hxxp://cod2master[.]activision[.]com

Analysis

max time kernel
373s
max time network
498s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
11-04-2024 15:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://cod2master.activision.com

Score

10^/10

agilenet bootkit evasion persistence ransomware trojan

Malware Config

Signatures

UAC bypass 3 TTPs 1 IoCs

evasion trojan

Bypass User Account Control

T1548.002

Disable or Modify Tools

T1562.001

Modify Registry

T1112

Processes:

wscript.exe

description	ioc	process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0"	wscript.exe

Disables Task Manager via registry modification
evasion
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.

Query Registry
T1012

System Information Discovery
T1082

Processes:

wscript.exe

description ioc process

Key value queried \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Control Panel\International\Geo\Nation wscript.exe
Executes dropped EXE 1 IoCs

Processes:

eulascr.exe

pid process

2784 eulascr.exe
Loads dropped DLL 1 IoCs

Processes:

eulascr.exe

pid process

2784 eulascr.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Control Panel\International\Geo\Nation	wscript.exe

pid	process
2784	eulascr.exe

pid	process
2784	eulascr.exe

Obfuscated with Agile.Net obfuscator 2 IoCs

Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

agilenet

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\7BF8.tmp\eulascr.exe	agile_net
behavioral1/memory/2784-1000-0x0000000000800000-0x000000000082A000-memory.dmp	agile_net

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

000.exe

description	ioc	process
File opened (read-only)	\??\M:	000.exe
File opened (read-only)	\??\P:	000.exe
File opened (read-only)	\??\Q:	000.exe
File opened (read-only)	\??\Z:	000.exe
File opened (read-only)	\??\A:	000.exe
File opened (read-only)	\??\B:	000.exe
File opened (read-only)	\??\I:	000.exe
File opened (read-only)	\??\K:	000.exe
File opened (read-only)	\??\V:	000.exe
File opened (read-only)	\??\W:	000.exe
File opened (read-only)	\??\X:	000.exe
File opened (read-only)	\??\E:	000.exe
File opened (read-only)	\??\J:	000.exe
File opened (read-only)	\??\L:	000.exe
File opened (read-only)	\??\U:	000.exe
File opened (read-only)	\??\Y:	000.exe
File opened (read-only)	\??\H:	000.exe
File opened (read-only)	\??\N:	000.exe
File opened (read-only)	\??\R:	000.exe
File opened (read-only)	\??\S:	000.exe
File opened (read-only)	\??\G:	000.exe
File opened (read-only)	\??\O:	000.exe
File opened (read-only)	\??\T:	000.exe

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1542.003

Processes:

MEMZ.exe

description ioc process

File opened for modification \??\PhysicalDrive0 MEMZ.exe
Sets desktop wallpaper using registry 2 TTPs 1 IoCs
ransomware

Defacement
T1491

Modify Registry
T1112

Processes:

000.exe

description ioc process

Set value (str) \REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Control Panel\Desktop\Wallpaper 000.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Program crash 2 IoCs

Processes:

WerFault.exeWerFault.exe

pid pid_target process target process

5192 1464 WerFault.exe 000.exe
5132 1464 WerFault.exe 000.exe

description	ioc	process
File opened for modification	\??\PhysicalDrive0	MEMZ.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000\Control Panel\Desktop\Wallpaper	000.exe

pid	pid_target	process	target process
5192	1464	WerFault.exe	000.exe
5132	1464	WerFault.exe	000.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

taskmgr.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates system info in registry 2 TTPs 12 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exemsedge.exemsedge.exemsedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Kills process with taskkill 2 IoCs
evasion

Processes:

taskkill.exetaskkill.exe

pid process

5180 taskkill.exe
2800 taskkill.exe

pid	process
5180	taskkill.exe
2800	taskkill.exe

Modifies registry class 4 IoCs

Processes:

msedge.exemsedge.exe000.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3045580317-3728985860-206385570-1000\{84DFE012-5D16-46FB-9539-9E497117532D}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3045580317-3728985860-206385570-1000_Classes\Local Settings	msedge.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\icon.ico"	000.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3045580317-3728985860-206385570-1000\{C8AFE39D-1BCA-4920-AEAE-443BABD635FA}	000.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exeeulascr.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exe

pid	process
3840	msedge.exe
3840	msedge.exe
1508	msedge.exe
1508	msedge.exe
5016	identity_helper.exe
5016	identity_helper.exe
3272	msedge.exe
3272	msedge.exe
3516	msedge.exe
3516	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
2784	eulascr.exe
1604	MEMZ.exe
1604	MEMZ.exe
1604	MEMZ.exe
1604	MEMZ.exe
5616	MEMZ.exe
5616	MEMZ.exe
1604	MEMZ.exe
1604	MEMZ.exe
5732	MEMZ.exe
5732	MEMZ.exe
5480	MEMZ.exe
5480	MEMZ.exe
1604	MEMZ.exe
5732	MEMZ.exe
1604	MEMZ.exe
5732	MEMZ.exe
5616	MEMZ.exe
5844	MEMZ.exe
5616	MEMZ.exe
5844	MEMZ.exe
5480	MEMZ.exe
5480	MEMZ.exe
5844	MEMZ.exe
5844	MEMZ.exe
5480	MEMZ.exe
5480	MEMZ.exe
1604	MEMZ.exe
5732	MEMZ.exe
1604	MEMZ.exe
5732	MEMZ.exe
5616	MEMZ.exe
5616	MEMZ.exe
5732	MEMZ.exe
5732	MEMZ.exe
1604	MEMZ.exe
1604	MEMZ.exe
5844	MEMZ.exe
5480	MEMZ.exe
5844	MEMZ.exe
5480	MEMZ.exe
5616	MEMZ.exe
5616	MEMZ.exe
5616	MEMZ.exe
5616	MEMZ.exe
5480	MEMZ.exe
5480	MEMZ.exe
5844	MEMZ.exe
5844	MEMZ.exe
1604	MEMZ.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

7zFM.exe

pid process

2504 7zFM.exe

pid	process
2504	7zFM.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 38 IoCs

Processes:

msedge.exemsedge.exemsedge.exemsedge.exe

pid	process
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
5968	msedge.exe
5968	msedge.exe
5968	msedge.exe
5968	msedge.exe
5968	msedge.exe
5968	msedge.exe
5968	msedge.exe
5968	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
5356	msedge.exe
5356	msedge.exe
5356	msedge.exe
5356	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

eulascr.exe7zFM.exetaskmgr.exetaskkill.exe000.exetaskkill.exeWMIC.exeWMIC.exe

description	pid	process
Token: SeDebugPrivilege	2784	eulascr.exe
Token: SeRestorePrivilege	2504	7zFM.exe
Token: 35	2504	7zFM.exe
Token: SeDebugPrivilege	3928	taskmgr.exe
Token: SeSystemProfilePrivilege	3928	taskmgr.exe
Token: SeCreateGlobalPrivilege	3928	taskmgr.exe
Token: 33	3928	taskmgr.exe
Token: SeIncBasePriorityPrivilege	3928	taskmgr.exe
Token: SeDebugPrivilege	5180	taskkill.exe
Token: SeShutdownPrivilege	1464	000.exe
Token: SeCreatePagefilePrivilege	1464	000.exe
Token: SeDebugPrivilege	2800	taskkill.exe
Token: SeIncreaseQuotaPrivilege	3140	WMIC.exe
Token: SeSecurityPrivilege	3140	WMIC.exe
Token: SeTakeOwnershipPrivilege	3140	WMIC.exe
Token: SeLoadDriverPrivilege	3140	WMIC.exe
Token: SeSystemProfilePrivilege	3140	WMIC.exe
Token: SeSystemtimePrivilege	3140	WMIC.exe
Token: SeProfSingleProcessPrivilege	3140	WMIC.exe
Token: SeIncBasePriorityPrivilege	3140	WMIC.exe
Token: SeCreatePagefilePrivilege	3140	WMIC.exe
Token: SeBackupPrivilege	3140	WMIC.exe
Token: SeRestorePrivilege	3140	WMIC.exe
Token: SeShutdownPrivilege	3140	WMIC.exe
Token: SeDebugPrivilege	3140	WMIC.exe
Token: SeSystemEnvironmentPrivilege	3140	WMIC.exe
Token: SeRemoteShutdownPrivilege	3140	WMIC.exe
Token: SeUndockPrivilege	3140	WMIC.exe
Token: SeManageVolumePrivilege	3140	WMIC.exe
Token: 33	3140	WMIC.exe
Token: 34	3140	WMIC.exe
Token: 35	3140	WMIC.exe
Token: 36	3140	WMIC.exe
Token: SeIncreaseQuotaPrivilege	3140	WMIC.exe
Token: SeSecurityPrivilege	3140	WMIC.exe
Token: SeTakeOwnershipPrivilege	3140	WMIC.exe
Token: SeLoadDriverPrivilege	3140	WMIC.exe
Token: SeSystemProfilePrivilege	3140	WMIC.exe
Token: SeSystemtimePrivilege	3140	WMIC.exe
Token: SeProfSingleProcessPrivilege	3140	WMIC.exe
Token: SeIncBasePriorityPrivilege	3140	WMIC.exe
Token: SeCreatePagefilePrivilege	3140	WMIC.exe
Token: SeBackupPrivilege	3140	WMIC.exe
Token: SeRestorePrivilege	3140	WMIC.exe
Token: SeShutdownPrivilege	3140	WMIC.exe
Token: SeDebugPrivilege	3140	WMIC.exe
Token: SeSystemEnvironmentPrivilege	3140	WMIC.exe
Token: SeRemoteShutdownPrivilege	3140	WMIC.exe
Token: SeUndockPrivilege	3140	WMIC.exe
Token: SeManageVolumePrivilege	3140	WMIC.exe
Token: 33	3140	WMIC.exe
Token: 34	3140	WMIC.exe
Token: 35	3140	WMIC.exe
Token: 36	3140	WMIC.exe
Token: SeShutdownPrivilege	1464	000.exe
Token: SeCreatePagefilePrivilege	1464	000.exe
Token: SeIncreaseQuotaPrivilege	4276	WMIC.exe
Token: SeSecurityPrivilege	4276	WMIC.exe
Token: SeTakeOwnershipPrivilege	4276	WMIC.exe
Token: SeLoadDriverPrivilege	4276	WMIC.exe
Token: SeSystemProfilePrivilege	4276	WMIC.exe
Token: SeSystemtimePrivilege	4276	WMIC.exe
Token: SeProfSingleProcessPrivilege	4276	WMIC.exe
Token: SeIncBasePriorityPrivilege	4276	WMIC.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

