b33fa841ae91c56a269b4fbda6c97be2bdaa988632af4f7e0278c442df033c2d

Analysis

max time kernel
255s
max time network
255s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
27/04/2024, 18:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2021-07-17 17-03-58.mkv
Size

84.5MB
MD5

426ffcdc16b9567e988b93bb1ccd747c
SHA1

dc9888bea4410d03ccac01b2789b8f71c804578e
SHA256

b33fa841ae91c56a269b4fbda6c97be2bdaa988632af4f7e0278c442df033c2d
SHA512

d1a45e0cdc7a89407784a22b4208dfeb4f6d4e398f6c853eba7b8db0fa909d6229b610fe35585006ea4e8341800f732a15d89051665b61fc1745c5179c81ca81
SSDEEP

1572864:nQCvD3je6khwgskwDuOfgAJXbGbKhdOHK1udRKSTKNpXF:QCvrC6uuBJXboKrOqhN3

Score

6^/10

Malware Config

Signatures

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\J:	unregmp2.exe
File opened (read-only)	\??\K:	unregmp2.exe
File opened (read-only)	\??\Q:	unregmp2.exe
File opened (read-only)	\??\U:	unregmp2.exe
File opened (read-only)	\??\T:	unregmp2.exe
File opened (read-only)	\??\Z:	unregmp2.exe
File opened (read-only)	\??\A:	unregmp2.exe
File opened (read-only)	\??\B:	unregmp2.exe
File opened (read-only)	\??\E:	unregmp2.exe
File opened (read-only)	\??\I:	unregmp2.exe
File opened (read-only)	\??\N:	unregmp2.exe
File opened (read-only)	\??\P:	unregmp2.exe
File opened (read-only)	\??\G:	unregmp2.exe
File opened (read-only)	\??\W:	unregmp2.exe
File opened (read-only)	\??\X:	unregmp2.exe
File opened (read-only)	\??\V:	unregmp2.exe
File opened (read-only)	\??\Y:	unregmp2.exe
File opened (read-only)	\??\H:	unregmp2.exe
File opened (read-only)	\??\L:	unregmp2.exe
File opened (read-only)	\??\M:	unregmp2.exe
File opened (read-only)	\??\O:	unregmp2.exe
File opened (read-only)	\??\R:	unregmp2.exe
File opened (read-only)	\??\S:	unregmp2.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4018855536-2201274732-320770143-1000\{17A102F9-3235-4496-926F-2D394EE5385B}	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents"	notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1"	notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	notepad.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16"	notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	notepad.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	notepad.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4"	notepad.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Downloads"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	notepad.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	notepad.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff	notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1"	notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	notepad.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	notepad.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\NodeSlot = "2"	notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}	notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0"	notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings	notepad.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	notepad.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	notepad.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	notepad.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	notepad.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Downloads"	notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Version = "1"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	notepad.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 14002e8005398e082303024b98265d99428e115f0000	notepad.exe
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616257"	notepad.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	notepad.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	notepad.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
1284	msedge.exe
1284	msedge.exe
3904	msedge.exe
3904	msedge.exe
2200	identity_helper.exe
2200	identity_helper.exe
1656	msedge.exe
1656	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
3568	msedge.exe
5644	msedge.exe
5644	msedge.exe
5372	msedge.exe
5372	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5960	notepad.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 22 IoCs

pid	Process
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeShutdownPrivilege	372	unregmp2.exe
Token: SeCreatePagefilePrivilege	372	unregmp2.exe

