hxxps://tinyurl[.]com/hxnv6yfr

Analysis

max time kernel
353s
max time network
353s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
19/07/2024, 19:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://tinyurl.com/hxnv6yfr

Score

8^/10

discovery persistence privilege_escalation

Malware Config

Signatures

Downloads MZ/PE file
Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 6 IoCs

pid	Process
5636	winrar-x64-701.exe
544	winrar-x64-701.exe
5660	winrar-x64-701.exe
4320	7z2407-x64.exe
5308	Installer.exe
5824	Installer.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 29 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32	7z2407-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment"	7z2407-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2407-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2407-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2407-x64.exe
Key created	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}	7z2407-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip	7z2407-x64.exe
Key created	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3419463127-3903270268-2580331543-1000\{E9BABA11-6C86-4B4E-A42A-BB66581F3713}	msedge.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension"	7z2407-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2407-x64.exe
Key created	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings	OpenWith.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip32.dll"	7z2407-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension"	7z2407-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32	7z2407-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2407-x64.exe
Key created	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings	msedge.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment"	7z2407-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip	7z2407-x64.exe
Key created	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip	7z2407-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip	7z2407-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}	7z2407-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip.dll"	7z2407-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip	7z2407-x64.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 756203.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 89917.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

pid	Process
3676	msedge.exe
3676	msedge.exe
2772	msedge.exe
2772	msedge.exe
4712	identity_helper.exe
4712	identity_helper.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
2276	msedge.exe
5996	msedge.exe
5996	msedge.exe
4008	msedge.exe
4008	msedge.exe
4000	msedge.exe
4000	msedge.exe
4140	msedge.exe
4140	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
2128	OpenWith.exe
3788	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 36 IoCs

pid	Process
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeRestorePrivilege	3060	7zG.exe
Token: 35	3060	7zG.exe
Token: SeSecurityPrivilege	3060	7zG.exe
Token: SeSecurityPrivilege	3060	7zG.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe

Suspicious use of SetWindowsHookEx 60 IoCs

pid	Process
6140	OpenWith.exe
2128	OpenWith.exe
2128	OpenWith.exe
2128	OpenWith.exe
2128	OpenWith.exe
2128	OpenWith.exe
2128	OpenWith.exe
2128	OpenWith.exe
2128	OpenWith.exe
2128	OpenWith.exe
2128	OpenWith.exe
2128	OpenWith.exe
2128	OpenWith.exe
2128	OpenWith.exe
2128	OpenWith.exe
2128	OpenWith.exe
2128	OpenWith.exe
2128	OpenWith.exe
2128	OpenWith.exe
2128	OpenWith.exe
5636	winrar-x64-701.exe
544	winrar-x64-701.exe
5636	winrar-x64-701.exe
5636	winrar-x64-701.exe
544	winrar-x64-701.exe
544	winrar-x64-701.exe
5660	winrar-x64-701.exe
5660	winrar-x64-701.exe
5660	winrar-x64-701.exe
1492	OpenWith.exe
6104	OpenWith.exe
2540	OpenWith.exe
432	OpenWith.exe
2540	OpenWith.exe
2540	OpenWith.exe
3788	OpenWith.exe
3788	OpenWith.exe
3788	OpenWith.exe
3788	OpenWith.exe
3788	OpenWith.exe
3788	OpenWith.exe
3788	OpenWith.exe
3788	OpenWith.exe
3788	OpenWith.exe
3788	OpenWith.exe
3788	OpenWith.exe
3788	OpenWith.exe
3788	OpenWith.exe
3788	OpenWith.exe
3788	OpenWith.exe
3788	OpenWith.exe
3788	OpenWith.exe
3788	OpenWith.exe
3788	OpenWith.exe
3788	OpenWith.exe
3788	OpenWith.exe
3788	OpenWith.exe
3788	OpenWith.exe
3788	OpenWith.exe
3788	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2772 wrote to memory of 740	2772	msedge.exe	85
PID 2772 wrote to memory of 740	2772	msedge.exe	85
PID 2772 wrote to memory of 4368	2772	msedge.exe	86
PID 2772 wrote to memory of 4368	2772	msedge.exe	86
PID 2772 wrote to memory of 4368	2772	msedge.exe	86
PID 2772 wrote to memory of 4368	2772	msedge.exe	86
PID 2772 wrote to memory of 4368	2772	msedge.exe	86
PID 2772 wrote to memory of 4368	2772	msedge.exe	86
PID 2772 wrote to memory of 4368	2772	msedge.exe	86
PID 2772 wrote to memory of 4368	2772	msedge.exe	86
PID 2772 wrote to memory of 4368	2772	msedge.exe	86
PID 2772 wrote to memory of 4368	2772	msedge.exe	86
PID 2772 wrote to memory of 4368	2772	msedge.exe	86
PID 2772 wrote to memory of 4368	2772	msedge.exe	86
PID 2772 wrote to memory of 4368	2772	msedge.exe	86
PID 2772 wrote to memory of 4368	2772	msedge.exe	86
PID 2772 wrote to memory of 4368	2772	msedge.exe	86
PID 2772 wrote to memory of 4368	2772	msedge.exe	86
PID 2772 wrote to memory of 4368	2772	msedge.exe	86
PID 2772 wrote to memory of 4368	2772	msedge.exe	86
PID 2772 wrote to memory of 4368	2772	msedge.exe	86
PID 2772 wrote to memory of 4368	2772	msedge.exe	86
PID 2772 wrote to memory of 4368	2772	msedge.exe	86
PID 2772 wrote to memory of 4368	2772	msedge.exe	86
PID 2772 wrote to memory of 4368	2772	msedge.exe	86
PID 2772 wrote to memory of 4368	2772	msedge.exe	86
PID 2772 wrote to memory of 4368	2772	msedge.exe	86
PID 2772 wrote to memory of 4368	2772	msedge.exe	86
PID 2772 wrote to memory of 4368	2772	msedge.exe	86
PID 2772 wrote to memory of 4368	2772	msedge.exe	86
PID 2772 wrote to memory of 4368	2772	msedge.exe	86
PID 2772 wrote to memory of 4368	2772	msedge.exe	86
PID 2772 wrote to memory of 4368	2772	msedge.exe	86
PID 2772 wrote to memory of 4368	2772	msedge.exe	86
PID 2772 wrote to memory of 4368	2772	msedge.exe	86
PID 2772 wrote to memory of 4368	2772	msedge.exe	86
PID 2772 wrote to memory of 4368	2772	msedge.exe	86
PID 2772 wrote to memory of 4368	2772	msedge.exe	86
PID 2772 wrote to memory of 4368	2772	msedge.exe	86
PID 2772 wrote to memory of 4368	2772	msedge.exe	86
PID 2772 wrote to memory of 4368	2772	msedge.exe	86
PID 2772 wrote to memory of 4368	2772	msedge.exe	86
PID 2772 wrote to memory of 3676	2772	msedge.exe	87
PID 2772 wrote to memory of 3676	2772	msedge.exe	87
PID 2772 wrote to memory of 4612	2772	msedge.exe	88
PID 2772 wrote to memory of 4612	2772	msedge.exe	88
PID 2772 wrote to memory of 4612	2772	msedge.exe	88
PID 2772 wrote to memory of 4612	2772	msedge.exe	88
PID 2772 wrote to memory of 4612	2772	msedge.exe	88
PID 2772 wrote to memory of 4612	2772	msedge.exe	88
PID 2772 wrote to memory of 4612	2772	msedge.exe	88
PID 2772 wrote to memory of 4612	2772	msedge.exe	88
PID 2772 wrote to memory of 4612	2772	msedge.exe	88
PID 2772 wrote to memory of 4612	2772	msedge.exe	88
PID 2772 wrote to memory of 4612	2772	msedge.exe	88
PID 2772 wrote to memory of 4612	2772	msedge.exe	88
PID 2772 wrote to memory of 4612	2772	msedge.exe	88
PID 2772 wrote to memory of 4612	2772	msedge.exe	88
PID 2772 wrote to memory of 4612	2772	msedge.exe	88
PID 2772 wrote to memory of 4612	2772	msedge.exe	88
PID 2772 wrote to memory of 4612	2772	msedge.exe	88
PID 2772 wrote to memory of 4612	2772	msedge.exe	88
PID 2772 wrote to memory of 4612	2772	msedge.exe	88
PID 2772 wrote to memory of 4612	2772	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://tinyurl.com/hxnv6yfr
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb692746f8,0x7ffb69274708,0x7ffb69274718
  2⤵
  PID:740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,4790309206363670324,9981695072149997711,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:4368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2020,4790309206363670324,9981695072149997711,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2020,4790309206363670324,9981695072149997711,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8
  2⤵
  PID:4612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,4790309206363670324,9981695072149997711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:4984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,4790309206363670324,9981695072149997711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,4790309206363670324,9981695072149997711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
  2⤵
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,4790309206363670324,9981695072149997711,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5756 /prefetch:8
  2⤵
  PID:1948
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,4790309206363670324,9981695072149997711,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5756 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,4790309206363670324,9981695072149997711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
  2⤵
  PID:4536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,4790309206363670324,9981695072149997711,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
  2⤵
  PID:1880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,4790309206363670324,9981695072149997711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
  2⤵
  PID:568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,4790309206363670324,9981695072149997711,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
  2⤵
  PID:4244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,4790309206363670324,9981695072149997711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
  2⤵
  PID:1636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,4790309206363670324,9981695072149997711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6200 /prefetch:1
  2⤵
  PID:5128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,4790309206363670324,9981695072149997711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6332 /prefetch:1
  2⤵
  PID:5144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,4790309206363670324,9981695072149997711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6592 /prefetch:1
  2⤵
  PID:5432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,4790309206363670324,9981695072149997711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6720 /prefetch:1
  2⤵
  PID:5556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,4790309206363670324,9981695072149997711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6320 /prefetch:1
  2⤵
  PID:5888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,4790309206363670324,9981695072149997711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7088 /prefetch:1
  2⤵
  PID:6000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,4790309206363670324,9981695072149997711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7604 /prefetch:1
  2⤵
  PID:5224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2020,4790309206363670324,9981695072149997711,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7548 /prefetch:8
  2⤵
  PID:5336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,4790309206363670324,9981695072149997711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6684 /prefetch:1
  2⤵
  PID:5412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,4790309206363670324,9981695072149997711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6948 /prefetch:1
  2⤵
  PID:6116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,4790309206363670324,9981695072149997711,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7468 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2020,4790309206363670324,9981695072149997711,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2700 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,4790309206363670324,9981695072149997711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:4364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,4790309206363670324,9981695072149997711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1
  2⤵
  PID:4688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2020,4790309206363670324,9981695072149997711,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5864 /prefetch:8
  2⤵
  PID:4360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2020,4790309206363670324,9981695072149997711,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=7620 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,4790309206363670324,9981695072149997711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7688 /prefetch:1
  2⤵
  PID:5532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,4790309206363670324,9981695072149997711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1
  2⤵
  PID:5728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,4790309206363670324,9981695072149997711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
  2⤵
  PID:4620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,4790309206363670324,9981695072149997711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1
  2⤵
  PID:4288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2020,4790309206363670324,9981695072149997711,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6092 /prefetch:8
  2⤵
  PID:4220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,4790309206363670324,9981695072149997711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7748 /prefetch:1
  2⤵
  PID:648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,4790309206363670324,9981695072149997711,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7900 /prefetch:1
  2⤵
  PID:3000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,4790309206363670324,9981695072149997711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7040 /prefetch:1
  2⤵
  PID:6108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,4790309206363670324,9981695072149997711,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1748 /prefetch:1
  2⤵
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2020,4790309206363670324,9981695072149997711,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7060 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4000
- C:\Users\Admin\Downloads\winrar-x64-701.exe
  "C:\Users\Admin\Downloads\winrar-x64-701.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:5636
- C:\Users\Admin\Downloads\winrar-x64-701.exe
  "C:\Users\Admin\Downloads\winrar-x64-701.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:544
- C:\Users\Admin\Downloads\winrar-x64-701.exe
  "C:\Users\Admin\Downloads\winrar-x64-701.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:5660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,4790309206363670324,9981695072149997711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2116 /prefetch:1
  2⤵
  PID:2112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,4790309206363670324,9981695072149997711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6764 /prefetch:1
  2⤵
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,4790309206363670324,9981695072149997711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7788 /prefetch:1
  2⤵
  PID:1328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,4790309206363670324,9981695072149997711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
  2⤵
  PID:4604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2020,4790309206363670324,9981695072149997711,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2204 /prefetch:8
  2⤵
  PID:3988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,4790309206363670324,9981695072149997711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6436 /prefetch:1
  2⤵
  PID:3996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2020,4790309206363670324,9981695072149997711,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4628 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4140
- C:\Users\Admin\Downloads\7z2407-x64.exe
  "C:\Users\Admin\Downloads\7z2407-x64.exe"
  2⤵
  - Executes dropped EXE
  - Modifies registry class
  PID:4320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,4790309206363670324,9981695072149997711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7056 /prefetch:1
  2⤵
  PID:3656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,4790309206363670324,9981695072149997711,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7836 /prefetch:1
  2⤵
  PID:4432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,4790309206363670324,9981695072149997711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8308 /prefetch:1
  2⤵
  PID:4928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,4790309206363670324,9981695072149997711,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3024 /prefetch:1
  2⤵
  PID:5384

