ProcessHacker.exe

description ioc process

File opened (read-only) \??\F: ProcessHacker.exe

description	ioc	process
File opened (read-only)	\??\F:	ProcessHacker.exe

Checks system information in the registry 2 TTPs 2 IoCs

System information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

ProcessHacker.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	ProcessHacker.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	ProcessHacker.exe

Sets desktop wallpaper using registry 2 TTPs 2 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

Processes:

WannaCry.EXE@[email protected]

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-3084248216-1643706459-906455512-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]"	WannaCry.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3084248216-1643706459-906455512-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]"	@[email protected]

Drops file in Program Files directory 42 IoCs

Processes:

processhacker-2.39-setup.tmp

description	ioc	process
File opened for modification	C:\Program Files\Process Hacker 2\plugins\UserNotes.dll	processhacker-2.39-setup.tmp
File created	C:\Program Files\Process Hacker 2\is-T9199.tmp	processhacker-2.39-setup.tmp
File created	C:\Program Files\Process Hacker 2\is-QAA0S.tmp	processhacker-2.39-setup.tmp
File created	C:\Program Files\Process Hacker 2\is-RR611.tmp	processhacker-2.39-setup.tmp
File opened for modification	C:\Program Files\Process Hacker 2\plugins\ExtendedTools.dll	processhacker-2.39-setup.tmp
File created	C:\Program Files\Process Hacker 2\is-VG7IH.tmp	processhacker-2.39-setup.tmp
File created	C:\Program Files\Process Hacker 2\x86\plugins\is-R659N.tmp	processhacker-2.39-setup.tmp
File created	C:\Program Files\Process Hacker 2\plugins\is-GURG1.tmp	processhacker-2.39-setup.tmp
File created	C:\Program Files\Process Hacker 2\plugins\is-ON9EB.tmp	processhacker-2.39-setup.tmp
File opened for modification	C:\Program Files\Process Hacker 2\plugins\ToolStatus.dll	processhacker-2.39-setup.tmp
File opened for modification	C:\Program Files\Process Hacker 2\plugins\Updater.dll	processhacker-2.39-setup.tmp
File created	C:\Program Files\Process Hacker 2\is-U4EC5.tmp	processhacker-2.39-setup.tmp
File created	C:\Program Files\Process Hacker 2\plugins\is-TQTND.tmp	processhacker-2.39-setup.tmp
File created	C:\Program Files\Process Hacker 2\plugins\is-89N9P.tmp	processhacker-2.39-setup.tmp
File opened for modification	C:\Program Files\Process Hacker 2\plugins\SbieSupport.dll	processhacker-2.39-setup.tmp
File created	C:\Program Files\Process Hacker 2\is-C5PG9.tmp	processhacker-2.39-setup.tmp
File created	C:\Program Files\Process Hacker 2\plugins\is-S48LL.tmp	processhacker-2.39-setup.tmp
File opened for modification	C:\Program Files\Process Hacker 2\plugins\NetworkTools.dll	processhacker-2.39-setup.tmp
File opened for modification	C:\Program Files\Process Hacker 2\plugins\HardwareDevices.dll	processhacker-2.39-setup.tmp
File created	C:\Program Files\Process Hacker 2\unins000.dat	processhacker-2.39-setup.tmp
File created	C:\Program Files\Process Hacker 2\is-AM6IH.tmp	processhacker-2.39-setup.tmp
File created	C:\Program Files\Process Hacker 2\is-ASMHK.tmp	processhacker-2.39-setup.tmp
File created	C:\Program Files\Process Hacker 2\plugins\is-10GC7.tmp	processhacker-2.39-setup.tmp
File opened for modification	C:\Program Files\Process Hacker 2\peview.exe	processhacker-2.39-setup.tmp
File opened for modification	C:\Program Files\Process Hacker 2\x86\plugins\DotNetTools.dll	processhacker-2.39-setup.tmp
File opened for modification	C:\Program Files\Process Hacker 2\x86\ProcessHacker.exe	processhacker-2.39-setup.tmp
File opened for modification	C:\Program Files\Process Hacker 2\plugins\OnlineChecks.dll	processhacker-2.39-setup.tmp
File created	C:\Program Files\Process Hacker 2\plugins\is-IP61H.tmp	processhacker-2.39-setup.tmp
File created	C:\Program Files\Process Hacker 2\plugins\is-QORIA.tmp	processhacker-2.39-setup.tmp
File opened for modification	C:\Program Files\Process Hacker 2\unins000.dat	processhacker-2.39-setup.tmp
File opened for modification	C:\Program Files\Process Hacker 2\plugins\DotNetTools.dll	processhacker-2.39-setup.tmp
File opened for modification	C:\Program Files\Process Hacker 2\plugins\ExtendedNotifications.dll	processhacker-2.39-setup.tmp
File opened for modification	C:\Program Files\Process Hacker 2\plugins\ExtendedServices.dll	processhacker-2.39-setup.tmp
File created	C:\Program Files\Process Hacker 2\is-IUEBF.tmp	processhacker-2.39-setup.tmp
File created	C:\Program Files\Process Hacker 2\is-7P479.tmp	processhacker-2.39-setup.tmp
File opened for modification	C:\Program Files\Process Hacker 2\ProcessHacker.exe	processhacker-2.39-setup.tmp
File created	C:\Program Files\Process Hacker 2\x86\is-B65CR.tmp	processhacker-2.39-setup.tmp
File created	C:\Program Files\Process Hacker 2\plugins\is-0I3HK.tmp	processhacker-2.39-setup.tmp
File created	C:\Program Files\Process Hacker 2\plugins\is-6M772.tmp	processhacker-2.39-setup.tmp
File created	C:\Program Files\Process Hacker 2\plugins\is-7CB4V.tmp	processhacker-2.39-setup.tmp
File created	C:\Program Files\Process Hacker 2\plugins\is-RTME4.tmp	processhacker-2.39-setup.tmp
File opened for modification	C:\Program Files\Process Hacker 2\plugins\WindowExplorer.dll	processhacker-2.39-setup.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Program crash 2 IoCs

Processes:

WerFault.exeWerFault.exe

pid pid_target process target process

6048 4076 WerFault.exe @[email protected]
5292 4076 WerFault.exe @[email protected]

pid	pid_target	process	target process
6048	4076	WerFault.exe	@[email protected]
5292	4076	WerFault.exe	@[email protected]

Checks SCSI registry key(s) 3 TTPs 18 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

ProcessHacker.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\UpperFilters	ProcessHacker.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	ProcessHacker.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\DeviceDesc	ProcessHacker.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\DeviceDesc	ProcessHacker.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName	ProcessHacker.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Service	ProcessHacker.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\LowerFilters	ProcessHacker.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000\Control	ProcessHacker.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000\LogConf	ProcessHacker.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	ProcessHacker.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags	ProcessHacker.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000\Control	ProcessHacker.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Service	ProcessHacker.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\LowerFilters	ProcessHacker.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	ProcessHacker.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000\LogConf	ProcessHacker.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	ProcessHacker.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\UpperFilters	ProcessHacker.exe

Checks processor information in registry 2 TTPs 15 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

ProcessHacker.exe

description	ioc	process
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	ProcessHacker.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\FeatureSet	ProcessHacker.exe
Key opened	\Registry\Machine\Hardware\Description\System\CentralProcessor	ProcessHacker.exe
Key enumerated	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor	ProcessHacker.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	ProcessHacker.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\Identifier	ProcessHacker.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\FeatureSet	ProcessHacker.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	ProcessHacker.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	ProcessHacker.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString	ProcessHacker.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\VendorIdentifier	ProcessHacker.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	ProcessHacker.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	ProcessHacker.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	ProcessHacker.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz	ProcessHacker.exe

Enumerates system info in registry 2 TTPs 21 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 4 IoCs

Processes:

msedge.exemsedge.exemsedge.exemsedge.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3084248216-1643706459-906455512-1000\{B6C5C4F2-E4D3-47F9-A2F0-D2648EB36A85}	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3084248216-1643706459-906455512-1000\{8E4B81E0-5F31-4417-B82E-14CAA056EE3A}	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3084248216-1643706459-906455512-1000\{E3E94D66-AA73-4ACC-BCB4-7A08AE799176}	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3084248216-1643706459-906455512-1000\{7DD15D00-21E6-4832-A968-BCC9659741AB}	msedge.exe

Modifies registry key 1 TTPs 1 IoCs

Modify Registry
T1112

Processes:

reg.exe

pid process

5372 reg.exe

pid	process
5372	reg.exe

NTFS ADS 7 IoCs

Processes:

msedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\WannaCry-master.zip:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 871734.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\processhacker-2.39-setup.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\KMSAuto-Net.zip:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\KMSAuto-Net (1).zip:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\KMSAuto-Net (2).zip:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\kmsauto-net-1_5_4.zip:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

msedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exetaskhsvc.exe

pid	process
756	msedge.exe
756	msedge.exe
1968	msedge.exe
1968	msedge.exe
4004	msedge.exe
4004	msedge.exe
3080	msedge.exe
3080	msedge.exe
4972	msedge.exe
4972	msedge.exe
1244	msedge.exe
1244	msedge.exe
3164	identity_helper.exe
3164	identity_helper.exe
4212	msedge.exe
4212	msedge.exe
1852	msedge.exe
1852	msedge.exe
904	msedge.exe
904	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
3736	msedge.exe
2724	msedge.exe
2724	msedge.exe
856	msedge.exe
856	msedge.exe
4440	msedge.exe
4440	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
3852	msedge.exe
3852	msedge.exe
972	msedge.exe
972	msedge.exe
2692	identity_helper.exe
2692	identity_helper.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4436	msedge.exe
4436	msedge.exe
3892	msedge.exe
3892	msedge.exe
756	identity_helper.exe
756	identity_helper.exe
4468	msedge.exe
4468	msedge.exe
4824	msedge.exe
4824	msedge.exe
1108	msedge.exe
1108	msedge.exe
3356	msedge.exe
3356	msedge.exe
848	identity_helper.exe
848	identity_helper.exe
5856	msedge.exe
5856	msedge.exe
6028	msedge.exe
6028	msedge.exe
2288	taskhsvc.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

ProcessHacker.exe

pid process

5768 ProcessHacker.exe
Suspicious behavior: LoadsDriver 1 IoCs

Processes:

pid process

668

pid	process
5768	ProcessHacker.exe

pid	process
668

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

Processes:

msedge.exemsedge.exemsedge.exemsedge.exe

pid	process
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
4004	msedge.exe
4004	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

WMIC.exevssvc.exetaskse.exetaskse.exetaskse.exetaskse.exetaskse.exeProcessHacker.exetaskse.exe

description	pid	process
Token: SeIncreaseQuotaPrivilege	5060	WMIC.exe
Token: SeSecurityPrivilege	5060	WMIC.exe
Token: SeTakeOwnershipPrivilege	5060	WMIC.exe
Token: SeLoadDriverPrivilege	5060	WMIC.exe
Token: SeSystemProfilePrivilege	5060	WMIC.exe
Token: SeSystemtimePrivilege	5060	WMIC.exe
Token: SeProfSingleProcessPrivilege	5060	WMIC.exe
Token: SeIncBasePriorityPrivilege	5060	WMIC.exe
Token: SeCreatePagefilePrivilege	5060	WMIC.exe
Token: SeBackupPrivilege	5060	WMIC.exe
Token: SeRestorePrivilege	5060	WMIC.exe
Token: SeShutdownPrivilege	5060	WMIC.exe
Token: SeDebugPrivilege	5060	WMIC.exe
Token: SeSystemEnvironmentPrivilege	5060	WMIC.exe
Token: SeRemoteShutdownPrivilege	5060	WMIC.exe
Token: SeUndockPrivilege	5060	WMIC.exe
Token: SeManageVolumePrivilege	5060	WMIC.exe
Token: 33	5060	WMIC.exe
Token: 34	5060	WMIC.exe
Token: 35	5060	WMIC.exe
Token: 36	5060	WMIC.exe
Token: SeIncreaseQuotaPrivilege	5060	WMIC.exe
Token: SeSecurityPrivilege	5060	WMIC.exe
Token: SeTakeOwnershipPrivilege	5060	WMIC.exe
Token: SeLoadDriverPrivilege	5060	WMIC.exe
Token: SeSystemProfilePrivilege	5060	WMIC.exe
Token: SeSystemtimePrivilege	5060	WMIC.exe
Token: SeProfSingleProcessPrivilege	5060	WMIC.exe
Token: SeIncBasePriorityPrivilege	5060	WMIC.exe
Token: SeCreatePagefilePrivilege	5060	WMIC.exe
Token: SeBackupPrivilege	5060	WMIC.exe
Token: SeRestorePrivilege	5060	WMIC.exe
Token: SeShutdownPrivilege	5060	WMIC.exe
Token: SeDebugPrivilege	5060	WMIC.exe
Token: SeSystemEnvironmentPrivilege	5060	WMIC.exe
Token: SeRemoteShutdownPrivilege	5060	WMIC.exe
Token: SeUndockPrivilege	5060	WMIC.exe
Token: SeManageVolumePrivilege	5060	WMIC.exe
Token: 33	5060	WMIC.exe
Token: 34	5060	WMIC.exe
Token: 35	5060	WMIC.exe
Token: 36	5060	WMIC.exe
Token: SeBackupPrivilege	5364	vssvc.exe
Token: SeRestorePrivilege	5364	vssvc.exe
Token: SeAuditPrivilege	5364	vssvc.exe
Token: SeTcbPrivilege	5244	taskse.exe
Token: SeTcbPrivilege	5244	taskse.exe
Token: SeTcbPrivilege	4036	taskse.exe
Token: SeTcbPrivilege	4036	taskse.exe
Token: SeTcbPrivilege	1952	taskse.exe
Token: SeTcbPrivilege	1952	taskse.exe
Token: SeTcbPrivilege	1452	taskse.exe
Token: SeTcbPrivilege	1452	taskse.exe
Token: SeTcbPrivilege	6064	taskse.exe
Token: SeTcbPrivilege	6064	taskse.exe
Token: SeDebugPrivilege	5768	ProcessHacker.exe
Token: SeIncBasePriorityPrivilege	5768	ProcessHacker.exe
Token: 33	5768	ProcessHacker.exe
Token: SeLoadDriverPrivilege	5768	ProcessHacker.exe
Token: SeProfSingleProcessPrivilege	5768	ProcessHacker.exe
Token: SeRestorePrivilege	5768	ProcessHacker.exe
Token: SeShutdownPrivilege	5768	ProcessHacker.exe
Token: SeTakeOwnershipPrivilege	5768	ProcessHacker.exe
Token: SeTcbPrivilege	2256	taskse.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

msedge.exemsedge.exemsedge.exe

pid	process
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

msedge.exemsedge.exemsedge.exemsedge.exemsedge.exeProcessHacker.exe

pid	process
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4972	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
5224	msedge.exe
5224	msedge.exe
5224	msedge.exe
5224	msedge.exe
5768	ProcessHacker.exe
5768	ProcessHacker.exe
5768	ProcessHacker.exe
5768	ProcessHacker.exe
5768	ProcessHacker.exe
5768	ProcessHacker.exe
5768	ProcessHacker.exe
5768	ProcessHacker.exe
5768	ProcessHacker.exe
5768	ProcessHacker.exe
5768	ProcessHacker.exe
5768	ProcessHacker.exe

Suspicious use of SetWindowsHookEx 11 IoCs

Processes:

@[email protected]@[email protected]@[email protected]@[email protected]@[email protected]@[email protected]@[email protected]@[email protected]

pid	process
6052	@[email protected]
6052	@[email protected]
4076	@[email protected]
4076	@[email protected]
5808	@[email protected]
5808	@[email protected]
5336	@[email protected]
2440	@[email protected]
5152	@[email protected]
3388	@[email protected]
4488	@[email protected]