Suspicious use of FindShellTrayWindow 41 IoCs

pid	Process
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
5960	notepad.exe
5644	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2656 wrote to memory of 3108	2656	wmplayer.exe	84
PID 2656 wrote to memory of 3108	2656	wmplayer.exe	84
PID 2656 wrote to memory of 3108	2656	wmplayer.exe	84
PID 2656 wrote to memory of 2940	2656	wmplayer.exe	85
PID 2656 wrote to memory of 2940	2656	wmplayer.exe	85
PID 2656 wrote to memory of 2940	2656	wmplayer.exe	85
PID 2940 wrote to memory of 372	2940	unregmp2.exe	86
PID 2940 wrote to memory of 372	2940	unregmp2.exe	86
PID 3904 wrote to memory of 4428	3904	msedge.exe	89
PID 3904 wrote to memory of 4428	3904	msedge.exe	89
PID 3904 wrote to memory of 632	3904	msedge.exe	90
PID 3904 wrote to memory of 632	3904	msedge.exe	90
PID 3904 wrote to memory of 632	3904	msedge.exe	90
PID 3904 wrote to memory of 632	3904	msedge.exe	90
PID 3904 wrote to memory of 632	3904	msedge.exe	90
PID 3904 wrote to memory of 632	3904	msedge.exe	90
PID 3904 wrote to memory of 632	3904	msedge.exe	90
PID 3904 wrote to memory of 632	3904	msedge.exe	90
PID 3904 wrote to memory of 632	3904	msedge.exe	90
PID 3904 wrote to memory of 632	3904	msedge.exe	90
PID 3904 wrote to memory of 632	3904	msedge.exe	90
PID 3904 wrote to memory of 632	3904	msedge.exe	90
PID 3904 wrote to memory of 632	3904	msedge.exe	90
PID 3904 wrote to memory of 632	3904	msedge.exe	90
PID 3904 wrote to memory of 632	3904	msedge.exe	90
PID 3904 wrote to memory of 632	3904	msedge.exe	90
PID 3904 wrote to memory of 632	3904	msedge.exe	90
PID 3904 wrote to memory of 632	3904	msedge.exe	90
PID 3904 wrote to memory of 632	3904	msedge.exe	90
PID 3904 wrote to memory of 632	3904	msedge.exe	90
PID 3904 wrote to memory of 632	3904	msedge.exe	90
PID 3904 wrote to memory of 632	3904	msedge.exe	90
PID 3904 wrote to memory of 632	3904	msedge.exe	90
PID 3904 wrote to memory of 632	3904	msedge.exe	90
PID 3904 wrote to memory of 632	3904	msedge.exe	90
PID 3904 wrote to memory of 632	3904	msedge.exe	90
PID 3904 wrote to memory of 632	3904	msedge.exe	90
PID 3904 wrote to memory of 632	3904	msedge.exe	90
PID 3904 wrote to memory of 632	3904	msedge.exe	90
PID 3904 wrote to memory of 632	3904	msedge.exe	90
PID 3904 wrote to memory of 632	3904	msedge.exe	90
PID 3904 wrote to memory of 632	3904	msedge.exe	90
PID 3904 wrote to memory of 632	3904	msedge.exe	90
PID 3904 wrote to memory of 632	3904	msedge.exe	90
PID 3904 wrote to memory of 632	3904	msedge.exe	90
PID 3904 wrote to memory of 632	3904	msedge.exe	90
PID 3904 wrote to memory of 632	3904	msedge.exe	90
PID 3904 wrote to memory of 632	3904	msedge.exe	90
PID 3904 wrote to memory of 632	3904	msedge.exe	90
PID 3904 wrote to memory of 632	3904	msedge.exe	90
PID 3904 wrote to memory of 1284	3904	msedge.exe	91
PID 3904 wrote to memory of 1284	3904	msedge.exe	91
PID 3904 wrote to memory of 408	3904	msedge.exe	92
PID 3904 wrote to memory of 408	3904	msedge.exe	92
PID 3904 wrote to memory of 408	3904	msedge.exe	92
PID 3904 wrote to memory of 408	3904	msedge.exe	92
PID 3904 wrote to memory of 408	3904	msedge.exe	92
PID 3904 wrote to memory of 408	3904	msedge.exe	92
PID 3904 wrote to memory of 408	3904	msedge.exe	92
PID 3904 wrote to memory of 408	3904	msedge.exe	92
PID 3904 wrote to memory of 408	3904	msedge.exe	92
PID 3904 wrote to memory of 408	3904	msedge.exe	92
PID 3904 wrote to memory of 408	3904	msedge.exe	92
PID 3904 wrote to memory of 408	3904	msedge.exe	92

C:\Program Files (x86)\Windows Media Player\wmplayer.exe
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\2021-07-17 17-03-58.mkv"
1⤵
- Suspicious use of WriteProcessMemory
PID:2656
- C:\Program Files (x86)\Windows Media Player\setup_wm.exe
  "C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\2021-07-17 17-03-58.mkv"
  2⤵
  PID:3108
- C:\Windows\SysWOW64\unregmp2.exe
  "C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2940
- - C:\Windows\system32\unregmp2.exe
    "C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
    3⤵
    - Enumerates connected drives
    - Suspicious use of AdjustPrivilegeToken
    PID:372

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ff959d746f8,0x7ff959d74708,0x7ff959d74718
  2⤵
  PID:4428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,16726388767382107525,222933950120183757,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
  2⤵
  PID:632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,16726388767382107525,222933950120183757,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,16726388767382107525,222933950120183757,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2648 /prefetch:8
  2⤵
  PID:408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16726388767382107525,222933950120183757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:1628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16726388767382107525,222933950120183757,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:1656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16726388767382107525,222933950120183757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
  2⤵
  PID:4444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16726388767382107525,222933950120183757,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
  2⤵
  PID:1956
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,16726388767382107525,222933950120183757,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4740 /prefetch:8
  2⤵
  PID:4920
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,16726388767382107525,222933950120183757,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4740 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16726388767382107525,222933950120183757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3532 /prefetch:1
  2⤵
  PID:2020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16726388767382107525,222933950120183757,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3536 /prefetch:1
  2⤵
  PID:2704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16726388767382107525,222933950120183757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4120 /prefetch:1
  2⤵
  PID:1784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16726388767382107525,222933950120183757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
  2⤵
  PID:3664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16726388767382107525,222933950120183757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3944 /prefetch:1
  2⤵
  PID:1748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2072,16726388767382107525,222933950120183757,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5428 /prefetch:8
  2⤵
  PID:3616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2072,16726388767382107525,222933950120183757,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4808 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16726388767382107525,222933950120183757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
  2⤵
  PID:1072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16726388767382107525,222933950120183757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
  2⤵
  PID:3704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16726388767382107525,222933950120183757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
  2⤵
  PID:4444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16726388767382107525,222933950120183757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4148 /prefetch:1
  2⤵
  PID:2284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16726388767382107525,222933950120183757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
  2⤵
  PID:4292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16726388767382107525,222933950120183757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6384 /prefetch:1
  2⤵
  PID:4916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16726388767382107525,222933950120183757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6640 /prefetch:1
  2⤵
  PID:2728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16726388767382107525,222933950120183757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6584 /prefetch:1
  2⤵
  PID:4584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16726388767382107525,222933950120183757,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1
  2⤵
  PID:3116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16726388767382107525,222933950120183757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6160 /prefetch:1
  2⤵
  PID:5848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,16726388767382107525,222933950120183757,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3020 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16726388767382107525,222933950120183757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2128 /prefetch:1
  2⤵
  PID:2412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16726388767382107525,222933950120183757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
  2⤵
  PID:5588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2072,16726388767382107525,222933950120183757,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6872 /prefetch:8
  2⤵
  PID:3380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2072,16726388767382107525,222933950120183757,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6536 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:5644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16726388767382107525,222933950120183757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6812 /prefetch:1
  2⤵
  PID:2820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2072,16726388767382107525,222933950120183757,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7264 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5372