msedge.exe

pid	process
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

msedge.exemsedge.exe

pid	process
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
5968	msedge.exe
5968	msedge.exe
5968	msedge.exe
5968	msedge.exe
5968	msedge.exe
5968	msedge.exe
5968	msedge.exe
5968	msedge.exe
5968	msedge.exe
5968	msedge.exe
5968	msedge.exe
5968	msedge.exe
5968	msedge.exe
5968	msedge.exe
5968	msedge.exe
5968	msedge.exe
5968	msedge.exe
5968	msedge.exe
5968	msedge.exe
5968	msedge.exe
5968	msedge.exe
5968	msedge.exe

Suspicious use of SetWindowsHookEx 10 IoCs

Processes:

MrsMajor3.0.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exe000.exe

pid process

5524 MrsMajor3.0.exe
4228 MEMZ.exe
1604 MEMZ.exe
5480 MEMZ.exe
5732 MEMZ.exe
5616 MEMZ.exe
5844 MEMZ.exe
4144 MEMZ.exe
1464 000.exe
1464 000.exe

pid	process
5524	MrsMajor3.0.exe
4228	MEMZ.exe
1604	MEMZ.exe
5480	MEMZ.exe
5732	MEMZ.exe
5616	MEMZ.exe
5844	MEMZ.exe
4144	MEMZ.exe
1464	000.exe
1464	000.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 1508 wrote to memory of 2332	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 2332	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 4108	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 4108	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 4108	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 4108	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 4108	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 4108	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 4108	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 4108	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 4108	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 4108	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 4108	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 4108	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 4108	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 4108	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 4108	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 4108	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 4108	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 4108	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 4108	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 4108	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 4108	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 4108	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 4108	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 4108	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 4108	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 4108	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 4108	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 4108	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 4108	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 4108	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 4108	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 4108	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 4108	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 4108	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 4108	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 4108	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 4108	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 4108	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 4108	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 4108	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 3840	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 3840	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 1456	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 1456	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 1456	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 1456	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 1456	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 1456	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 1456	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 1456	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 1456	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 1456	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 1456	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 1456	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 1456	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 1456	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 1456	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 1456	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 1456	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 1456	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 1456	1508	msedge.exe	msedge.exe
PID 1508 wrote to memory of 1456	1508	msedge.exe	msedge.exe

System policy modification 1 TTPs 2 IoCs

evasion

Modify Registry

T1112

Processes:

wscript.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System	wscript.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0"	wscript.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://cod2master.activision.com
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1508

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff25d746f8,0x7fff25d74708,0x7fff25d74718
2⤵
PID:2332

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,832110570866487355,10556031018179794817,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
2⤵
PID:4108

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,832110570866487355,10556031018179794817,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3840

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,832110570866487355,10556031018179794817,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8
2⤵
PID:1456

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,832110570866487355,10556031018179794817,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3156 /prefetch:1
2⤵
PID:4372

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,832110570866487355,10556031018179794817,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:1
2⤵
PID:2164

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,832110570866487355,10556031018179794817,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4664 /prefetch:1
2⤵
PID:4716

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,832110570866487355,10556031018179794817,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1
2⤵
PID:1400

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,832110570866487355,10556031018179794817,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
2⤵
PID:3620

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,832110570866487355,10556031018179794817,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5628 /prefetch:8
2⤵
PID:2484

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,832110570866487355,10556031018179794817,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5628 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5016

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,832110570866487355,10556031018179794817,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3936 /prefetch:1
2⤵
PID:380

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,832110570866487355,10556031018179794817,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
2⤵
PID:1644

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,832110570866487355,10556031018179794817,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1
2⤵
PID:1404

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,832110570866487355,10556031018179794817,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
2⤵
PID:2068

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,832110570866487355,10556031018179794817,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1
2⤵
PID:3900

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2100,832110570866487355,10556031018179794817,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5908 /prefetch:8
2⤵
PID:4208

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2100,832110570866487355,10556031018179794817,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5748 /prefetch:8
2⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:3272

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,832110570866487355,10556031018179794817,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
2⤵
PID:4880

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,832110570866487355,10556031018179794817,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
2⤵
PID:1868

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,832110570866487355,10556031018179794817,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
2⤵
PID:1020

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,832110570866487355,10556031018179794817,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
2⤵
PID:3540

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,832110570866487355,10556031018179794817,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1
2⤵
PID:5088

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,832110570866487355,10556031018179794817,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1916 /prefetch:1
2⤵
PID:4972

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,832110570866487355,10556031018179794817,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
2⤵
PID:4800

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,832110570866487355,10556031018179794817,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1896 /prefetch:1
2⤵
PID:2952

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,832110570866487355,10556031018179794817,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1300 /prefetch:1
2⤵
PID:4716

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,832110570866487355,10556031018179794817,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:1
2⤵
PID:4656

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,832110570866487355,10556031018179794817,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1
2⤵
PID:100

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2100,832110570866487355,10556031018179794817,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5740 /prefetch:8
2⤵
PID:1748

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2100,832110570866487355,10556031018179794817,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1904 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3516

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,832110570866487355,10556031018179794817,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4856 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3116

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,832110570866487355,10556031018179794817,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
2⤵
PID:5416

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2872

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2244

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault799755e5haa32h480eha2c5hb016ce925e1c
1⤵
PID:4216

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7fff25d746f8,0x7fff25d74708,0x7fff25d74718
2⤵
PID:2268

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,395689481126858146,8544841175317019611,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
2⤵
PID:2480

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,395689481126858146,8544841175317019611,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 /prefetch:3
2⤵
PID:2748

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
1⤵
PID:5236

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault8056df6ahe6d4h42cbh9f32hfcd407613bec
1⤵
PID:5444

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff25d746f8,0x7fff25d74708,0x7fff25d74718
2⤵
PID:5460

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,2349841390362420306,1426150042908623314,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3
2⤵
PID:5752

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault3cd84793h795bh4e0fhab23hcae29903c239
1⤵
PID:5880

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff25d746f8,0x7fff25d74708,0x7fff25d74718
2⤵
PID:5892

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1436,3314679268572225522,3231457541248220031,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 /prefetch:3
2⤵
PID:6140

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaultc4a9f94ch0e65h4fe4hbc7dha5a9213364f9
1⤵
PID:2936

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff25d746f8,0x7fff25d74708,0x7fff25d74718
2⤵
PID:5364

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2184,7235229152487523158,10908089947230755526,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1372 /prefetch:3
2⤵
PID:5832

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2384

C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Trojan\MrsMajors\MrsMajor3.0.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Trojan\MrsMajors\MrsMajor3.0.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:5524

C:\Windows\system32\wscript.exe
"C:\Windows\system32\wscript.exe" C:\Users\Admin\AppData\Local\Temp\7BF8.tmp\7BF9.tmp\7BFA.vbs //Nologo
2⤵
- UAC bypass
- Checks computer location settings
- System policy modification
PID:3684

C:\Users\Admin\AppData\Local\Temp\7BF8.tmp\eulascr.exe
"C:\Users\Admin\AppData\Local\Temp\7BF8.tmp\eulascr.exe"
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2784

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Trojan\MrsMajors\MrsMajor2.0.7z"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
PID:2504

C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Trojan\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Trojan\MEMZ.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:4228

C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Trojan\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Trojan\MEMZ.exe" /watchdog
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1604

C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Trojan\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Trojan\MEMZ.exe" /watchdog
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:5480

C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Trojan\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Trojan\MEMZ.exe" /watchdog
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:5732

C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Trojan\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Trojan\MEMZ.exe" /watchdog
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:5616