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 1968 wrote to memory of 1260	1968	msedge.exe	msedge.exe
PID 1968 wrote to memory of 1260	1968	msedge.exe	msedge.exe
PID 1968 wrote to memory of 1564	1968	msedge.exe	msedge.exe
PID 1968 wrote to memory of 1564	1968	msedge.exe	msedge.exe
PID 1968 wrote to memory of 1564	1968	msedge.exe	msedge.exe
PID 1968 wrote to memory of 1564	1968	msedge.exe	msedge.exe
PID 1968 wrote to memory of 1564	1968	msedge.exe	msedge.exe
PID 1968 wrote to memory of 1564	1968	msedge.exe	msedge.exe
PID 1968 wrote to memory of 1564	1968	msedge.exe	msedge.exe
PID 1968 wrote to memory of 1564	1968	msedge.exe	msedge.exe
PID 1968 wrote to memory of 1564	1968	msedge.exe	msedge.exe
PID 1968 wrote to memory of 1564	1968	msedge.exe	msedge.exe
PID 1968 wrote to memory of 1564	1968	msedge.exe	msedge.exe
PID 1968 wrote to memory of 1564	1968	msedge.exe	msedge.exe
PID 1968 wrote to memory of 1564	1968	msedge.exe	msedge.exe
PID 1968 wrote to memory of 1564	1968	msedge.exe	msedge.exe
PID 1968 wrote to memory of 1564	1968	msedge.exe	msedge.exe
PID 1968 wrote to memory of 1564	1968	msedge.exe	msedge.exe
PID 1968 wrote to memory of 1564	1968	msedge.exe	msedge.exe
PID 1968 wrote to memory of 1564	1968	msedge.exe	msedge.exe
PID 1968 wrote to memory of 1564	1968	msedge.exe	msedge.exe
PID 1968 wrote to memory of 1564	1968	msedge.exe	msedge.exe
PID 1968 wrote to memory of 1564	1968	msedge.exe	msedge.exe
PID 1968 wrote to memory of 1564	1968	msedge.exe	msedge.exe
PID 1968 wrote to memory of 1564	1968	msedge.exe	msedge.exe
PID 1968 wrote to memory of 1564	1968	msedge.exe	msedge.exe
PID 1968 wrote to memory of 1564	1968	msedge.exe	msedge.exe
PID 1968 wrote to memory of 1564	1968	msedge.exe	msedge.exe
PID 1968 wrote to memory of 1564	1968	msedge.exe	msedge.exe
PID 1968 wrote to memory of 1564	1968	msedge.exe	msedge.exe
PID 1968 wrote to memory of 1564	1968	msedge.exe	msedge.exe
PID 1968 wrote to memory of 1564	1968	msedge.exe	msedge.exe
PID 1968 wrote to memory of 1564	1968	msedge.exe	msedge.exe
PID 1968 wrote to memory of 1564	1968	msedge.exe	msedge.exe
PID 1968 wrote to memory of 1564	1968	msedge.exe	msedge.exe
PID 1968 wrote to memory of 1564	1968	msedge.exe	msedge.exe
PID 1968 wrote to memory of 1564	1968	msedge.exe	msedge.exe
PID 1968 wrote to memory of 1564	1968	msedge.exe	msedge.exe
PID 1968 wrote to memory of 1564	1968	msedge.exe	msedge.exe
PID 1968 wrote to memory of 1564	1968	msedge.exe	msedge.exe
PID 1968 wrote to memory of 1564	1968	msedge.exe	msedge.exe
PID 1968 wrote to memory of 1564	1968	msedge.exe	msedge.exe
PID 1968 wrote to memory of 756	1968	msedge.exe	msedge.exe
PID 1968 wrote to memory of 756	1968	msedge.exe	msedge.exe
PID 1968 wrote to memory of 2924	1968	msedge.exe	msedge.exe
PID 1968 wrote to memory of 2924	1968	msedge.exe	msedge.exe
PID 1968 wrote to memory of 2924	1968	msedge.exe	msedge.exe
PID 1968 wrote to memory of 2924	1968	msedge.exe	msedge.exe
PID 1968 wrote to memory of 2924	1968	msedge.exe	msedge.exe
PID 1968 wrote to memory of 2924	1968	msedge.exe	msedge.exe
PID 1968 wrote to memory of 2924	1968	msedge.exe	msedge.exe
PID 1968 wrote to memory of 2924	1968	msedge.exe	msedge.exe
PID 1968 wrote to memory of 2924	1968	msedge.exe	msedge.exe
PID 1968 wrote to memory of 2924	1968	msedge.exe	msedge.exe
PID 1968 wrote to memory of 2924	1968	msedge.exe	msedge.exe
PID 1968 wrote to memory of 2924	1968	msedge.exe	msedge.exe
PID 1968 wrote to memory of 2924	1968	msedge.exe	msedge.exe
PID 1968 wrote to memory of 2924	1968	msedge.exe	msedge.exe
PID 1968 wrote to memory of 2924	1968	msedge.exe	msedge.exe
PID 1968 wrote to memory of 2924	1968	msedge.exe	msedge.exe
PID 1968 wrote to memory of 2924	1968	msedge.exe	msedge.exe
PID 1968 wrote to memory of 2924	1968	msedge.exe	msedge.exe
PID 1968 wrote to memory of 2924	1968	msedge.exe	msedge.exe
PID 1968 wrote to memory of 2924	1968	msedge.exe	msedge.exe

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Views/modifies file attributes 1 TTPs 2 IoCs
evasion

Hidden Files and Directories
T1564.001

Processes:

attrib.exeattrib.exe

pid process

4316 attrib.exe
1388 attrib.exe

pid	process
4316	attrib.exe
1388	attrib.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://q
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1968

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe71df3cb8,0x7ffe71df3cc8,0x7ffe71df3cd8
2⤵
PID:1260

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,2274507787846927646,5599950252203671947,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1952 /prefetch:2
2⤵
PID:1564

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1924,2274507787846927646,5599950252203671947,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:756

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1924,2274507787846927646,5599950252203671947,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2664 /prefetch:8
2⤵
PID:2924

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,2274507787846927646,5599950252203671947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
2⤵
PID:3792

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,2274507787846927646,5599950252203671947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
2⤵
PID:2172

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,2274507787846927646,5599950252203671947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4876 /prefetch:1
2⤵
PID:1108

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4748

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3176

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:824

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
1⤵
PID:3608

C:\Windows\System32\DataExchangeHost.exe
C:\Windows\System32\DataExchangeHost.exe -Embedding
1⤵
PID:4468

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://go.microsoft.com/fwlink/?LinkId=335789
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4004

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffe71df3cb8,0x7ffe71df3cc8,0x7ffe71df3cd8
2⤵
PID:4788

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,15264569791703916917,6981239673536768414,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1924 /prefetch:2
2⤵
PID:3436

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1904,15264569791703916917,6981239673536768414,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3080

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1904,15264569791703916917,6981239673536768414,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2596 /prefetch:8
2⤵
PID:4628

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15264569791703916917,6981239673536768414,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
2⤵
PID:2288

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,15264569791703916917,6981239673536768414,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
2⤵
PID:1964

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2852

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:940

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4972

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe71df3cb8,0x7ffe71df3cc8,0x7ffe71df3cd8
2⤵
PID:3024

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1936,15382748250915807985,7486390733051626123,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1956 /prefetch:2
2⤵
PID:1668

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1936,15382748250915807985,7486390733051626123,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1244

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1936,15382748250915807985,7486390733051626123,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8
2⤵
PID:3116

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,15382748250915807985,7486390733051626123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
2⤵
PID:3452

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,15382748250915807985,7486390733051626123,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
2⤵
PID:488

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,15382748250915807985,7486390733051626123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3636 /prefetch:1
2⤵
PID:3648

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,15382748250915807985,7486390733051626123,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4348 /prefetch:1
2⤵
PID:2288

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1936,15382748250915807985,7486390733051626123,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3464 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3164

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,15382748250915807985,7486390733051626123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
2⤵
PID:3760

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,15382748250915807985,7486390733051626123,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
2⤵
PID:5040

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1936,15382748250915807985,7486390733051626123,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4884 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4212

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,15382748250915807985,7486390733051626123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4380 /prefetch:1
2⤵
PID:2092

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,15382748250915807985,7486390733051626123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4020 /prefetch:1
2⤵
PID:3856

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,15382748250915807985,7486390733051626123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1
2⤵
PID:2852

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1936,15382748250915807985,7486390733051626123,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5148 /prefetch:8
2⤵
PID:1436

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1936,15382748250915807985,7486390733051626123,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5100 /prefetch:8
2⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:1852

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,15382748250915807985,7486390733051626123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1
2⤵
PID:2960

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,15382748250915807985,7486390733051626123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
2⤵
PID:3428

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,15382748250915807985,7486390733051626123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:1
2⤵
PID:3916

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,15382748250915807985,7486390733051626123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
2⤵
PID:3200

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,15382748250915807985,7486390733051626123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6284 /prefetch:1
2⤵
PID:2460

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,15382748250915807985,7486390733051626123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6256 /prefetch:1
2⤵
PID:3856

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,15382748250915807985,7486390733051626123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6656 /prefetch:1
2⤵
PID:2568

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,15382748250915807985,7486390733051626123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7044 /prefetch:1
2⤵
PID:4536

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,15382748250915807985,7486390733051626123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
2⤵
PID:3592

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,15382748250915807985,7486390733051626123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6672 /prefetch:1
2⤵
PID:2960

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,15382748250915807985,7486390733051626123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3876 /prefetch:1
2⤵
PID:4936

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,15382748250915807985,7486390733051626123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
2⤵
PID:1224

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,15382748250915807985,7486390733051626123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2660 /prefetch:1
2⤵
PID:1900

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,15382748250915807985,7486390733051626123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6864 /prefetch:1
2⤵
PID:3856

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1936,15382748250915807985,7486390733051626123,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6184 /prefetch:8
2⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:904

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1936,15382748250915807985,7486390733051626123,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=7696 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3736

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,15382748250915807985,7486390733051626123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7328 /prefetch:1
2⤵
PID:4708

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,15382748250915807985,7486390733051626123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2448 /prefetch:1
2⤵
PID:1544

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1936,15382748250915807985,7486390733051626123,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7004 /prefetch:8
2⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:2724

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1936,15382748250915807985,7486390733051626123,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6644 /prefetch:8
2⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:856

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,15382748250915807985,7486390733051626123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7848 /prefetch:1
2⤵
PID:396

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,15382748250915807985,7486390733051626123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7004 /prefetch:1
2⤵
PID:1372

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,15382748250915807985,7486390733051626123,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7852 /prefetch:1
2⤵
PID:1896

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:588

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4992

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5016

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_KMSAuto-Net.zip\Password for Archive - windows.txt
1⤵
PID:3940

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\KMSAuto-Net\Password for Archive - windows.txt
1⤵
PID:3380

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:2512

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe71df3cb8,0x7ffe71df3cc8,0x7ffe71df3cd8
2⤵
PID:1372

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1872,7070513986910210513,15040343456927805084,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1884 /prefetch:2
2⤵
PID:896

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1872,7070513986910210513,15040343456927805084,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4440

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1872,7070513986910210513,15040343456927805084,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2608 /prefetch:8
2⤵
PID:4224

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,7070513986910210513,15040343456927805084,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
2⤵
PID:3216

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,7070513986910210513,15040343456927805084,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
2⤵
PID:4816

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,7070513986910210513,15040343456927805084,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4452 /prefetch:1
2⤵
PID:3432

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,7070513986910210513,15040343456927805084,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4380 /prefetch:1
2⤵
PID:4884

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1872,7070513986910210513,15040343456927805084,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3976 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3852

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,7070513986910210513,15040343456927805084,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
2⤵
PID:1956

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1872,7070513986910210513,15040343456927805084,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3492 /prefetch:8
2⤵
PID:488

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1872,7070513986910210513,15040343456927805084,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3908 /prefetch:8
2⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:972

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,7070513986910210513,15040343456927805084,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
2⤵
PID:1900

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,7070513986910210513,15040343456927805084,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
2⤵
PID:3216

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,7070513986910210513,15040343456927805084,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1
2⤵
PID:3096

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,7070513986910210513,15040343456927805084,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6028 /prefetch:1
2⤵
PID:3076

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,7070513986910210513,15040343456927805084,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6376 /prefetch:1
2⤵
PID:3380

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1872,7070513986910210513,15040343456927805084,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5612 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2692

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,7070513986910210513,15040343456927805084,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
2⤵
PID:1856

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,7070513986910210513,15040343456927805084,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:1
2⤵
PID:112

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,7070513986910210513,15040343456927805084,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4456 /prefetch:1
2⤵
PID:4540

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,7070513986910210513,15040343456927805084,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6984 /prefetch:1
2⤵
PID:2728

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,7070513986910210513,15040343456927805084,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6944 /prefetch:1
2⤵
PID:3768

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,7070513986910210513,15040343456927805084,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3812 /prefetch:1
2⤵
PID:1724

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,7070513986910210513,15040343456927805084,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6388 /prefetch:1
2⤵
PID:2704

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,7070513986910210513,15040343456927805084,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6592 /prefetch:1
2⤵
PID:1880

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,7070513986910210513,15040343456927805084,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7136 /prefetch:1
2⤵
PID:112

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,7070513986910210513,15040343456927805084,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6276 /prefetch:1
2⤵
PID:2124

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,7070513986910210513,15040343456927805084,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6628 /prefetch:1
2⤵
PID:2172

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,7070513986910210513,15040343456927805084,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6832 /prefetch:1
2⤵
PID:3948

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,7070513986910210513,15040343456927805084,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3496 /prefetch:1
2⤵
PID:1436

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,7070513986910210513,15040343456927805084,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6176 /prefetch:1
2⤵
PID:716

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,7070513986910210513,15040343456927805084,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
2⤵
PID:4412

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,7070513986910210513,15040343456927805084,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6952 /prefetch:1
2⤵
PID:2772

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1872,7070513986910210513,15040343456927805084,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=7068 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4980

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,7070513986910210513,15040343456927805084,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6804 /prefetch:1
2⤵
PID:1256

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,7070513986910210513,15040343456927805084,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3736 /prefetch:1
2⤵
PID:3428

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,7070513986910210513,15040343456927805084,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7376 /prefetch:1
2⤵
PID:1912

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,7070513986910210513,15040343456927805084,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7532 /prefetch:1
2⤵
PID:3532

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,7070513986910210513,15040343456927805084,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7096 /prefetch:1
2⤵
PID:844

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,7070513986910210513,15040343456927805084,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7696 /prefetch:1
2⤵
PID:3452

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4076

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3436

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\KMSAuto-Net\Password for Archive - windows.txt
1⤵
PID:1912

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
PID:2760

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe71df3cb8,0x7ffe71df3cc8,0x7ffe71df3cd8
2⤵
PID:2504

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1880,3820298251809278544,3950039375392751229,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1892 /prefetch:2
2⤵
PID:1800

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1880,3820298251809278544,3950039375392751229,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2404 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4436

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1880,3820298251809278544,3950039375392751229,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2548 /prefetch:8
2⤵
PID:3712

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,3820298251809278544,3950039375392751229,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
2⤵
PID:988

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,3820298251809278544,3950039375392751229,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1.5 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
2⤵
PID:3376

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,3820298251809278544,3950039375392751229,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:1
2⤵
PID:3612

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,3820298251809278544,3950039375392751229,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1.5 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:1
2⤵
PID:4408

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,3820298251809278544,3950039375392751229,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3548 /prefetch:1
2⤵
PID:4068

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,3820298251809278544,3950039375392751229,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1.5 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3528 /prefetch:1
2⤵
PID:3112

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,3820298251809278544,3950039375392751229,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=1 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:1
2⤵
PID:4784

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,3820298251809278544,3950039375392751229,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=1 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
2⤵
PID:1896

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,3820298251809278544,3950039375392751229,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=1 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3564 /prefetch:1
2⤵
PID:4908

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,3820298251809278544,3950039375392751229,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1.5 --num-raster-threads=1 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4092 /prefetch:1
2⤵
PID:4660

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,3820298251809278544,3950039375392751229,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=1 --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:1
2⤵
PID:2772

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1880,3820298251809278544,3950039375392751229,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4972 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3892

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1880,3820298251809278544,3950039375392751229,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5452 /prefetch:8
2⤵
PID:4288

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1880,3820298251809278544,3950039375392751229,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5524 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:756

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,3820298251809278544,3950039375392751229,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=1 --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:1
2⤵
PID:3540

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,3820298251809278544,3950039375392751229,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=1 --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
2⤵
PID:5040

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,3820298251809278544,3950039375392751229,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=1 --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
2⤵
PID:200

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1880,3820298251809278544,3950039375392751229,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5000 /prefetch:8
2⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:4468

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4532

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4336

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SendNotifyMessage
PID:4824

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe71df3cb8,0x7ffe71df3cc8,0x7ffe71df3cd8
2⤵
PID:964