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3908

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3160

C:\Windows\system32\notepad.exe
"C:\Windows\system32\notepad.exe"
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5960

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5248

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\virus.bat" "
1⤵
PID:5772
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /S /D /c" Del C: *.* "
  2⤵
  PID:4944

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\virus.bat" "
1⤵
PID:2916
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /S /D /c" Del C: *.* "
  2⤵
  PID:5236

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\virus.bat" "
1⤵
PID:2776
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /S /D /c" Del C: *.* "
  2⤵
  PID:4792

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\Desktop\virus.bat"
1⤵
PID:5264
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /S /D /c" Del C: *.* "
  2⤵
  PID:3408

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\virus.bat" "
1⤵
PID:772
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /S /D /c" Del C: *.* "
  2⤵
  PID:5380

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\virus.bat" "
1⤵
PID:1324
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /S /D /c" Del C: *.* "
  2⤵
  PID:2080

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ea98e583ad99df195d29aa066204ab56

SHA1
f89398664af0179641aa0138b337097b617cb2db

SHA256
a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6

SHA512
e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4f7152bc5a1a715ef481e37d1c791959

SHA1
c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7

SHA256
704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc

SHA512
2e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
36KB

MD5
338aca3c8c7df83973288cb797423c3b

SHA1
1f217f876fe3c45fc686f8eca4951e030d96b05c

SHA256
e81d76077f95c6410fc20ad8fb0f3a474ab724aa795e1b2a99453ddb31de61b6

SHA512
f815fc8a5e3f278230b9ab8290b932d121c147d33d0d781a240dd497673f505cd74919c4fd563c6c4e4d266bdefa741d53dad1b14b56506a37e19312f6a270fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
67KB

MD5
d2d55f8057f8b03c94a81f3839b348b9

SHA1
37c399584539734ff679e3c66309498c8b2dd4d9

SHA256
6e273f3491917d37f4dbb6c3f4d3f862cada25c20a36b245ea7c6bd860fb400c

SHA512
7bcdbb9e8d005a532ec12485a9c4b777ddec4aee66333757cdae3f84811099a574e719d45eb4487072d0162fa4654349dd73705a8d1913834535b1a3e2247dc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
1.1MB

MD5
798e76073abe579251a34ee1dacf9b3e

SHA1
7e9294eec6545c8e1bbdb7849a73820cdca2fbd2

SHA256
8657f6d3867c20699a230df7939c02ca5fe065db2efcfecf5d8d864ca4873666

SHA512
cf5d69395e47fd4da4de0019a77162736c38f88ef0dd803d114388fbfb139a66083f51bbedd8ab205ab5d41f8464a685f4e0f6b5d3a13f7b91cbb211de14c7fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
64KB

MD5
9ab10d71ba9d5687f36807e669b870d1

SHA1
e156f2cfdda7b5dcca0db32860759e954626e6f1

SHA256
7cdc09376d5fad31e928ac542ed83ed3ddfc5507180e94417b0cf4116b1c15e4

SHA512
c70c189dd7e515c2317a276319668073b8f73151bf7a1e0b6623ce888f590cebc7b7a69fd0b39cf7fb5206166202b6cf9b1baeec9c59ed9b3f926c7d7e13935e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

Filesize
19KB

MD5
2857adf1a9605ffe485d8fc987dd9fed

SHA1
94e412468c687d6c43dbb9427cca3eabc23944c3

SHA256
bc7f037334953f85a56ab92753e4bc429815445ff54e727e9cb69ed097d5161f

SHA512
012e1b52dfdf8dc00633569ff161662133d37cca4df26cbbc273b0eb6cfe52c1054fc8d5036dca26d754fe21e014f5e978f334f4abb5b36e831182489272fe14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

Filesize
19KB

MD5
1b4e26d1e768efa13fce73e4ca9eab41

SHA1
f53a49402a9141e9d404536b938a6a8f61ea5532

SHA256
172b6e29077969e8c2f294d33a1b299d6c31eb19ae19db28afad092a63b9d515

SHA512
3ee45aea7e04a445fd5099f1e6d06dde9655388606e3754bb65b5e2debecbad53a9974d27c7c5c733a9efe4bd43b4dd1c53da7daca3a422378ace1dc31f7b4a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\295f5e2112efe00a_0

Filesize
5KB

MD5
daf6307883032c3339988407c93fdccc

SHA1
15b01520070f7dd2c46a6986c38643dfdf077fa2

SHA256
1b90c7fddce885405b605120217b32726e49022303e937081c13d8d2a9c69132

SHA512
9293d2214e185c1e36140aaf849faa6be19059760b3de5aa1a966485dac3d144bffd3c56f73941721dadf4514cdbe0762a190fa707567fc1924a02f82835a6b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\695c42f61090a800_0

Filesize
5KB

MD5
517eb1b6983d64a40dfaf5f8f8cd4e44

SHA1
9ee6b49357bbb9b6a10e70e9b82ee44a648e3492

SHA256
7058d71fd8055ecaa965c2e8ac27a91a10c0dfd81c46d50dd36cabaf5f61b334

SHA512
205a91ed5af54feb3b3f6d90f50c821f9286a5df98d32f18a8d5011438277f35d21c07a51753953b2be5749db2ea7ca79d23657ca44d435e69c143e29ffac4d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ae34db388b870f91_0