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3952

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4632

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:6140

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2128

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\37405437f0a64eb79db6499735bc21dc /t 4312 /p 544
1⤵
PID:5832

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\fff06a8ae14d406f913d18064353c4f3 /t 1936 /p 5660
1⤵
PID:3632

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\401be6baf49c496db688e1a7ae0d1ab8 /t 1404 /p 5636
1⤵
PID:3904

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1492

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:6104

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2540

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:432

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3788

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2544

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap29015:126:7zEvent4853
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3060

C:\Users\Admin\Downloads\Installer.exe
"C:\Users\Admin\Downloads\Installer.exe"
1⤵
- Executes dropped EXE
PID:5308

C:\Users\Admin\Downloads\Installer.exe
"C:\Users\Admin\Downloads\Installer.exe"
1⤵
- Executes dropped EXE
PID:5824

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1f9d180c0bcf71b48e7bc8302f85c28f

SHA1
ade94a8e51c446383dc0a45edf5aad5fa20edf3c

SHA256
a17d56c41d524453a78e3f06e0d0b0081e79d090a4b75d0b693ddbc39f6f7fdc

SHA512
282863df0e51288049587886ed37ad1cf5b6bfeed86454ea3b9f2bb7f0a1c591f3540c62712ebfcd6f1095e1977446dd5b13b904bb52b6d5c910a1efc208c785

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
60ead4145eb78b972baf6c6270ae6d72

SHA1
e71f4507bea5b518d9ee9fb2d523c5a11adea842

SHA256
b9e99e7387a915275e8fe4ac0b0c0cd330b4632814d5c9c446beb2755f1309a7

SHA512
8cdbafd2783048f5f54f22e13f6ef890936d5b986b0bb3fa86d2420a5bfecf7bedc56f46e6d5f126eae79f492315843c134c441084b912296e269f384a73ccde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
20KB

MD5
4a2961dddc7ca6732df1c0646aad5129

SHA1
ff0b7265d2bef3824709ee3000621aca2d2c8724

SHA256
58a974546a65196f726ac5dbc25f1048991e8347bd53e7449102048a5a0dd597

SHA512
82c889adccb748ea06ced5db14b7f3f94b980215d350d7cf5463ad05de53b0421e0bc7fe6d0d3897480b2cbd6f34e0126814f166adb59b7f0a1c9cf960e8a2d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

Filesize
62KB

MD5
6b04ab52540bdc8a646d6e42255a6c4b

SHA1
4cdfc59b5b62dafa3b20d23a165716b5218aa646

SHA256
33353d2328ea91f6abf5fb5c5f3899853dcc724a993b9086cab92d880da99f4d

SHA512
4f3b417c77c65936486388b618a7c047c84fb2e2dd8a470f7fe4ffec1ad6699d02fa9c1bbd551414eef0f2e6747a9ee59ca87198b20f9f4a9a01394ae69fa730

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

Filesize
31KB

MD5
c03ff64e7985603de96e7f84ec7dd438

SHA1
dfc067c6cb07b81281561fdfe995aca09c18d0e9

SHA256
0db8e9f0a185bd5dd2ec4259db0a0e89363afa953069f5238a0537671de6f526

SHA512
bb0fd94c5a8944a99f792f336bb8a840f23f6f0f1cb9661b156511a9984f0bb6c96baf05b7c1cf0efb83f43a224ecea52740432e3cfc85e0799428765eefb692

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000037

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003b

Filesize
20KB

MD5
3d45f254e8b71f5c78cea03839c0e779

SHA1
24b9f2e23661a260f80cd9d0ae2e389493d0d858

SHA256
d03b922aaa69584200cd78d48c08c685233b4951e11d31ede88c25dc3ae37781

SHA512
b7825222b63e271e4d9a443652d86b3b5ba2828119dc360683a513ee8cf5d9fc7178c6ac2764c74ddd17b203d75659af5388c7c624708c24ae2946dec87798e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000048