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,1503462519987568665,11378037730340280611,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1916 /prefetch:2
2⤵
PID:2792

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1888,1503462519987568665,11378037730340280611,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1108

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1888,1503462519987568665,11378037730340280611,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2504 /prefetch:8
2⤵
PID:2572

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1503462519987568665,11378037730340280611,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3160 /prefetch:1
2⤵
PID:3204

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1503462519987568665,11378037730340280611,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3168 /prefetch:1
2⤵
PID:3632

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1503462519987568665,11378037730340280611,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3688 /prefetch:1
2⤵
PID:1816

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1503462519987568665,11378037730340280611,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4892 /prefetch:1
2⤵
PID:4392

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1888,1503462519987568665,11378037730340280611,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3484 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3356

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1503462519987568665,11378037730340280611,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
2⤵
PID:3768

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1503462519987568665,11378037730340280611,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
2⤵
PID:992

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1888,1503462519987568665,11378037730340280611,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5492 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:848

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1503462519987568665,11378037730340280611,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
2⤵
PID:3132

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1503462519987568665,11378037730340280611,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
2⤵
PID:4468

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1503462519987568665,11378037730340280611,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
2⤵
PID:1252

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1503462519987568665,11378037730340280611,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
2⤵
PID:5160

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1888,1503462519987568665,11378037730340280611,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5668 /prefetch:8
2⤵
PID:5848

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1888,1503462519987568665,11378037730340280611,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5800 /prefetch:8
2⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:5856

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,1503462519987568665,11378037730340280611,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6528 /prefetch:1
2⤵
PID:3116

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1888,1503462519987568665,11378037730340280611,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6584 /prefetch:8
2⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:6028

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:748

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2144

C:\Users\Admin\Desktop\WannaCry-master\WannaCry-master\WannaCry.EXE
"C:\Users\Admin\Desktop\WannaCry-master\WannaCry-master\WannaCry.EXE"
1⤵
- Drops startup file
- Sets desktop wallpaper using registry
PID:2092

C:\Windows\SysWOW64\attrib.exe
attrib +h .
2⤵
- Views/modifies file attributes
PID:4316

C:\Windows\SysWOW64\icacls.exe
icacls . /grant Everyone:F /T /C /Q
2⤵
- Modifies file permissions
PID:2660

C:\Users\Admin\Desktop\WannaCry-master\WannaCry-master\taskdl.exe
taskdl.exe
2⤵
- Executes dropped EXE
PID:1880

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c 188641712842861.bat
2⤵
PID:5404

C:\Windows\SysWOW64\cscript.exe
cscript.exe //nologo m.vbs
3⤵
PID:844

C:\Windows\SysWOW64\attrib.exe
attrib +h +s F:\$RECYCLE
2⤵
- Views/modifies file attributes
PID:1388

C:\Users\Admin\Desktop\WannaCry-master\WannaCry-master\@[email protected]
@[email protected] co
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:6052

C:\Users\Admin\Desktop\WannaCry-master\WannaCry-master\TaskData\Tor\taskhsvc.exe
TaskData\Tor\taskhsvc.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:2288

C:\Windows\SysWOW64\cmd.exe
cmd.exe /c start /b @[email protected] vs
2⤵
PID:3508

C:\Users\Admin\Desktop\WannaCry-master\WannaCry-master\@[email protected]
@[email protected] vs
3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4076

C:\Windows\SysWOW64\cmd.exe
cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet
4⤵
PID:5128

C:\Windows\SysWOW64\Wbem\WMIC.exe
wmic shadowcopy delete
5⤵
- Suspicious use of AdjustPrivilegeToken
PID:5060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4076 -s 416
4⤵
- Program crash
PID:6048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4076 -s 416
4⤵
- Program crash
PID:5292

C:\Users\Admin\Desktop\WannaCry-master\WannaCry-master\taskdl.exe
taskdl.exe
2⤵
- Executes dropped EXE
PID:4212

C:\Users\Admin\Desktop\WannaCry-master\WannaCry-master\taskse.exe
taskse.exe C:\Users\Admin\Desktop\WannaCry-master\WannaCry-master\@[email protected]
2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:5244

C:\Users\Admin\Desktop\WannaCry-master\WannaCry-master\@[email protected]
@[email protected]
2⤵
- Executes dropped EXE
- Sets desktop wallpaper using registry
- Suspicious use of SetWindowsHookEx
PID:5808

C:\Windows\SysWOW64\cmd.exe
cmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "lbwpvpfrj996" /t REG_SZ /d "\"C:\Users\Admin\Desktop\WannaCry-master\WannaCry-master\tasksche.exe\"" /f
2⤵
PID:1724

C:\Windows\SysWOW64\reg.exe
reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "lbwpvpfrj996" /t REG_SZ /d "\"C:\Users\Admin\Desktop\WannaCry-master\WannaCry-master\tasksche.exe\"" /f
3⤵
- Adds Run key to start application
- Modifies registry key
PID:5372

C:\Users\Admin\Desktop\WannaCry-master\WannaCry-master\taskse.exe
taskse.exe C:\Users\Admin\Desktop\WannaCry-master\WannaCry-master\@[email protected]
2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4036

C:\Users\Admin\Desktop\WannaCry-master\WannaCry-master\taskdl.exe
taskdl.exe
2⤵
- Executes dropped EXE
PID:5372

C:\Users\Admin\Desktop\WannaCry-master\WannaCry-master\@[email protected]
@[email protected]
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:5336

C:\Users\Admin\Desktop\WannaCry-master\WannaCry-master\taskse.exe
taskse.exe C:\Users\Admin\Desktop\WannaCry-master\WannaCry-master\@[email protected]
2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:1952

C:\Users\Admin\Desktop\WannaCry-master\WannaCry-master\@[email protected]
@[email protected]
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2440

C:\Users\Admin\Desktop\WannaCry-master\WannaCry-master\taskdl.exe
taskdl.exe
2⤵
- Executes dropped EXE
PID:5496

C:\Users\Admin\Desktop\WannaCry-master\WannaCry-master\taskse.exe
taskse.exe C:\Users\Admin\Desktop\WannaCry-master\WannaCry-master\@[email protected]
2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:1452

C:\Users\Admin\Desktop\WannaCry-master\WannaCry-master\@[email protected]
@[email protected]
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:5152

C:\Users\Admin\Desktop\WannaCry-master\WannaCry-master\taskdl.exe
taskdl.exe
2⤵
- Executes dropped EXE
PID:4532

C:\Users\Admin\Desktop\WannaCry-master\WannaCry-master\taskse.exe
taskse.exe C:\Users\Admin\Desktop\WannaCry-master\WannaCry-master\@[email protected]
2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:6064

C:\Users\Admin\Desktop\WannaCry-master\WannaCry-master\@[email protected]
@[email protected]
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3388

C:\Users\Admin\Desktop\WannaCry-master\WannaCry-master\taskdl.exe
taskdl.exe
2⤵
- Executes dropped EXE
PID:5944

C:\Users\Admin\Desktop\WannaCry-master\WannaCry-master\taskse.exe
taskse.exe C:\Users\Admin\Desktop\WannaCry-master\WannaCry-master\@[email protected]
2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:2256

C:\Users\Admin\Desktop\WannaCry-master\WannaCry-master\@[email protected]
@[email protected]
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4488

C:\Users\Admin\Desktop\WannaCry-master\WannaCry-master\taskdl.exe
taskdl.exe
2⤵
- Executes dropped EXE
PID:2368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4076 -ip 4076
1⤵
PID:6120

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 4076 -ip 4076
1⤵
PID:4440

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious use of SendNotifyMessage
PID:5224

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe71df3cb8,0x7ffe71df3cc8,0x7ffe71df3cd8
2⤵
PID:5180

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1764,2386804927008071635,1060581884220086853,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1932 /prefetch:2
2⤵
PID:5032

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1764,2386804927008071635,1060581884220086853,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
2⤵
PID:5552

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1764,2386804927008071635,1060581884220086853,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2528 /prefetch:8
2⤵
PID:5564

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1764,2386804927008071635,1060581884220086853,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
2⤵
PID:5612

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1764,2386804927008071635,1060581884220086853,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
2⤵
PID:4900

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1764,2386804927008071635,1060581884220086853,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4196 /prefetch:1
2⤵
PID:4892

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1764,2386804927008071635,1060581884220086853,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
2⤵
PID:5964

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1764,2386804927008071635,1060581884220086853,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3584 /prefetch:8
2⤵
PID:5908

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1764,2386804927008071635,1060581884220086853,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5308 /prefetch:8
2⤵
PID:848

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1764,2386804927008071635,1060581884220086853,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
2⤵
PID:5264

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1764,2386804927008071635,1060581884220086853,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
2⤵
PID:5936

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1764,2386804927008071635,1060581884220086853,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
2⤵
PID:3632

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1764,2386804927008071635,1060581884220086853,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1
2⤵
PID:2640

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1764,2386804927008071635,1060581884220086853,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
2⤵
PID:5328

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1764,2386804927008071635,1060581884220086853,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5284 /prefetch:8
2⤵
PID:5924

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1764,2386804927008071635,1060581884220086853,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3400 /prefetch:8
2⤵
- Modifies registry class
PID:5192

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1764,2386804927008071635,1060581884220086853,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1
2⤵
PID:712

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1764,2386804927008071635,1060581884220086853,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
2⤵
PID:5876

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1764,2386804927008071635,1060581884220086853,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1
2⤵
PID:1480

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1764,2386804927008071635,1060581884220086853,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4356 /prefetch:1
2⤵
PID:344

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1764,2386804927008071635,1060581884220086853,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6328 /prefetch:1
2⤵
PID:2040

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1764,2386804927008071635,1060581884220086853,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
2⤵
PID:4764

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1764,2386804927008071635,1060581884220086853,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1
2⤵
PID:3948

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1764,2386804927008071635,1060581884220086853,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3700 /prefetch:1
2⤵
PID:3580

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1764,2386804927008071635,1060581884220086853,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
2⤵
PID:2960

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1764,2386804927008071635,1060581884220086853,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6816 /prefetch:1
2⤵
PID:2028

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1764,2386804927008071635,1060581884220086853,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6768 /prefetch:1
2⤵
PID:1148

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1764,2386804927008071635,1060581884220086853,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
2⤵
PID:5952

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1764,2386804927008071635,1060581884220086853,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6932 /prefetch:1
2⤵
PID:3932

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1764,2386804927008071635,1060581884220086853,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6252 /prefetch:8
2⤵
- NTFS ADS
PID:5128

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1764,2386804927008071635,1060581884220086853,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7096 /prefetch:8
2⤵
PID:5936

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1752

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4608

C:\Users\Admin\Desktop\processhacker-2.39-setup.exe
"C:\Users\Admin\Desktop\processhacker-2.39-setup.exe"
1⤵
PID:5240

C:\Users\Admin\AppData\Local\Temp\is-VK1HH.tmp\processhacker-2.39-setup.tmp
"C:\Users\Admin\AppData\Local\Temp\is-VK1HH.tmp\processhacker-2.39-setup.tmp" /SL5="$60404,1874675,150016,C:\Users\Admin\Desktop\processhacker-2.39-setup.exe"
2⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:5656

C:\Program Files\Process Hacker 2\ProcessHacker.exe
"C:\Program Files\Process Hacker 2\ProcessHacker.exe"
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
- Checks system information in the registry
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
PID:5768

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

File and Directory Permissions Modification

T1222

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Indicator Removal

T1070

File Deletion

T1070.004

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

T1491

Inhibit System Recovery

T1490

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Process Hacker 2\ProcessHacker.exe

Filesize
1.6MB

MD5
b365af317ae730a67c936f21432b9c71

SHA1
a0bdfac3ce1880b32ff9b696458327ce352e3b1d

SHA256
bd2c2cf0631d881ed382817afcce2b093f4e412ffb170a719e2762f250abfea4

SHA512
cc3359e16c6fe905a9e176a87acf4c4ed5e22c29bfca11949799caf8442e00ec0d1679b3d8754dbc3e313528d3e8e82c0ec1941e2c3530b48229c1cb337f6b8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\0aa7493e-5957-46a9-b8c1-dc58565522e4.tmp

Filesize
12KB

MD5
7e4410f3954e5faff56b55d7af45fffe

SHA1
2f3156d4e4cb0ecb9c27e4bac4852169e6d7033b

SHA256
07105f9826159915380b8a830040822c1e8f9468822d0d637feccb598da6fb0f

SHA512
9fde2a163f40a7b531ffae3647805c05756ad255b2c7d3f4c781487ab1a34ae2b17c9b5ddffffa530e535dc8cc4bb36b3cebff7ac5b6c5268e82cf98897ec6a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\7ddf0e0b-b2ab-4c26-9fd0-d68e268c590c.tmp

Filesize
12KB

MD5
227615584f180848716b33220cb8200b

SHA1
fffabbbe1004e861e4f064927927ee400db32db1

SHA256
fdc6f43aa11388335bd3c950a4ac74aec082f333e47542bbf94259aa17d3989f

SHA512
8ec4a93eb230ff36016814e637776a28e4d43fdc6f8ddd7bdc9a37f93ce05798f4096d7eb2170fbffc3ad5842753dac20cc384f6b6aa3d2973b24a4fdc11c90d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
39502f6c3d97a589c7f5b369e44126f0

SHA1
cae298c1a990b02303b30b0808cc5ca7c45dbe2e

SHA256
b77508d6fa8dd7536faaca994bb1cfc978b67f23a2e359d7cb6557ff55f62c47

SHA512
40516a941537167453b30df1e9253dce316e5ce136b2d30ae6d962fcbd39d843b14085f7e9e961cf8704c8d38210149cca673a02cfdecdd3e020a96241235e94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9b6f7efb7b008932edbb5861f4925239

SHA1
20bf1a959d03de4985bacb1d1c1c620f0543dcc2

SHA256
d11848b80d0400844424be6c6c8224c6ef4ae1eb7ab95df797c485feb014aecc

SHA512
4ccd1142e2031ac64b029c1b69c8c7d54bd7146ff883fa10d1261607bf38debd43955ae9314b05a2581e03dcfb6d86e283e977392839f7d2765eaee2f4725c3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a6383d682b12beb019f25703b2c7a5cd

SHA1
6a4844098e38f1bdce7dd5d6c6fcf744d21a75be

SHA256
6e6c9713aeabca3d6e06f475dc9e9dcb51b81adc02684515166fb4164483a48b

SHA512
1b16a54da1c806881c09bd522676cf4834cc4b67458ec3af57a02cd2a88a13c9c8d6fb8e47a7a1a3d8877727e11d46569eb98b9ca29fa877e2161e5e1c5efe33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
caaacbd78b8e7ebc636ff19241b2b13d

SHA1
4435edc68c0594ebb8b0aa84b769d566ad913bc8

SHA256
989cc6f5cdc43f7bac8f6bc10624a47d46cbc366c671c495c6900eabc5276f7a

SHA512
c668a938bef9bbe432af676004beb1ae9c06f1ba2f154d1973e691a892cb39c345b12265b5996127efff3258ebba333847df09238f69e95f2f35879b5db7b7fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
aa7270e6d8855045a6b28c293eb99601

SHA1
1429bcb58e38d8ddec49e0199bdcafa5ef9b48c4

SHA256
5a3d9a99739177c7c7e4e2aee3b632ec1989cec04dd70a7af872c5d41fd76051

SHA512
cd78eb86809cf745f76aec407b448eb1b2b9f85b8cd5e72c7ef34274d08df994c6580972b06baeb51379cab7804a5d6273c0ae0ac2f5a653c02f017efe3eda76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7ae9c1dfe1dc0091b085d545d85b0b46

SHA1
4ad8792ecac244b23ced5d55fb9e39a07c3fb731

SHA256
a5a7b35f2688566827edc96aea531845c7cd85ad1c2b86a3a0b557e74391328c

SHA512
3e3e130cacc0ad42ad6180654b407a551bae693f6a87feea1f1dd89a4e8e77114189dfe929a8370ec09002b33cb81c99ddd681e9d7430654a923873a6d977822

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5b6cd984dd4a6285692ae9cc377b097a