Filesize
3KB

MD5
025a694db81df3db65a009427906c1d3

SHA1
837a5231c161d1bed42fdb095dc003a22b3e00f1

SHA256
6ae97d0627ce5e4467f882a665d44b32ef9501ffc82079fc932c42bdf34aa2a2

SHA512
fffa607fdd646164d2f9f7d85f5d75bd6abb84d291362a7d2d82dd1af00f5c0d71fbcbb6c0cddbbadf0b9df57a5c29099202fb74248cb8a414e3aa115b6b9417

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f078f5fb70fd150f_0

Filesize
2KB

MD5
e996c575392deada4db9fe123cf48413

SHA1
518a1db583bf3a82839b66b674da93a8681ce20c

SHA256
f082c93ca2cfbe7eb2dd23a75bd5f03018b6a2b630dbde2321d4cf3fe310ab9c

SHA512
289887c19bb2794d2f57fa65c77abaf7143e7ba5039f8b57dff56d0625c03458916efffc7d0d0169372bee0f18953915485aff35f12df7af0d1a77ec9e184c2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
ce1ab494032bc99a40438352ae366c80

SHA1
868b117b4beb86d287ac400bcaefa7ff5661a741

SHA256
7b61b62cb5e8546183518b924e22b29e03953e0fd995dd505d2f9aa4c7b67d00

SHA512
2602a108cecb9a4c76b0347010481f7565a9f5742131e9418027b051d3800aa446cecf5ca014a0bd20be519ada77152422996f3ec72736b5f36037e59758ca29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
006427e5f2e83329d41561f41f91e122

SHA1
defd63d4aeb94649321628010ded4947a98d30f0

SHA256
72bb573ba0b117185f8d1d4bd3ade6a00a368ab095be54ea9a0e63ce1b0ef83f

SHA512
a582fe46f103957425c1486e19c64c5f7c3951c245c8786ed4d67733a413a53621e5337b1337a92ecffd5537913dae74fb094e0ff1616c57d32365c1cd28ce12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
145a24f51cdbc0ecf30ef2806445d0b7

SHA1
a3eb790865187b8a8a3fbe21054d2209f3cdc24c

SHA256
5d56817dfd68ec818cbbfe2cb3068207c5a6a0cb11781811fc4b9e62f19e9224

SHA512
0d500ea894051da1310b3ad53f446a5361401097412ce8be0ed6f92357a9faf3f8d4ef2d6e5927aa52165757901d6095fc6378f259062ea78c35dbe2773efa94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
498b6bf8362131bcf1187390d213718f

SHA1
212be50b8e0d98db149400cb0004508b59c7ced5

SHA256
0ebcab6132a98ca52545afcf4df44a62d27159cae1a346976653362d34b41fa3

SHA512
656f8d5292fe7f37e3591680fda885214091d4af16dce7dd222e53d4d561d1e90bbf28c87d099db669d6a20826560b2c08933ba718e54a88c07849768b3bedca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
cb3815d59640d936f5228561c9d31388

SHA1
579e534af5c6249ba7b13eea01cf2711a93d3944

SHA256
8ac462c2c7cbb46f7aaaaadaf77e9aec04ffac9eaa8eead5b8d463b75089777a

SHA512
601c4136d4a61872204a8ad956a84f9efc192810385092c4fc2c2c13f2263f1f797d2d95f512c943fbc8b35371353de92cc426b110f0ce168c85a6d1b0c9ab8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
2f78310d853391cb1ee01389fe345c80

SHA1
5633a8c1dea8531863037e0d46ed657ff5beb65d

SHA256
bcb2f9f7f6b0c92896e73da0c95313a32eb0513e3338f6b88aebcfd5878acfae

SHA512
680718bae2c30d3568459f66d43369a48f4ac871bdd410d999e77f3bef7c1fc2765eb66e8e34f3898ccf310ff095b7cc02d9c2e8044b78a9b4360ca2e9ed3cf4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cfb2e05316d5d7b66ae9b74f644bc0fa

SHA1
b70287ce289fdd0d30747236f3e2e8fa6cfd1201

SHA256
aeefaaec028ecbedecf5876d82791eb5fb0864864e631b06a4a07c4ea82068fd

SHA512
f93484738b13ffbd48774a2a0e17d7c97912d124071771180c4c4bf48a8a8a635b6ae7c4aff78bf29b74a1a1208a350a8a9622280d2da0c25db204ad8785cb40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f589397990f551f141c8c2c067ea580e

SHA1
3b9f3e1fb4d9b7d8f32e8ddad43b709be52fac5b

SHA256
7e0f46f753045b52944fdcc21c7c8a3ca3ba28f9085ee2f7a55169ddce853820

SHA512
4c3af9f8eaf171377a9112ea1ab12ecf2f73244ffac8fdf10c8c07198e899befcc7c2263a3c0ef11790d200e640724ff137d78803512b0f1ce20d755ec521ed9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
439ab1cb866616b9db52a23b6059ae3a

SHA1
f7362e32f18f46c87f0af659944a5d5931de8bcf

SHA256
317056c8c76f6ed6c5da2f1c0ececdfce21d67818490fd771dde78979fffffe5

SHA512
f456ec98e7971d36cf96b4cfbb5dff71e81cba171460e4f264523ff18388e6990a5543fe7cdb2c9d089afcdcfb6be13aa26995e5c558829e8669f2d29db7d39f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
9c64a2873a191ab9e9e63f1b9729d1a8

SHA1
aebb70f41f2e339ffcb8f6d7a3badc2e3d103d79

SHA256
9a53076d34f0b928ad4a93132c35016f90673502121be70314e8b4fad623e5e5

SHA512
8971ca95ceec60bfb86df38caecf123c683fe1df104e2f1e4313b80159488f96eddf93e69a8296f1e322cf6b21d5383b6708477afd4def75b6c66d772c91936b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
89cc126e0093c11db0e2d550a429779d