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000049

Filesize
67KB

MD5
1d9097f6fd8365c7ed19f621246587eb

SHA1
937676f80fd908adc63adb3deb7d0bf4b64ad30e

SHA256
a9dc0d556e1592de2aeef8eed47d099481cfb7f37ea3bf1736df764704f39ddf

SHA512
251bf8a2baf71cde89873b26ee77fe89586daf2a2a913bd8383b1b4eca391fdd28aea6396de3fdff029c6d188bf9bb5f169954e5445da2933664e70acd79f4e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004a

Filesize
41KB

MD5
78b45f66500680832e342e6fb8f0c7a0

SHA1
457528aace12ab0b6487a490d7b8a6adb13dc8f0

SHA256
5cb9b5d3fb0be382aa00936369c7589c938a438c3942c9883072dee465458c00

SHA512
6c1aad5408b7c02a828596f5030fdd310b78b79dffdf3b3dd997aa26802b55026bc18d7fff44a0e3fadef8087b43964262a9894fd4fc06de1b229bbc6d3b2b1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004b

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004c

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004d

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004e

Filesize
1.2MB

MD5
931d16be2adb03f2d5df4d249405d6e6

SHA1
7b7076fb55367b6c0b34667b54540aa722e2f55f

SHA256
b6aa0f7290e59637a70586303507208aca637b63f77b5ce1795dfe9b6a248ff3

SHA512
41d44eafc7ade079fc52553bc792dace0c3ed6ee0c30430b876b159868010b8676c5302790d49bed75fa7daa158d4285e236a4be3d13f51ff244c68ca6a479ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2f63e7e71831b48b_0

Filesize
335KB

MD5
ca538e74fb1db5bbf32da1fb0389db89

SHA1
6b71f02829e64cf5d022d840c9eaccf1c655534a

SHA256
51b9d58140147ace5c086ec662abb228448eeba9ee2664750cbd2f4a943b2dc1

SHA512
18ef176167bb2b202606810d2e94949634564a4c710510f796afdfc842489d80af11f75906e6130524823dfb1dbede6febfa990b849c6f43703bcfcac721db60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\43e8c24269a5c82e_0

Filesize
54KB

MD5
6a74fa0a002bf57150a7953c1175f124

SHA1
ad33bc9ca35be9093ef3d5bbe223bb90c9c71b0e

SHA256
b6952d4e6dcaadc9af6fbfd861cefb13075ef1322cbafe369d536897005406d4

SHA512
3c58c670c95244cec4b576b88d9260e7f2883c777d19f595bc2bb53e766d915fe9ee68b8862575d32a9e6bb2686bf16494a62b65d00656260443f67044106e43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\481963cd074f1a48_0

Filesize
268B

MD5
f7a1ee40c4cdc3e1e051f58792542c6a

SHA1
fc9b7f2bd721c80d23ef969c70f9dc6a9d40bd5d

SHA256
599d83205e2f5fd331b0f8f37a97392ecf8485b34790c58569a2b0cec1b035f5

SHA512
7403158f6d2ae05d9a2d7f82cb81bc526c0eb506bb44491d677f1ef2093686fa262c48216be9f0cce5d00d1deaf8510dd83a54ff7490faff2f2e9a3c52bae650

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4cde932aba887c7f_0

Filesize
144KB

MD5
67617caa115b33fb81c0c9a3f2a519a1

SHA1
dafdc642dad2ce42959ade735b17607b5f55e6b5

SHA256
98f5ca403c0ffe9a0670bef326d730ecf7b04034477cf3600e08a6616e636244

SHA512
7c77ecba2f3ec9b71b7d116b3d3d5199f79099181c5a2e72c5fda43f39ccd28aff37a4ffb90231594a2f1012a59e6a8467241ad4e4f4a2db27b9abac118fec57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\56d6f409590db490_0

Filesize
54KB

MD5
69795b83db933c3eef38ed274257d7f2

SHA1
b52e7945bfb5a91a5f8e8fd1ff7b455e568cebed

SHA256
7973fa11fbafe555709291dc1982115e51a398a81bdd794dee947e68f2551b95

SHA512
1a83ec6e16548dbefdcebaf1e644a5c8d0dbf5340cd7c270dc6deed2fff72e0ac91c506887e6bcc01e30b01891a949db7914e2f4de1a88468bf8940f1d841e03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7a8694aaa036738a_0

Filesize
21KB

MD5
bb79b6d87a162edb13c141ecb0ef884f

SHA1
b5fb09f7dcafb6ac9b3415d450e6186be44e9f6d

SHA256
8742359f74b40b2b6ec563eedb949a80b7836770490cd8c46383062128358d02

SHA512
126e40b78cf0c376d0fc3a234693cc37cdd035362db0f4d80e21793f858bb16603c412ea56f1d65d0ba43b1acf1e02d7845804e46b58956543596424f673b250

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b13d9848aa9ac2f2_0

Filesize
278B

MD5
787471fb2715a4bb8befe4972fccabb9

SHA1
0c3bd761ecc98999184afc92c27592c04b2dee37

SHA256
07483b0936ee48062256290a8472078641dd1b67365607c4c6df249eaf9ea04d

SHA512
dc14f22b2726c77484743bf9ba1dc8b808214d3dbbe667f1b6e7565eb0710a297ffe927af5fa12bdc04ff4072f340ca563a8847eea1731cfabee8a1b438040ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c472784dec098560_0