SHA1
2dc7a6088835c388bcb150eb0b1214a4f6d24fd0

SHA256
506f21bc3a29ef6321b55b2879d946799969372fad624e5f03d9afd550ac515d

SHA512
84f2261030f4ce1789b9ef7e2f43be430fcb58593e768491485471cc7e2cbe32e61933ec9e99118b03cb72725732bf118c5a5c3506dd2143bed4d57ca75ffd13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7c194bbd45fc5d3714e8db77e01ac25a

SHA1
e758434417035cccc8891d516854afb4141dd72a

SHA256
253f8f4a60bdf1763526998865311c1f02085388892f14e94f858c50bf6e53c3

SHA512
aca42768dcc4334e49cd6295bd563c797b11523f4405cd5b4aeb41dec9379d155ae241ce937ec55063ecbf82136154e4dc5065afb78d18b42af86829bac6900d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c81dd3395524bf97f93b22405c4c23dd

SHA1
ce69fd181a40de10a4b4a7b73a1d7641db17fd03

SHA256
1c7f45ee8ae336466ef38cce7ebbbceeab7bcff36394b6ed669ec1a53ff8a963

SHA512
844198aab59a043eff0c3913f6d905e1436a36fe471e1b0a7c1a630d0e2cdb9d11fb8b0c2d6d6b7b8ab6acc02934d1384fa956fd1b259c1d8a90d4589d326538

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\1e922fc2-2e8b-4329-a2d3-d83c33cb53c6.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\86ef43b5-4ac9-4309-87fd-30d0012c0942.tmp

Filesize
10KB

MD5
1479aa4c2c80b3922adcd7dc86b3a52b

SHA1
24cbb681995932fc50f71f6af92c3a5882057125

SHA256
aba60bf7e14facf435fedfe48a1dc831ee1430dfbd27c72f1d47c6ca00eca614

SHA512
185a857313584daccb1f5e4f73dbbe58547df3d517fc2153b4c339ce61015a032641ea2c342c332dd57a81681ed5ed8fe71492ba44a1fbc1a845eaef31c2aeac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
75a1479d25b940d55259aab1004d7f52

SHA1
7b079d0dafe3abfe933b9d3640dc98f84c4e315c

SHA256
7e269c6615cec41bc632fc2c51293c4ab00bc87e49aebfd21139cec15bffeebc

SHA512
899cc42dd58e97905e37e99b0de44794a635327e495c73b85f58132eaf3a10e19ee9c4f4b307d6cfb549ad2212a0efd1fc74e8d1f74ef9b6e3b29435afaf53fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
d2a34846e6463ef26db599ea4f8bd92e

SHA1
f6e8e7bdb62b2a00fb730e247123fa07e082a0fe

SHA256
a3dd0a2fde93aec0c245ab57db53a182fd7341c48ccb3c1323c94a65b36f3c7e

SHA512
87f83f02aeec96d9767fc17e8637816dadc872b11a63522cf12615cd68792b48c64a2218fea27b8c12bc67f0ff71b760bfccadb537cffcdb40919ba90bd0c827

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
19KB

MD5
18dc787abac5e1811bf3523f15bd0de3

SHA1
b2388aba6ab415a8b84de34efd01ba2150d7e0bd

SHA256
a0a6cc9cb1a31ec55d1758123586fdc7a753c62c6adc540f1294b7fa954529d2

SHA512
4565e9ab96e1f12c215261ead665a567157430b5380c2abce1ab3b1b4b5e2c43ad6c8a83c6f5c58b56aa74fec11e22c188402f678e4b82a74beeea215ebecd78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
50KB

MD5
2bf8686204f6758d22333459d583a253

SHA1
0a3a5d92993756ef803c7aae0e2ce6cf0ddedf57

SHA256
9d5d9af4d7aa05151cc46d87daba29a485575b7810a63cac97db7c797c647a23

SHA512
1d69e08fe43a4741873c248dcfdbca854bf385d137b456e6af3cc27a0ae331ea7a5463748f17c21131335c9851277bb08ab0b4f3bc94d41c7142334ea5e4bc90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
67KB

MD5
60ccc92d503cade1134b284567c01c6a

SHA1
bfc32b2d502e534452292bda56a05904f98b02e0

SHA256
05a6e55ce84e3a46eb50623a9137a17e132c082a3785e94a23400c6a246750f1

SHA512
831a24f41f6add98529eae3a3fd54270cbf4cf9cf126821398a5aa9caabfa96a7fb20ed13c3dbb3deb39357cc0a4d979828bff9a531b529b21b334058b7d206a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
45KB

MD5
f95a0faf6629fe55dba24478808491ac

SHA1
c91fbfa760c6642f522038a7e90b9445cf8c762f

SHA256
3401a6c618e31c817b75f603ff2ecfd83b8b75e4309aa09007cad5e98878f1f9

SHA512
06f2e5329db17deb104bd106cfc84ea2b321a4ddf64d6d4acf37462cc0d898530b3d913f2c48c7cc29063bb22430e9d12ebd6c9f8e32a2e980cd985a40923673

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
138KB

MD5
3f3a2874d03bfa56ca8f18c5ac30247b

SHA1
f530b0e5331e2a505cdc2506fbffb22a513c00a2

SHA256
c1aff8c7020138c0f03ea8c0f895d525c3cbb344aa7f4b828db96012f14da20e

SHA512
2b695ac6e24799ec892f7e4ff68767b658c7ce8166c02b8debd4e0532a25725984ea1df124e9829a1d9cb0ad7c1b3ffcfac68b1919c8730b2958d02fb152f2d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

Filesize
65KB

MD5
34717ce01e946a0d385473ec97d2e845

SHA1
a369937730ed782bd4ff490db7168da743d24d65

SHA256
3cc6335d28f8eaed16356da8786fdd98b861605f34b685e1ab011b152b34f27f

SHA512
4e389044e0c2095f8365353aed53f25e3f5138622f1c34ec33d4b7f4c19c3f07df21435b1b23e2f97b562562ed02d92edfb6cee7cdf60c1c78d97988860095d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
31KB

MD5
fadf1955822f10d6e6a6a49108d86ebc

SHA1
947d06ea4cb2a30c2b59e91df240b2ad10111215

SHA256
c6ea194d7bfad6a9f970fda0a23a9cc3587898192ee21ba473ec4448af84e645

SHA512
efbc731aa58a11c298abdb82d9028873bbf8393630c53e6b59f9c6fa9f26c7a8ca3c94cdba53b54c9081b06f7aada0e53e1366660b71653844f619a02f351f74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

Filesize
19KB

MD5
3c08ea28594c96031b19d0a42e717539

SHA1
c071b1cf58173811299272af7857598f7f923ea3

SHA256
a98022da7bbf7eba3c74954b67c237417e7511c0a6b282c3c00213fad46d31cf

SHA512
0fcff0835a56760fe26b1814799fb92b1604675a933f02b5e104e79ea3ddf8d4eb20159c5887a4baf9ff4f4dcd552f3dba1e8419977329a5951bcd10a075b541

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004a

Filesize
39KB

MD5
1b6455997689b748908dfebf00b5d5e4

SHA1
9c1cccbe3999493417954b005ca412e5bea70b27

SHA256
0429346ab77ea90ecddcec08f2cb3497e9b8758dfc9e8904e6786ef2707a5583

SHA512
4e207fe7ea9eba63e06de3821e2229dba007a4a572d049c317f9fee2cb56ca485fe2517a7f9fabfdcfe35f368635215a180b92b7f3c8a299ec651a2d4585448f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000053

Filesize
20KB

MD5
43b6d5dbe4938bf85223e5986e326acc

SHA1
cc8bf8ef2475ef84743e6b94be5643d6c7df38dd

SHA256
ebd8b783619a03a8049931d4a5139fb03a0d8cef61c1a28ca1e140b7df93454e

SHA512
14cc139f3f550970f648ea7eba7d46fd29bc3aba2b851358853f29e664abf2532c7ef649e1ab03cad861ceec6c31a8726e09eaec01e1c78e8efc8ce011e871fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000054

Filesize
30KB

MD5
9d6606ba9fe74643d800a695a1b494c9

SHA1
304521c975706097ee241f6ef75a4a5d0b75a199

SHA256
adec5528115ec117ceeada3908607b03638cdb8e009c5e536f72ff644bfdf84f

SHA512
aef80402264e8cd046d35a859751bcb8fc11f439d2890063b8069aeb2d99e1414e29bd48b4a1f99ce7f5f3d99e22867702d8012300be75ba1db02dc66c498ec6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000055

Filesize
83KB

MD5
da9b784010431a057384c76eaa26d29d

SHA1
3916a940bca461358747e0f53b33b4eee52f4996

SHA256
fd30d9e3a9d04ec7225859690e704378baaf7a7496863d05d0f33204e186077b

SHA512
179a92bcb6630cfba1de894f2520bc2cd739c82573306a4b0b7e23553a44c9b7e23acef5c14af352100ea3c3e70ad86baa24707a6ead0505ac719bdf1ddd5c62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000074

Filesize
198KB

MD5
319e0c36436ee0bf24476acbcc83565c

SHA1
fb2658d5791fe5b37424119557ab8cee30acdc54

SHA256
f6562ea52e056b979d6f52932ae57b7afb04486b10b0ebde22c5b51f502c69d1

SHA512
ad902b9a010cf99bdedba405cad0387890a9ff90a9c91f6a3220cdceec1b08ecb97a326aef01b28d8d0aacb5f2a16f02f673e196bdb69fc68b3f636139059902

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2fe02326ee154038_0

Filesize
52KB

MD5
b460d6a1fc1f5dc41f17d3e9b49ee30c

SHA1
0705c3298a06b85397715b707e768c58d7f22049

SHA256
35e89de0824bd10f0777ca21857c8e58fffa5f8441ab5de3e6c78e95f4f2ac3c

SHA512
9a9710e6c002e522cdfa1891a4e5c5d57c921489501fa45a4b049438bdd88f7cbe128aaf7ec87fd34387d96a43acab64a464e8a24dce56b2516d8a2b2d00c32f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\523def6894bad8a2_0

Filesize
300B

MD5
cbeb11108101d869f4eeeef8d575919f

SHA1
2f9ba63013bf6581c030a2ecd0517a5c642af989

SHA256
054072a240d179ee08fb13be783dd321dac21915f1bffd6f99893cc3039911af

SHA512
d1f7576a929ca9bbedef744d1c51c34b26063041b29a10add49823c0b9702764dea0b4c9945a89af2c96d99d25e0996621b583978739fbe0cd2ad717256948d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
2028d368b894192f7cff0f415bc686de

SHA1
50d546c36c026cd65d1456961293f01606beeb74

SHA256
6f07ee19f4e69603be9a87f3e864746e9d786afe9ba6abba7d55b2c5d310f305

SHA512
7f72354e29ee31ff22214a9d90c19cf510762212fe89e223c452f9b06da5fe6a02155b422b92178a9147b32b30fcd5449c05d5c79d1a59299d813cbc946167f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
fbe3fa32d2450b309e101b269136438a

SHA1
f6898b46145aff2ac861194f0c8bb71fa4a0610b

SHA256
947d35000e6db296915a7f656dae4561efe44bdd17184f30826c1a2e34e0905f

SHA512
81c45cb972caf9b9261d25bcbe922301a3935bffadf30a73d6be8122b79a423cb0a6378024908c62015051f33d416e694c593182fae7c4ec87ad9db5d86c4c02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
24a2d3d15e4fa4a8957525cd6fd30c0c

SHA1
6d4c6d18fa4e2edfd3305e99c4eb66beb47ea449

SHA256
f870bb09087d534c7ed9adf3d7007c6bc02cf343e1eda40be520ddc0e4ed5e57

SHA512
da17fcaf74e63e49c148189a76ec4a1921dea819f51a570ee2d5133fd8eb8442cc2b0ece80bb8db12ee40ed2b302c9c3bd0f033309a0c8b5a2e5f4b5b6da2025

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
45a42d9b6f162b95e8702f2de68d4752

SHA1
5e612a3246e95f4409e71c4e3802817e85a3d1df

SHA256
334491a79516f52333af7c0138bd8470018c7cc36c8eb5d144edc33deb538039

SHA512
d0b73790008fd824dd53374348f363965e1d4c805ab392629aa8563db8b57a891c6c5e5fd6ccd599eb86b0f6ffa57f24354a4f91e269a750e950376795e9b193

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
624f732016864139ecf1c34a41da8e4c

SHA1
e90738af44d6ecd4c55dce432803c18fd58babcd

SHA256
bb81034c1718a11410f88e6250c38333bb53abc4432f7fd6f2055a602d1d4f33

SHA512
7b3961e42f9fb71725b86ecb4f2084403adf7ceb77d26cf93e6403e37b8e52d9162a786426f4c71c5743d284bd67f6ce614cabf47e9ff47468832453fd8377d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
408fd9c47f8afcaf679055053fae2563

SHA1
cbde900e13b42fd945aca6356a3e22fbe279a17d

SHA256
a9e9378c81e2f6385418bd01f091c53f5e7bfd0043b137683fdcbbe8b9981550

SHA512
5123b6e7b92a7d308a9d1d20fcc2a5f2e2bf8c20b44580190ec047bfd2a96c0d67823cad9c14d95cee4be5e8d7215b59da08af44e52958714878966557dba7b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
9e1a832e792d1b6f0aa75d039f52f7fd

SHA1
54a7feab85aff715e086c59f948040b1d27110db

SHA256
9b9be3e18e5458fde3be27fc96f28208ac914e13a489314966f2cf516b4fc4c0

SHA512
9d4f743b45cd206cc46692a6a379cd7b040482828b58dd375e1be5c17a50653abde098a66e843983047e799de8063a053edfc5ad6db5fca13dbf4567b519c985

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
8da591e298782d0f092debd22fd1b8e8

SHA1
67bd975790b3989f56bd0e5de5afa92145bcfbb4

SHA256
ad74cea4eef1f6116241f00439fa5bbacbe4648981032b5c9ecae41d143e4ff9

SHA512
85d8be1f45a705fbb688c154949fcdc00ee04e12ceefe72640f8c459138d8615a6b60299cfb453fabc3837d6b49d6c9c62bcc75c712b22211eea55adfb934f35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
adc4c7ba4f81a051283b710c5a879e3f

SHA1
1a6a020fc62c5556b7cb114a580ce74b2cd5e32c

SHA256
15f613307ed45cb465d49a9491a27fc06bcbfb1dcb4d994b555d86746a4315f9

SHA512
3f00b112a0056ceb923d5dd5ef91775ad14e30cb5e9de7a3f7d3218222bd9fb1bcbe64f8a826136c5dc54ed15ae5f39671028b601c37eba2f6a3fdf9d09553aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe705635.TMP

Filesize
6KB

MD5
105ff2982875b2d4401e10d507884d08

SHA1
5e7946823777408bdf473db111431b27137a57ec

SHA256
4ae88225dba04afacf4d5c509bb631efe0cc8e0061b5195e216fbcfe7d38caef

SHA512
d512b6b977a833e057c09b3d8bebb14b77822d09788bba06a0c336ae187163eb26ff23bb66f6f28113b1512bdc86c7199e67d349448cde41cc3e9438be4feac4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
6B

MD5
a9851aa4c3c8af2d1bd8834201b2ba51

SHA1
fa95986f7ebfac4aab3b261d3ed0a21b142e91fc

SHA256
e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191

SHA512
41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
55KB

MD5
86abc2b6bc4655b8d4437b4170a17170

SHA1
2c950a4bdcd23c30a865e9cf4bec096fbc6eedba

SHA256
c893d74097eaa4fe56a046c47d193cd3ac71c093351ed836d960f2ea8e59f4f2

SHA512
7ff9fca3ea6b486c8355844f6d3ebab369e7a8b8acddf7ac6109cfe19a1cb86093e413e1f4eabe011d385684a9724528bcb88cb458eb4c84c3c28a14db64402c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
334B

MD5
1060f2c7b8ab79fb4e137f8e3254d4a9

SHA1
2630761456c869669737c1945e6abb6079f90d84

SHA256
caa8facccbfb2e2408262c01b30c545f04952dc6a5f5a62c1da6cddd55c5bcb3

SHA512
f38a6aaf943e86b0bca6a5eab28b74e8ad8b8fbb8400d512b060d41d1aa0e2bce2ee9fdc80018deae97473bcf1832ab5568ced9fff61b0f97b44e7ecb8b78c4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
400bbd190fbc9e374d167b0d60ecddbf