SHA1
cf7d6576682d919ba7ce210f33535b7e129ed261

SHA256
00f7150ca5e24407a858b99d1b69b6661037b3500bdfdbde26b45a712206f20e

SHA512
6dd39744aa821d23305e0c39c33674e79c1a1eb2198474b8d56febea2b732c1b317108cffccc150f01442ad0c54998832f24033dfd6282160157655c3e4a1d24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
f541a64fa71919dc8fa6ca3566a8f04e

SHA1
aea5820b90bf749dbda542a47067df9b83fd43ee

SHA256
609ddd3e4288535dc542d8014b8c06dfa2f89b1451c5535dbb3437e0ab51aae0

SHA512
b1e04a1e4a2cac25fd5b956647bb5a18b464bf75afcac3fed9236276924777354ab90c8cc1b5793f21047754201c3529f54e15bfab3f69fb4bbee6663f05bc4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
acf6ad5fc828847dcde9b09597b485ae

SHA1
977a4b76a57700cc5d29fe6f6843d31222da4698

SHA256
10fcb527c88c364b5c124c599bbc0c8e3a84bf8d84d16eda1b97dd2fa3f88a4b

SHA512
4c4a4603f410239a54eb9d470703d5ba861288ce9415ff107cfd57291009836e38cba5b210d1a08f3efee3a40c880496361f7581625091784cf48656e80792ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
03f0422707d58230d54ce4b9e2ce39bc

SHA1
cecadbf7f6dfb6c7f2b57fca90d477a1aad01140

SHA256
09edf9d4b3f926fb13053cbdb6bcaf17647c992b016681e6e5b7023ed075f69c

SHA512
f1adab6750054f3d5fdabe15c78f4eda74e7b16477fd81ca21cf6c6828ccf0f63d66bcfed832460fbfff6b803f296bccdb89a44b48226e4ca157f5cc3d4e8103

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57bdd2.TMP

Filesize
705B

MD5
8535987a3087629bd1723962d59b7622

SHA1
d42438e61681fb85c3b60fefbfb5e26acfabd8ab

SHA256
436a0bfa3045c17a9ad9de04773035da447eb8edd275d220770462437c460059

SHA512
0569b775186c917f181ca16804ce243cf7e75e9aeae2646165dd6e20c60667b30f2f568dfd685fe578e079e81c120045f3df3249b42b290c183abf94923324db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\cd32c511-65f0-4494-96ee-9ad5038ef5d1.tmp

Filesize
8KB

MD5
029817b12d3954f2690cfc6a42a06ac1

SHA1
da5b3f7f0e790763e1d85909d23501489a5d2edc

SHA256
7df371d3bf5d1973f2ce3fc1aefd0c402a61595b5ca0547b0f0c2caa83d3e705

SHA512
010c351c0e4ae8365c7d042b027b4fd6c4b1ea1447838c2b75987ad4cfde018b2d1659863d4135c193aa2a786735d9ac559502a534e57180b5413b8f8105ac06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
32b65109e6b17a565b82c47945f1e29f

SHA1
8407f01ffd73048d43c8e48827f36b905bac3375

SHA256
b57a8a8fa26441b8d873f1d3484309a54c351434d8e4735551af6b0e47311489

SHA512
4a3d8b224eff51bbf044c448a92be9dc0b0dd5c8be693ec456c581d5050a0a360c1abf6fd909ca658e159bb04efe40ca787c0a234709c7578734fc0ad00cfc7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
86bd559eec197537d18ad49696612d94

SHA1
fe4f7e95b7a29b806366ba851c2bfd852b45f442

SHA256
5d361a8b5b11acbb33b4387c728503cea47579f83abe6a1ac727998edb1ec0af

SHA512
778aefac2ac9dd43b0cf16d668a5b5cc7aa1d445549b215e156a6dc3509e9a8b16f820e3923a3079ea91205513098c4d4e31984036c966d715ab7836f507c398

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4373c1afa92279367286bdb80b03c75e

SHA1
b497b6855bf0ac83192a8835311998c1261bfab5

SHA256
1fe1689f6199dd6e360966f0003fb217c56b6e3cb1f3c17b3b834648f34c5a94

SHA512
53b3098b796e80144c96829d3d20e6f643ad770c5d5fada9094c8aabef3cd6058832cfb719bd5c970ea68f7868ab48e0ad94addc024b18b54621b9c9f2e36db6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

Filesize
384KB

MD5
063793e4ba784832026ec8bc3528f7f1

SHA1
687d03823d7ab8954826f753a645426cff3c5db4

SHA256
cb153cb703aea1ba1afe2614cffb086fa781646a285c5ac37354ee933a29cedd

SHA512
225910c24052dfdf7fca574b12ecef4eb68e990167010f80d7136f03ac6e7faa33233685cbf37b38ee626bb22ff3afeee39e597080e429be3ec241fb30af40c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML.bak

Filesize
9KB

MD5
7050d5ae8acfbe560fa11073fef8185d

SHA1
5bc38e77ff06785fe0aec5a345c4ccd15752560e

SHA256
cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

SHA512
a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

Download Submit
C:\Users\Admin\AppData\Local\Temp\wmsetup.log

Filesize
1KB

MD5
7982daa6beb42a3f6baeaabf57132500

SHA1
65683fb9d38c72bcd225f5a81f9f3d94bb69aca8

SHA256
2cc4b501b1ba2d75853251d29007a783749916284a1de4dd4de4d17eb5e8388a

SHA512
52a1d7e2c32eb271b43a7e9b4fd393bf2882ff4fdb6fc23746fe9f0f699ba009913255e033eaaf4e238ff3d39c4808a73e0f8fe284675eb3dca6ca81774814ad