C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Trojan\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Trojan\MEMZ.exe" /watchdog
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:5844

C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Trojan\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Trojan\MEMZ.exe" /main
2⤵
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetWindowsHookEx
PID:4144

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe" \note.txt
3⤵
PID:4436

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=facebook+hacking+tool+free+download+no+virus+working+2016
3⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:5968

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff25d746f8,0x7fff25d74708,0x7fff25d74718
4⤵
PID:2752

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,6158170154469159936,4848528556484476164,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
4⤵
PID:1440

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,6158170154469159936,4848528556484476164,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
4⤵
PID:1884

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,6158170154469159936,4848528556484476164,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8
4⤵
PID:5692

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6158170154469159936,4848528556484476164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
4⤵
PID:2652

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6158170154469159936,4848528556484476164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
4⤵
PID:1008

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6158170154469159936,4848528556484476164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2156 /prefetch:1
4⤵
PID:3028

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6158170154469159936,4848528556484476164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4048 /prefetch:1
4⤵
PID:1628

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,6158170154469159936,4848528556484476164,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6012 /prefetch:8
4⤵
PID:4404

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,6158170154469159936,4848528556484476164,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6012 /prefetch:8
4⤵
PID:2872

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6158170154469159936,4848528556484476164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1
4⤵
PID:784

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6158170154469159936,4848528556484476164,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4372 /prefetch:1
4⤵
PID:2632

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6158170154469159936,4848528556484476164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
4⤵
PID:5080

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6158170154469159936,4848528556484476164,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
4⤵
PID:5740

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=g3t+r3kt
3⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:3004

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff25d746f8,0x7fff25d74708,0x7fff25d74718
4⤵
PID:6072

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,4132914527518353150,11578894774342496003,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
4⤵
PID:5232

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,4132914527518353150,11578894774342496003,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2492 /prefetch:3
4⤵
PID:4276

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,4132914527518353150,11578894774342496003,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:8
4⤵
PID:4484

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,4132914527518353150,11578894774342496003,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
4⤵
PID:5204

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,4132914527518353150,11578894774342496003,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
4⤵
PID:1820

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,4132914527518353150,11578894774342496003,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1
4⤵
PID:4532

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,4132914527518353150,11578894774342496003,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4900 /prefetch:1
4⤵
PID:5032

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,4132914527518353150,11578894774342496003,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4336 /prefetch:8
4⤵
PID:2616

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,4132914527518353150,11578894774342496003,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4336 /prefetch:8
4⤵
PID:4644

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=dank+memz
3⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:5356

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff25d746f8,0x7fff25d74708,0x7fff25d74718
4⤵
PID:4636

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,1909065830864968859,5856695510935614362,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
4⤵
PID:2652

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,1909065830864968859,5856695510935614362,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
4⤵
PID:3076

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,1909065830864968859,5856695510935614362,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:8
4⤵
PID:1792

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,1909065830864968859,5856695510935614362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
4⤵
PID:4928

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,1909065830864968859,5856695510935614362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
4⤵
PID:3608

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,1909065830864968859,5856695510935614362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
4⤵
PID:548

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,1909065830864968859,5856695510935614362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
4⤵
PID:5900

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,1909065830864968859,5856695510935614362,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5476 /prefetch:8
4⤵
PID:4288

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,1909065830864968859,5856695510935614362,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5476 /prefetch:8
4⤵
PID:5500

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,1909065830864968859,5856695510935614362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3716 /prefetch:1
4⤵
PID:3452

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,1909065830864968859,5856695510935614362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
4⤵
PID:6044

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,1909065830864968859,5856695510935614362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3536 /prefetch:1
4⤵
PID:1404

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,1909065830864968859,5856695510935614362,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1808 /prefetch:1
4⤵
PID:4128

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,1909065830864968859,5856695510935614362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
4⤵
PID:4404

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,1909065830864968859,5856695510935614362,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
4⤵
PID:1416

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,1909065830864968859,5856695510935614362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2056 /prefetch:1
4⤵
PID:2388

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,1909065830864968859,5856695510935614362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2100 /prefetch:1
4⤵
PID:5556

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,1909065830864968859,5856695510935614362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=244 /prefetch:1
4⤵
PID:6012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,1909065830864968859,5856695510935614362,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1148 /prefetch:1
4⤵
PID:5380

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,1909065830864968859,5856695510935614362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6300 /prefetch:1
4⤵
PID:5080

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,1909065830864968859,5856695510935614362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1808 /prefetch:1
4⤵
PID:2304

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,1909065830864968859,5856695510935614362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6304 /prefetch:1
4⤵
PID:3748

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,1909065830864968859,5856695510935614362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
4⤵
PID:848

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,1909065830864968859,5856695510935614362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
4⤵
PID:4536

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,1909065830864968859,5856695510935614362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6768 /prefetch:1
4⤵
PID:1124

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,1909065830864968859,5856695510935614362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7084 /prefetch:1
4⤵
PID:4720

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2092,1909065830864968859,5856695510935614362,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6956 /prefetch:8
4⤵
PID:5900

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,1909065830864968859,5856695510935614362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7416 /prefetch:1
4⤵
PID:4724

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,1909065830864968859,5856695510935614362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7468 /prefetch:1
4⤵
PID:2800

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,1909065830864968859,5856695510935614362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7560 /prefetch:1
4⤵
PID:4196

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,1909065830864968859,5856695510935614362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7492 /prefetch:1
4⤵
PID:6028

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,1909065830864968859,5856695510935614362,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5188 /prefetch:2
4⤵
PID:5600

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,1909065830864968859,5856695510935614362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7236 /prefetch:1
4⤵
PID:2456

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,1909065830864968859,5856695510935614362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8056 /prefetch:1
4⤵
PID:1584

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,1909065830864968859,5856695510935614362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
4⤵
PID:3464

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2092,1909065830864968859,5856695510935614362,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6632 /prefetch:8
4⤵
PID:4152

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2092,1909065830864968859,5856695510935614362,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=7776 /prefetch:8
4⤵
PID:3548

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,1909065830864968859,5856695510935614362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1932 /prefetch:1
4⤵
PID:2416

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,1909065830864968859,5856695510935614362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8104 /prefetch:1
4⤵
PID:3544

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=montage+parody+making+program+2016
3⤵
PID:5544

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff25d746f8,0x7fff25d74708,0x7fff25d74718
4⤵
PID:6020

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+buy+weed
3⤵
PID:2724

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff25d746f8,0x7fff25d74708,0x7fff25d74718
4⤵
PID:3984

C:\Windows\SysWOW64\mspaint.exe
"C:\Windows\System32\mspaint.exe"
3⤵
PID:2920

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+download+memz
3⤵
PID:448

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7fff25d746f8,0x7fff25d74708,0x7fff25d74718
4⤵
PID:2648

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=mcafee+vs+norton
3⤵
PID:5760

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff25d746f8,0x7fff25d74708,0x7fff25d74718
4⤵
PID:5256

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://softonic.com/
3⤵
PID:2172

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff25d746f8,0x7fff25d74708,0x7fff25d74718
4⤵
PID:2876

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2524

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5232

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1396

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1588

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
PID:3928

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3768

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4912

C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Trojan\000.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Trojan\000.exe"
1⤵
- Enumerates connected drives
- Sets desktop wallpaper using registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1464

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\windl.bat""
2⤵
PID:1996

C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im explorer.exe
3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:5180

C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:2800

C:\Windows\SysWOW64\Wbem\WMIC.exe
wmic useraccount where name='Admin' set FullName='UR NEXT'
3⤵
- Suspicious use of AdjustPrivilegeToken
PID:3140

C:\Windows\SysWOW64\Wbem\WMIC.exe
wmic useraccount where name='Admin' rename 'UR NEXT'
3⤵
- Suspicious use of AdjustPrivilegeToken
PID:4276

C:\Windows\SysWOW64\shutdown.exe
shutdown /f /r /t 0
3⤵
PID:3080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1464 -s 5012
2⤵
- Program crash
PID:5192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1464 -s 5012
2⤵
- Program crash
PID:5132

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2fc 0x3d4
1⤵
PID:5092

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
1⤵
PID:1648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 1464 -ip 1464
1⤵
PID:5820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 1464 -ip 1464
1⤵
PID:2296

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa384b055 /state1:0x41c64e6d
1⤵
PID:3636

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Defense Evasion

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Impair Defenses

T1562

Disable or Modify Tools

T1562.001

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Peripheral Device Discovery

T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Defacement

T1491

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
e494d16e4b331d7fc483b3ae3b2e0973

SHA1
d13ca61b6404902b716f7b02f0070dec7f36edbf

SHA256
a43f82254638f7e05d1fea29e83545642f163a7a852f567fb2e94f0634347165

SHA512
016b0ed886b33d010c84ca080d74fa343da110db696655c94b71a4cb8eb8284748dd83e06d0891a6e1e859832b0f1d07748b11d4d1a4576bbe1bee359e218737

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
0764f5481d3c05f5d391a36463484b49