SHA1
4cbd83ef6d059831c562b3b0c8e892e005c63108

SHA256
bb2b1cae6bebe33515829e60c21d855c34b1bfdcf3c27701aad3801f02cdba41

SHA512
0f7691a7c47a9ea0084827af34f698784bc27d89c0db8f2d7b08a8024653884a7ce2ec3736ad7a2ebfd19860942d9b102bd630f13bedf252c40033fe5c3e0818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
f2d145296c78252b45fb0c3195b3e63c

SHA1
69737fc5cf75bfb5b6e230627a4bd4a6eb963ace

SHA256
533edb47446e5cd11bebc9c031bc3a7ac921134ce8cd21e779f63ab5e8876d92

SHA512
bcd2b6ea295a64afb0388f19cfbd2fb1f7ce8be2fef48943fe52d64fc4eb224cabc4829764294256ff66253aa8d92a61de6270c64e96859c4567d29e3feb1e90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
ae23c907e81f20764a29ee6e4b483dda

SHA1
8dab91c6dab97622b68f699fb34788721d96f865

SHA256
fcb71c7265cba2f3715de1d03589bc5aaf801518252056e07e078d90e22ab1f0

SHA512
70a838b7edc2e45a5b20041564d137648ddddbc01e64b746549de8288f5e692bf03ac2424149a7ed02b39db8922bf1ec3eee7d5085435824c9a6ab854a0c680e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
131edc596c07ca22ec196607de5b81b6

SHA1
27e0c8349c7676daf05b18ca5e258e409d9ca9ac

SHA256
ce420a1caf223157f8fa86603ca2ed0a3f4e6e708b039333018e82242e4d45e2

SHA512
85d016afa58a2d997d6df9d376d3c8535442a10de2aff24d98a4475de369247db4dace4772dee8dc12c0ff4a11d6207ffa87606baf7398b73f25d49b162c593a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
53164de61ee22ab7d8de9d085570d3be

SHA1
301148791c850c13601cc2bb1c10350ffb8aa795

SHA256
982629f1918db9e03e0f052a72a6c89d8597214c320970bbdae07e2979db0263

SHA512
acc3aa4a006e21248adc5c19e112e6543f4c791ba34eb7d26dfef29e881ff03c5d0b4fbab19c7e5ec34a56a55f7a967cfd6398d030df4c28c5c0489ac9b30405

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
8KB

MD5
0337e3f2d228e7c96e477b338d5a11f6

SHA1
152c57eae83f3d60191795f41d42f75c94ce5c8b

SHA256
09dafc0a49ab2a6761935386302571a98bd1b72bff432a0037e53aa9d28a352c

SHA512
b7bbd0a29406b438c1874fc6f105e9c147dfe791e7169f941bbaa8b886559a07be682a12404b9aac0c4eee11edfb1ff7eeef7eb7a7abb7b1f3239757213130fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
4a1e133c7cec51a90839b852f5333ae8

SHA1
a5683bcd1a79a729424b6aec54b838ae386ad2a1

SHA256
acdf3531adb4a8a3a7866adadfa2b66abaa0f1a4d211720d1e483d8a13fb37be

SHA512
2e7d3a4777e61f03e7203807a6978eef4b32e9317dc9438045ded32a463ba6191156d07a23fbc82b9b147ad77f91f8ef3cf920449df5824ed67788f77bd99ebe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
83d79b259407497c71ffd7b020c4a42f

SHA1
f426904e0c04bbb122ecea47c0a04a5b08a26f06

SHA256
e99383abd7c8079f9bd0ccb75a6a382dcc50721661badd88b8321f2c43727d23

SHA512
1e54a19977a2477cd276e9b1dcf1a874f57fd50e5f0cdfe5cbaace863080e2757f5e3880cd320a5564e2635c881fa518f600e34db4dd2e4155cc0395cfc39a57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
0801d0b92fe8cbee9f4b0d5ccf40d127

SHA1
2885d8a789d95251ee21dc21eb367fbde9715fd1

SHA256
d7aeb0eec770ba16d655e7df06ef69aadcf24cad424ccfa43b50250ac9620412

SHA512
acb16c806204503e65afce84fab4e5fa2082bc8f1d9c34fc95aca5cb93c5f2ba5d1c9aa5834295be7c2a14a6962a5d8db2e3d9169a2d6a374ba9c55490e42447

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
bd2ac1b3e364494bb228ceee1fce1466

SHA1
621496f63592033a4aa2e2f8202bcd44cbc7295f

SHA256
c5c6293745726069cdff93ca3ef675e262acf525bed61c7614c8bd6caa75bead

SHA512
30b3398a3c251df7de57ea9d3c786ea94784747a3f126f19d494d5de26426100d82818a4e9be3a4657d9dcd63bb379397a636216f3ece07bdc06b3a77f0c36c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d721f0ab311668d9ceaca9ec47e23817

SHA1
edcfddc1013a685a672164d43d80dc52b5abcc4e

SHA256
3d6aef7f19cdb56fc7ffd8e521ac728bdaeddbc576d99cc7362c96369bc25d77

SHA512
3f4615aff42ee6ea15ddb12514ac7c619f59d263239edf32a1aabf7f4ba41d61ccbbb162f109fd6e45e8cc3e4926bf047be8f90acf1aa83d65a26d58bda760cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
11386b0189dbbe99eec59b65faae2b7a

SHA1
00b8e7d8f442b1bc4597c44c75a3a50408df8727

SHA256
7b716ba0097db728f09d368c4af31ec3a78b1afbd85b87a7b6a1abeb616c8567

SHA512
b43138af110358468aa51927f098450c3df0730a8feef6ce856b40def2031858dbdce041993e02954bfb34b43ad42066b749b836ced42cbd71b6a0b1cd64bd54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
a3270804b63ebddecb6b404f9cc0e5cc

SHA1
f375727c1c999146b8e5c96021d112f98416b2e4

SHA256
5f308b42d720c600e4ed5b06048865a8d8f4a105a62edb6106fd0041fab0f683

SHA512
a2ed56de7f4753a9e67639adabee805ca27fb15ba3a3d53be21448ba368f9f7c53021b9e5b72a671000c56d4da31a557a5cb5c638e231737daa3764eaea05b1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
ed92969e625bef7787875c857aaa783d

SHA1
6f7b56d8c7a9f5eff7891d0ef646cf9380f649fa

SHA256
096d7c56a66e5c809f58ab2c624caf7635ceef0d28feb2db7046ca0fdc6a9abe

SHA512
1d22fcbca697f4d62b61531d519d6eec2b051164fce154c78deca55142daa62c8afbad004d4527791866169294b0d4165223cdbc894b77d86bbce59dbd679ba8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
0656bf4d9ff3e56161fef77afc3b9fc1

SHA1
ad9e1613a67ef7a99057272500536737b6f3f1a5

SHA256
1f8798ed4b1fed28d7ecaa147203ac115b0f3afcd07c09a38eef6bfb6f951fee

SHA512
a2a0a0be0b7c1a1f17dee4c0d97f834f3824b2ba2fe8f0a7af0284063f270d943b4d054b4b479e0e70940e217d2f1bf554a48efb60978361e147bd6481358156

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c92f367fd91b7c8d087928880d46dce4

SHA1
94824071edb68e610804f913f6761a236a7975ca

SHA256
ba91cc7af4056cecf73b64520408616913ba3b05593290024bfc0b98e57469b4

SHA512
4ae3d002b55d521e28bb29926f0b5d311e0398ae11a0db7458cac8c24fc9ebfe7f44ad99bddc5bfaaddcce4171dbd6eec552bcd1cc4a550d23913919eca801e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4788b2ad435315838c4e85e38b831259

SHA1
a259ec6e83de9306bf1a159107d78d58fd8b64e8

SHA256
bc2d7d9aa35764191caca464516729463dc39150858c4fce1e5051352fdb1fa1

SHA512
a98650809cbf4ef3150f774688799dbfe205d07128d1a52f61bab6faaf31cf5ace70d5de843e49633eb99364f2c8495b08148f1067f3137940c4629a455c3452

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5029159c25b3679f686288b434c18265

SHA1
9947ad6f7254688821642bd4836c3849dc9d31f5

SHA256
48e11555de1e74d172f51b486c8cc2ba492e42260eb1c701ca9e149b086b392a

SHA512
6a3a4a65e8a287ec5896ffd102610a8519bd82ecc62b4723ff4551db9a55aec3ec876b26ec6ddf1e14bc5599538914a3d2b9836c7f41cc07d5e23f8a035ad14b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
0bb2fb74488b64adaf38db0cbeb66461

SHA1
477fb0a5b39f416be2b7355cfa2a7307ec5f998e

SHA256
fdc0c6d592123b392347a873ca2df4b78eb7e7e919e7501a09f69d709c4d3247

SHA512
efd9e48cbf1f0ce510229bddb13f78f60c4b1d4119bcf80990ac8d49566e55353343428ef1b98d82f1c43406313d002b1de59781e5ca19aeb6fd89903cb35853

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
7bc3b953b6e2a27ae811d070488b005a

SHA1
caef323d7c8bf5b6aa5ef4e245486a978f40e5aa

SHA256
20ff822970fc4e1f5b585f2dcdc5b01c0779770488189fa454422f22029adc9a

SHA512
24aac6df58c3ad8784c3b90731f33db1ee928c8d8e04c98efb70392d4b72d6978a4c71cdec97ac73ec7b2734e9fd831f002b4cb08bb4c03d53184467fa88dcae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
c7c0dbf3d2d83312dce23eb49fe7ef68

SHA1
6f3969268fefb919b3494f820688d26c737b40e3

SHA256
4a02ad32185394e7644071db2dbcb805439411de210a18e4630b951062e67cf1

SHA512
bfc3dc15df2a00a3451f067246e955a8fe6d3b3c72a55693b63850c229f3d45dbbc4b7c42376dbe3435455c46f56634457c603688f721b7428909662dbde6e04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
16f927f6ce3278f902928edf01b9bfb0

SHA1
3a541acdaf67708f3892935b0cbfa5d83f541b39

SHA256
59763e7b47199c289bc08b662f0ebb86b7515d3e5a3519cf154850a5c75f1b3e

SHA512
5148167b590f8c1e3c1cebe5760161418852bd0100df63cfe54e326010f82b52056a3f673af7c7a57d04d7b14097b133e2858e5fbb4a13dd4d453a69028cf054

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
b982d5ee0dc5442e896e0c03600712ce

SHA1
8e6f32d797e4538e003e96e388edd482d6c32f1a

SHA256
7d2d8fdf25e540534e387e5d237c30a7f9a522d5bded2c03b9c85d5575702f1a

SHA512
405e7a11d51a4a37911a98a7d96a01bfac6f76416303e7f2f695e3cb9256af3c731eb40d92087262eeb02d2c06c3a4484cd6147819f7e899f63945ed7d53d93e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
7e2dc232f803dce8e78d570c9097c726

SHA1
f3625e8e718ee2a9314bc1ec48e692b9dab1bb27

SHA256
967146cb0ab9c47b2475acaa715a1f4dd32dddc8e6bab5a8074658e44c1de71d

SHA512
e51c0a93ad66bd9116888bdbf27357fae6ab096ed2d82f11912da516e61f2b17be5f81ea243dee386f513c98ee1fff6259cc3ad41c4335e7708627ec746796f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
3888658a193c6734edd3250aa104f832

SHA1
70537c6f89b7636b9338409386a9f6b8639b8669

SHA256
8bf4afbf54f57a655d1a1268f76ea1ab34b365a80289581936c271f3fb1115ec

SHA512
f2b18e191d8ad89861daed24b247737be9daab185526eb11c36d4c0de88b7cc49e7aa1d495e0983e8fb5fd97d3e5c2316cafe410780c480c22a51db7ff3cbe06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
66ac9a80c2839f57e48f1cc6b7c96c01

SHA1
33296d961c02860e2d00aa4876283998e4de18e4

SHA256
408fc63090e822f5e52c098afe0d27775e32e337aa9eef8991a7b2c8a1c1a80d

SHA512
31d47d8a796421911a85881bba354ece33cb9ca579be3a2084bbc04f353ffb2e5b4a1ea70dc413b22e6373039498598de4c4d3495c0d3808fc7f845aef2f5c18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
55b620fe97bf0d7ddb99e021decf94e8

SHA1
211674cfc2689e84455605360502c62a87ee8325

SHA256
e1e491eff343cd813df719b24f24f196191f96b1c07f94268dc4d70ac362cfd0

SHA512
7a6427c21c0af10bc198de550f03dc7ac3d21a98a1ee18da156541cae734f5908686fc4169edca5e3da7a908b119b81e7f5ef26d1429b64fc0d7e851adb2b543

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
aff1f18ddf9a04764c1d0dcbfa717907

SHA1
c5ef32aa910090e9271f79a3d4172670288d7664

SHA256
b4913f927dbca0ab76085887856469853f567f835d93559ee188db2ccb2e717f

SHA512
8054b0f9b76cb79722fd007d5d854d4d5c7efa9d2201d0efcc0a3ed53c90c22769acdccb127d317756577e1489e9238d25338b32b88a3a8facc8c57fba01716e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
6ebe806644cb325fe05d53c06992da18

SHA1
dbd8f86f824222d870f3744e78b5ad989d3e6d11

SHA256
8bebcce49f1b820d2e730f36aeadba53b8683b8f952456be808faf366e137dd3

SHA512
9151d138b617bf69611079f0421f96354f65f98c447858ada8fc8d919cfc37892673570b8b0071f75e87eb0130a7ac424466188c5f3275e7a6cc34d92e4ebb61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
8847005cf9b5d43b65da1c97173029f4

SHA1
c33034ed38becf93e8e04ef2839b49f642620157

SHA256
0edfbd474c800236cfb7fc5749eef5c242fe47c44077b9ec9e44db39ab0f133f

SHA512
ef2c1a94845ef510e896839afbfad46f64ea5e83d42831bf7b770f7e068742d53012b7a2c0229ce2a895e09a508dae0bb2186fcf21a7f9299b35d17353299a6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
3f813ce3969f5faba525b0277a1421ce

SHA1
806f052f00bd16bb95478bd2c8945e3bb2e32ff6

SHA256
299ff30efc0161fd456f13b3962f5f423a9144e3d16455f8bd89e71a1e03adc1

SHA512
d7fdf437c5b0e465a9c5c15c55113146a55e383db81ea2c5b6e75c981208f827dbcd9d08f2a14e3ce86e1a013bcf66120dd617ccbca92988ec614efa4cdfd4c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
387ce0a818f72464b35a9b2a332c1ae2

SHA1
98d8b205a6f53f677f3b4cd3bb2ecff16cdeb414

SHA256
30c584aa96682c6451a1942f1ff849833e61f42784dd705b92908c8fea73cf85

SHA512
9026d198ff0a3059a21a71c01ae3228481ff4db76b19d411835acdded0f70d6be5adf0c5330adfda0df1a3713080f34bba34b63fedcbcbc28a300d05d6121c4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9aece01a97cefad54f3674ecde7e0025

SHA1
8a3b37b7ecfeff02b959a30c88e0427c872c8fec

SHA256
fa7306eeaad57b62728259406a65610af7cbd13cdf35deff3bb77298166c779d

SHA512
2717363b30c4a532091cb9921d93b9342e57a0cd0f86345aeef223466a1d1143df4ddd7d1667c46274dfaf49cd564038802c3955d8e6f76c060c48c17c36cc7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
ccfb2088e0934ebc6253ac96519a5909

SHA1
2815c8a9bfcb7668a0f17cb5950d6d224d4e880c

SHA256
a6de08c6362d15e9b0bf75b383b7e562661064cbedcb0a1574ec1e56cc3e2c44

SHA512
53314cc8b4ecf3e974a2dd18edb77d59541329c8bbc011eca274f86127ea467aa42f5f32ab09ed9bd4bb28f37fce72525cf3ae273042d5d10477c23166b6e108

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
8a710a879930279a51cf6cf8c03c8b47

SHA1
18367595d83d073a71d8efb1673e1b68886ebcba

SHA256
97257358dea4abda18bb57124fb24be367753b110ff98003d8f8eddd940df46a

SHA512
b75963e6984c05622813371a0f51945fdb8dfd5909e1512e5f9aace9f3a35e58b3286efadfe3b5749a8edfd21e3c263265d70aeb611c374d3d04363a10a952b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
089af4b3c43d699d6c99afbbccdccefc