Filesize
14KB

MD5
d594c0ee4bc7b9c372505e39bdb39809

SHA1
871faef09dad667129751c64edb783120efa2a19

SHA256
e7968bed416569233e286f4a232ae91e4ce839a515c5a869c0039ed93474de1a

SHA512
9409b72a4e60847068fce7561b38bcbd6d944af24dd3a023ad28e982a663b452866841bd500a33c0e2062aef5e3a738f40ce0c65c607a9c19bf07ef79ff0ea41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
2KB

MD5
ac4bc33692ddad0f1a3857bd5d415765

SHA1
c10647022fd1202cd621da192475511e9521ce62

SHA256
a89508a6826a28dfa048bfe7a01c6ac2ec5b2ad709a92e254e7f08d53868c006

SHA512
71c5abfdeb5ba946b3993710805d6df0ca52662576c550d4c853a961ac821b0d35247344e2301cbdd525fc1a0a65819c504f0828007627be51aa9009dbd93b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
e46ebf4c372c5220ab463cc5d49b5615

SHA1
055704e6b2de1840e81ff3efed7762b6e72c3a5c

SHA256
1570793d425029bf900fb717208ced5592342985cd3795aa3ce69b9ba5e49289

SHA512
7f520974b91c83eb2fa743ac0262489b9702e5f580fc62e523d3974351fde6dd15867c55301844c7170723d27c6b1dafdc4975e69514ae356407aa6b48bdd9cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
a753baf56b70618d66c6b548bcfc1f2e

SHA1
efce61d829161ef6d3d6f50974201abafc6e1b0f

SHA256
7119091ceaa169db1fe9365bc289ec23e875d735ecf3728384ee6a824c3fe5a1

SHA512
5a28dd189eceed1827b693ef9f61c3cac7a20eb3a4131dda4591acc855dd2177caef4a93fc80880694e88269712683a19a2d56722994e764b074f166c4f5d162

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
a49206762857cb0dace0c28ef4fd9ab7

SHA1
49a7796a34e18bbaa3d7d45835b24b3c72e89118

SHA256
d412fb2fd7afb5f415bc58ccf07753c243c83f991814217878169251ab586193

SHA512
c967bb9749e52b0ceb25ab5b306db2a179f89e7e9323befe22a77ea8cb3f169950a0b7bfa1d7e58794bc4d6b8d10453ac8edfd242f54e54706166b22ecc6f5d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
79bbd97aaaa3936e83ecd982788f9b64

SHA1
e0ab62458df36b7fc1ed1fbb55db190278a6aa2a

SHA256
6aeb45e89efb8c5816755a53646c851e4c43493affb31e083ebaa8cd8dbb7803

SHA512
bd7adaa8e29fe179d6cf04799a68b21e0e12ec715db51960353300209773ab21840cdb2ad2dfc1e3ad101388b7ad6b521d0d1f6a23ec5ded118b765ec66a7b37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
b2858fd60f71fcc96ee69e63b44cd0b4

SHA1
44c89f7ef4cea1f4ba62229e9250f916c3e8dd4a

SHA256
9db083c3fcda6f6f5e7492323c51d0b3bc5a9389ba2f41bfd4e35e1072548ba3

SHA512
3327fcd08e252fa0d476b4c423229e9ee9da9e0d28ccc69d05f7e04ccd1545dca82efbab6517564d22f14390981fded9e126ba40d5f072bd9c1aeb1b4f157ade

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
10KB

MD5
fd6430d28c39afa5df1ad9f863228769

SHA1
6e7f9b5cbcc0b9cb1e5f7a237fa3097fa216b2dc

SHA256
d7567f955ca0596d9935ef96240fb000afc45bfd84f0c6d983bbad85e67df9fb

SHA512
4c3b904e521b7454d653168a7751844a91bf71afa8eaa777d01b6595c1fd98f1e751e4b5cb53db96e02e9f4828fd4703bbd48639e6314a5b03c481d8d973a0dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
11KB

MD5
43ce18a9136f711fa80592a97b94472e

SHA1
b268dcc4666183ee8fae959a56f8d0eb77ae3e10

SHA256
6afc5e262a1eb0b64542248ffb44771667003b5f89c0a01dc8056c543f474eb9

SHA512
48d713c1267f2076cec3e242a7d36df2dcc582b48623ed9564f5cd13848e61c1f15799119ba458674db50601cf686633597745bb63413e185a90b535658f95ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
10KB

MD5
c1490b4247da3d9ad8aa755f465dad50

SHA1
397a586644d80ac7a9f0fd17d412a903effd7ed3

SHA256
b851d630c06cb695f28a583a1b18f8f8879e97ddb71644afacebef2269e02e81

SHA512
6bc9b0df5e4674aa45b7bb087f6ef4ee218a941587f8d1b1edbc9160b75f17ee01477c9456fa88d914ddb5aaaa95e6561e402e64a9e5c8011725b67b34ab310f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
80412c823bd2dc73b56b7fd9b17e1748

SHA1
8840154b40990e2df694351d0b43c477a6c6be53

SHA256
4871fac1a56584b6735029f386f7c56a759ae99fe4ae170e19f0db06fbe0e6e8

SHA512
d295cf17b264a44f519ad798fead7f5087645e97eacc1b321d556d7bb13004d51ded84da24efb6da8138a2a51d121857eee65ab341089d49e65dbde936f5d20e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
49cc1c1e8c19e35db836026d14fc3911

SHA1
23337f3ec8f9338bf29bf9e1d8bb9b73b76721d4

SHA256
9e11bc6831bcfa26ff58962d94d308f2fb3ef25047dea4b994afe066a52f6ddc

SHA512
bd5ee6ca3f65ae3789a54701686d76c4d92c9fb346772827130dffc0f53b732a9ed571949addcde1559b20ece976f289c769597e791277758a76c7ac949e16af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
982dbc33fb603734e35dab12ef757cd6