SHA1
2c96194f04e768ac9d7134bc242808e4d8aeb149

SHA256
cc773d1928f4a87e10944d153c23a7b20222b6795c9a0a09b81a94c1bd026ac3

SHA512
a39e4cb7064fdd7393ffe7bb3a5e672b1bdc14d878cac1c5c9ceb97787454c5a4e7f9ae0020c6d524920caf7eadc9d49e10bee8799d73ee4e8febe7e51e22224

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
a33e814282c456aef585b745a147dd0b

SHA1
50e1cb52e0b344d6a19f46ceff66044466ed2698

SHA256
e211f3bb190f766c7d23d4686d44f00fd57e584307eeb8b59ac99a69a7098085

SHA512
22598e2754ff7e81f1640a5ed4c3777c870dbab9a7473fc2a1a25002738ec0edd4f6ca43bd716e6e7b54458edd3f26ef46501d31888a132de7df4729ea3be874

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
32fac6c7e1274a5b83c971dcdf46f7fd

SHA1
d95fdaa1569e5ac58c771ba5411d08679aba8c06

SHA256
9c115092e6a08faed22df5b81be85c6651e04a298f53d14479f0cebd9b372c44

SHA512
ccb0ae33f48a83c9b884f8b3d8365ef1c550ae48db1bed3834110ab2b9dc3fc6ac738220fd59897dfeb2b4600bfbe605a893e576e661d0cf08441350c91691e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
b04ffd9c0c6e8d4bf9234cb7bc6b060d

SHA1
c49cf14c34b96ff6811f86f1f90e675025fcefa9

SHA256
f540dde5b82d488c22276afb0c6d12a276e5ab2bbfccd8703025d8b8c05804a4

SHA512
88e4e96c60a08f2780b23cab0935a84eeb49063097b0d209d364cc5ad86d5c79c0f0c74416852101e1fc5952403b70d0af03083748ded7e195f43b2506d2ac19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
ce6a3a4905cfa5d94b7d896eb739a463

SHA1
749d1bf0d2d9b8728308c96d9805e988209d1c95

SHA256
81ef9bbd5c351c169a48e8a4edfba1e669ab7b228b4de03bc3376f053359a82d

SHA512
d607f5b035a5d2666766026ba99f15c3e2fbed11f2b1b4ca92215face444d2e166c15a0b18d1fcb616874aa2ba6e66b27495950071930deb9e632483eeddbda8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\023e389b-ebe4-4e6f-8db3-9cef779d163e.tmp
Filesize
8KB

MD5
4d751febbbc968b28046b0c5e6e822c6

SHA1
fdc29de1a0b947adc6a1fe9bc194263c26411bf2

SHA256
d89fc03722bda35e6e3241d3f84acd5002d3c4a49e883e67f267da84747e709a

SHA512
c18c55371d5f841e38d2096dad80e811be9f767ba060d17d2f22f9e80e2d816a843245828fcc48249fc0c6a84000dbf41ffc53e389048b22377f398740c5317a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\44b9df2b-ced8-4e98-af1e-441c83828a0d.tmp
Filesize
1KB

MD5
cdad754b48ee89120b4f3a14f7435ed9

SHA1
61d286c89196b3077527ed581899f82c0fc2ed34

SHA256
de239e83f47c7417f1af17069760f459865fb71463b0b799dd3c67543498a6e8

SHA512
67b768d730e118abd0f06fed03d9c4445728236942a922cc8dc9b801f412f2c8c87fccd39dc6ce8a843e4e347b76f7e4176d9228b3d24d016618dbf23b81fbbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\8dc72228-3b50-40e5-840a-d6abec207da2.tmp
Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
Filesize
69KB

MD5
aac57f6f587f163486628b8860aa3637

SHA1
b1b51e14672caae2361f0e2c54b72d1107cfce54

SHA256
0cda72f2d9b6f196897f58d5de1fe1b43424ce55701eac625e591a0fd4ce7486

SHA512
0622796aab85764434e30cbe78b4e80e129443744dd13bc376f7a124ed04863c86bb1dcd5222bb1814f6599accbd45c9ee2b983da6c461b68670ae59141a6c1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004
Filesize
35KB

MD5
786d29ac69180555a37e07c36b4504e7

SHA1
a1950b38546c4d5582715058d2b523580ab75a71

SHA256
ac07d7137b93ab08baac4eba722210a729ce4ce6600c5c7eb5c5049bd341e117

SHA512
53b3bd579afac1fc271d21b2ec5369642410004163662d96a562a4b1be95ed8fa189c675fdea12912d1904d7693444f4f5f1df72c7b2cb08ebbe9e74ca1678dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007
Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b
Filesize
1.1MB

MD5
d404b61450122b2ad393c3ece0597317

SHA1
d18809185baef8ec6bbbaca300a2fdb4b76a1f56

SHA256
03551254e2231ecd9c7ee816b488ecbde5d899009cd9abbe44351d98fbf2f5fb

SHA512
cb1a2867cc53733dc72cd294d1b549fa571a041d72de0fa4d7d9195bcac9f8245c2095e6a6f1ece0e55279fa26337cdcc82d4c269e1dd186cbbd2b974e2d6a70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018
Filesize
198KB

MD5
319e0c36436ee0bf24476acbcc83565c

SHA1
fb2658d5791fe5b37424119557ab8cee30acdc54

SHA256
f6562ea52e056b979d6f52932ae57b7afb04486b10b0ebde22c5b51f502c69d1

SHA512
ad902b9a010cf99bdedba405cad0387890a9ff90a9c91f6a3220cdceec1b08ecb97a326aef01b28d8d0aacb5f2a16f02f673e196bdb69fc68b3f636139059902

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
4KB

MD5
728a065f85c4330eb8e347979d2fb6cc

SHA1
1825b2ba7db71e1500a4da359f74145d9ea4512b

SHA256
40d3fe4e4254fa88432118c83d8929b61a0613954fa9eded9ae95f58799f584f

SHA512
703dc6fd28664f3ca4fc0455afdee1cfb191ec929c8a41937bfb3e67fd60b070207485eda80846329b0f7f9fde50ca2faedb01d88bd155b5178765e84c001339

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
4KB

MD5
43002c11a7980a60dbe27e2b985bf1ac

SHA1
b39388f7374f3ac0730eee365a982770c68b4753

SHA256
02397efea8537f1a37e52d437255440faa634f387950bfb492169d3a40b6cbf6

SHA512
819dad574761afe94c4465fef6549bc1564e530c3e12950aae2b7e742e603d48e27663b85139e64ec3f663cdd68caa3539e4a466f93f15b88a7ca5076667a2ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
4KB

MD5
ae311d16e60df822dbce0619de4125b3

SHA1
a3ad8ee20c0640b1a7760ed82fa4c2e053214077

SHA256
d7571f10a3f534a54ec5c9167974a2dd59dea845fb6c719472bfccb216583ba0

SHA512
6d6bf39321bfebd8839db9c84ab2c34699ad7104b767af74ce0506c4f0548efb8ebced5c9d587b0e000ddb45d1b4c99cf6b5bd8a91365c3acf089b99f11ac215

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
4KB

MD5
0e278fcc44bd94e00e4dc9b72e84362f

SHA1
0734b16fde036232c5d35b64787accd73c6c0446

SHA256
4b5d0329d54a7c3025a1d646fc47d5262e25af0b7492aaaf509ab752297f78aa

SHA512
e045da337dec5d27d475e49e9c29750e1ca56ab31bf58d08a82c540349449acf8a12598139582532375c540d49b5f374e800d1f97f4df5371ae1fa65a58f1f97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
4KB

MD5
56c8a4d006fdf6e989a03090dd6355f6

SHA1
e545a95b8b92013e02304e677731dc0f47a4a944

SHA256
b8e3e892c80d589e640ee7660f38a63a701f259b8e398a100af579025eaddde8

SHA512
5e88437e02e9e601aebbff5e935deffa9c03cfeaae52a19ff29b85f67b009987bf81d06f7c13bcb9a5a1d46016392694fe48bef0934c188718465f5079935968

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
Filesize
124KB

MD5
45d85e66f199a7c5edcdd3d2574ac325

SHA1
3eae72f75983e561f6c6b0c0d50fe7dd150c39c6

SHA256
04d78eb65c03365943602297eaaad454a71bb1be783a54ef1e62b086baa0731b

SHA512
65f5636e16d459ab19217eb788f67637dbbbb7d2debb29eccf2171e5f52a3ab7c21ea27a758d5e8b6944fe52ff3b577a2fefb3b56ea43b6d8fd495a0246e84c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
2KB

MD5
f6da48b916ae847ffa759422c7b4c2f9

SHA1
784d3de04a7a56a58114936bb281c2f62f449646

SHA256
0a138e55b8625556f964df5c0c2058b6bd0adcdcb5a7f0af74ed93b45ea1f604

SHA512
6d8bb4a22bdb7057003e2a476d197799a677ef274c30f7b9433640a162e4e3618d32b1f80f57499a78b606e087dfd63caeb3c2c440c3758f3775b62522219d1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
2KB