SHA1
36ca702ee0e21c15a5e12de72da9a78df1c9b106

SHA256
af9c648f63ebb66ae62612699813cb147f6a1ea58cc0d9db2cd6cf5fa03ee858

SHA512
0c58336e64bc046bfa9d850962cc7b718e608bed43ff8b5ea82a45c4c684b4dc4d208610beccc92eb7d0882bb7eb16bab5e8ce0891e7e92cd417b89af6d34ecc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
931a6e001eb851412dd0eccbc12fb282

SHA1
2868b64cfb5e74ddca601d8bd19b8465f3547cc3

SHA256
b1cd818645768102818abaffa548eac40e0f865788c76a950d7b253c2c62498d

SHA512
7bc3e4a0a7cf5ff6ff94df0c15822f54cb3ab2c8a564513ebc961ac976b70daa4b982f44013c4b6f3d82381415abf7141e9d92b01e451f0dd062a42bf24ab7e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
127ef45b4f36fa4181a276f5693b5fcc

SHA1
c09cdb2957fe9c97149d8935aa44fa4dabd9d061

SHA256
a25bd014211d42085c6583c2ad8114b65a364ce21ecf6f4fbc89e631f185f1f9

SHA512
260a90426c96f244da804c9725378266a6fa7d30455b9eea0cee9be65b6b8bed174351793561d5556cc7b40477c58fcf044234a6f8fe334f3edad61dd5bfd2f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
2628081cc53b33abce6db75e2267ea48

SHA1
ca5c27401e460bb14b8ef456484dda7b67f8ff79

SHA256
596e31f84c114f4eb75174940c93bf1d47d2a036d84740596175789ff3f7ed86

SHA512
74810bd287a063211512741201beaa3af96ab7532e318fcd16212d536326e140a1234fd62161903fc95264039d9b0b0738d13a2ea309ca18490d491f4e0ea416

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
fc3f665be0b93d894a17f6492be0bf7c

SHA1
efc2fc8d0cc2fb5db8c2802389dedcd4949cb78d

SHA256
5ddd66e6833985ea5c13bf9db804ad4450de155395f7a29193c0f00af1f5fdef

SHA512
4ff353b06025d50a667b4ff2000bc288571540845bf22d5dc8da5017288fc31e6c8aae5ef00dfd68c59214f64e7c6c95251841150a169114e0d2856d8787bc19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
71da668f05e0fb93245e46e007c3d0ac

SHA1
6870eab49418eaff1f1dcbfc10a7e17bc1d5c6b8

SHA256
e61912b94c2fa21dff79d5d1760a3e2940003657e536e1715062812b78cb298f

SHA512
9e9caee0acef772cba3bb2b5bcd47abaf856de09ddba47395168ce01f1f188459364fd7aa1b0717310f31cfdf31873995b43a45867cf63cbef8185a6dd669aff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
90c24d668445f134ca6cec2f9e05a7da

SHA1
b913b5f85508c5dd070f7f8ebdfc3cfcde317704

SHA256
5af7ccf49ecca1fe5a5e75dae4e43b017b845bc4c25f486c032f5ccda4ec3da7

SHA512
d295bc3567081f4d73782a1f66030010380113a007d903adb14d9bcc0a78afb2f64fe1708ddf7fdbb599a4f0c5ca79f0593e9ce1e741ad57f8c0059ff1c47fb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
175B

MD5
6153ae3a389cfba4b2fe34025943ec59

SHA1
c5762dbae34261a19ec867ffea81551757373785

SHA256
93c2b2b9ce1d2a2f28fac5aadc19c713b567df08eaeef4167b6543a1cd094a61

SHA512
f2367664799162966368c4a480df6eb4205522eaae32d861217ba8ed7cfabacbfbb0f7c66433ff6d31ec9638da66e727e04c2239d7c6a0d5fd3356230e09ab6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
7KB

MD5
a40db19c9564e0b81f31c226757a60ce

SHA1
5fc974311fcff677ca0c02fd514550ebf8e4efc3

SHA256
612353756e8798b98781887d5b0def692857a434876b8b315e7716b102db1435

SHA512
9f6d4f4ae2e459f6a90e42f6fc2010421b15c23ea8aeee7ca352c752860f0902cba8323c02d66c30cb847b0fed290529421995611e3191e0c2f568e79c7d052c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
322B

MD5
dee8d5b444507154e7c05937fcf77f9b

SHA1
fcc9a9c0c0bb7ef86a1e0ca3e09f465a83cc3a80

SHA256
66591d7bca629a3d3e8298854d99f65a2f091fc89affeae02b8f4d57da77f3a9

SHA512
8d9cabf73b4cc7668ec71a42580d51c82e74da3c3653cfcb2c3d0cab6fbe4f854ee619d5c4b027fdbb91474894bdf55ebedbf8bbcd2c98a3d94bc09293344f94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13357314948834948

Filesize
925B

MD5
a2802eb4af3b7d3caaabee5c32445c65

SHA1
9f9217ef9594ad9e692cde892742bc7b1b4a722b

SHA256
c4ba6e0a73e10006c994cf38aedb88683724134611f08f9173bdabdba9b0a81d

SHA512
8fdb914833a29da5b2ffd1514b6fb3b3a33549a41fde1a7912865a6ee211bbd097d211fd6cd55676f91ee6b2f2f3013b1f75cddf9960744145ee4ff6e79290b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13357314949243948

Filesize
1KB

MD5
0de5ee863df4fdc12f83da4a51af91c7

SHA1
5a22cee692cfca48351cf6c0dd447604a24d1474

SHA256
2a5317b4dee2fb65226475c3a54b54c5d69f09daedeb27408347954f7843a73b

SHA512
023e86e524b0fbbfde7987c5326bc6baffe17ba2faa260b8d652ffc756cb74f5ce1bab311ce5afdee787eaf221b227afbc94139bcb55aab8c3bbed5c412db066

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
abc812ba79093bf1972044ba62d47cdd

SHA1
e20e0bd2d776de24c210789d5d8d0edd9b2ce2ea

SHA256
b2b240504c2568151b56d7a5de2a80fc092a8039fa5ee8ffbc6c21df3c2230c0

SHA512
9f152fa82db27864ce94eb0a7d724bdd49ad4d6b77bae7cb6791f9c58d872a0c8f44347425c2647f52affe744d2488255625c8e8d9b0977fd2b5499178d924c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
48cce68b9039821153b7405855b6f232

SHA1
923584c7b8430055b6cb39b7dc54371cd623567e

SHA256
eac55e217c58e48419db5b8894c331a433c00211a8fbeb83b6a15fa02814eedc

SHA512
7d17ea915d186356028621ee44876518f58df7af43caa041e0c4401de8472878f0d21401f8453a577585c9422b7c82d073193c37164d8f855d2614bb81452b6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
2e6f46ddb058d7aa9d7ef407d6c5e3e7

SHA1
2d51ed7486f4b4131a914c60340a96ced320f1e1

SHA256
8cfb314eaf8e3656dc188e779c4c3385892ee6ab72c42fbb360de5ede00419d7

SHA512
a455e71e199702cc1a5a365370355d376389ac1514c88675a3a1e0fa27639220c5001b52983f4a3456f26254101b8b87b8f41858d2e84e8d2e0aa97105c3c7f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
868B

MD5
83ed9b0906b3c478fe63c800b4f9b3fc

SHA1
6e7ed2d25ab61e6b0837993ce34d30126213cb0f

SHA256
9e8c87bdea70fa1d8e73e9da10df51e499e8ed7f16436ca08bb67c183ee36627

SHA512
53f1dabd61c08fcbc7fb67fab47becfa62081dc9f3e77e7262f078545cb3199f128520c8b959711d5457143c71a9adc3af4f425abae2e40b4e9365b6e8607ce7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
c8911ad718d9d439e37f199915b42d29

SHA1
23804983cb382df36d05a8428b4cf09d8315e1c7

SHA256
540f7edcb924c20b296f6695ffe4ed4651bb1efbc9cb7900a5a9ad39d8771919

SHA512
97b7ca0f0c834dd805a798d1290f9f90f44954e81855dcbab341b1cad33c45934b7ae5b155ffc666defdb4c2d52343d76e756c5c31c8284420ba0814729b7acc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
c3bea2454488f758ea959ef3055bff5e

SHA1
cf31342458a9a460c27a3fc93ea67822c7d4112d

SHA256
2d77ae687d5c798814d11c36d61ece2acf6ca601e6a4ffca39e4173d25a7304f

SHA512
9522118b4d6e6876f835718ed4ab1c9e918c3fb5bd76e617c4aa889129f7169149f67e37d83316c08e82f670c143967c4a7096e1f8c15bbfc177ee11410580c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
e0f1aa1731f28f8d519bea11237c70ef

SHA1
7b0c9c533bc87e6cadf4615a7ab826d0a71e2bbb

SHA256
aba4c01b4e5d76f94fd4ac7f83e9740a4872cc941c111579a63b5d3e6a9d681c

SHA512
f18e5f2f9f47134316163db0ca42fdcf24e48878740e6d2904f5823e34a57bfe47e763165dc61ec8fa19b1ad29786bdd19ff86d5ce1690b9872837182be1a1a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
5bc1d0f233e92bf37d9ff48d6abcc356

SHA1
ca07ce6922a9ef505cceb4ddb17d5f76efcc3497

SHA256
cbc45bf035f051e37196b1a1622ed15431f1a69ee4d476acfc4f473aa00f1c9c

SHA512
234e6ba2974e308a62c32308f57d9c5b35f8ec597eed85b707cc48f2716d7ac33db2ad9fd024881b829a59bae0d3529110e8b58f739698130fde84f67b8826aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
5bf33f044263226079f4cd1d4ce33b0f

SHA1
495766237fee278de9980da2f865522fef77d5c7

SHA256
3a99e031f9fb212946fc14abeae9e36609bb41d46149f8e570f98c1ef6fab267

SHA512
cd5089dfdff79eb57113e4a0cd8fc02ef3686b0e9f7d161a4ff255cbec603b7e799c79cfd4c43b1b13dc4f6f5b24fa79aae46235e41bf94d95faed98c6370b96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
9fc24051a778d25b81e99a25770bea8b

SHA1
3d408fbd5f9bb1bd0ea8a29d551448ffaa5c6323

SHA256
44e96e6e1f1116e1881e5334dff929860d3e0212a86e6147ee9ff526fa174ee8

SHA512
e5baac90d5c4183b7a486538138e7e6945a408d01390f0fa7aa97b7f47aeb27c34fffd285aa4f273e40cf7cc199542b3eb12fdecbe73f049e53df87c4fef5d5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
7a5309503a256851ea75ae77ef60f6b8

SHA1
e2240f0aedbdc292780b5d3a3376d96a09f750f6

SHA256
c12bb7b397372abe688b7ad5c93aef9b3593f447134c7e0deeea5cf57c31ab1d

SHA512
b51db82b9148552afda534e6933f970f1c34a22be257dc50c8b4f8c168b01a4bf8cbb74259967aeb83b3166db135b71c2a1090b7aa6cec2b4410a08160727a72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
83cccbdcff85ca3a54ba32d25812da11

SHA1
eab05db476e3e6e6832897a8a3d639b1005abe92

SHA256
156dfffe45478ebd4d9c04cf39dacb8d86011f0751f61b05f8a29425b2da88c8

SHA512
d61566c2bf57b0476146c78b35cdf20941b860aadc6e6f6a6d033834bc98db46599848e9ca5dbbdb5315fd6e005f429dd8daa24c4310f8d4d14ba919b48d1819

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
324582f32608e741b68181d93e734369

SHA1
0827b5a42c9424b796bded0aead6172cf0480800

SHA256
508b376ebbb61eb71caa6d92fdfa1f52bfb4e5966fdf499e8d81425156543142

SHA512
7eafb9f168b919dfafd4df514d57903c1bf7c38b3d438c671422dd991dacf909845daf1c0469d1a7095c7f2ae709e2b8fb740fc30080d46fdc3ee001408ca896

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
aa22e95e9d7d6d66eff74412b6c283b8

SHA1
8a1d0bdb6efd35bd6cf3f6df3c09bea54a524bca

SHA256
df92ea17341001eca6a39ced352f42081380f1f8f2b11046c69ff7ee599b91b1

SHA512
53c2ca2969f1a15b713c877858c98cffa228c3f54031ea9c446531f5b95e218d3de871f3d198e9783cf09e702f49801f531c73084a76896938864242f1692bf2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
8fd49e3117f97332e6a597bc3b1ae82a

SHA1
6c61c54b59cc22c0960a7e95f21d8aaed2777ef4

SHA256
35dfae2475c9a8cae07a7bf68f03946a0dc9e34992b8c59b8653b7dd99873d31

SHA512
f7344f8658005662eafbdf14fdeb7700b64e3db18c8f33201576d9e5e555cd18c0cfc324de91dad15a597602feb25726fe51586f949238b09185b86489133161

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
fe9f04f6428c4d40b98d877a29a4bc34

SHA1
3ebdbb4316c9d511c3de36e5112877c8f1532f89

SHA256
9978a4dc5ef018636d532a52f89dbf2a85dabe0595ca777ea3d02e24d5d9193a

SHA512
f8877c4af28075f197b7232f291755646608a270dca5038949b9bfb1570892e180b5f2a630f1eadda6937d4a15db299d2c3e221446da174f228cee7a419d125f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
97b30156d902aebfa9dfbd37381a2abf

SHA1
d7317e5a3a7953d237235649719b5fd7eaf570d1

SHA256
356ba7596e6e5e6b4f7a5d0c35160e65a1a35a519800b62351394455f996c446

SHA512
82b83125f77622f28aeb3b73da746933d27efdea040066a2c40914f2b3c9fd1d921b9d9e2c53f7e3284cba1c43616d6a65834c68947b42b8a2cd045d39eaccb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
fc52da0b1b37751d9deda2ca3eda3c09

SHA1
9c2c20f3d6cc4d7200004600c06bc313e21ae4f8

SHA256
d9c9d04dc08eca9cbc46bb9773b69fcd4c31da7c60e4d8fc675d1d4ac382090d

SHA512
26d849d87342b1dafc4d18f516d90332f71cad7aae4a9a97b2ca08d31eea5e3f992b68d7644ecff4f1116edfad9670e7f03bd084968f08dcec3877c4c343f751

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
f52f140983da59e60ffbd291c9d516cd

SHA1
64fd3ceebd80f40b4e834008de861de666073b46

SHA256
5144bb822c523e3a5aca78b0aba8c1423bbf821adc86e6ed30b08bac3f7d80e6

SHA512
d4381dd165b6b78a7f866d2b4c7374e75060d1d012bcba47d68c95a2af020253b01d17480b603964917d821b1d9625fe03d0e553934e9dfbbc30ddeceb5d61ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
9796b1b67fb184afaac40492812451cd

SHA1
96f64bbd694bae0e91b9ab637782d5293abb2fed

SHA256
d23c0c8780cd86027f6768a0646801bc32e2fff7720cd8c0e0610a3ef5c5b019

SHA512
9e52cdddeb25ecf6b294aa2aebb9aed4e0dd8d8c44832817abaeaaa59325e25606f0045861e9896ccafae3465981ccc97ebf5a2319701b6eb55df213231ebd5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
de731af4fcb31bb8bfe23516f312a91e

SHA1
24451a3edda08b6c9514ad25e82c313fd5b5aada

SHA256
d640ec62ccb1ce9f6fb2b519b5acd8a6e030c9d64155865a8a046267a4490164

SHA512
0bd88ed9610eb164701d44530bbc609ff9c4e28d5247f1aed9358cb050bde0d7043cfdcca3ea23922f00174ad3f65ccfa068384e5b83feec930cd07bc9bfa50e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
9874103aa379b61104d641df70ad0273

SHA1
1a0abb379a3ed5f1b7e46b5ff5ab4c4f95cce045

SHA256
d540acedc385574ec694785bb02b1a81a30ef54713fd008b5e81889fb5552c86

SHA512
5d28e42b89e93dd783f51b22e000c6ed062ceb44fb4c31df6933512c6dfc58546e1bd3adb5a60c86d172e8b5b89fe7bdef3dc1e5ab2d316284b3faa9d0262387

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
d62f34531e5a907f5bab55054c68d7d4