SHA1
ac40a92f021144b41f6c7919a3d13a6d6278fcff

SHA256
b1178fa0cdd8db35b4def6b3faea886c9bd55afa9b9f43cace05878ddaa69a67

SHA512
86898b17eac127c5224698046f9833c4ded7f9520eab64dd8f4cd8fc892ad1eac8e8723409be171902573eb54fe48064b95b1f2711537cadfb14ec28159f2df3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
96d1fa621274c4e48f9bd9b1adf7d471

SHA1
56c9b1be0557a706d0bda380524b4fabcf2ce1e7

SHA256
7b6898df7b6bc1b90318a22615937120f10ee2a228ad8bbd60c4775ff34d1d89

SHA512
564c20e26bc0169e78cfad080de32c1ab84454506312f763851843b062b78eb2e9e48a28fc4e863780c411efc5f057bf7611e9cc2d21fd433fd6c31f18045465

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
b234bf838c9372ccbd2601cc5928abb6

SHA1
16ff9511f523c66025e460115a24ec9b38b6badf

SHA256
4e10d277c8120fa0f3fd24a72edd32a1635f43775b4a1df36a9d94e69d7a0266

SHA512
be53aefb21cff41b3acf2bb2b3ad7703fea1bf5d5f52d665595666177bfacb3d004b7ebb7fa58b2bc8b5e58a4d386242dc640bcb67443e09bfeca24ca04dba36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
930ded6d83ab28a572720da37f72e90e

SHA1
725e86bbf0d767d147a039aaee61f728d6231b77

SHA256
c102835423cae4ad00f1906807372217028c8307368864b7ff4db93c8c7d8d36

SHA512
00274a3a488ef1d73799126de6ee80562a991075ff4288d1e716490d32e75c1c206b2c1b1fab7d612c6c67433c5dc8130653057541eca115481dc3737476fb50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
979c4b09653b13b8ef23ba112c5c4c59

SHA1
f6cdbf4ae9d0acad09b9c22b95afdb8c049a6d70

SHA256
43e30c6378a009ab7ddfe506291a52eaad7808067a9be606f2458714c17bc659

SHA512
0fa3b65177a5244fd4cfa1acfe73184b42effe005e940ead3868b143e740b0583528131c8ede9c6288522755725aa9c026f653e026e0e817848481b77111f9ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
6b393ea1dacc3c33f1d357410b4f7bae

SHA1
a37ee49cc2622758a9333f84e8823d8406f08659

SHA256
9aa5bb881fd42c59ddf910470a875b802c37209405a4d63db8988b064a07cec3

SHA512
3fa78529c87ee5adf25d63d3105f469885901a52a0ba2c6e12cade7075460ceb95b8be1580867586dac25545e881e478535b54b405c869e1c87dafdd1bd46fc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
a039cffb92f071e1abdaa245223de31c

SHA1
6b9d4e80b62be5f2d283e8a1d66f0e9009db2924

SHA256
d2d6519e66b5b1dc0b3d1d8e986d160bdcc8c87deb92a1a3de4355b8f7a08823

SHA512
86b32ec74940054b7115a93c9a2f9bab29b8ad321356cfbf863dcabe7f554263427140f0a8fadcc8726575efd1ebf3790e3e5bcb93efa05c54b110b3edc754fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
18d78ca4be41f229afcafaa57821b7ad

SHA1
a90e00dd1358a395ce27dce9ca783d81d8e73f3c

SHA256
6c31991332ed6dd02f588d4263982966f171d8cc12ab617e1c63971abfb9ed3f

SHA512
bc1062a6786900d130e5ccadd058eea2c4bde77e47b8b0ab2de35520b4d6a2fe77c3baa6a7aa7a55a67b5715b734a0a83d891bc11a03fd1967cc7ddead0a1e54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
7fa2e5e81bc268525d69b9c5b7ad4836

SHA1
c5e93621de25d38f504b0a98074e68be164d6b68

SHA256
cd2654ac8308e791d73635f10c57e3621fa96836b2e5e974b0dc7793d3d5771c

SHA512
699181e0d62ce680a538acb4d8c0f24c4932ed501556da514c4ca2a2e0074e215124c883726a03aa4d5b1ba61aa55c92f17cb14a599d984868b0306fdf72d948

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
6ab5772ea8d444faac6f03a21339deee

SHA1
3b9926cf07e1571f1de9d1e81170bf44aed3e2b2

SHA256
e44b760f125b939c214ef88352dcc5aed2031219037efb81aa324eaf12c12a4d

SHA512
2e692bda9ebe8a0faa7161999139092cf33a45ee5ed2c409593ecd208fff706c01d107819e482108a738285e099c87d3c1f312bc4dbcd3f58a8fc514947ddda2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
9339eee5c1b215da3e26cdc46ac713b7

SHA1
f19fc75416e9cbb9aa85862796f4c01dfdcf8a12

SHA256
9cb43a603051fd2ee80f5927e63abd20ae92d1de965c395c422703f2c71093ac

SHA512
7b3c0adc547ee767abca035e93681261aaecb6df357acd3da2b7c41086f91a81377975432f7f45ddd79a5417a4d6b9cdbba82f1dae5cf986e968596c3c502e54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d4b5.TMP

Filesize
1KB

MD5
960e04c5dc87b2a6d21a0b85679e18e2

SHA1
8d0261986ab296fae7ab437f0b964baa985f6562

SHA256
ca5d0247be12684322231351267b5478a39af4aea630779b137e2bf22e065dae

SHA512
7b9156e3dcd756c2ab4a1840a7b3668e8ac85d79fceafc5a8d33944485a14918b51b4ffe1384340d66a7fd98b4ecb7a62fe310dd62f2bb2fd1e4eee3882fb477

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\fadc534b-7f2d-4845-90af-5ab611a5785e.tmp