MD5
2359315fbdd2f60bbaa9ad5029df3d5a

SHA1
0b80e6f5ace8353bfa18641e694dee823b49f2cd

SHA256
ce5bc814e77027699f10b87ab85a7e7729b74db32fb7194db1fa6426dddd2605

SHA512
62e26eed1517161395e29d7ea587a2715b53899658af34b784be9a5b4b53798643c3e0a258d9f7f6ba91f0f9dcea5f8650718b4013da36ab4eed33838b64a331

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
e9fc12a183342b374824eafdda8b6f8d

SHA1
9c18e3cb83ab4318d4508cf300f6c11513c391c5

SHA256
760330dad79b5bf9c446bdd899d25799fd9f21e9d0288e8ad58cd543fb50be78

SHA512
080eb703f4a5506042b7415a3545fdb397e94e89fbfcc742df9be742796f116b5b558c131617605bb54d1b69cc99e0626b825601b12edac6688fada79e2e5d3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
4KB

MD5
eac13b6c19634252ceb38b293147a80e

SHA1
b114dcdc1c1bcd269a492a136d6a8a36eaefb8d4

SHA256
279c9cede0e87b4869db73990714ddc2c95b5ff4b62fd0bbec117d348d178a79

SHA512
edfe8eb82268aa1f0654c9b9aa0ab52a446590b4b8ca529a5e533b0456a1a4ee11a5a1979a07aae42745d5ccac5726c95f955c3657bdf6e194be961f0ca487ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
2KB

MD5
6aff68c6e2561b280947a8282d319c05

SHA1
a0026c48d939aee16d133d7158cc07296098fe37

SHA256
8ffa1704b413c5ec03abf8d84353e3b4b74bfe844b164dfe3446bfe1876aeb3f

SHA512
dbcf9011bb4f18cf2b46051d29b22b69ede07831b1da85132f15ffe7c2008461fb226accdfefb5b1ca1108abaaf6a54aa2ce1993e68ad476b8376eefbfea1546

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
b96e9ad4b79106d5e80cf7a7495ac055

SHA1
94c05269441924ceee8fd357324b3d02842f2e8f

SHA256
95a04b19ec5687d4e1bd563daa520c2c1d1cb62eb7480c45e475e5e7c3c9e47c

SHA512
6a0eac5b0dcd89ad47f773a8281579c937f1b18d408edbb0fb0d47fb3d42cee7a9f75f032bebf2ccb6814eaf7614fd2f90ff57908d2b2fdc6113c882b842f371

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
ad837a8c175f860612e6930099474b8c

SHA1
06b1591f15d11efaebe39c3afcd60ca1d12ebe88

SHA256
79bbc724eca7b416bbd06d19090a3abb46e33965b3de8c23368bbad1855b35b0

SHA512
4840b29a9e5b1114c8b14e5e2afda0c8b05a8d86ac04942759a0eb425af824e5af161cdef68bf5fc70426ed79b93c757478d664f832391f234111d63e3cad4cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
59839d5735c359f223a3fcd726c32d4c

SHA1
61824a1cf8ec02cafc23ded38f742e814f03a7be

SHA256
60928d3e04ee90f20396a7044fb37d8f02f32cf9163d142c57a6038873d3081d

SHA512
3eadc57deab5721f051cd80aca6b36ace07d1c693a8fd1b9b7bd81af04ce0d2d03620c3eb2cc0b8bcd2f26a961e4dc0856b72b796c0dd923dd61507d4c0d4cdc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
e761b893b6a390f250d6108a559e3cb5

SHA1
b1232a9f5db9e1ef7c98e7a9c34ff1306fde1517

SHA256
bdfd15591a3f3b280da2b64ee039a436658fd109c16e3c851f63e15330603dbb

SHA512
1b0df8dadd4ffb90a08ddf17569632f0b10307782598bc0f5b4a79cc94af66147d53fc28865eca95e8fb77a667534f53644149f7774279200e48458331a23f98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
4f3ddfeb5428f2599d1bce3c3e0a918f

SHA1
a10596eea91e286b47f3562147d064960a4f4697

SHA256
a0df62b5306cc7bb279cb9b2914b9224c4fd06aa5a7acbba62f67332a25c76fc

SHA512
bd61719c7f96caf0d4747cf3922211a146ebd9d4fdd248ffef91ba91a146466e6ff7d4a90bb57116394e311b858f8ffff823c971a0a9972dd024a6a54eaa7edf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
c2536a41892cf058a5a7e042be9d162f

SHA1
dd65df934c49903cbee1cdad6aed4e94dbbc9d1f

SHA256
7fb8b0510c8451f41a125c75c897597f2302a276665bb5580af7228108a3814d

SHA512
20334fd37dcd97d80e7be6ddd073a8e9e9fe9260efbbdebcaccd407f7031830cfe009dc051938e7c7ed5c5b297d5c4d1c0b6a8ba87ff7c70bb4e0afe657528ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
905de45d1b6d04db5bd7a2fc9d463cc3

SHA1
4fe55787609ca63e458ee2a3eabf79cb2f2a1eda

SHA256
1eb7ba0715e8a41f54dc75dde7f06e6880fc069869f4fff4c61947b61bd595fe

SHA512
d9f0027e5fd2b9ba2c441a2281181d3fa951cce8ffb237a7160cef4f94dba856c865d350f64cda4e81e91c68fbad33a82bd73fd1a85deb8896e8afe9c2319df1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
81b731cceaaa7d3ac9e3ff51a32121c3

SHA1
442217adeaac85019dc25d42071d6c9d39da7f00

SHA256
674896248433901912e38e85d245e8e772cd05ba9c3951b5146813102ebf3c6b

SHA512
ae15a5c6d4bb5e56e340f9665dc3ebb376fe057be8c691e01ec61d77aba374d7ce256a971d6bc5dccea11f5e43680515e0f79428bdc3c161b217e8775f350a85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
d49f2ba79ce57154f43a2817b58c9c18

SHA1
5e175af555bd54134b4926d4e2181301e8f25067

SHA256
7ef02368bf7ee0b22b5f0aab6ff67d33cb81858f21ef8743c9dfd9d6a8d5617d

SHA512
16a16d30e6da590b8a35d32cce4e5b695f8b96a179a1ca5a5641c9359524c15d14ffc4f95d511932c36410bc1212ce3254422327005988b2aaab2cdfeb9b09f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
062ea09b199d090f5c5e75933e944ed1

SHA1
0cfa727ed4d5081243c80ef47b75fb338410c6ab

SHA256
fc97c42c5e81293650d33a82948898380cdb9405a4f340b74957c3f27eceac76

SHA512
39aa21ce0b79f8e4bbf05464040fef4bea7517d05f60066ae2093eabc96bade06ecfa34160846089c7a2814dd5d44c710d7deb28395446bb1830b473f8d22ce0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
137bdc604eb2d371429d9f5676505569

SHA1
9a0984a154abe67f5d37fc0b5f65402ee5441a67

SHA256
5ac3b7e48c2b3dc6c05f1ab66a984aad659c877fb0252e9305b9d9a411926810

SHA512
681a46033c9c5f9bf69c395063ccd299e06a065a9c40b4847bd0bb0ac5a515f3baca8e8377e0cddce5420ddabc74fe7c7f4973983d8cb9b2b14e44471ea0021b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
0b4278d717937ce471f1499ca6e8810e

SHA1
e9088e0fe50283f2a91d5c20ebe7a43b89942378

SHA256
ee092d70d289bc2c67dbb51abdb55cf43f6934788ae0a920aad25ad2186e889b

SHA512
6a2b801cbc416a8eb52060659bd7e8f4e0f9e982091d97951697bae2fd62e2dd5816551c21d2079e9b9a366318c701c9a79e974055a6c529027653477ebd4919

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
2fe4485503dc1ae1be032d5a10da257c

SHA1
9db5d17c93e8a54d69e1addc482a372308b3c65e

SHA256
bfb1368b37a52b8e0ba5263ca74f5a38082af10850edc81ce3cb559c30babe05

SHA512
2238e69a67f57368554a7a206f43bd3cbb2ab5269756f4b3a62c5edcefd48647aa3a281bc5ac987ff1629a5def60a554dc5494b60ccae3e48d10fac525e2771c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
1cf800ef00ebaefeaf6eaee0823e80e3

SHA1
2bb52d2b522d51bf3f768abf020f8418744e2848

SHA256
f4cbbfc4ae1ad2cd5c6d2ce2a16704ee6182dde69d836a21d812841d8950865b

SHA512
9b779999593d3e6e21fa1a519b74e7451dd845f0ad4d70ab59efd270f9bcdf004f659cd13431d423993047728b60369967cd1cadd210b23ea1bc6f5dfaa5f4cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
831f0c0598e9ac12a5a823b7c9aac06f

SHA1
b49a851b7235b0bed4d2b8a70f3b58a32cb07a04

SHA256
941e0c5b3f3826bd2057e3992bf92772df3ca07c4196c89d381b326581a41785

SHA512
b635afd4ab19b5622f29899c1393c107f3702aa2167db129ed97122f177b27c76f6f4d57bab2a8d365c0d572ca510c354e3f9e50a5e0e341149e932b20717e73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
98a89c6d816ebf11d025b970aa3eef5c