SHA1
9303b9f714d4f5af96eee603858736353fa4b7c6

SHA256
b4d561a4fed32f7128cfbef9e86a2a9e707451d38d33a7d89a831728e95e53d0

SHA512
c069e5de7ff231a7a81b65b93e0a66fa6d734cda73a37bd92467abc2a136305e4b7c229d53f71f5649679e93537ac1a9892458194f1e456cef0dcced11ed64ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\b1418b1e-de67-46a0-99ef-4895fc247032.tmp

Filesize
8KB

MD5
0cbe1999be983d8b74f904c360f4e701

SHA1
5e08d81dce3da0549595705d146d89dd082b4eb8

SHA256
54010965a251a37e9b6592b64453b346738d9b9b9edce158a47b1b786142ae74

SHA512
27447639553d65d02573b9060299115867744bbf111a8f20bf5c772979a668d3152802c10c8b2f972eb6b0999c06fb316b035652cb13760ef625e6730dde79f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
60e3f691077715586b918375dd23c6b0

SHA1
476d3eab15649c40c6aebfb6ac2366db50283d1b

SHA256
e91d13722e31f9b06c5df3582cad1ea5b73547ce3dc08b12ed461f095aad48ee

SHA512
d1c146d27bbf19362d6571e2865bb472ce4fe43dc535305615d92d6a2366f98533747a8a70a578d1f00199f716a61ce39fac5cab9dd67e9c044bc49e7343130e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
589c49f8a8e18ec6998a7a30b4958ebc

SHA1
cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e

SHA256
26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8

SHA512
e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
f0b82e07633e2df8b67aa4289982d61e

SHA1
057677cd89187d113902c76cd8e75f182cba910e

SHA256
14e00fe7a1a9c3c5d353d3076363ced4f15acfc2f48d277e0ffc050eb26f553c

SHA512
b39b986f9ac601ebb52f11bb04773abcd9a591c7d211820da60aef000e1774d4262fe8cb7cd2838f2f8b730eb7a16d4f576226878619d73c1f97581507214820

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
ac8fb2dbc20da04c82d2f3ff7caf630b

SHA1
23e59d91c1b01810a0fc27a081bcbe04fe25361f

SHA256
88b97a4156e647a60ae1d97879507849a91b219c18f5d100b6c764fbbafbe46e

SHA512
f68e0bb7c77f88da8d0e2f538e87d62cd9be2f493b8214e2eccee3998c6425ed64f37f68251a1ac2bbee75a000340fdafa3fef6f9ea498dfeb21586573969567

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
8be15e03184620bcc51dda79db3f529a

SHA1
29d36a2dbff6c0a9b5b7a60c8b37e7ba35d4ab3e

SHA256
fcedddc876a6b51bfa4cbf4126057e93520f41566ea5af64fb85664244cf157e

SHA512
fe33971c68f5aba150e553eb252f064f941d084043c2a28dc807d1aa1ef33ea2fee8a1d961a63f5870f114ba37eb4ffd9c800d80a097b45f875a0feafb444e74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
c6012943c874cc3abc0101fcbd5b70f0

SHA1
4925ac1f3f1e1a664cdcd19a9de9aa0472126708

SHA256
c0ea22242bccdf7e806bf855d0a54802844624758ae73bd69447b1243a0b27dd

SHA512
10062884852c935b12c4f984c02a785f7ff11b6a62d9907150368721b63e175414812efaa9386b9aa55b9b28d1a392e6cd6745a76c37e46bd1d2281f251f3703

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
df75f1a30e2759517e27c830f09c593b

SHA1
55ba39919d13b0ecc22fec220e2ed78909f2d85b

SHA256
f08ff89794e148cde7d01499da34d5c40c9f77f059253f2a65c9ebaf898e9295

SHA512
d45e8d718694af6f921e650dcf69d917943d1eb5286afb4cee864974fea698ce6a527c49eb2b94579152bfe3efdacda804dfdb2e1b56b9d0b58c8f10eaf8455f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
5be4fa708f90518c1acb7fb706e49a8d

SHA1
c496e46d9a8b6ae9f94d341e68c3bbdce66a9c31

SHA256
a4d16e539c8fa1e17a1fef77a127822f2dab582db28470d6c2bafb9a15c83430

SHA512
0dfad2753a506f2c59e94ad7f20c3d90e6c7fbd41ac3080212a501496dfd89967f7f3c24aeb8758dc2897b710b68eaafbdbe6d54a65fc0726c9dc8737097ff05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
b29bcf9cd0e55f93000b4bb265a9810b

SHA1
e662b8c98bd5eced29495dbe2a8f1930e3f714b8

SHA256
f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

SHA512
e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
6c3c49d91aa6cb5e9968a032571c92d5

SHA1
8efe5ef7b8ba43267c45d98413ab6bbb2762d4e8

SHA256
3e3f75ea2c988457d271edc33831903a237970cfb26b779f55caea99fe85bc6a

SHA512
24cd66557a244af4482e34c77decb891e739d9d1e4b11a992b8c853e6caf079235c576c2bd310999fb61e25b8e80d2768358aa5645024ec9ce0f4351b2d24b4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1ca0b983e17558c789ae2aafa98d4588

SHA1
5bcd7cad791107c3d72697576d0006cf13879ee0

SHA256
4455f3095e52983c16affed6b19ef1a02e0e51f2ce2c4d1180c8b6d1f72c77e8

SHA512
deb25e1471503d87936e8013263789a147d1b026c81c6d6878fbd667b7ed83eb4cb37598801c3854da4abacd053ee1517dd8d159336793327b3651977f0ee857

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
91b6adba3a6002a43f9fe3e0ee166f7e

SHA1
de21dfbb1350a2eee7824925e0ce6c0274135498

SHA256
d106885fc68c7b393cad9f9c95d002e735e50af881e52c84ca59a86d7d1dd2b1

SHA512
c7b759ddc220375d444e3482d04f37251411c91ca08ec54189be443ebd0646b915105c3bdf3ae49eb58443ee5c16ac8802682dd1b3a8b772532d10f6797ed8df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
bb39d6849fc03d4d26d3546eb32402ff

SHA1
3bbcd3c13dcc75a524a1a50d540dd1adbaa90e3f

SHA256
5b6ff0bc3603540ecc115fca851f078c4b47d32b1772dcf0f5faa61e82fee882

SHA512
7ef7f051d3752ec8944a10237fe66c18f1a2a9ab847aae8487d351c1c11ab47f178b673ac70aa17089124e5e291a3bdf00a66b85d5891610108b35185bf94cb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2eb6ac53b1589de0e7778f4afb333940

SHA1
77c867d41c8e58906cd4b2af509cfa6209bf02fb

SHA256
b6f7fb8d8192a8503a9417073154a150b44bbf997cc8c8995097c94865b9882e

SHA512
16c49d764154af9c60f5070fdb73784486dd60dd0ae40dea17c4d46b967f7d17ea13c15a4306840aef69d0b0d30e7284ddaa8eb7f172ad8c800c0936f9dd5301

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
3f30874b6ac950da147a1961a802549b

SHA1
b0b3774ad45deb14f8b5ad962f120945c599b0ea

SHA256
3270425eda1f584159836e40fd08ba47b4ec6c326b1d434163275809b427fa49

SHA512
be01781f55829cbbb7e82b887690d0da64941a700dac6485ae5bf098dbb7635eda0acaf71bba3e5abb2edddd22a0f5eb598dec86c7861275021b67b48fbef32c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
b9c7a5d17d02febae3d96dd32fc5e133

SHA1
71a787c60175f8a98716cd2f766ef64af69c74bd

SHA256
4883fba9f318d973cabd688c0fe441602c519dddf9fb0b1a9d07297f7641cba4

SHA512
8d410cc0bd7c6b25b837e422b735b2665c415b4546ca729068c57d543c3087b3a5b1ab4e9dffc88888feb6557c360af52cc5d14224657d02e6fbd88e33898510

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

Filesize
4B

MD5
07c0c12a079bad8a7558e5fedc4dfd59

SHA1
10a374bb8d1c2468db9e3e9baaaf5f62acf3d286

SHA256
965e693b24dffb18acb3e0454336769108e32232ad5bce24b8fb354657daf3e3

SHA512
1076f17eb290b912f0d913b453ca8df88b0f6bdd7e4375f7f6b8a24403bbe72f64ace1ec2ed851a258a4e4034069d28be8b29dc5f0e90b0b2cb0bbf827243450

Download Submit
C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

Filesize
8.3MB

MD5
54cf4c8ed7d408a744dd15374b17de81

SHA1
9e0e2876cc73da4d73bff85a26fb9ce832215609

SHA256
37fb55f701ae3eb71250b89dcabef2c5c9565cad1710d1015cbd61e8db24072a

SHA512
e15df743c8bc38baab0e0814883d0b2b7573cfe2867d957375a524bfcd726db6387c9b31c3c017bc15fd9c2e881f8004ff531a977b71a91af53f8a62ae75a537

Download Submit
C:\Users\Admin\Desktop\AddInitialize.crw

Filesize
476KB

MD5
a20bf750e7b8ecf85aaa125e605ecbf5

SHA1
b244c341e767dbc6907d2664d0ed8e2d9145975a

SHA256
7147c4002b8eb7339455a6d4e33a7b7045a2f74813e77b8e85a8a85b968da7c0

SHA512
14765c97d78b593c6196b794994b6d26ce51b97cf91dc5c2dc171f8f3a8f079d803eeb9b2a8a082feef5a5e5c4bfd66837ca9004b6b946e6e72e0fee3200b793

Download Submit
C:\Users\Admin\Desktop\CloseInstall.mpeg

Filesize
571KB

MD5
8edc7fb0a8d8870314269d6dc8b04067

SHA1
f897d6de583d08f75a830d4f4f9f74aa0c1a119c

SHA256
282e9f2f75065355964d3a93c9ce52efc442537e592bf87c8132e5e0c9a2ac22

SHA512
af7020e1d759da98d80705ba63efad498446c73e1b2145b6d94855b916f730d53b45b0d4c83ec91ae1b6bc0fe3deec2dc8fd6a681e05c02eb48ca01f11bd1469

Download Submit
C:\Users\Admin\Desktop\DebugBackup.MOD

Filesize
983KB

MD5
4034e743f467d5d866290bd492e1764e

SHA1
b70d466e67afe7d57d2fd50e030e4eebf46a282d

SHA256
34b55d4c3efcf150f51984517a913a03c5937f298f2bb484bc565d876a2e61d8

SHA512
8aaafa308b4c71e5ab141a90a457e176a3ec6729eb4c185b530340d1c13fcc2d9383604f8918c805a85d92ad98500b0fb713356837f53099e9efe090b9a257d1

Download Submit
C:\Users\Admin\Desktop\DebugCheckpoint.tif

Filesize
920KB

MD5
05e10e7f793d522222e8ee1261fecc01

SHA1
cf51ab117133a026995104ae839658f2f04d6791

SHA256
e01a3397515ac95fe044278f739666d3bb873f9c7245031018207e5d9fa82afc

SHA512
b4c50dce81d4623991be62b618e4cbb148621f6556134b781691688b611c046036f49bb189131cabcdbd463c4227e33073f33f8f3921dff94ff82d7aa6770166

Download Submit
C:\Users\Admin\Desktop\DebugFormat.xltx

Filesize
952KB

MD5
2933aa38a3dba2921b0a46eae9e1520c

SHA1
cd4dde1d2d2386d82ee5229987c8c00a9b155c48

SHA256
ff4bb07c94fa5120809b48c74e6d30bf579f8cfca99a79a709f7e68901cbbd59

SHA512
3f082676dd8084488179e97a57a5e4aaa3ff024929622a5aec7709ed597583f5e226a1e0ed852f451a973ac413926b40df5ae99a51918689e03f860c6a72d23a

Download Submit
C:\Users\Admin\Desktop\DebugRequest.vb

Filesize
666KB

MD5
4f4bcfb6a9ea34be52120b444c3c6aa5

SHA1
12fa8594a5f363f90da64b2604626ea7c348e825

SHA256
175559f1f86ddcbb5effa02c4aa35ce6c2251e46abf2ebf7cec267bc0239c3f1

SHA512
f10213b592815596460568e2ca5470c3a100c1bb08584982b57ed57b0e72981f7fc5876ecde73ba15c455ff0b79356eb6a143f3f7cf6de2b5ac349ebba0f9614

Download Submit
C:\Users\Admin\Desktop\DisableConvertTo.mov

Filesize
507KB

MD5
d9af4232b91d4930e88e6c21e1b79d5a

SHA1
2dd34f63ba47f6d2b48ba757aa5220eb41295252

SHA256
565c4a53f37392be7776ccd851ce889634a52157a009ac5a12a70188a79c27fc

SHA512
b463cbfdce8006add3fad13c87534d303bc24458c6351f47ecba78c033cb4bdb1529f8766d7bbd334cc6f0174fcf5f85528eb6355700f6c943d640cf6262f07f

Download Submit
C:\Users\Admin\Desktop\EditUnblock.jpg

Filesize
856KB

MD5
302805de8d2a8bb728a686ceafaea8e5

SHA1
8610e51375e67c71c03ebc042f2f505f315f8421

SHA256
b214c082c11a3013b72da854889ce64150db951568ef83d008673c770126a386

SHA512
8d2fa4beedc78b4541a91591e66163080cb6bf832286db7c09f9d9f97398c50c16f421465f4fe429c115ac6d9362cea9fec3a3c53160bace9ee59e36dcb37905

Download Submit
C:\Users\Admin\Desktop\ExportOpen.gif

Filesize
761KB

MD5
834c237b61f8179d182208843a18a70b

SHA1
0f2b91ce81e5f91ad3f7a7dfb4b20b15b2da6fdf

SHA256
5397a0af26ad38b15ae1694bd002ecf9a1a40cb6ae3792184cb39c4b59597e62

SHA512
10634754bd5a14317881fdd7f44e06f8bd93916ec66620cae118f931f205790dd850f0847d24238909a40e520b91f3404481b8696bd38d762d642aa6001cfc4d

Download Submit
C:\Users\Admin\Desktop\KMSAuto-Net\@[email protected]

Filesize
823B

MD5
4ed706825ea7347ed6bd491325d285f1

SHA1
6e5f1f1078f41d15842e81414069426522a16377

SHA256
ccb86b41d2ccf096eb820dc0ec1d29c2375ac0806bc81f8d5931134d0d859101

SHA512
1d036ff802a36cc7b8c28db8e05a1798da2c91a55bc5803deb5e143ee998f314112ead9a9ed91fb0cc97c0fa2a05def770826e2d4bc16612641e4e28e8f96dd4

Download Submit
C:\Users\Admin\Desktop\MoveRedo.xml

Filesize
634KB

MD5
04aa48c1e04024d0866dc53441724c13

SHA1
2e328ece6d2537d4bffda48829b6c0f4a72e1dac

SHA256
03a5d08f721a8120a4edcbd5ff10496310d3064282acc645ecdc379f4891c629

SHA512
b3b9b955c9410d5b72417c60a8d5fe794595b48f89978125bc06ce48a0a44dddb151cb529341c46b98f374e9974534e027773a04a3da6b38d26d2589f05fd934

Download Submit
C:\Users\Admin\Desktop\OptimizeFind.bat

Filesize
412KB

MD5
f552f8d7151a634e691b9f39b9f9d36b

SHA1
5161c20013a20bf95cb3bd2b80131ba7f3bc3015

SHA256
3a154c534d61cfe5fa7a4db4a41fa173102d4f744857c4db34e227e2868919ab

SHA512
d1f0d11702c7dd34bd2db8e506ac3065dc7359e4d7c53878235b76b6656abb3a210d44971412465da501b9171d88e3e50d85c5ded0e5c4dd28d0c606ee5af810

Download Submit
C:\Users\Admin\Desktop\OutConvert.mpv2

Filesize
349KB

MD5
24e7841e762cf7c908e533be64d14b2c

SHA1
430ac56f2aa7558f8a8fd702644425a7b5446a52

SHA256
610f9a5d2ec0faed90f321e87953c481549571dc0eaa4ad82fd3638356f46eb9

SHA512
7df4b9565e18c193d1e52cb7065481b8228514196d2c6457c79960180573b5a3d0accfe801dcc69de0e550a517a6f037400209b710db3698a7d19fbf431a1123