Download Submit
C:\Users\Admin\Desktop\AddLock.midi

Filesize
189KB

MD5
e08d8176658213ce2ba50fdd19a8e2e1

SHA1
6e2e718e620e22119439ad2d886641c3013984a4

SHA256
665afa655320c7c095fee50e763ec1ea1a9c75a5dc52fcead0181cfd1421ee29

SHA512
ef3d1658659801985033f6e3c9f6d5f9878d2ae8459708c6a207b02dc619930592fba8e7be9f4c15d9407d1ce24ac0443672f51819a84f7ecfb4388040adc07b

Download Submit
C:\Users\Admin\Desktop\BlockUndo.sys

Filesize
386KB

MD5
017515a53b7f2afd8a21ec89c9a50279

SHA1
e97ee2a60152c2d9c5cb8c2834d9b98a5e5742d4

SHA256
b9a44325e355fd2f0a77bb6eb57e11a09fc99191a23f1e95bf76594f55267b99

SHA512
45dd549a43f48bb9903d17d866fc1d8708c0104b42c97822beb9fd0a5b166c6351e2c1bb3567b7850d26b99ac1c773518144e806f2a738fc7b038c703a9484ca

Download Submit
C:\Users\Admin\Desktop\CompressFormat.au

Filesize
257KB

MD5
2e8ccc8a2657961f0877e6d8bf27c572

SHA1
6b98bd83a0a1c039ad04d9fa0639f5a02ae8be36

SHA256
fed9a4869d16569c72bd8cb0badfcb1c9467e7c788b240546926cd5248019fcc

SHA512
9342de664d4325dce2aecfa91af9eefc31328d159201e4ed608468cd996cdcd6e623dffb4fac14f9c0b507bc488157e196b0bacbf9f7020550ef6f01bf6df6f4

Download Submit
C:\Users\Admin\Desktop\DisconnectDisable.mov

Filesize
249KB

MD5
58f9ad332c6f01b67ffdade8967b20f6

SHA1
77100db87edef6664745d02d3f1760f138a10544

SHA256
347606a4d54381f160dea28052297b8a30331628d6ffd511a8231e831c3a1fb5

SHA512
11227b71f08ec95ab0c63e270690c9d12159d571faf99dba7ba4387abfe73e1789a1f5211b5d166ba60f5a8751d1c72e61f210ea676bffc7b60d95139083f6db

Download Submit
C:\Users\Admin\Desktop\DismountAdd.xlsm

Filesize
113KB

MD5
4d5c18c5a9e61cfce451f72d36fc4e52

SHA1
0ff41a80f986ca9fa2ed4810758e58e2bcd285fd

SHA256
24066801331781177de13777e920ab9cfa0b93d4485d948cd42e63d388882e55

SHA512
006dd4dec0ea7e49d7a6c63ef7cf4f1360618cbaa86bb6c866f9679fa8a17bfb5bdcf7aff4c525eb62b3d1c145329bfb5af2f562a09f28adfaa88af126c5f8e1

Download Submit
C:\Users\Admin\Desktop\EditConfirm.wav

Filesize
272KB

MD5
33e534d26c016d5fae568407c67a4833

SHA1
14db9beb252816bd55b87352d903a2ab095d3f7d

SHA256
92ae8a66542e6174e2d1d8e762c6a21b1112e8cda5f4e461e90f2eead3529a18

SHA512
4911030ca7c70099e7b9ca7fb79b88894f4ffe64c7a8392feab328067b5127a7eb3746616613c18a6189f9ec76f22c35f17caa555d9e7bd2b1225b6e4793d3ac

Download Submit
C:\Users\Admin\Desktop\EditPop.xlt

Filesize
151KB

MD5
2e9e49d6130965980cc6804945eb5150

SHA1
ec7295137efe76cbb8fdc4c5a6ab6546bdb4848f

SHA256
e1ee4122f5b26311d9dfe9c868357ad4df292e352d7d02cd66e3b574e936df0f

SHA512
d1259bf56a5abaee2d5044020de30e7eb28af35f631d568c0fce8e136a466b30753beb7bb5a863dd7e68a54278609137b3576b9cff500a0a474bfc89320bb027

Download Submit
C:\Users\Admin\Desktop\FormatSet.ex_

Filesize
242KB

MD5
d0d160d443ec64124843946c82da8853

SHA1
98a90367de78c5a04a8ce17a90d6ddcf7a15c1b3

SHA256
77876c9fc1a878e3b301e41f0f5f56bf44c61d2a5d501992dda8b4e8ced2c98d

SHA512
6922ace16926f7f9d6a5509bcdbb1831b27b9daac85ed0f8a86f10f47849660340d56ca2429ed57349d87fed05d61d732b83bd88b1e7d7976f377fd1de9e14d7

Download Submit
C:\Users\Admin\Desktop\GetExpand.jfif

Filesize
212KB

MD5
1e9320387de52c1d61fef06196f0fe5f

SHA1
0512a1cd609939f2cc27be3ba88040ff733dc93e

SHA256
98f67bdefdf385b16ba0fbe20158095fd9e9003ad793236ec10073204120e367

SHA512
2efce07cbddbda90e617b5aafa9aea8efe9c7b15fca40e1e58baa9b08b0c620c8a54b290b8824498edfabedc9ccbe5c6104ead9ba9e5cfa1fe93a1b9d0858966