SHA1
bfcd086c5e28f211e2fc80a87ad2970dbdde463b

SHA256
7bee72729a420105d4add05c40d33cde6e8d51146006ba4531291f8be59ce4a4

SHA512
dc80775caec753bc7e0493c2259c76542660387ef9680734b89283014da2f658e719ad793ec220175715797039089f1f9637d174f535034efff185a9eeb97436

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
2a04c281ecd383215f7b40b43001aa28

SHA1
262bf331c72706f686aa0db52b313fc619fbc722

SHA256
2a5c1656a5ab62c435b9e4c1a9eea19da3470dd5d2944327e0d1df1623844472

SHA512
ff0f9d3f4fd619eab36f5c698a9ffbd96065537823e763ec67524622d5f33671148e00ca539f35cb05f26c58858034022591c013a45014ddcc77bb8e75fd64c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
5c338310341eaf601639b60d73f556c8

SHA1
ab4575df3967236a581047aa6477f30783dbdd4d

SHA256
9443c2458a2f2b5dab360dbdf26d8e23d923be798fd9750789d86af85bf4e91f

SHA512
6e64b3fe575f7115fe693a1b81a474d4738114cd9023c2fe94960ea87da9b59370e3936f4e21993775218470d503918945d748e50f51fc56048d3dc18a7c4bc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
e7a1e1363001109526a7ddcbcaa04180

SHA1
d2ed703eda1dfa3c506d6e18122a643aa8cefe30

SHA256
c216e152c56eb1a2e1d9c253fbde87a5d38d133a364e6d040b9a4b40e5e6d3fe

SHA512
f599ce3a7cad661f66eb55f7a1791a455078a2dc910d6d0b6b453939b3a8c1f15ad5ae95ba4020a09bc74503eb274e74bba4b0dc30f3512f0b3684420eb82b5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
10KB

MD5
a21796d1c419a7b145fc5d5c88a1e641

SHA1
311b34ac0832db9751550a63210f808dc16a0c77

SHA256
869538ceb9dca86dd03afa17d218f3eb2daccfc37463523ffd9cc3b54cb2af9e

SHA512
85e767f925564ce5ffeaf52e1b57927eb4f9e58ef24ba21f49c3b56c1509524e2de9920db18612b8e0a0541ca0654514457b9c0869522b32e39b695daa750694

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
9850cd9702287e772de4101a6e2c8cd0

SHA1
2246fe5ab83c2f75d0191b9e223e2034e337b088

SHA256
f7434aa8c48d50e6626abb7df1409ef7a60ab1c41d5c8a28a4993037049d711e

SHA512
7ecb12ddb7d7735dd6af0f581c9d2ef6309e75baf8e79437c08338711a948e86fcb124e5a1542958afd3ce49866402aa17e1e637e7fcb345081f99120c12cacf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
b5ec04f6f66d65c562abbea2550f9c1b

SHA1
7badab2dee2c4d475cadffdc95232e9101c1aae2

SHA256
69553776b74efb4af6e13abab061678160e571e2ee967ba06c7dd4e7857eddf8

SHA512
74831438003199ad343ef2d3825164801724be47f325df2e616bffabda2e2f70024375f605f25e4471a5f1ad9df19ab06aa069ef57b5e251de8dfddf6ed8f551

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
Filesize
347B

MD5
02ae658e491bc1020037baf70f137cde

SHA1
8e15f8e2634ef8542b01201e9d5e10fb5022bdd3

SHA256
149c01516f67e1676d3193780ffbffe4869a4da90479f94014e10447deb9cefb

SHA512
03d24937140bf4808530354571ba6992d44c2a2855149c9aa8789880b13ef06fc11e9ad5c60481c1597dae363a8565ba94636db6a58521d3b962e8d907f8372a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
Filesize
323B

MD5
b33cbc890a034893609d0b9e26a5834f

SHA1
6a5338918288ab7dae3defa351ab63b80a8590f0

SHA256
cee38cab892a343c921e1b2d8dd840f749dd67ce36ae03a62bff290e2c36fd83

SHA512
e5c04f5f06f669b1a24bb89f7c7773751eb05704e18613bffca5b45b019f0ab0adc4b06699e8bf8a1c0240af625c0af6456493d5e8861779ca248e1c00574a88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
930e78c708cedd22aab31d2f00aa442e

SHA1
7e9f4757dae45056d1e03fa540d42388a2823cfd

SHA256
64806bc41eaf83cfc6739fdbfdd5dacf6b9e852ae3705065fe3b31bd72d47e2f

SHA512
f0ee1db7a23d0569c76a48501e8895102d534a07cbd8a4cd045c6390467b439e3cd0791411467cf3e0b713b32ed3b4d578a436ecab1a8e22818e6be1bc1548f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
7a01161c3e22b751992830536212eacb

SHA1
95191d9c7635cf4010427f5cb56454288648144d

SHA256
ba0a94f5e0c07e1bc5af657982c1c14eb5e7b30c1d8b8a7bfef29aec96bcc72c

SHA512
cb7a426bc0a5b70eee129ca3cb6f26a353753f56a27b6106b86ff33e3ebf478fb083160b0ff49ee297196a7c4c9255b796bdb7dede24f8651fda6597ea05db32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
cd9ec0b16eda34bd4c1a02a0a9c502dd

SHA1
0928294b42d9f6f4485cf6c4e9b406ae1220ab6a

SHA256
b3d842e84541a7fd9ca0d7f4a08c477e066e3f9bc53c187adb61edcaa007f769

SHA512
92e70f6cd7743e351c9fdbbef5429cac1586063e5cf4ea46808d6ac73c29ff643c60fe97e5b4d2c2198737210ac0382349f699d13d1f6b91b7f15866dab00eda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
5e34f109201f26e955ff013bc72ba083

SHA1
a7259d9a46f9374204e6455237e9e627c4646891

SHA256
f1bf7535839d407b2bf71f3441287d18da37b6ca73cfc32307a54975bfbdb447

SHA512
048cef8f2082b349737f63f1b8d437287a4345d797834f934ffca58ca87cb31ae4262d66f3945cce9b72e50e564d9f1c5f909e9e1cf879fb0e10d927d51e3afe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
f6b4c110b84ffc9d147b8805b1723425

SHA1
e74d9b06a2208b1b0c044a02ca9a36e96e6973a1

SHA256
50e3855b171fd6e634c485607a549dccbfc97c3e72a11bd7522ba125ebfac201

SHA512
97680326d6a3406ca9d3f5bdc90dc697fb1963b799a6603b30433d0251ed8f7e80f8708c1b537ab2f3da960026d2baf335493eff9757899ef1990af62ec080c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
7d867b0ef6af37701e369a92bcc7b6f3

SHA1
0f15b5cbaa5c7ec103da17c9f4d606e7347b362d

SHA256
a35502e0fae79b940c4911005c2eea81d35943c352ec7877299f4f7fbe9ba96c

SHA512
f0054f944c667369e342d1240ebbc288e55833584a32b4298a8b88cd45b3ee698e0ab1707cc3b46791aead66744c6b6564898f843aabd0e174ea7c5482b60028

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
3KB

MD5
4108e73402dcdf322a08a51b098baca8

SHA1
0192542979c645465fac16ab3c8c97271029d11d

SHA256
bbb24d9c269642b78e344ec3f27945a1a77a380f2ca061cee423ceb82acbed4a

SHA512
663a55d490601074f8b131cab4e20e083d9cbbc33061c9c143041120d10d15321e5794d1e7e9d70930dd89d174a63b49bfb3a11a4aa892590c980c8070b6279d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
872B

MD5
6880704f836f1b63b0c769b92f01f5c1

SHA1
ef103fe523dbbe17a33d2e0a8a62205c0dc7b516

SHA256
c2fac6c38fe85c1317d4da83b872245fb72c04315a0ba9b889d46f74b3803f76

SHA512
e1d0bfa7868df8d0eef718c738b22c224d05a6eb0d5b33ff11867d70e34ba443108860107d153b6dccdbdeaab8da533f345b4520acecbd2fecb9e7d4d3ab22fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
538B

MD5
f1db2fa6df3651d58016483df4a905af

SHA1
1d84d57062db02e35b50b32613cfb3f92a0e88c5

SHA256
7a9991dd1d3008f7d7168dabea830693aa837b89f51752e4fe9bda9c5223448f

SHA512
89311ad870048114f1529c375d8f698afe5cf78ca33d73b8b30f6550bb870bdc66555d33bd853a15e03ff774cd2f44e7baf8364621b9b62574a2d66956ab44f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links
Filesize
128KB

MD5
a1cfa8d7abf776a551b856b2835ff06b

SHA1
29ab4af42126e05fdb3c2cb49122a196e283a4bd

SHA256
5002642b77b099a9f6413834f1c909a85828865175ada515a8032b6deea3008e

SHA512
11fac36dd6254c421282761801086405cf251f9499cdbc78d1587e762676810889bd0197ff7bafae578419c25f3c2404b27cf5c9eebec9a602e27649242a6fd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
589c49f8a8e18ec6998a7a30b4958ebc