Download Submit
C:\Users\Admin\Desktop\ProtectSet.potm

Filesize
793KB

MD5
ea6d09f34375d3dea1dc8b1c3e45ad86

SHA1
e16140cef41dfb6aa46fc47f02ebe81e2a99ee36

SHA256
3686c4cc0c07c6b13e7bf1f10cc29403c963ae7c9976346f6ac4a4c9f5f8a1e5

SHA512
fc4cb3c2ccb2da6c8e84b7a42520e73e0f955a02f40db99874f91ac004a71e81d13f02a6a3da2855add44a7b54d137183393245ef8600a6b7f34fd79a6d8359b

Download Submit
C:\Users\Admin\Desktop\RedoRead.3gp2

Filesize
380KB

MD5
6ea85f85786f67d06f14e6b54aa096be

SHA1
22abf6716b00e18635edfbe130a019be1071f15f

SHA256
4a38c02a76e73897b0ea3407a2f0e523668ca89cddd6c9a9335b80525025e035

SHA512
c382c0d31eacb29e42e31ed1daed9f5bb9e89a723e80b0c21a57eaea5b7122a7436726c007759db7ebb2e5163a2b8de22b0e835ac58175290781cdfb0582c674

Download Submit
C:\Users\Admin\Desktop\ResetSync.001

Filesize
539KB

MD5
ac850b81956114438f1df5fc8edaea28

SHA1
bd4282cb5b25e5c8b7343824e74a0c23c6126a30

SHA256
c9ccb7d4cff85eec38f05b84fc9b9d1b847e1111a235992308e83262f499bbed

SHA512
f0292eac0238ebb38289534d1df161fd43aaf3b1e43085b753cadec3559df401ff8ed934adf061a9e372b256970f670b7259c0ad37199bad5fa0a35e5b012361

Download Submit
C:\Users\Admin\Desktop\ResolveUnprotect.ini

Filesize
888KB

MD5
20043eb151bc18888c92e31a35513409

SHA1
134d22c9aa08bd0c890ca7521f2031acbece1cb9

SHA256
7417a7438eb5713ecaaa74047c4975fcfa2b10711a3d3d550017405bc29cda66

SHA512
b8b50e58251cf0be818b5e37c61d6f88b1375c0343e89c36a68237c6fde748aa661671c66ae1d19ca1c82291029d5d1bc51bcd64d1daa82a7c659832f2b63f8a

Download Submit
C:\Users\Admin\Desktop\SendMerge.MTS

Filesize
825KB

MD5
821d2d108e4ed632a1717fc9906a4c06

SHA1
0a1c5cbaed5054e2f1de8ea345f460c4cd95aef8

SHA256
e3244d53a8324d53406f49a6cd8693e34e5ae90312faa8356409486f32a9c5d1

SHA512
45f5d394cb1ae717d68a7636dd50221eb53b65887e58bd80802a84d6dd89ccb402dc74a4db714f3ff841048f3006552d7038eb3040587fe0bbe6b9f282e6dc65

Download Submit
C:\Users\Admin\Desktop\SendRead.zip

Filesize
602KB

MD5
95b081ddd2429f6c139bd330c7f74254

SHA1
dcff6f4f87a4c0eab497b4c40eea6d97f28fd488

SHA256
7fb1f59351878d435dd6212889d9f3cd58b84a3641e04ffb9890872f3b701695

SHA512
0f16363f87210a9018c197dd165be7f5217ee4436081fb81079b5a5d69e7d7c1b2fef9500d382e92d5fed9fbfc9ac1fb5f092c03fa1332ba0acbaba6485672c9

Download Submit
C:\Users\Admin\Desktop\SuspendOpen.easmx

Filesize
1.3MB

MD5
fe952ec9c862dc76aa8506d9ab1a2916

SHA1
f5f848f609857c156d4ec05a70d1341b2704ad49

SHA256
450dcc7079cc4253c05e9f7395b05c0cc7e2217a65dda75def40060ecce35181

SHA512
4e84494a760512d878070b364a2b1d162c7bacfcd18b40d4d4677e9cfc55d0c7b6b57e58a9334e4e5e2b325a1104d3ffb15a0e0831ca2dfc98c5417bcba33cd3

Download Submit
C:\Users\Admin\Desktop\UnblockRevoke.midi

Filesize
698KB

MD5
62a2c86be810b7ec548ffc32ce6b1eb1

SHA1
b28d82745eb862f1e1f3b3286c8a9bf97128e50f

SHA256
df77ef100cd06aca6f6c1e0112014202c6e8dca63718fb15b1c2e42650bf3a25

SHA512
625bf637690c01beb1189e4b7a504002fcfd87d20815665ef4760d70b2c572b337c4df24d566e63f3f2d8c73a0a60dd5b4815acc17fd658c129d24c6a7f2d434

Download Submit
C:\Users\Admin\Desktop\UpdateGet.xps

Filesize
729KB

MD5
06b8f36319d8b46b51f429db66c6b018

SHA1
047d76808a1dcdd38de913b2bd727cf54176ad7e

SHA256
9db92aa8178ee3a5bf82305cec6d30b9c30bbd5cb83f1724055757782fde749d

SHA512
8a9f76ae28dac76e17cb9c32bbac8346e55b6d2083f75dc29ef63377a883a5e55fd7c31a3a33d5ac5853077b4ed592675fe04074e9f7d34ed9b9725768ec5d74

Download Submit
C:\Users\Admin\Desktop\WaitExit.docx

Filesize
444KB

MD5
6571f46ae97444b9cdf0ea6d94c17fd4

SHA1
a0494378ee4595ab5cafc45c2990beffb8ead695

SHA256
a90ca26bdc3ae562f9e675e8cbe49ab92da4bcc8b10801cbd1487f40550bd29b

SHA512
74cceeeaca6f0fc3f92a531bdb18b130f818cc35d8d48d92089ded34de72cf9a75ef757c29e521d9e1588d489ce249cc7c5a174d27d838debe00c59c409abd81

Download Submit
C:\Users\Admin\Desktop\WannaCry-master\WannaCry-master\@[email protected]

Filesize
933B

MD5
7e6b6da7c61fcb66f3f30166871def5b

SHA1
00f699cf9bbc0308f6e101283eca15a7c566d4f9

SHA256
4a25d98c121bb3bd5b54e0b6a5348f7b09966bffeec30776e5a731813f05d49e

SHA512
e5a56137f325904e0c7de1d0df38745f733652214f0cdb6ef173fa0743a334f95bed274df79469e270c9208e6bdc2e6251ef0cdd81af20fa1897929663e2c7d3

Download Submit
C:\Users\Admin\Desktop\WannaCry-master\WannaCry-master\@[email protected]

Filesize
240KB

MD5
7bf2b57f2a205768755c07f238fb32cc

SHA1
45356a9dd616ed7161a3b9192e2f318d0ab5ad10

SHA256
b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25

SHA512
91a39e919296cb5c6eccba710b780519d90035175aa460ec6dbe631324e5e5753bd8d87f395b5481bcd7e1ad623b31a34382d81faae06bef60ec28b49c3122a9

Download Submit
C:\Users\Admin\Desktop\WannaCry-master\WannaCry-master\TaskData\Tor\tor.exe

Filesize
3.0MB

MD5
fe7eb54691ad6e6af77f8a9a0b6de26d

SHA1
53912d33bec3375153b7e4e68b78d66dab62671a

SHA256
e48673680746fbe027e8982f62a83c298d6fb46ad9243de8e79b7e5a24dcd4eb

SHA512
8ac6dc5bb016afc869fcbb713f6a14d3692e866b94f4f1ee83b09a7506a8cb58768bd47e081cf6e97b2dacf9f9a6a8ca240d7d20d0b67dbd33238cc861deae8f

Download Submit
C:\Users\Admin\Desktop\WannaCry-master\WannaCry-master\msg\m_finnish.wnry

Filesize
37KB

MD5
35c2f97eea8819b1caebd23fee732d8f

SHA1
e354d1cc43d6a39d9732adea5d3b0f57284255d2

SHA256
1adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e

SHA512
908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf

Download Submit
C:\Users\Admin\Downloads\KMSAuto-Net.zip

Filesize
10.7MB

MD5
386cb87e6430d914820d793db19d7d33

SHA1
160a3788d24787fbf1c7579ac2a5da2d0ae8e25b

SHA256
d4230cae5c3e1b11fca61a711e7f3886088f6728858108a6811670aa3616a57b

SHA512
e50a7610633384378d1e4d547554e791424fd19342c83ea2cc83348c1c0d7199a467bffe3880c2ea69dc2e783c61779e15c3c4490970d5def68d1df9d51a6011

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 871734.crdownload

Filesize
2.2MB

MD5
54daad58cce5003bee58b28a4f465f49

SHA1
162b08b0b11827cc024e6b2eed5887ec86339baa

SHA256
28042dd4a92a0033b8f1d419b9e989c5b8e32d1d2d881f5c8251d58ce35b9063

SHA512
8330de722c8800ff64c6b9ea16a4ff7416915cd883e128650c47e5cb446dd3aaa2a9ba5c4ecda781d243be7fb437b054bbcf942ea714479e6cc3cef932390829

Download Submit
C:\Users\Admin\Downloads\WannaCry-master.zip

Filesize
3.3MB

MD5
9d4f25df063699755115619556df8810

SHA1
4fe074c82e91c46198753cbe20fd5dc346317598

SHA256
183e3bfdbb93af267727de7ebfb1619f42ac19468d8df222c6168ef982a563d2

SHA512
616f8dab48ca84daea8290ec77600dbe867b5ac85be770abd79ec8ab4aac0ff5421debaae1c1344f847bbde4bf9cd6382eec5c9b065701eeb41c3a95d15627b1

Download Submit
C:\Users\Admin\Downloads\WannaCry-master.zip:Zone.Identifier

Filesize
82B

MD5
39ed303fb32ac18ee7f7a2acf34dc723

SHA1
a34c14a5e6cfb25d2efed8252cc0cd700ad8633d

SHA256
b99eb32decec37a7e2b8afbd885fb261be5aef54d15254f52356ef417a936513

SHA512
ffc0b0b29e8d17c19a31fad939f110c1b273eea4dc250b7268fdccd3ada2be8f256de606e48e2e42700370dfbaee4156bbb908a644b893591e1ff0622c2634c3

Download Submit
C:\Users\Default\Desktop\@[email protected]

Filesize
1.4MB

MD5
c17170262312f3be7027bc2ca825bf0c

SHA1
f19eceda82973239a1fdc5826bce7691e5dcb4fb

SHA256
d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa

SHA512
c6160fd03ad659c8dd9cf2a83f9fdcd34f2db4f8f27f33c5afd52aced49dfa9ce4909211c221a0479dbbb6e6c985385557c495fc04d3400ff21a0fbbae42ee7c

Download Submit
C:\Users\Public\Desktop\Acrobat Reader DC.lnk

Filesize
2KB

MD5
a5893f317efaffeea7c9617ecff9746b

SHA1
ff412ab54d330e8a5ad3dcb7ac7f5376f11be7eb

SHA256
79a5fb9d1b10bd2ceab326d96b56ba93c5ed3df728b3abcddde65dd63b99523d

SHA512
9e140100b5be0dab2f823828668808ff7734174f72c7d31c85c6cb75fc5fa68dfef8de1f4733b481fbebeaf75cad94738065fe642b08da8150ca7178b141774c

Download Submit
C:\Users\Public\Desktop\Firefox.lnk

Filesize
1000B

MD5
6991e5e30bc90861443fef5a7e100f3c

SHA1
087a4735b4106976a63754cc25c6fd3fee4a36e0

SHA256
b9ebd5f7bdcce5f345337e349fff6bd690f70fe9c9bf3202639d021e351abc2c

SHA512
94417691390bb670775b5b458fbd4c19db76736affdbefbed676f8f79c41741be36dbeabd836beb88dce0a95567a2a3878f7f507efbff9f5d161682a485b1947

Download Submit
C:\Users\Public\Desktop\Google Chrome.lnk

Filesize
2KB

MD5
5fdffd6a78d5c7e2c10d4dbdb41d9882

SHA1
3c18fa9b10da338e91ae271189b2568eae3c69d3

SHA256
b4cd789948b73779ea3a1ecbe4af06cf0ee0a9567d086c6f6f1b5e16c4c9fcb8

SHA512
bcbbd2c9b431edd51670e1b11a15a3802c5a71d9227b3496497113444d846fb6aa08f941a170cb2066978d6a48de07b1fb8e124954be43cb393eae6c6491d286

Download Submit
C:\Users\Public\Desktop\VLC media player.lnk

Filesize
923B

MD5
285174e8245b8f3586b7dbf25db5da4a

SHA1
1e4654493c661441db29fbeb91a1895a002f565c

SHA256
9316f5f8a119e26a7352ce88e883993db696a63264146e408362eb56f92354ed

SHA512
bbf8b30140daff702a1629a1b1d786f7a0228ac03590a0ef182f107cbb07e94d3a1673cecf715004dc439f8a93746a153eb85eca5f6065359e31bada4dcfc936

Download Submit
\??\pipe\LOCAL\crashpad_1968_BEURSYFQMQAMYJED

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/2092-2890-0x0000000010000000-0x0000000010010000-memory.dmp

Filesize
64KB

Download
memory/2288-4236-0x00000000000A0000-0x000000000039E000-memory.dmp

Filesize
3.0MB

Download
memory/2288-4666-0x00000000000A0000-0x000000000039E000-memory.dmp

Filesize
3.0MB

Download
memory/2288-4316-0x00000000000A0000-0x000000000039E000-memory.dmp

Filesize
3.0MB

Download
memory/2288-4322-0x0000000073450000-0x000000007366C000-memory.dmp

Filesize
2.1MB

Download
memory/2288-4192-0x0000000073750000-0x00000000737D2000-memory.dmp

Filesize
520KB

Download
memory/2288-4194-0x0000000073450000-0x000000007366C000-memory.dmp

Filesize
2.1MB

Download
memory/2288-4410-0x00000000000A0000-0x000000000039E000-memory.dmp

Filesize
3.0MB

Download
memory/2288-4533-0x00000000000A0000-0x000000000039E000-memory.dmp

Filesize
3.0MB

Download
memory/2288-4243-0x00000000000A0000-0x000000000039E000-memory.dmp

Filesize
3.0MB

Download
memory/2288-4193-0x0000000073750000-0x00000000737D2000-memory.dmp

Filesize
520KB

Download
memory/2288-4626-0x00000000000A0000-0x000000000039E000-memory.dmp

Filesize
3.0MB

Download
memory/2288-4632-0x0000000073450000-0x000000007366C000-memory.dmp

Filesize
2.1MB

Download
memory/2288-4195-0x00000000736A0000-0x0000000073722000-memory.dmp

Filesize
520KB

Download
memory/2288-4217-0x0000000073450000-0x000000007366C000-memory.dmp

Filesize
2.1MB

Download
memory/2288-4216-0x00000000733D0000-0x0000000073447000-memory.dmp

Filesize
476KB

Download
memory/2288-4276-0x00000000000A0000-0x000000000039E000-memory.dmp

Filesize
3.0MB

Download
memory/2288-4214-0x00000000736A0000-0x0000000073722000-memory.dmp

Filesize
520KB

Download
memory/2288-4213-0x0000000073730000-0x000000007374C000-memory.dmp

Filesize
112KB

Download
memory/2288-4212-0x0000000073750000-0x00000000737D2000-memory.dmp

Filesize
520KB

Download
memory/2288-4211-0x00000000000A0000-0x000000000039E000-memory.dmp

Filesize
3.0MB

Download
memory/2288-4200-0x0000000073670000-0x0000000073692000-memory.dmp

Filesize
136KB

Download
memory/2288-4199-0x00000000000A0000-0x000000000039E000-memory.dmp

Filesize
3.0MB

Download
memory/2288-4196-0x0000000073670000-0x0000000073692000-memory.dmp

Filesize
136KB

Download
memory/2288-5006-0x00000000000A0000-0x000000000039E000-memory.dmp

Filesize
3.0MB

Download
memory/2288-5005-0x0000000073450000-0x000000007366C000-memory.dmp

Filesize
2.1MB

Download
memory/2288-4197-0x00000000736A0000-0x0000000073722000-memory.dmp

Filesize
520KB

Download
memory/5240-4941-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5240-4976-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5240-4850-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5656-4950-0x0000000002460000-0x0000000002461000-memory.dmp

Filesize
4KB

Download
memory/5656-4853-0x0000000002460000-0x0000000002461000-memory.dmp

Filesize
4KB

Download