Filesize
5KB

MD5
a15976661e2fc866d20cb48d75832e60

SHA1
3f4872b6f31c5aa97582ce529edf6047369d1e19

SHA256
6e29221824acc971e30d45bb298bf6fd90506f481370fb43fd6dcada877b13a6

SHA512
8a0fe3eabd0a2d2bb2a5f71741c5ac1281fe827026062c5e2c0071d39fc3338c72c147cd9a51c9a3815fd04cde73e4201e53a89c1f4c1c4c3485f5790df2cee2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
79c896798c27c0d62a0465b314d92123

SHA1
445348ade2a6b4a405fbe5f1f76d4fc18e36b842

SHA256
074a1a31484c24fc39850e34588f7abc21c674ce4ae788ede386a0806aa91876

SHA512
900090a006f1d7e0cdf9d67487be39974f7619b3d4471f3472faeced5f6f89f634fe49e3f4ee6a2659de5070aa85247929f74707e41089912cb206f3fd71e1fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
4fadc0ad1c00d42550f3c93e03ffd532

SHA1
d5da105cfa34c2185d685d0efe496994af5d5626

SHA256
c1a6aaf596cd9358d4eff6ec5872d8804168fdb6a501bfc27294cafa5b7a4134

SHA512
1aa7068b0b92ca598bebc23198200b55917e6719f47bb67241707a1be81734e0eddbf915e5e2915e6b1f5222b825efd26a5b243899f9e8ab75a362a290f525df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
efdce902a745f761fc17d8e6a2dd3ab5

SHA1
435539de0e356d036b6870ceebdbf537e31ecdd9

SHA256
26fe65668f371d62f7cbcb7af375703b0195239fb0de2ced165083f1108d79d3

SHA512
534cdd175d76a2ea6c3db5a9ff238c8c74aef13d2abf96f5e79783cf8494ab27ffa22baad7cf8f9e2d86943ca0bb132ea9fc55c0637359c1f910a0a4199c0078

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
91eea1a75af82715a3b8ebd6d7b3efc9

SHA1
eecefceaf76ca3e091e26881c8e7f828e596411f

SHA256
d29dd1959b59f49eb7116d198e16d74a3cb4a690dd0e7d58544ad6745179e244

SHA512
7c52792bb854821d740ca1e5598e1d21d72fcd88c3173d5ba3e8632f3352883681331f6cfac6ff0a23c8d3fa5e74c243f5c435515717a7ca18a5227153794239

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4b7a2b240c14b5941253866afd442cc4

SHA1
260e5b5f8c8d4060ac13f11fcbbce85e3021392a

SHA256
97f536bf24f749292daf975c85fe212595b4044381014c7c0653339a3cce5321

SHA512
80e87a210f3bd797ac04a2016c57f9c914418705138334405b4d0d2a7bb817c057ae0e5cbb355c3716d943041e79e6d2b2fdac9f5275e7c5ef4f2ef44d5fa28e

Download Submit
C:\Users\Admin\Downloads\Installer.exe

Filesize
7.9MB

MD5
8d562d1663bd34d9979a5958f8dc3c60

SHA1
bd0e32fab0522f8223384337b4938a7189177e0f

SHA256
5e69444b19161942e00d3cd550e3bf669e917f37924c05f56d43ebed9bdb119e

SHA512
bc5e3a4fd5e24498426190f61a01ec117d3ced80985cd2db8880045522ddbf1938b3a10dbeb587e19ce95ca488a1bb84f6c0ec935eacb5761da809b2142e4b4d

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 756203.crdownload

Filesize
3.8MB

MD5
46c17c999744470b689331f41eab7df1

SHA1
b8a63127df6a87d333061c622220d6d70ed80f7c

SHA256
c5b5def1c8882b702b6b25cbd94461c737bc151366d2d9eba5006c04886bfc9a

SHA512
4b02a3e85b699f62df1b4fe752c4dee08cfabc9b8bb316bc39b854bd5187fc602943a95788ec680c7d3dc2c26ad882e69c0740294bd6cb3b32cdcd165a9441b6

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 89917.crdownload

Filesize
1.5MB

MD5
f1320bd826092e99fcec85cc96a29791

SHA1
c0fa3b83cf9f9ec5e584fbca4a0afa9a9faa13ed

SHA256
ad12cec3a3957ff73a689e0d65a05b6328c80fd76336a1b1a6285335f8dab1ba

SHA512
c6ba7770de0302dd90b04393a47dd7d80a0de26fab0bc11e147bf356e3e54ec69ba78e3df05f4f8718ba08ccaefbd6ea0409857973af3b6b57d271762685823a

Download Submit
C:\Users\Admin\Downloads\scripting\Shared\Shared\Shared\Microsoft.SqlServer.Types.dll

Filesize
374KB

MD5
25656a196ed967bcd4b152a4073b8b44

SHA1
a9b64b8a42c9da3243378f2a17a9ff8057154116

SHA256
36c3e5efd0731ccf5ac9a341c488b4fd14c69747f5a3f6e4cd976a7c1288b3b0

SHA512
3903556d2130a219e9795856a14eb28926e3b798eabfe96353300ccc1c11925aff2f417c9ca588f2ddd0df47d6a64517980a39752edade9ad725f6ee4aa16383

Download Submit
C:\Users\Admin\Downloads\scripting\Shared\Shared\Shared\Resources\1033\sqlevn70.rll

Filesize
2.5MB

MD5
27d0d43f7ee9daefc96eef48620bdb4c

SHA1
83c84ce3c517871dec311500001db5c501d25be3

SHA256
4790c4c828d21865b556b48bdbb0dc84fec7e49e8fbccfd5e75c9dcfb86cae5a

SHA512
fd651fb3cb9335db0a26fd58bc0831a0e91c437ca1a65355b968cf0900fecab1289b6660e64220c330b00c456e1a40e6536e8ad0a3df3f58021f6c1a47861530