Download Submit
C:\Users\Admin\Desktop\MoveClose.docx

Filesize
159KB

MD5
6265b16f8917226c09d707a4289ffeb8

SHA1
f3dd5727a097e82fb2d138e594fe17d44577e180

SHA256
b934d1fab557b5ad0c0f270050d294bb1ad3d430a038e7bd79803c81a1e71fc8

SHA512
1c5209b4663e78e248ef68e5ea397cd8cc000a0cc5c052f796228917f76d7bba9a379e9c2bb16be2393cf80ae8c332f32b4efb32a263e5c245a148d466b6467a

Download Submit
C:\Users\Admin\Desktop\ReadRedo.3gp2

Filesize
196KB

MD5
366b4999908f16fb263aca4c83c4583a

SHA1
2a9b634e7d98036ab960379c7c5b04243dfc500f

SHA256
24505d0cf4abac5edc07aeb27dac1a2e4ef6e04ac72b000d9b40a45476fe107a

SHA512
c9c0cf16a01fb5cb7a331f757729f37115b9e303b20c6bab66b8888fd42b982ca4dd756b9630bc78efc1858adf2a733be2afef41735d5de3faa11da9e86607d1

Download Submit
C:\Users\Admin\Desktop\RequestPing.vssx

Filesize
227KB

MD5
4ff942436e966280c05ea9c2f4df59d1

SHA1
50f67fb14d809e34d865e81b19f0ec959cc46b9f

SHA256
c8221ba90032324f9b73fec9d3a9bdcbdd681f353696216df00734921421ad69

SHA512
0471f24c4a5dd6d321dd9a526f71ee14f0778cef823738c90c2d00b7499b16a194ebfb2470a96ba2b909391dc20648d074129c6f84ac0954132b420977fb8f1a

Download Submit
C:\Users\Admin\Desktop\ResizeDismount.xlt

Filesize
265KB

MD5
f0495c26ba7dfa1391fb8c107d072414

SHA1
f68bb35c8ac0fcdf790e17468adbc89910d03c72

SHA256
8f128e4d0183e651ad94a21daab6699a5cea17590725295118e569025b2f697c

SHA512
40380508dcc90dc51fd6be4ca01a5328fde227c4ead674c09953e2d8ffe988859aa6823c96a1d4c19eb3422db7e81251d6bff4d13093720cb52a6703606e908a

Download Submit
C:\Users\Admin\Desktop\ResizePublish.potx

Filesize
204KB

MD5
84bb1da2e3a11ff0844855e86c99b4d2

SHA1
c09abd5f18561767f223048299614b65acafaf96

SHA256
a86ba1ec1c5ebd3dab5103fb06fe07e1d21ff90f925e1cd6bae3169c840c0022

SHA512
283bfc03f6e028b58f96c3fcabf9643d3cc171557c13568a4dc2ca09098020950468cf9242d1bc82301b1784b0cd0c2b810146f14a9a6390f081113d8cd8799f

Download Submit
C:\Users\Admin\Desktop\RestoreDisconnect.dxf

Filesize
136KB

MD5
b77f65687045a6e4e0427b051bb250b9

SHA1
e8e71b738643382b4f22a475d57b93c8f41109d1

SHA256
225c30678870eb45daa1de9a6655de63379bf766530e2223ead8bd71d749dc48

SHA512
fc2288a397ad3957ab2728911297463eaa866a820fa4b23b094ee670af6dcd778dfa2e9caf9371ccc4f117def6e68307cc329e278b5a332ba38b79f805000fb5

Download Submit
C:\Users\Admin\Desktop\ResumeBackup.bin

Filesize
106KB

MD5
2fb05b4a01b27d6f25b2cbb1e8c89a00

SHA1
ff9ccf96f09b089c10f3796a9277541161808ef1

SHA256
e3a4fc9d59349eab71e436603fdc3a15ae2a563c19bc514e52e9498c6cecf244

SHA512
47ceb89e5e2168ebf3c8845b171b916712cd09fb8b406f35aec55a0eb86e1e28b9699c01cb481d8abf99abe2448db34942c1d1bf072dae2df4b2dd3b2fa2e94c

Download Submit
C:\Users\Admin\Desktop\SetClose.WTV

Filesize
121KB

MD5
f70e2f0a3317f0c983b997dae3d7baf8

SHA1
dba8664ab4e0c46421888ca2097817855e8c596f

SHA256
b285b8e8df9bdc64efba6703ba8de8bd0794b1f8a0c2604255915b91adb76506

SHA512
3f86affc8f1efdfa23de8b7a93b4e3b95ec7f82056906cd629ac0a0bca1a23324274bbf89e4afc700ebed845c636b5b9764e16a97c2cfbc353fd29c6dac389ab

Download Submit
C:\Users\Admin\Desktop\SuspendEnable.nfo

Filesize
181KB

MD5
b8c2dc572289d3dd9e8f6b2bd7e5f9ff

SHA1
6504d59cc032b72a1c1f046aced46d3c5d808f1e

SHA256
4cddd2a8eb12fdf4437e1d5b732d07224bb30587d83b490361383aca5e0167bc

SHA512
2888388b6868563d4cef7ad72a7dfa1614a4d8a9997f53fa2e070303d879a4ff66cf900aa3635cfc6fbdff2a8336f0e7ece6c0d7853d821bf08278039f5e2392

Download Submit
C:\Users\Admin\Desktop\SyncConfirm.avi

Filesize
174KB

MD5
af0d3b8c98c9b993cc895f4fe598f95b

SHA1
8d570a4546ee328d7ed39e21ff9e70a05d9323c2

SHA256
ed67af6e1fed04a5b9183c77017a69cd921a0db6f2978b1ed3066146282a1614

SHA512
b3ea8df22f550d4154cd8c52f17c7f12ab7ac0d911cca49f1a1bae29782a2492aba2705fed16df78741746f62970f49e471d495d2d21953b45430cbede2f4965