SHA1
cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e

SHA256
26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8

SHA512
e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
60e3f691077715586b918375dd23c6b0

SHA1
476d3eab15649c40c6aebfb6ac2366db50283d1b

SHA256
e91d13722e31f9b06c5df3582cad1ea5b73547ce3dc08b12ed461f095aad48ee

SHA512
d1c146d27bbf19362d6571e2865bb472ce4fe43dc535305615d92d6a2366f98533747a8a70a578d1f00199f716a61ce39fac5cab9dd67e9c044bc49e7343130e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0
Filesize
44KB

MD5
d875b58eef9ea0f479128b2346ad37eb

SHA1
a429a84f2831b538ce3f82c84076a980623ac632

SHA256
fcbc84fa93288c8723a23a9bbb982e7006014a6da4659585cb93b613e1b1aa20

SHA512
2d5ce55ea7d34cbd7312b6ad4a769b9254e31847ed3d8218857206b654c7da4d2602edb4182de2baf8a10c962a779a233bd9c64e0adc0f45237b83c054280f86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
Filesize
264KB

MD5
39f165659653e436b808a766dea98ce4

SHA1
31830056910b338b755c20bd4186effdc70cc17e

SHA256
c81f7313c45022d5e5bf51cdffafd3265529abea7c722d6bfcda30424a787f9a

SHA512
0481b17f2d20c9773b8c319fc774745a977c84c09eb418e51b0582f6d2b1fdd911734da406b5557e5e2fead7b28c67975d5840cdadd61c671ecba22ded934364

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
8277dca555cace391ccfe853f5270db1

SHA1
b7d3d8a6ba0979af10e2ac2f64de2e82e206d502

SHA256
1afa33e4235b6225baab44444649be1728ff218a61f0a89b4f98d56ebb0cb1c2

SHA512
f6820d267037d785555fe564852e5858bf21431183e081afdf0543dfa3a638b270acbf68caf7d9a45a27ad54b97cc0e25a5670bc4ca9d97e3f2b89733d6c6113

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
3e0a6cc92460ed54ccb23b4cf6f8f02b

SHA1
4fddafb969c70e400c02e6af318ef08760652f56

SHA256
63e344d70e37369f61db98606e882351f771641009d708b97f665cd1dd48237d

SHA512
ac80c56ce7df980e3d01af4b98f9bd851c821e02f5b3fdb3fc9adebd0114b20191092e83d6260e545f62523e29c6e2585c4f8ae0026c380cfa59fd60a02294eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
7c507575fde9475010413f273981c48b

SHA1
3e7def7b632b0d2cc91f61f8f5f9051ab196b0d3

SHA256
c77fe49f5754261249e4a1ad25908e257dbfff98a87d9f17ea5a97e77100c3c9

SHA512
fd829134439dffa234c969bcff9d87a7087e1cc7d23588dc0a96f3ceba7adeac5b00cc2eb00cc0f240ce4adfae7f536515ea91f38fd04640bd741b16c4ce224b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
8598274465a58faf190b90e3560ea7ca

SHA1
490b7066107b7ed714d765c93b2b8ab698851b13

SHA256
70400fd418891861e3b0afa5d23a656063f8fc375bcc02b2e5b7275b509d4c2a

SHA512
e5307c64e34c1d704a334d8c9622ea8412df3788fa0cad3eadf50ce7c26dd4c08cf938e4b8bd8885e2cafee36e6ac92bb8bf47eb3ea83ab729bf5335f7c380ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
d210b4838e9d331d16cdc8dd0b1550b9

SHA1
8ca38aa3cac2374a8c3bec3a99f3fe345562eef2

SHA256
e57aa0a5ffd7c2f8734e6ac3da2622af6e9718bb527e82ac299f83cc23499d4d

SHA512
3c930462b8bc5c4b655a0b5b93ca68c99889f402badc59d06693d6883fe4cc32a5d945245069384a27d27f3a78e32da048c69b5176dd987dd534a22946aef25c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
0512f29dc5fa1fdbf943ef64bf64fe25

SHA1
9f55408009f3feb18c27b0377badff12f45f0e97

SHA256
1a8b440be49defb0f50743af46c936866d0c00f4baef47e41a13065b07722e95

SHA512
e4944c5782db9d0e24416baaf6fdd0e79a48ec8fa5f7f7920cfc1bce0007d3ea0bdcdd047109153a732f571e69a92938b7d467411edf954c81a58497b0a20caf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
c441bdc71f1697c90a3c675ef97147c1

SHA1
ea5b945f7ca2e10d5ebe0e194e4e18fe8b366636

SHA256
fa28d8efcd06ac311e997401f0e17024209f12a0afb9f3449fc6ce9668851706

SHA512
2a99afca99aa0231bece5e1a8e9e9ca90b7493bbd2a174dc6d8b80a1e8f0b0a45501e98eb14afb7f4b435173038061af595d764f98b69fe584fc0e016f59760e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
870ff47cf8f686989a64e55fcc017156

SHA1
fc57ddfca542dc98e2ed032332e642ee612a2392

SHA256
fd96fc24f7e36146dab39b79ba1370d5188fadde7e9dc88f6d8c71080f231133

SHA512
70f0d1b7520baeeea40c1d700fe4a9ac93aa2007526496fe3c02e45ce1c030c4ea8ebc1499df35a93b42392b460e32bc8abe863a3e7a5031cd6753b9f4264170

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
8ee29e6d9a55299e74e86bdc4e0a3c9c

SHA1
9ff2e4e550002567c7094785858004ec42e83b23

SHA256
c83ff24567862b5de3ca23d753a854f4ee837b002851b38b6c214985431d368b

SHA512
00a9882be2a2f9397541df5a771016ecac5adb3205b4f9ac9f0d7ed2d91b7c07ab4c2d02cad28cbd7c845982b889e41ca983cbaa7e3c4ba87d98fe21056f37f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
8c995f8445a73292da7a9a80fa2e8932

SHA1
a96cdd1c82def7645ddb41c81e84fa18779d79cf

SHA256
10889ef719b85e551a819c04ade61bde307bd844bf982eb3ea8e0395244d67df

SHA512
c6e51cb4a7955bae3de2072cab6b6372578a92ee401590e541a5642b0a1386199e252c2ab2d4373052b8e4b8a018e253ecc393de4a320199a6090b1a0b7b5e0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
78fe452bee37e3928dbc83e6a7fce5d2

SHA1
7a60f8b3c0bbe7983fe63cf8e4ecc20543f37cba

SHA256
833b1597dbe35c2be9326c8c529833874684e6d6292bce925071006cde1662ec

SHA512
a92502b21d3b866cb065867302f375a750814504ee22aaf58703bf3fe65499f35a2bd566771aad5b5c7e61e13d11b78bcb62d11af82a23457835153d8d78bad4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
30247ad5ba136b9292e510d799bac41e

SHA1
56425fb4c3285bacea89b3d2fc64808cec0014a4

SHA256
be353e7d6200dcc44565b7d1084fbe1a7c4675eb251039b9f4d14ccb0cdbb7dc

SHA512
4830b4ac40890c4676c6aac3834635d4a9ac8c68e1bd7a306f053eec1fde50055ae64cc4ef7e65a99476f55fefa1fede99d2dc464ee37747ae71ad0d03687003

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
a10392fe859da580d7faa87da019a374

SHA1
406c9728ba94e764a724da9a79abb42bebc9b79e

SHA256
ca289a86d3d901b94ceec6a8e421cc1d07c92f4f1401fee0db0b78a4509336f9

SHA512
3e8ecdcc546c276c1a38662a15426a9fbce171a615a9af901fa04da60ce6a1eb2f964c14fc886fd6319390f11cd9d1e0b9ff42126b48e508f55775c28f455846

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
Filesize
264KB

MD5
60e41b10954b1abb4e24bb1eb36aa02f

SHA1
5493bc2aa74b9964c8a6fe95291aee1696b4bb01

SHA256
64fb0f881115d24b223e01f10df83b1508f9241b389cbf873e51349a6e722193

SHA512
426d597010588875c0ef2c00e02e08c1474919804a61db0b1101640c956777c61a9861391dfb532c8a595920917f160d819a637e7fce9c71724d9ec776424a30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
Filesize
64KB

MD5
b17223e59994f60c5833030795f2bcac

SHA1
66f5f5caf68849cfe574cbef7f8278dacdafdd5f

SHA256
49fdaa4ee215c3a142144184d0e82964efb4c11c7d8ce726c5806bfca13888ca

SHA512
c7aea16c9327e9c19860c4a1487a94cb7edc8953d57aef9617a6d9accd645eb3fecf5e81f0eca6348f9dea86077d55d00546fc270bcd5d5cb9d8c864d9bf0003

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.2\WMSDKNS.XML.bak
Filesize
9KB

MD5
7050d5ae8acfbe560fa11073fef8185d

SHA1
5bc38e77ff06785fe0aec5a345c4ccd15752560e

SHA256
cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

SHA512
a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

Download Submit
C:\Users\Admin\AppData\Local\Temp\5a530dfd-bc51-4992-a05d-f09d41a331d4\AgileDotNetRT64.dll
Filesize
75KB