Download Submit
C:\Users\Admin\Downloads\scripting\Shared\Shared\Shared\Resources\1049\sqlevn70.rll

Filesize
2.8MB

MD5
35e743c24d8eda76966acf60ed8b337f

SHA1
9eacb67db44b21d2091a50f2d7a7ba7cfa7bfbea

SHA256
09c875779139587ede45c49cf14173d7ce1b68246471a4f5b67dad021e5085ff

SHA512
a25e279baca808528e8d9c0d824ca008a3666eb62f483dc3c9f81c503c97d22689c4ef8e525bf45844f865200f85a3b0a9b1911535fc427e51269043f5983a5e

Download Submit
C:\Users\Admin\Downloads\scripting\Shared\Shared\Shared\instapi110.dll

Filesize
47KB

MD5
f9ee4c23a7bdbbb94bbfff3da087b431

SHA1
b8dad015dcd170bc84e8ae333c66e40c7e4090c3

SHA256
fc988b3fad95fd8ad36d829c9bfa2f36dcd517de674705a3928ad3384354f34f

SHA512
9ba5b2865854929f6ce41139c0a2db61ff49291b0a4e8a0ba653ed622406c0cd9eaeaa4df44fccddc03f0ad621ae75db071d93b76454d4be468334069d8bf5dd

Download Submit
C:\Users\Admin\Downloads\scripting\Shared\Shared\Shared\lssyscat.dat

Filesize
1.0MB

MD5
8079e21b5980d3089761d2366d1c0828

SHA1
77d8430339e0d384a50064697846c8f818f0176c

SHA256
7cb429032be391e6f01065bb772aaf00f979ce7f1766b71d541fa53c58988f27

SHA512
96cb7f455fb567ba5a4e1cb019114d0680fcd338b78d6ed0a2cdd442809d4611cf46bfa95be39e0657b245a1e8c5913d21c53b1f35ee035d4b98af6b51657438

Download Submit
C:\Users\Admin\Downloads\scripting\Shared\sqldk.dll

Filesize
1.6MB

MD5
9284cdf83b7b75720344b616864e8766

SHA1
0ff8fe5eed78440044f1b6afe117e91d2453744a

SHA256
5ab3dfd1f5c303688593e8779dca3fdeb3075647cc675df4d3a23a0a3f90f84d

SHA512
6b9fbcbafe732720e3bc7b4ff15a1349b55d46fc760ab2961193c4103439aeaa1313a950436de80fa6d2c78e9e4334a1d64c157046ec4ce41c2ce32c6df2665c

Download Submit
C:\Users\Admin\Downloads\scripting\Shared\sqllang.dll

Filesize
24.8MB

MD5
29f692b545d0493d4d2257439c6969e7

SHA1
fccfcd17acf600abafe4671be0a1e0d9c06ce3f6

SHA256
f51cf85cfe31f0b447ad5d6000d176b64de50b5e7a09a0af9f59c0a23cbc729c

SHA512
dccdd19aba438f40fd944988f4431a905633cd29048de3b45c924350db67ad481bb221546c41145de93bc1f210c5c9e830a6dcb95127c04f8c80924647f027b0

Download Submit
C:\Users\Admin\Downloads\scripting\Shared\sqllangsvc.dll

Filesize
51KB

MD5
fe645bdecf22601e9fdc293aed23ba0c

SHA1
a665dd12847f2f19a18e68329c98ec543e295027

SHA256
b5108ecfc1dd73e8023d609d5edd8e6dbc5279991a0ae1628f0ca2932b61010b

SHA512
43ac5d53d58c18c0983cbee628ff31dd3ad643b6b9e2ae1bae6d604885538a6733eb05551984dd7cbbb2ae00904e43ba3755ee007c83f874d0627d891e4162b8

Download Submit
C:\Users\Admin\Downloads\scripting\Shared\sqlos.dll

Filesize
23KB

MD5
d5678b23d062bd0acdc4b6d9e88c9585

SHA1
0f9ea289f11eec5b5bc8a00f70d36b84b33f8455

SHA256
c8fe018e57adbb1a5328192e8e9be4a5eb15829ff5ab2713b00c6be7dca98e1e

SHA512
353669e3d65153425f45fcf0c63b603de96a1213aee9db824865c2a80955c465b2e382f01dc91baf8505ff8b970555cccafacc88f4fb4eb20d32bb1f75703d90

Download Submit
C:\Users\Admin\Downloads\scripting\Shared\sqltses.dll

Filesize
7.8MB

MD5
344479af61cacc9c64bca055297afec1

SHA1
cc5e66e6dffa8a243193a8d25424dd81c8d85eac

SHA256
ab859a1d945cb99e2e52e218ef442234d1436f9aa9a81b76ebf85068ccdebc05

SHA512
cf76823c207ccbdc298a863b123c9a84e28e3e41c796ceb55d77fdebaa0ed9f7eb5262efd39bd393cc86319d98275a485e791d3d28b2f92a8d9d69866ba946e7

Download Submit
C:\Users\Admin\Downloads\scripting\Shared\xe.dll

Filesize
399KB

MD5
063ca314262d277a92189028a9e094fd

SHA1
3f8fb62d6b38ae258dbffda4d9470c78753c3814

SHA256
0ec09cd7d58aeb260fe82ca79ad16c353d7053a665d98f4deb26eba5e2b6e9d3

SHA512
0ef025c85545377d67562bef8744c0966262fd5ffe7fded4a9958ad01cab19e319b7f29fb45d4187a4930611d6b0dea0be32097cb78ae8423934080f7038193f

Download Submit
memory/5308-1841-0x00007FF624B10000-0x00007FF625385000-memory.dmp

Filesize
8.5MB

Download