Download Submit
C:\Users\Admin\Desktop\TestImport.doc

Filesize
234KB

MD5
aaa7c3f2718401cb9d4b4ed5c7fdd039

SHA1
cef21bfedebb112c67a42a719378bac8dfc4e389

SHA256
1fb7fb869e74dfc1c54d8535403beaa11ddbbc82fb774f4c05ca82b5151a4b56

SHA512
c9c77d3d22005eee80bac4b6e32b852805e60adc9c29bae54e2e1ecdb1b05a72e6b10f9ba92340ca2e1eaa2ae5347f7252c3fc782cdb5e5cfecf959bd6051878

Download Submit
C:\Users\Admin\Desktop\TestRepair.ps1xml

Filesize
166KB

MD5
51d8385b0e2934c9bab379f6cd6eb149

SHA1
c77e6e38313cc595f79e6e3272e82bff6bfc9249

SHA256
ddc64d38a3e18fc7bb09f847e6fbb9cf8b56c04178531e66fda71437a2d4ac26

SHA512
2796f7beed8c5388003875ea62cc0549f4898ecfb60d4155107823515f055cacf0b6d625bda1bdbde532b7e6e7c91739dacefe03ef9158c15ebc1888968e19fe

Download Submit
C:\Users\Admin\Desktop\TraceStep.svgz

Filesize
98KB

MD5
de837490e6104a5325b163accaed3da4

SHA1
6d7334b726148edc7d121200d8545150c34f3a3e

SHA256
0cafbf24ea5449486ea0141d523103d64b7fa207a6d0b048826af1fa1e5de2f8

SHA512
cdc891eb781cf8b46239bd16a9bef836905d7e43fce78fb65056d191122c826aaa5202f32d5258ce338460118e52490d03c435ab62a1482141ce2c9123dbea09

Download Submit
C:\Users\Admin\Desktop\UnblockPing.xml

Filesize
219KB

MD5
7bc83fdfcc19ea4ffe3239f4ae59642e

SHA1
4c250737dff397a8c048698cc0414a4bcf491b53

SHA256
3c4b5b8e77d01e7ea72f1d7c50ab3c5f295914b10cc97cca230300bcc251d5f4

SHA512
bfc0fa6ffde0ad5f89844be0ceb113d21aa0ccc1a179d0503d72de2e4b3fcbc80e8f016498665d5cbcf0dcc1ba1b7870efa68fc81d18f6bd84797317b4a2a5b4

Download Submit
C:\Users\Admin\Desktop\UnblockUpdate.TS

Filesize
128KB

MD5
45dd0c6fce61e5091de3f3a3aa935a65

SHA1
16068a6e75112849ed211885e3f5779d5c8a1c1e

SHA256
18d032bdb7f15d8a93b26b48534f4726d9ee1120166000dc9d09bda353d6b649

SHA512
72a0af7cc6c871a6d3bb2cf7da5d0fff511a7056b0f3825c6bbc301c8d3bf32389092ae7cc9432a560e56254550e3942d1c818625ce67a38ccb902cbae761e1c

Download Submit
C:\Users\Admin\Desktop\UseMove.mpeg2

Filesize
280KB

MD5
8c8e9bff27a8607aa44b719ff31f7370

SHA1
2cc6a057d23a0fdef3a23e033faf948a60619f69

SHA256
00a73e210be0408bb41005d87a4a4c606f5d6ea2e1f6140e0738b8d812714490

SHA512
1d9925800556bc698cca46924317840acaeeb1b675246389c996340577d3b817d4388d7c1a381f79a217489d17c153df216f982b379122645d5e6a92c8be58d0

Download Submit
C:\Users\Admin\Desktop\UseRename.xls

Filesize
143KB

MD5
941267b0fa50722caae25d520d25b278

SHA1
e2ed25f8d752702aa03760f83cc78b829f7bc702

SHA256
d9c10dc0a2832de059447ce36c091d3cd2c5bf68134e34761109aa160f227720

SHA512
3ae2a283392fa4ad475b750f76e1927487943c772276539a851a7350b9081f5705682775020ac97d794ae6f00b87651ecdaba4a5fb7f2b06920af88f917b96ac

Download Submit
C:\Users\Admin\Desktop\virus.bat

Filesize
24B

MD5
3c277b6e0485876b54f7906ddbd92516

SHA1
eac9e288696d0c0f9ced6e9bdd7441793e0ecbc8

SHA256
3b25962eb7b2e538b116abac449b2f565dc7f37889a6bedffdb3d28a5321407e

SHA512
9302d88923b3dbdf111b2aa8edd351afbd518c3ccd75ecd71c2a00532af90611fb0fe92fdf71b70cb781d110999171ab70ca7d70658bf54477f10c00faa41de9

Download Submit
C:\Users\Admin\Downloads\preview-485639-ZzwdKdj42rBhfJve-large.jpg

Filesize
334KB

MD5
25894c248abbce95d69f9c3bee2fd251

SHA1
8b2a2c9b85b1c19b46476b839e9e3ed0ec01c069

SHA256
84e46ac11d6d59de5bfd7ca8779751c7f1d79e49164e8232ae583da175fb284d

SHA512
62504813e83f7f57eb1af2f1114873a287bebc5ff73e4c51addc581bcbc823cd628956676fe749383b6b31b8569fd7d4da2eb1cf54d237ce6d0ee5cc221b98ab

Download Submit