MD5
42b2c266e49a3acd346b91e3b0e638c0

SHA1
2bc52134f03fcc51cb4e0f6c7cf70646b4df7dd1

SHA256
adeed015f06efa363d504a18acb671b1db4b20b23664a55c9bc28aef3283ca29

SHA512
770822fd681a1d98afe03f6fbe5f116321b54c8e2989fb07491811fd29fca5b666f1adf4c6900823af1271e342cacc9293e9db307c4eef852d1a253b00347a81

Download Submit
C:\Users\Admin\AppData\Local\Temp\7BF8.tmp\7BF9.tmp\7BFA.vbs
Filesize
352B

MD5
3b8696ecbb737aad2a763c4eaf62c247

SHA1
4a2d7a2d61d3f4c414b4e5d2933cd404b8f126e5

SHA256
ce95f7eea8b303bc23cfd6e41748ad4e7b5e0f0f1d3bdf390eadb1e354915569

SHA512
713d9697b892b9dd892537e8a01eab8d0265ebf64867c8beecf7a744321257c2a5c11d4de18fcb486bb69f199422ce3cab8b6afdbe880481c47b06ba8f335beb

Download Submit
C:\Users\Admin\AppData\Local\Temp\7BF8.tmp\eulascr.exe
Filesize
143KB

MD5
8b1c352450e480d9320fce5e6f2c8713

SHA1
d6bd88bf33de7c5d4e68b233c37cc1540c97bd3a

SHA256
2c343174231b55e463ca044d19d47bd5842793c15954583eb340bfd95628516e

SHA512
2d8e43b1021da08ed1bf5aff110159e6bc10478102c024371302ccfce595e77fd76794658617b5b52f9a50190db250c1ba486d247d9cd69e4732a768edbb4cbc

Download Submit
C:\Users\Admin\AppData\Local\Temp\v.mp4
Filesize
81KB

MD5
d2774b188ab5dde3e2df5033a676a0b4

SHA1
6e8f668cba211f1c3303e4947676f2fc9e4a1bcc

SHA256
95374cf300097872a546d89306374e7cf2676f7a8b4c70274245d2dccfc79443

SHA512
3047a831ed9c8690b00763061807e98e15e9534ebc9499e3e5abb938199f9716c0e24a83a13291a8fd5b91a6598aeeef377d6793f6461fc0247ec4bbd901a131

Download Submit
C:\Users\Admin\Desktop\UR NEXT UR NEXT UR NEXT UR NEXT UR NEXT UR NEXT UR NEXT UR N1XT.txt
Filesize
396B

MD5
9037ebf0a18a1c17537832bc73739109

SHA1
1d951dedfa4c172a1aa1aae096cfb576c1fb1d60

SHA256
38c889b5d7bdcb79bbcb55554c520a9ce74b5bfc29c19d1e4cb1419176c99f48

SHA512
4fb5c06089524c6dcd48b6d165cedb488e9efe2d27613289ef8834dbb6c010632d2bd5e3ac75f83b1d8024477ebdf05b9e0809602bbe1780528947c36e4de32f

Download Submit
C:\Users\Admin\Downloads\The-MALWARE-Repo-master.zip
Filesize
198.8MB

MD5
af60ad5b6cafd14d7ebce530813e68a0

SHA1
ad81b87e7e9bbc21eb93aca7638d827498e78076

SHA256
b7dd3bce3ebfbc2d5e3a9f00d47f27cb6a5895c4618c878e314e573a7c216df1

SHA512
81314363d5d461264ed5fdf8a7976f97bceb5081c374b4ee6bbea5d8ce3386822d089d031234ddd67c5077a1cc1ed3f6b16139253fbb1b3d34d3985f9b97aba3

Download Submit
C:\note.txt
Filesize
218B

MD5
afa6955439b8d516721231029fb9ca1b

SHA1
087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

SHA256
8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

SHA512
5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

Download Submit
\??\pipe\LOCAL\crashpad_1508_QTDWUHJPNEMOZDFG
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1464-1452-0x000000000BAE0000-0x000000000BAF0000-memory.dmp

Filesize
64KB

Download
memory/1464-2298-0x0000000005BC0000-0x0000000005BD0000-memory.dmp

Filesize
64KB

Download
memory/1464-1444-0x000000000BAE0000-0x000000000BAF0000-memory.dmp

Filesize
64KB

Download
memory/1464-1445-0x000000000BAE0000-0x000000000BAF0000-memory.dmp

Filesize
64KB

Download
memory/1464-1446-0x000000000BAE0000-0x000000000BAF0000-memory.dmp

Filesize
64KB

Download
memory/1464-1447-0x000000000BAE0000-0x000000000BAF0000-memory.dmp

Filesize
64KB

Download
memory/1464-1448-0x000000000BAE0000-0x000000000BAF0000-memory.dmp

Filesize
64KB

Download
memory/1464-1449-0x000000000CBA0000-0x000000000CBB0000-memory.dmp

Filesize
64KB

Download
memory/1464-1451-0x000000000CBA0000-0x000000000CBB0000-memory.dmp

Filesize
64KB

Download
memory/1464-1453-0x000000000CBA0000-0x000000000CBB0000-memory.dmp

Filesize
64KB

Download
memory/1464-1454-0x000000000BAE0000-0x000000000BAF0000-memory.dmp

Filesize
64KB

Download
memory/1464-1456-0x000000000CBA0000-0x000000000CBB0000-memory.dmp

Filesize
64KB

Download
memory/1464-1457-0x000000000CBA0000-0x000000000CBB0000-memory.dmp

Filesize
64KB

Download
memory/1464-1455-0x000000000BAE0000-0x000000000BAF0000-memory.dmp

Filesize
64KB

Download
memory/1464-2802-0x0000000072520000-0x0000000072CD0000-memory.dmp

Filesize
7.7MB

Download
memory/1464-1439-0x000000000BA50000-0x000000000BA5E000-memory.dmp

Filesize
56KB

Download
memory/1464-1417-0x0000000072520000-0x0000000072CD0000-memory.dmp

Filesize
7.7MB

Download
memory/1464-1427-0x0000000005BC0000-0x0000000005BD0000-memory.dmp

Filesize
64KB

Download
memory/1464-1692-0x0000000072520000-0x0000000072CD0000-memory.dmp

Filesize
7.7MB

Download
memory/1464-1934-0x0000000005BC0000-0x0000000005BD0000-memory.dmp

Filesize
64KB

Download
memory/1464-1420-0x00000000061F0000-0x0000000006794000-memory.dmp

Filesize
5.6MB

Download
memory/1464-1438-0x000000000BA90000-0x000000000BAC8000-memory.dmp

Filesize
224KB

Download
memory/1464-1418-0x0000000000A80000-0x000000000112E000-memory.dmp

Filesize
6.7MB

Download
memory/1464-1419-0x0000000005BC0000-0x0000000005BD0000-memory.dmp

Filesize
64KB

Download
memory/2784-1000-0x0000000000800000-0x000000000082A000-memory.dmp

Filesize
168KB

Download
memory/2784-1007-0x00007FFF169A0000-0x00007FFF17461000-memory.dmp

Filesize
10.8MB

Download
memory/2784-1009-0x000000001B420000-0x000000001B430000-memory.dmp

Filesize
64KB

Download
memory/2784-1008-0x00007FFF16850000-0x00007FFF1699E000-memory.dmp

Filesize
1.3MB

Download
memory/2784-1014-0x00007FFF169A0000-0x00007FFF17461000-memory.dmp

Filesize
10.8MB

Download
memory/2784-1012-0x000000001E000000-0x000000001E528000-memory.dmp

Filesize
5.2MB

Download
memory/2784-1011-0x000000001D900000-0x000000001DAC2000-memory.dmp

Filesize
1.8MB

Download
memory/2784-1010-0x000000001B420000-0x000000001B430000-memory.dmp

Filesize
64KB

Download
memory/3928-1362-0x0000016124500000-0x0000016124501000-memory.dmp

Filesize
4KB

Download
memory/3928-1360-0x0000016124500000-0x0000016124501000-memory.dmp

Filesize
4KB

Download
memory/3928-1367-0x0000016124500000-0x0000016124501000-memory.dmp

Filesize
4KB

Download
memory/3928-1372-0x0000016124500000-0x0000016124501000-memory.dmp

Filesize
4KB

Download
memory/3928-1361-0x0000016124500000-0x0000016124501000-memory.dmp

Filesize
4KB

Download
memory/3928-1368-0x0000016124500000-0x0000016124501000-memory.dmp

Filesize
4KB

Download
memory/3928-1369-0x0000016124500000-0x0000016124501000-memory.dmp

Filesize
4KB

Download
memory/3928-1370-0x0000016124500000-0x0000016124501000-memory.dmp

Filesize
4KB

Download
memory/3928-1371-0x0000016124500000-0x0000016124501000-memory.dmp

Filesize
4KB

Download
memory/3928-1366-0x0000016124500000-0x0000016124501000-memory.dmp

Filesize
4KB

Download